Digital Sabotage Field Manual PSA No. 1
Looking for ways to actively protect yourself online? Learn everything you need to move around safely online while also fighting corporate greed and influence.
Modern concepts for old-school disruption.
A different kind of PSA
In the context of this article, PSA appropriately means Privacy, Security, and Anonymity, along with the well known "Public Service Announcement" acronym.
We are here advocating for your privacy, security, and anonymity in a country and world where it's becoming increasingly difficult to opt-out.
Adapted from the Simple Sabotage Field Manual by US Office of Strategic Services
Prepared under the direction of nobody in-particular.
It should be noted that the fight for PSA is against big-tech and corporate entities that use their influence on government policies to hurt consumers in favor of profits or their own personal gain. This is digital class warfare, and unless you personally are a billionaire - you're probably on the side of PSA.
Digital Sabotage Field Manual PSA No. 1
The Digital Sabotage Field Manual PSA No. 1 is published for the information and guidance of all concerned and will be used as the basic doctrine for digital resistance training for this subject.
The contents of this manual should be carefully controlled and should not be allowed to come into unauthorized hands.
The instructions may be placed in separate encrypted emails or messaging according to categories of operations but should be distributed with care and not broadly. They should be used as a basis of recording and streaming only for local and special cases as directed by your own judgement.
Contents
- Introduction
- Possible effects
- Motivating the saboteur
- Tools, targets, and timing
- Specific suggestions for digital sabotage
Introduction
The purpose of this article is to characterize digital sabotage, to outline its possible effects, and to present suggestions for inciting and executing it.
Digital sabotage varies from highly technical Advanced Persistent Threats (APT) that require detailed infrastructure and the use of massive botnets, to innumerable simple acts which the ordinary individual citizen-saboteur can perform.
This article is primarily concerned with the latter type.
Digital sabotage does not require specially prepared tools or equipment; it is executed by an ordinary citizen who may or may not act individually and without the necessity for active connections with an organized group; and it is carried out in such a way as to involve a minimum danger of injury, detection, and reprisal.
Where destruction is involved, the weapons of the digital-saboteur are data, cookies, credentials, activity, history, favorites, likes, shares, and any other digital data point one might normally be expected to generate when using social media and the internet for corporate work or home-use alike.
The digital saboteur's arsenal is their own record of data generated from the regular usage of devices in and around their lives on a daily basis. This arsenal can be found across everyday devices like mobile phones, tablets, home assistant devices, smart-watches, connected doorbells, thermostats, door locks, health trackers, and the vast network of other digital, internet connected devices they come across at home and abroad.
The targets of a digital saboteur are usually the products and services to which they have normal and inconspicuous access in everyday life.
A second type of digital sabotage requires no destructive tools whatsoever and produces digital damage, if any, by highly indirect means.
It is based on universal opportunities
- to make faulty decisions,
- to adopt a non-cooperative attitude,
- and to induce others to follow suit.
Making a faulty decision may be simply a matter of not participating in corporate friendly practices. A non-cooperative attitude may involve nothing more than creating an unpleasant situation among one’s corporate supervision (like resisting installation of corporate monitoring software on personal devices), engaging in time-wasting communication, or displaying surliness and stupidity when helping others use damaging corporate products and services.
This type of activity, sometimes referred to as the "human element," is frequently responsible for accidents, delays, and general obstruction even under normal conditions.
See also "Malicious Compliance"
The potential digital-saboteur should discover what types of faulty decisions and their operations are normally found in their digital products and services, and should then devise their sabotage so as to enlarge or increase that "margin for error."
Possible effects
Acts of digital sabotage are occurring throughout the United States and moreover the world.
An effort should be made to add to their efficiency, lessen their detect-ability, and increase their number.
Acts of digital sabotage, multiplied by thousands of citizen-saboteurs, can be an effective weapon against corporations and ad-tech surveillance:
- deleting accounts,
- wasting corporate CPU cycles,
- removing saved personal data,
- deleting or anonymizing social media posts,
- trolling corporate communities,
- using privacy-focused tools and services,
- minimizing corporate product usage,
- generating poisoned AI training data,
- avoiding purchasing from big-tech,
- self-hosting your family entertainment content,
- and filling up free storage space with junk.
Occurring on a wide scale, digital sabotage will be a constant and tangible drag on the anti-Privacy, anti-Security, and anti-Anonymity efforts of corporate executives.
Digital sabotage may also have secondary results of more or less value.
Widespread practice of digital sabotage will harass and de-moralize corporate executives from using anti-consumer strategies. Further, success may embolden the citizen-saboteur eventually to find colleagues who can assist them in digital sabotage of greater dimensions.
Finally, the very practice of digital sabotage by those in corporate-occupied territory may make other individuals identify themselves actively with the Privacy, Security, and Anonymity (PSA) effort, and encourage them to assist openly in periods of assault on their digital livelihood.
Motivating the saboteur
To incite the citizen to the active practice of digital sabotage and to keep them practicing that digital sabotage over sustained periods is a special problem.
Digital sabotage is often an act which the citizen performs according to their own initiative and inclination.
Acts of digital destruction do not bring these citizens any personal gain and may be completely foreign to their habitually-conservationist attitude towards corporations and their shareholders (many citizens are shareholders.)
Purposeful stupidity and behavior detrimental to one's self are contrary to human nature. The average citizen frequently needs pressure, stimulation or assurance, information, and suggestions regarding feasible methods of digital sabotage.
Personal Motives
(a) The ordinary citizen very probably has no immediate personal motive for committing digital sabotage. Instead, they must be made to anticipate indirect personal gain, such as might come with removal of corporate policies from everyday life.
Gains should be stated as specifically as possible for the area addressed. Digital sabotage against corporations will hasten the day when...
- Vulnerable communities can be safer from online harassment.
- Social-media becomes community-driven, instead of corporate-owned.
- Advertisements aren't used for corporate or government surveillance.
- Encrypted end-to-end communication becomes ubiquitous.
- The average citizen gets recourse over their data being shared without consent.
- The data-broker industry gets regulated in favor of pro-consumer goals.
- A citizen's need to sacrifice privacy to get essential services can be mitigated.
- Corporate money in politics and lobbying gets reigned in.
- Company executives become accountable to the law like anyone else
...and so on.
Abstract verbalizations about personal liberty, freedom of the press, and so on, will not be convincing in most parts of the US. In many areas they will not even be comprehensible, as they have been co-opted by corporate strategists.
(b) Since the effect of their own acts is limited, the digital-saboteur may become discouraged unless they feel that they are a member of a large, though unseen, group of digital-saboteurs operating against the corporate-owned governments of their own country and elsewhere.
This can be conveyed indirectly: suggestions which they read and hear can include observations that a particular technique has been successful in this or that community. Even if the technique is not applicable to their surroundings, another’s success will encourage them to attempt similar acts.
It also can be conveyed directly: statements praising the effectiveness of digital sabotage can be contrived which will be published by blogs, the Fediverse, the small-web, and among podcasts, Substack, Ghost-blogs, Discord channels, and underground-news.
Estimates of the proportion of the population engaged in digital-sabotage can be disseminated. Instances of successful digital-sabotage are already being shared in online forums, and this should be continued and expanded where compatible with the digital-saboteur's privacy, security, and anonymity (PSA) spectrum.
(c) More important than (a) or (b) would be to create a situation in which the citizen-saboteur acquires a sense of responsibility and begins to educate others in digital sabotage.
Encouraging Destructiveness
It should be pointed out to the digital-saboteur where the circumstances are suitable, that they are acting in self-defense against corporations, or retaliating against the corporations for other acts of digital-destruction.
A reasonable amount of humor in the presentation of suggestions for digital sabotage will relax tensions of fear.
(a) The saboteur may have to reverse their thinking, and they should be told this in so many words. Where they formerly thought of keeping their data stored, they should now delete or encrypt it; website questions that formerly were required now should be questioned or lied-to; normally lazy and careless with social-media interactions, they should now be diligent and careful; and so on. Once they are encouraged to think backwards about the corporate-overreach and the effects on their every-day life, the digital-saboteur will see many opportunities in the digital products and services used against them. A state of mind should be encouraged that any data can be digitally-sabotaged.
(b) Among the potential citizen-saboteurs who are to engage in digital-destruction, two extreme types may be distinguished. On the one hand, there is the digital-saboteur who is not technically trained and employed. This person needs specific suggestions as to what they can and should destroy as well as details regarding the tools by means of which digital-destruction is accomplished.
(c) At the other extreme is the digital-saboteurs who are a technician, such as a software engineer or a web developer. Presumably this citizen would be able to devise methods of digital-sabotage which would be appropriate to their own facilities. However, this citizen needs to be stimulated to re-orient their thinking in the direction of digital-destruction. Specific examples, which need not be from their own field, should accomplish this.
(d) Various media may be used to disseminate suggestions and information regarding digital sabotage. Among the media which may be used, as the immediate situation dictates, are:
- email,
- blogs,
- podcasts,
- Substacks,
- the small-web,
- Ghost-blogs,
- the Fediverse
- Discord channels,
- underground press,
- encrypted messaging
- corporate social media
- signs, buttons, stickers, and offline ads
- even through social-media influencers
Finally, citizens may be trained in the art of digital-sabotage, in anticipation of a time when they may be able to communicate this information directly with other citizens, such as social events, comedy shows, parties, concerts, sporting events, and anywhere that crowds of citizens might mingle - yes, even at a place of worship!
Safety Measures
(a) The amount of activity carried on by the digital-saboteur will be governed not only by the number of opportunities they see, but also by the amount of danger they feel. Bad news travels fast, and digital-sabotage will be discouraged if too many digital-saboteurs are investigated or arrested.
(b) It should not be difficult to prepare widely-available, online documentation and other media for the digital-saboteur about the choice of data, timing, and targets which will insure the saboteur against detection and retaliation from corporate policies.
Among such suggestions might be the following:
- Use materials which appear to be innocent. A password-manager and browser auto-fill can be used normally on your devices; either is a multi-purpose instrument for saving and using fake data. Ad-blockers, privacy add-ons, Internet Archive extensions, alternative search engines, enhanced tracking protection, privacy VPNs, and dozens of other digital-destructive agents can be used, installed, or enabled on your devices without exciting any suspicion whatever. If you are a worker in a particular trade or industry you can integrate these tools into corporate systems.
- Try to commit acts for which large numbers of people could be responsible. For instance, if you post anonymous reviews about corporations harmful practices almost anyone could have done it. Digital sabotage through anonymous surveys, such as you might be able to find at or after corporate events, is another example of an act for which it would be impossible to blame you.
- Do not be afraid to commit acts for which you might be blamed directly, so long as you do so rarely, and as long as you have a plausible excuse: you used a fake phone number on a form because you didn't trust the company. Always be profuse in your apologies. Frequently you can "get away" with such acts under the cover of pretending stupidity, ignorance, over-caution, fear of being suspected of digital-sabotage, or a refusal to provide sensitive data for another corporation to lose it without consequence.
- After you have committed an act of digital sabotage, resist any temptation to wait around and see what happens. Loiterers arouse suspicion, even in online communities. Of course, there are circumstances when it would be suspicious for you to leave. If you commit digital-sabotage on your job, you should naturally stay at your work.
Tools, targets, and timing
The citizen-saboteur cannot be closely controlled. Nor is it reasonable to expect that digital sabotage can be precisely concentrated on specific types of target according to the requirements of a concrete resistance situation. Attempts to control digital sabotage according to developing resistance factors, moreover, might provide corporations with intelligence of more or less value in anticipating the date and area of notably intensified or notably slackened digital sabotage activity.
Digital sabotage suggestions, of course, should be adapted to fit the area where they are to be practiced. Target priorities for general types of situations likewise can be specified, for emphasis at the proper time by the underground press, the Fediverse, and cooperating influencers.
(1) Under General Conditions
(a) Digital sabotage is more than malicious mischief, and it should always consist of acts whose results will be detrimental to the materials and manpower of the corporation.
(b) The digital saboteur should be ingenious in using their every-day software. All sorts of tools will present themselves if they look at their online surroundings in a different light. For example, faking data easily —a powerful weapon in the fight for PSA —may at first seem unmanageable, but if the digital saboteur were to look through their password manager, they would find themselves with a plentiful supply of username and password generators and form-fill tools.
(c) The digital saboteur should never attack targets beyond their capacity or the capacity of their instruments. An inexperienced person should not, for example, attempt to use DDoS botnets, but should confine themselves to the use of obfuscating ones own data or other methods of faking personal data.
(d) The digital saboteur should try to damage only objects and materials known to be in use by the corporation or to be destined for early use by the corporation. It will be safe for them to assume that almost any product of big-tech is destined for corporate use, and that the most efficient protocols and services also are destined for corporate use. Without special knowledge, however, it would be undesirable for them to attempt destruction of other citizen's data or small-business assets just for using corporate platforms.
(e) Although the digital-saboteur may rarely have access to nation-state utilities, they should give these preference above all others.
(2) Prior to a Political Offensive
During periods which are quiescent in a political sense, such emphasis as can be given to digital sabotage might well center on big-tech products and services, to lessen the flow of disinformation out and tangible data in to the corporation. Quitting a corporate social-media platform in favor of the Fediverse is an act of value; moving your corporate-owned community and it's users to the Fediverse is an act of still more value.
(3) During a Political Offensive
(a) Most significant digital sabotage for an area which is, or is soon destined to be, a theater of political operations is that whose effects will be direct and immediate. Even if the effects are relatively minor and localized, this type of digital sabotage is to be preferred to activities whose effects, while widespread, are indirect and delayed.
(1) The digital saboteur should be encouraged to disrupt or leave corporate social-media platforms of all kinds.
Among such facilities are Twitter (now called X), YouTube, WhatsApp, Facebook, Instagram, Truth Social, TikTok, WeChat, Messenger, Telegram, LinkedIn, Pinterest, Discord, Twitch, and Reddit.
(2) Any platform which can be used by corporations for surveillance or censorship should be the objects of digital sabotage. These include corporate ad-tech services, data-brokers and their markets, messaging platforms, DNA services, online shopping monopolies, home assistants, license plate detectors, and home-security products.
(3) Critical protocols, valuable in themselves or necessary to the efficient functioning of digital communication, also should become targets for the digital-saboteur. These may include SMS/RCS/email messaging technologies, or audio/video media codecs, or AI models and weights.
Specific suggestions for digital sabotage
Digital sabotage starts with the data the citizen-saboteur doesn't generate (or otherwise hides.) For that purpose, the digital saboteur can reference Privacy Guides for up-to-date tips and practices for maintaining PSA (Privacy, Security, Anonymity) across their everyday life.
A sample set of digital sabotage practices that anyone can follow:
- Favor browsers not developed by an ad-tech company
- Enable ad-blockers and privacy extensions
- Quit corporate social media
Reading, understanding, practicing, and advocating these types of procedures are some of the most important things a digital-saboteur of any skill-level can do. Every digital saboteur should start with PSA basics before attempting more advanced methods.
Grove City Tech Lab has no affiliation or relationship with Privacy Guides. We just think it's a really good resource.
Source for www.privacyguides.org
Once a citizen-saboteur has adopted a set of PSA practices that matches their personalized threat model, it might be time to consider additional measures.
Some of the concepts might be contrary to established security principles. The goal is continue to follow those established patterns, while using service providers that are not corporate-owned big-tech.
(1) Data-Sharing Resistance
- Delete your personal accounts on corporate social media networks
- Delete apps off your phone when not using them.
- Use self-hosted solutions whenever possible.
- Avoid big-tech hosting in favor of smaller providers
- Take the time to reject cookies or minimize which cookies are used
- Avoid shopping on sites that continually block consumer VPNs
- Encrypt data using your own keys before uploading content to service providers
- Find alternative mapping solutions and contribute to their success
- Use search engines that aren't run by Big Tech or corporate interests.
- Use individual privacy-masked or anonymous emails and phone numbers when signing up for 3rd-party services
- Avoid using SSO provided by Big-Tech, as it offers convenient tracking across services you utilize.
- Stop affiliate links and other marketing technology that is abused for tracking.
- Don't use digital IDs and avoid entertainment venues that scan/save your data.
- Go out of your way to change default apps for yourself and loved ones
- Buy dumb TVs and other devices instead of their "smart" equivalent
- Use locally-hosted AI resources and models whenever possible
- Selectively boycott brands that advocate against policies that help PSA efforts
(2) Flooding The Zone
- Dump garbage data into free-resources provided by corporations
- Poison data that might be scraped by AI content-scrapers
- Fill out anonymous or targeted surveys by truthfully (and calmly) pointing out PSA issues in a corporate product or service
- Leave feedback whenever possible that explains problematic PSA products
- Play dumb when providing feedback on non-working sites by ignoring or lying about the use of ad-blocker and privacy features.
- Generate garbage signals (like WiFi, LORA, etc.) and rotate names/details to obfuscate radio-network fingerprinting.
- Use every available corporate feedback channel to share your opinion on their PSA practices
- Hide your identity using hats, sunglasses, hoodies, and other simple everyday outfit choices (cold environments make this easier)
- Wear fake tattoos out and about, or obfuscate your real tattoos to avoid tracking.
- Learn how to submit FOIA requests to local, state, and federal entities and request the data they collect on you from LPDs and other sources of public surveillance.
- Complain about password fields that don't support long passwords
- Actually read the Terms of Service and/or Privacy Policy and make complaints about the data sharing practices they describe.
- Actually research and vote for any shares that you may hold instead of letting the middle-man choose your vote for you.
- Donate to the EFF, Internet Archive, and Repair.org
(3) Creating Meaningful Competition
- Avoid online shopping sites, or use them for product research only
- Make every day "Small-Business Saturday" and shop-local and/or offline
- Pirate the objects of corporate abuse, such as movies or TV-series you've previously "purchased"
- Regularly contact your state and federal government representatives, even if they do not actually represent your views.
- Favor products and services beholden to jurisdictions with strong data-privacy laws (like the EU)
- Learn how to use RSS (or bookmarks) to centralize and read small-web blogs.
- Cut back on online-usage in general and talk to people around you.
- Avoid big-tech and corporate monopolies whenever possible
- Find, use, support, and advocate for small software creators
- Advocate for the Fediverse alternative to just about everything
- Use public transportation options instead of commercial ride-share
- Push-back on data collection efforts by the services you do use
- Use alternative operating systems for desktop and mobile devices
Ultimately, the path to reducing corporate influence over a citizen's privacy, security, and anonymity comes when many citizens collectively choose to avoid or replace the corporate products, services, and practices that harm them.
Have something you think we should add, change, or omit? Email support@grovecitytechlab.com with your feedback!
