udhr.me
Temporary Docs Hub

Documentation & OpSec

Learn how to use our secure infrastructure and protect your local organizing efforts from digital surveillance.

1. Introduction

Welcome to the official documentation for udhr.me. Our mission is to provide a safe harbor for activists, journalists, and organizers. This page contains instructions on how to use our tools, as well as general education on operational security (OpSec).

Code of Conduct

Our infrastructure is strictly for peaceful organizing, journalism, and human rights advocacy. We maintain a zero-tolerance policy for abuse, harassment, or illegal exploitation on our network.

Zero-Knowledge Guarantee

We cannot read your emails. We do not keep persistent logs of your IP address. As we use cloudflare email forwarding.

2. Platform Guides

Secure Email & Aliases

If your request for an account is approved, you will information for your @udhr.me and @anbo12.top inbox. you only need to verify your email once to receive email but to send emails, we will help you get that set up (GMAIL REQUIRED FOR SENDING MAIL)

  • Using Aliases: Never use your real name when signing up for third-party services. Generate a unique alias for every service you use. If that service is breached, your main identity remains hidden.
  • Client Setup: We highly recommend using Thunderbird on desktop or K-9 Mail on Android for checking your email securely.

PGP Encryption Basics

PGP (Pretty Good Privacy) relies on a pair of keys: a Public Key and a Private Key.

  • Public Key: Think of this as an open padlock. You share this with everyone. Anyone can put a message inside the box and snap the padlock shut.
  • Private Key: This is the key that opens the padlock. You keep this entirely to yourself. Never share it. Only you can unlock the messages sent to you.

3. Foundations of OpSec

Operational Security (OpSec) is the process of protecting pieces of data that could be grouped together to reveal a bigger, sensitive picture.

Threat Modeling 101

Do not panic or assume you need military-grade security for everything. Ask yourself these four questions:

  1. What information am I trying to protect?
  2. Who am I trying to protect it from? (Local police, corporate spies, angry internet mobs?)
  3. How likely is it that they will try to get it?
  4. What happens if I fail?

Compartmentalization

Keep your activist life and personal life completely separate. Never log into a personal social media account on your organizing device. Cross-contamination is how most identities are compromised.

4. Securing Devices

Full Disk Encryption (FDE)

If your laptop or phone is seized, a password lock screen will not stop them from pulling the hard drive and reading your files. You must enable Full Disk Encryption.

  • Windows: Enable BitLocker or Device Encryption.
  • Mac: Enable FileVault in System Settings.
  • Linux: Use LUKS during installation.
  • Mobile: Modern iOS and Android devices are encrypted by default, provided you use a strong passcode.

Turn off Biometrics

Law enforcement can legally force your finger onto a sensor or point a phone at your face to unlock it. They generally cannot force you to reveal a memorized passcode. Disable FaceID or TouchID before attending any direct action. Use a strong, alphanumeric password instead.

5. Secure Communications

SMS text messages and standard phone calls are fundamentally insecure. They are stored in plain text by your cellular provider and can be handed over with a basic subpoena.

Use Signal

We highly recommend Signal for daily communication. When using Signal, follow these rules:

  • Turn on Disappearing Messages for all sensitive chats.
  • Hide your phone number in the privacy settings so group members only see your username.
  • Verify the 'Safety Number' in person with your contacts when possible.

6. Browsing & Anonymity

The Tor Browser

Tor routes your internet traffic through three random servers across the world, masking your IP address and location. Use the Tor Browser when researching sensitive topics or accessing restricted information.

Crucial Tor Warning

Never log into your personal, real-name accounts (like your personal Facebook or bank) while using Tor. Doing so immediately strips away your anonymity and links your Tor session directly to your real identity.

VPNs (Virtual Private Networks)

A VPN does not make you anonymous. It simply shifts trust away from your local Internet Service Provider and onto the VPN company. Use a trusted, no-log VPN (like Mullvad) to hide your traffic from local network admins or ISPs, but do not rely on it to hide you from state-level adversaries.

7. Direct Action Safety

Metadata Scrubbing

Every photo you take on your phone contains hidden EXIF data. This metadata includes the exact GPS coordinates where the photo was taken, the time, and the unique serial number of your phone's camera.

Before posting photos or videos of a protest online, you must scrub this metadata. Use tools like Metadata Cleaner (Linux) or specific privacy-focused shortcut tools on mobile. Alternatively, taking a screenshot of a photo and posting the screenshot strips out the original GPS data.

8. Emergency Contacts

If an organizer's device is seized, or you suspect an account on our network has been compromised by a hostile actor, swift action is required.

Contact us immediately at hello@udhr.me with the subject line URGENT: ACCOUNT COMPROMISE. We can freeze aliases to prevent further damage to your network.

Go to Contact Page