Whether you are protesting in person or working in digital spaces (or both) covering your browsing habits, metadata, and search histories is important. These can be ordered as evidence, or can expose others even months or years later. Even without a court order or direct governmental surveillance, your data history can be bought from aggregate services, both legally and illegally.

On the internet, you are tracked. You are tracked everywhere you go, whether by your ISP, advertisers, cookies, or the site itself. This will be your IP address (a unique identification number per network), where in the world you roughly are, other places you have been on the internet, and often what social media accounts you hold. Even just the browser you use can tell someone who you are because of the ‘headers’ your computer sends, called a Browser Fingerprint. Because there are only so many combinations of hardware and software, you may have a unique “fingerprint” simply because your computer’s particular combination is rare. See: https://webkay.robinlinus.com/ https://panopticlick.eff.org/

Personal privacy on the internet has been eroded from all sides, including advertisement and commerce, weak government protections, hacked databases, products and services which leak your information (via selling it or accidentally and ambiently). But also, the internet was never really made to be anonymous. It takes work anonymize your information.


AT THE PROTEST:

On phones / other smart devices:
Turn off your phone or leave it at home
Police can track phones through cell towers - this can confirm your presence or identify you later
Messages can also be intercepted by “stingrays”, which pose as cell powers -> https://en.wikipedia.org/wiki/Stingray_phone_tracker 
If you use Android, leave it at home - they have a history of being hacked by police- > https://money.cnn.com/2016/02/25/technology/android-apple-police-encryption/index.html 
If you have an old/spare/burner phone, consider bringing that instead- even without a sim card, having an empty phone that can connect to wifi and bluetooth might be helpful.
If you do bring your phone
Think about what you have stored on it and if it could put you or anyone else at risk. Delete contacts and messages as needed.
Back up your data, in case it is lost.
Set a difficult passcode
NOT face or thumb Id, not a year or all one number in a row
Turn off home screen notifications - don’t let anything show without unlocking your phone.
Set your phone to go to lock screen extremely quickly
Turn on airplane mode, which will keep your phone from broadcasting.
Make sure that Airdrop isn’t on.
If you lose your device or it is confiscated: 
Revoke access & log out of applications remotely
Changing your password to accounts can sometimes force a log-out
Or you can do it manually per account- search “<service name> revoke access for devices”
Use Signal or other encrypted messaging systems to communicate 
Police can still surveil metadata (when you’re sending messages to, when) but not the actual contents of an encrypted message
https://signal.org/en/ 
TURN OFF LOCATION SERVICES!! This will keep you from attaching GPS coordinates to photos.
iphone -> https://support.apple.com/en-us/HT207092 
android -> https://support.google.com/accounts/answer/3467281?hl=en 

On taking photographs: 
Photographs can be extremely useful, but: 
Take photos without unlocking your phone
Do not take pictures of anyone that could be identifiable
If you capture a person in a photo, BLUR OR BLOCK THEM OUT
After you take pictures, screenshot them to remove exif data
Exif data stores information on the image such as shutter speed, if a flash was used, date and time, and GPS information. See- > http://exifdata.com/ 
This can be evidence - don’t post something directly, but screenshot the image so that information is overwritten.
After you screenshot the photograph, delete the original.
IF YOU POST PHOTOS/INFORMATION ON THE INTERNET, know that this is saying that you were there. Never tag anyone else without their express consent or discuss private plans in a publicly visible space. 

On keeping yourself from being identified: 
Wear a bandana/mask, sunglasses, and cover any identifying features, especially tattoos.
Don’t wear clothes that have identifiable logos on them, or that are unique. Stick to solid colors, or all-black.
Don’t buy stuff, and if you do use cash! Credit cards / digital payments are immediately traceable.
Bring a change of clothes for after the protest, or if you have to get away quickly.
Bike or walk if you are able - License plate readers may be in use.
Regarding CV Dazzle (https://cvdazzle.com ): this is cute and cyberpunk and folks like to share it, but it is not as effective as just blocking your face. AI gets better every day, and if you’re still identifiable to a human you’re still at risk. If anything, colorful facepaint might might you more identifiable.

ON THE INTERNET:

If you’re doing research or online activities that shouldn’t be tracked to you, here are some ways to cover yourself, ordered roughly from least to most difficult/serious.

Use Firefox - Firefox just got a recent upgrade with increased tracking blocking and other data protections, especially over Chrome. Don’t install plug-ins you don’t trust, but do install plug-ins that help keep your data safe - https://www.eff.org/privacybadger UblockOrigin https://getublock.com/ No software without a privacy statement that you believe - Even stuff you download to your computer that isn’t online can send information No Dropbox They are a very anti-privacy company. Use https://onionshare.org/ for filesharing. No Googling things, use DuckDuckGo - duckduckgo.com Use Incognito mode Not honestly a solution, but confuses some tracking. Burner accounts Always make a new email with no info for new accounts. Use a fake name This is legal and you should do it to avoid having your information data mined across services. Turn off location sharing on your computer - https://www.tenforums.com/tutorials/13225-turn-off-location-services-windows-10-a.html https://appsliced.co/ask/how-do-i-disable-location-services-on-my-mac Never pay with a credit card, use a third party like Paypal, or cash or bitcoins are better Delete cookies and browsing history a lot. Turn off Javascript - this is a bummer but really helpful, https://noscript.net/ Use the Tor Browser Tor browser - > https://www.torproject.org/ Tor makes your traffic semi-anonymous by routing through nodes around the world. This is how you access the darkweb but you don’t have to go to darknet sites, just use Tor for regular browsing. There are also other browsers/systems, like Freenet and I2P. Use a Proxy or a VPN (or both) A Proxy hides your IP address makes it look like you’re somewhere else, but don’t encrypt your data. Good for lowstakes things. A VPN also makes your IP looks like it is coming from somewhere else, but is significantly more secure. More-> What is the difference between a VPN and a Proxy? https://www.howtogeek.com/247190/whats-the-difference-between-a-vpn-and-a-proxy/ Some Proxys: https://hidester.com/proxy/ https://hide.me/en/proxy You can read more about VPNs and pick one out here: https://ssd.eff.org/en/module/choosing-vpn-thats-right-you Expect to pay for a good VPN, though some have free versions. You need to make sure your VPN has had a public audit to ensure that it has no logs, aka no record of what you have used their internet connection for. Use Proxygambit - http://samy.pl/proxygambit/ Use an anonymizing OS- A virtual machine that resets on boot, running on (secure) portable media. You want an encrypted key with Tails or ZeusGuard, or even Windows To Go. Assign a random DHCP address on start. Iron key is a good place to start - > https://www.ironkey.com/en-US/ / https://youtu.be/3sx41MXPgPg

Once you’re all set up, check against DNS leaks - https://dnsleaktest.com/ https://dnsleaktest.com/what-is-a-dns-leak.html

~~

IF YOU’RE BEING TARGETED: And need to button up your online presence in case of identify theft/ hacking/ harassment/ threats/ etc (thanks @somenerdliam from Twitter for some of these links):

Search your old emails Go through each email you can think of that you’ve used You’ll need access to them so that you can access other websites you may have signed up to using them.

Delete accounts from forgotten services Use the search function for each email account and look for “Sign up”, “Welcome”, etc. Recover and log in to each service. Purge any content and messages, as the account may be archived even after its ideleted. Make a note of your username, password, the service, and email used Delete the account. If you can’t find where, search “delete account” + “<service>”. You may have to email support. If you remember being on other sites, go to those sites and enter all your old emails in the recover password box.

Check if your information is already public Now that you have a list of usernames, emails, and services, see if these are part of a data breach anywhere Search on Duckduckgo/Google/other search engine for your email and account names. You will potentially find pastebin links or databases with leaked information. Note what usernames and passwords show up. Many databases are not indexed by search engines: use https://haveibeenpwned.com to check when and what is public. If anything shows up, this is the first priority to change or delete!

Remove old information from Google Even if you delete old accounts, there is cached information about them. Use the Google Console to request them to delete/update their search engine (which usually takes months organically) to remove those cached results. You have to provide a link to each. https://www.google.com/webmasters/tools/removals

Don’t let Google track you Here is where you can go through each of Google’s services. Turn them off for every acc