GOODTROUBLE_

πŸ”

SECURITY PRACTICES

How We Keep You Safe

In an era of mass surveillance and digital repression, security is not optionalβ€”it's essential for resistance. This page details our security practices and how you can stay secure while using our resources.

Last Updated: October 2025

Our Threat Model

We assume the following adversaries may attempt to compromise this site or its users:

State Actors

Law enforcement, intelligence agencies, and authoritarian governments seeking to identify and target activists.

Fascist Groups

Far-right extremists who may attempt to doxx, intimidate, or attack resistance organizers.

Corporate Surveillance

Tech companies and data brokers seeking to monetize user data and behavior.

Bad Actors

Malicious individuals or groups attempting DDoS attacks, defacement, or data breaches.

Infrastructure Security

HTTPS Everywhere

All connections use TLS 1.3 encryption with perfect forward secrecy. HTTP requests are automatically redirected to HTTPS.

TLS 1.3 + HSTS + OCSP Stapling

DDoS Protection

Cloudflare provides DDoS mitigation and caching. Note: We minimize data collection through Cloudflare.

No JavaScript Tracking

Site functions without JavaScript. No analytics, no fingerprinting, no surveillance capitalism.

Tor-Friendly

Full support for Tor Browser users. No CAPTCHAs or blocks for Tor exit nodes.

Data Security

  • βœ“ Encrypted at Rest: All stored data is encrypted using AES-256
  • βœ“ Encrypted in Transit: TLS 1.3 for all connections
  • βœ“ Zero-Knowledge Architecture: Where possible, we implement zero-knowledge systems
  • βœ“ Regular Audits: Quarterly security audits and penetration testing
  • βœ“ Incident Response Plan: Documented procedures for security breaches

Protecting Yourself

While we implement strong security measures, your personal security practices are equally important:

Use Tor Browser

For maximum anonymity when visiting this site

Download Tor β†’

Use a VPN

Hide your IP address from your ISP and others

VPN Guide β†’

Secure Your Device

Keep your OS and software updated

Device Security β†’

Use Strong Encryption

Encrypt sensitive communications and files

Encryption Tools β†’

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly:

How to Report

  1. Use our secure contact methods
  2. Provide detailed information about the vulnerability
  3. Give us reasonable time to fix the issue before public disclosure
  4. Do not exploit the vulnerability or access/modify data without permission

βœ“ We commit to acknowledging reports within 48 hours and providing updates every 7 days

Security Headers

We implement strong security headers to protect against common attacks:

HeaderProtection
Content-Security-PolicyPrevents XSS attacks
X-Frame-OptionsPrevents clickjacking
X-Content-Type-OptionsPrevents MIME sniffing
Strict-Transport-SecurityForces HTTPS
Referrer-PolicyLimits referrer leakage
Permissions-PolicyRestricts browser features

Warrant Canary

As of October 1, 2025:

  • βœ“ We have NOT received any National Security Letters
  • βœ“ We have NOT received any gag orders
  • βœ“ We have NOT been forced to modify our code or infrastructure
  • βœ“ We have NOT received any warrants for user data

This canary is updated monthly. If not updated or removed, assume we have received legal demands we cannot disclose.

Security Resources

β†’ Privacy Protection Guide β†’ Secure Networking β†— EFF Surveillance Self-Defense β†— Security Planner