Glossary

Every key term introduced in the book, collected alphabetically. Chapter numbers indicate where each term is first defined or discussed in detail.

---

Advertising ID (MAID / IDFA) — A unique identifier assigned to your phone, broadcast to every app you install. Android calls it a MAID (Mobile Advertising ID); Apple calls it an IDFA (Identifier for Advertisers). It’s the thread that lets data brokers stitch your activity across apps into a single profile. (Ch 2)

ALPR (Automated License Plate Reader) — Camera systems that photograph vehicle license plates, read the numbers, and log time and location in searchable databases. Often solar-powered and mounted on poles. (Ch 6)

Authority transfer — The deliberate shift of expertise and decision-making capacity from an external source (these chapters, the author) to the group itself. The goal of the transfer is a group that can learn and adapt independently. (Ch 24)

Bad-jacketing — The tactic of falsely labeling loyal members of an organization as informants to create paranoia and internal collapse. Used extensively by the FBI against civil rights and protest organizations. Also referred to as “snitch-jacketing.” (Ch 7)

Behavioral recognition — The ability to identify another group that has developed genuine organizing competencies, based on observable practices rather than stated intentions or symbolic signals. The mutual recognition between capable groups is the bridge to network formation. (Ch 26)

Blameless breach response — A protocol for handling security mistakes that focuses on fixing the system rather than punishing the person. The goal is to make reporting mistakes feel safe, because the alternative — blame — teaches people to hide problems rather than surface them. (Ch 19)

Block — The most serious position on the consensus spectrum. Reserved for decisions that would violate the group’s stated purpose, ground rules, or agreements. Not “I don’t like this” — “this would compromise something fundamental.” Rare by design. (Ch 21)

Bootstrapping paradox — The challenge of coordinating a move to secure channels while still on the insecure channel you’re trying to leave. Every group faces this. The solution is accepting imperfect starting conditions and establishing a floor that rises over time. (Ch 14)

Browser fingerprinting — The practice of identifying users by the unique combination of their browser’s configuration: plugins, fonts, screen resolution, language settings, hardware. Nearly as unique as a physical fingerprint. Does not require cookies or login. Testable at coveryourtracks.eff.org. (Ch 9)

Channeling — An institutional dynamic where grassroots energy is redirected into institutional processes that serve the institution’s legitimacy rather than the community’s priorities. (Ch 31)

Church Committee — Senate committee (1975) that investigated and exposed COINTELPRO and other intelligence abuses. Led to significant surveillance reforms including FISA and congressional oversight committees. (Ch 7)

Civic monitoring — Systematic observation of local government through attendance at public meetings, structured documentation, and public records requests. Adapted from the League of Women Voters Observer Corps model for informal networks. (Ch 33)

Clearview AI — A facial recognition company that scraped the public internet to build a database of 70+ billion images. Sells access to law enforcement agencies for searching faces against the database. (Ch 6)

Co-optation — The structural absorption of grassroots opposition through the appearance of inclusion without the transfer of actual decision-making power. (Ch 31)

Coalition agreement — A written document establishing how coordinating groups make decisions, what’s shared and what’s autonomous, and how disagreements are handled. (Ch 30)

COINTELPRO (Counter Intelligence Program) — FBI program (1956–1971) that used infiltration, disinformation, bad-jacketing, and leader targeting to suppress domestic dissent. Exposed by the Church Committee. Findings are part of the congressional record. (Ch 7)

Complementary partnership — An institutional engagement model where grassroots networks and institutions collaborate on specific shared goals while maintaining separate identities, structures, and autonomy. (Ch 31)

Concentric circles — A model for thinking about information access in layers. New members start at the outer circle (public information) and move inward (operational, then sensitive) as trust develops through shared experience. (Ch 22)

Consensus spectrum — A four-position decision-making tool that replaces binary agree/disagree with a nuanced range: Agree, Reservations, Stand Aside, Block. Adapted from Seeds for Change. Gives group members language for positions between “yes” and “no.” (Ch 21)

Consent (governance) — Decision-making method where proposals move forward unless a participant raises a reasoned, paramount objection. Distinct from consensus (which requires active agreement). (Ch 30)

Constituency (as used here) — Not a political grouping — the people who share your physical space and care about what’s happening in it, regardless of political alignment. (Ch 15)

Content vs. metadata — The critical distinction in communications security. Encryption protects content; minimizing what a platform collects protects metadata. Signal addresses both. WhatsApp addresses only content. (Ch 5)

Credential stuffing — An automated attack that uses stolen username/password combinations from one breach to try logging into other services. Works at scale because most people reuse passwords. (Ch 4)

Crisis pace vs. sustaining pace — The distinction between the intensity of coordination that works for short periods (weeks) during urgent activity and the baseline rhythm a network can maintain indefinitely. (Ch 32)

Daily habits vs. situational activations — Framework for organizing security practices into two modes: things you do automatically every time (password manager, Signal, no link-clicking) and things you activate when your threat level changes (protest attendance, international travel, targeted harassment). The distinction between sustainable practice and unsustainable hypervigilance. (Ch 11)

Data broker — A company that collects, aggregates, and sells personal data — including location data — to commercial and government buyers. (Ch 2)

Data broker re-aggregation — The cycle by which data brokers rebuild profiles from source data every 3–6 months, even after opt-outs. Makes data removal an ongoing maintenance task rather than a one-time fix. (Ch 8)

Decision domains — The sorting of decisions into levels (internal, joint, individual) so that the right decisions are made by the right people at the right scale. (Ch 30)

Deepfake — AI-generated synthetic media (audio, video, or images) designed to convincingly impersonate real people. Consumer-grade tools now produce realistic results from seconds of source audio or a few images. (Ch 10)

Density bias — The tendency of organizing literature and frameworks to assume urban institutional density, overlooking the distinct civic infrastructure and organizing traditions of rural and exurban communities. (Ch 31)

DNS over HTTPS — Encrypts the domain name system queries your browser makes, preventing your ISP from seeing which websites you visit. Available in Firefox under Privacy & Security settings. (Ch 9)

DOGE (Department of Government Efficiency) — Entity established by executive order in January 2025. Gained or sought access to sensitive databases across multiple federal agencies. Subject of dozens of federal lawsuits alleging Privacy Act and constitutional violations. (Ch 7)

Dot-voting — A simple prioritization method where each participant gets a fixed number of votes to distribute across options. Allows quick, visible consensus-building without extended debate. (Ch 17)

Dyad / Triad — Georg Simmel’s distinction between two-person and three-person groups. The triad is qualitatively different: it has a group identity that transcends its individual relationships and can survive the departure of a member. (Ch 17)

Emergent network properties — Capabilities (resilience, distributed capability, rapid coordination) that arise from sustained inter-group coordination and don’t exist within any individual group. (Ch 33)

End-to-end encryption (E2EE) — Encryption where messages are locked on the sender’s device and only unlocked on the recipient’s device. No intermediate party — not the app company, not the carrier, not the server — can read the content. (Ch 5)

Evaluation (eval) — A structured test designed to assess what an AI model can and can’t do, including capabilities that could be dangerous. (Ch 1)

Exposure baseline — A record of what personal information is currently findable about you online. Established by searching yourself and documenting results. Used to measure whether opt-outs and other mitigations are working. (Ch 8)

Family code word — A pre-agreed verification phrase shared only among trusted contacts, used to confirm identity during unexpected phone calls. Effective defense against voice cloning because the AI can only reproduce voice, not knowledge the cloner doesn’t have. (Ch 10)

Field journal — A personal, private record kept by each group member. Not a shared document. Used for individual reflection that feeds into group learning. Introduced in Level 1; becomes a group tool in Level 2. (Ch 2, 18)

Field secretary — SNCC’s term for organizers sent into communities to build relationships and support local leadership. Field secretaries like Charles Sherrod practiced “slow and respectful work” — listening before organizing, understanding before acting. (Ch 13)

FISA (Foreign Intelligence Surveillance Act) — Law creating a court to oversee surveillance warrants, established as a reform after the Church Committee revelations. Section 702, added later, authorized broader collection from internet companies without individual warrants. (Ch 7)

Frontier model — The newest, most capable AI systems, typically developed by a small number of labs and evaluated before wider release. (Ch 1)

Geofence warrant — A legal request that compels a technology company (typically Google) to hand over information on every device that was near a specific location during a specific time window — sweeping up everyone in the area, not just suspects. (Ch 3)

Geographic anchoring — Organizing around shared place rather than shared ideology. Documented as the strongest predictor of group resilience across Indivisible, mutual aid networks, and international resistance movements. (Ch 15)

Graduated identity revelation — The practice of sharing more about what you’ve been doing as trust develops naturally, rather than disclosing everything at once. You don’t mention the journal or the model in a first conversation — not because it’s secret, but because it’s not relevant yet. (Ch 16)

Graduated response — Ostrom’s finding from commons governance: successful communities handle norm violations through escalating responses rather than immediate confrontation or silent tolerance. Gentle reminder first, private conversation if it continues, group discussion if the pattern persists. Curiosity before accusation. (Ch 21)

Groan zone — Sam Kaner’s term for the uncomfortable space between easy early agreement and genuine resolution. Characterized by diverging ideas, competing preferences, and the absence of shared understanding. Most groups interpret this discomfort as failure. It’s actually the sign of a group becoming real. (Ch 21)

Hidden hierarchy — Informal, unaccountable leadership that exists in ostensibly structureless or distributed organizations, identified by Jo Freeman and illustrated by the Sunrise Movement case study. (Ch 32)

ImmigrationOS — Palantir-built platform for ICE that integrates government databases for immigration enforcement targeting, tracking, and case management. $30 million contract awarded April 2025. (Ch 7)

IMSI (International Mobile Subscriber Identity) — The unique identifier associated with your SIM card. An IMSI catcher captures this to identify and locate your phone. (Ch 6)

IMSI catcher / Stingray — A device that mimics a cell tower, causing all phones within range to connect and identify themselves. Captures IMSI numbers (unique SIM card identifiers) and GPS locations. Some versions can intercept call and text content. “Stingray” is a brand name that has become the generic term. (Ch 6)

Interaction ritual chains — Sociologist Randall Collins’ concept that regular, predictable group gatherings generate emotional energy that sustains participation independent of meeting content. The rhythm of gathering is itself a bonding mechanism. (Ch 23)

Lateral reading — The practice of leaving a source to check what other sources say about it, rather than evaluating a source by reading deeper into it. The method that distinguishes professional fact-checkers from domain experts. (Ch 10)

Listening for care — Attending to whether someone is frustrated, engaged, or wanting things to be different, rather than assessing their political alignment. Care is the signal; positions are noise at this stage. (Ch 16)

Living document — A governing text designed to be revised as the community’s understanding evolves, modeled on the Quaker Books of Discipline and the Zapatista governance restructuring. (Ch 34)

Location history — A detailed log, maintained by your phone’s operating system and apps, of everywhere your device has been — often going back years. (Ch 1)

Manifest V3 — Google’s updated extension framework for Chrome, which restricts the capabilities of ad blockers and privacy tools. Caused the removal of full uBlock Origin from Chrome. Firefox is not affected. (Ch 9)

Master password / passphrase — The single password you memorize to unlock your password manager. A passphrase (multiple random words) is both stronger and easier to remember than a complex short password. (Ch 4)

Metadata — Data about communications rather than the content itself: who you talked to, when, how long, from where, how often. Often more revealing than message content and subject to weaker legal protections. (Ch 5)

MINDSPACE — A behavioral influence framework identifying nine factors that shape decision-making: Messenger, Incentives, Norms, Defaults, Salience, Priming, Affect, Commitments, and Ego. Developed by Dolan et al. (2010) for the UK Cabinet Office. (Ch 12)

Motivational diversification — The practice of serving multiple reasons people show up (cause, friendship, learning, agency), rather than relying on a single motivator. Groups with diverse motivational roots are more resilient when any single motivation weakens. (Ch 25)

Near-peer teaching — An educational approach where the teacher is only slightly more experienced than the learner. Works because proximity to the difficulty produces better instruction than distant expertise. (Ch 35)

Network of affiliates — An organizational model where existing local groups coordinate through a shared framework without merging into a single organization. Each affiliate maintains its own identity, leadership, and decision-making. The SCLC model: coordination without centralization. (Ch 36)

NIST (National Institute of Standards and Technology) — Federal agency that tests and evaluates technology standards, including facial recognition algorithm accuracy across demographics. (Ch 6)

Onboarding — The structured process of bringing a new member into an existing group. Distinct from recruitment (finding people) and orientation (explaining the group). Onboarding is relational integration — the new person becomes part of the group’s culture, not just its roster. (Ch 22)

Onboarding protocol — Recognition-based process for integrating new groups into an existing network, emphasizing deliberate growth at the speed of trust rather than rapid expansion. (Ch 34)

One-to-one (relational meeting) — A structured conversation from the IAF organizing tradition where two people take turns listening to each other without interruption. The purpose is understanding — what someone cares about, what they’re afraid of, what they want to protect — not agreement or planning. (Ch 13)

OSINT (Open-Source Intelligence) — The practice of building a complete picture of someone from publicly available information: social media, people-search sites, public records, employer websites, review platforms. Used by investigators, doxxers, and data brokers. (Ch 8)

Outward connection — The first step toward network participation: making contact with existing organizations in your community, not to merge or recruit, but to know the landscape of who is already working near you. (Ch 25)

Palantir — A data analytics company that integrates multiple surveillance and data streams into unified platforms used by government agencies. Named here as an example of how separate surveillance systems become interconnected. (Ch 6)

Parallel running — The period when both old and new communication platforms are active simultaneously. Research consistently shows this leads to collapse back to the original platform, because the old channel retains more participants and therefore more activity. (Ch 20)

Paramount objection — A reasoned concern that a proposal would cause concrete harm to a group’s ability to fulfill its shared purpose. Preferences and uncertainties are not paramount objections. (Ch 30)

Password manager — Software that generates, stores, and autofills unique passwords for every account, encrypted behind a single master password. (Ch 4)

Peer education — The practice of non-experts teaching non-experts, as distinct from expert-to-novice instruction. The teacher’s recent experience of learning is itself an asset — they remember what was confusing, what helped, and what the textbook skipped. (Ch 24)

Peer mediation — A structured process where a third party outside a dispute facilitates clarification and resolution between two groups, using position rather than expertise as the source of authority. (Ch 32)

People-search sites — Consumer-facing websites that aggregate personal information from public records and data brokers. Display home addresses, phone numbers, relatives’ names, and more. Free to search; opt-outs available but require periodic maintenance. (Ch 8)

Popular education — An educational tradition rooted in Paulo Freire’s work, emphasizing that participants’ existing knowledge is the starting point for learning. The facilitator draws out what the group already knows before introducing new material. (Ch 24)

Process-checker — A rotating meeting role whose job is to notice who hasn’t spoken and name it. Prevents the structurelessness failure mode where the most vocal participants dominate. Makes invisible group patterns visible. (Ch 17, 18)

Protégé effect — The phenomenon where the act of teaching deepens the teacher’s own understanding of the material. Teaching forces you to organize and articulate knowledge in ways that learning alone doesn’t require. (Ch 35)

Public records request — Administrative request for government documents under FOIA (federal) or state equivalents. Requires no lawyer, organizational affiliation, or special standing. (Ch 33)

Readiness — The state of preparation that allows a group to act effectively when a moment arrives. Distinguished from courage (willingness to act) and urgency (pressure to act). Montgomery’s lesson: readiness is the threshold. (Ch 26)

Real-time bidding (RTB) — The automated auction system that decides which ads you see. Your phone’s location and other data are broadcast to dozens of companies in milliseconds during each auction. The same system that serves ads also feeds the data broker pipeline. (Ch 2)

Reference library — The mode this book enters after completion. No longer read sequentially; consulted by function when specific needs arise. The shift from curriculum to reference library is the structural marker of the network’s independence from the material. (Ch 36)

Reflective practice — The process of learning from structured reflection on experience, not just from the experience itself. In organizing, this means debriefing after actions and meetings rather than moving straight to the next task. (Ch 23)

Relational power — The capacity that comes from trusted relationships between people, as distinct from positional power (authority from a role) or institutional power (authority from an organization). In the IAF framework, relational power is built through one-to-ones and is the foundation of all effective organizing. (Ch 13)

Reproduction — The process by which a group or network transmits its practices, knowledge, and experience to others who are starting. Distinguished from recruitment (adding members) and formalization (creating institutional structures). Reproduction requires documentation and teaching; it doesn’t require institutional overhead. (Ch 35, 36)

Response efficacy — The belief that the recommended action will actually work to reduce the threat. Together with self-efficacy, the strongest predictor of long-term security behavior change. (Ch 12)

Reverse keyword warrant — A court order requiring a search engine to reveal all users who searched for specific terms within a given timeframe. Used in the Seymour case (2020). The Colorado Supreme Court was the first state high court to rule on their admissibility (2023). (Ch 9)

Role rotation — The practice of assigning meeting roles (facilitator, note-taker, process-checker) to different people each meeting. Prevents informal hierarchy from forming around facilitation skill or willingness. (Ch 18)

Safety Numbers (Signal) — A verification feature in Signal that confirms you’re communicating with the intended person and not a man-in-the-middle. Best verified in person by scanning each other’s QR codes. (Ch 14)

SDK (Software Development Kit) — A package of code that app developers embed in their apps, often provided by third-party data companies. The SDK collects data from the app and sends it to the data company — usually without the user’s knowledge. (Ch 2)

Security as care — The reframing of security practices from individual discipline to relational commitment. Configuring disappearing messages protects your partner, not just you. Introduced in Chapter 14, developed across Level 2. (Ch 14)

Security champion — A rotating group role. The champion stays current on threats, sends reminders, and helps members with setup or configuration. Chosen for empathy, not technical expertise. Rotates monthly to prevent informal hierarchy. (Ch 19)

Security culture — A set of agreements a group makes about how they protect each other. Not a checklist of tools or a set of rules imposed from outside. The emphasis is on mutual protection: your security practices are care for the people around you. (Ch 19)

Security fatigue — The weariness and reluctance to deal with security decisions, leading to resignation, risk minimization, and decision avoidance. Identified by NIST researchers as a primary driver of poor security behavior among people who are aware of risks but overwhelmed by the effort of managing them. (Ch 11, 12)

Security floor — The minimum set of security practices a pair or group commits to. Not aspirational — actual. Written down and verified. The floor rises over time but must start somewhere concrete. (Ch 14)

Self-efficacy (in security adoption) — A person’s belief that they can effectively perform the recommended security behavior. Research shows this predicts sustained compliance more strongly than perceived threat severity. (Ch 12)

Shared principles — A short document (3–7 principles) written collectively by the network, reflecting commitments observable in practice. Revisable by consent. Broader than rules, more specific than aspirations. (Ch 34)

SIFT — Four-step information verification framework (Stop, Investigate the source, Find better coverage, Trace claims to origin) developed by digital literacy researcher Mike Caulfield. (Ch 10)

SIM-swapping — An attack where someone convinces your phone carrier to transfer your number to their device, allowing them to intercept SMS verification codes. Signal’s Registration Lock is the defense against the Signal-specific version of this attack. (Ch 4, 5)

Social support deterioration — The documented pattern in which social support surges during crisis and then declines, even when the underlying need for support persists. Understanding this pattern helps groups prepare for the inevitable dip rather than being blindsided by it. (Ch 25)

Spokes council — A coordination structure where each group sends a rotating delegate (spoke) with a defined mandate to make inter-group decisions by consent. (Ch 30)

Standing coordination meeting — Regular meeting of all group liaisons (spokes) with a consistent agenda, replacing ad-hoc bilateral communication that fragments at three-plus groups. (Ch 33)

Starter kit — A short document produced by the network that captures essential skills, working protocols, hard-won lessons, and advice for people beginning the same work. Designed for a specific community and terrain, not as a general guide. (Ch 35)

Story of Self / Story of Us — Marshall Ganz’s framework for building shared group identity through personal narrative. Story of Self connects individual motivation to group purpose. Story of Us creates a shared narrative that the group owns collectively. (Ch 23)

Sunset date — A hard deadline for deleting the old communication channel. The forcing function that prevents parallel running from becoming permanent. Not an archive date — a deletion date. (Ch 20)

The approach — The moment a person goes from thinking about connecting with someone to actually having the conversation. The highest point of failure in the organizing process and the least-taught skill in existing resources. (Ch 16)

Threat model — A structured assessment of what you’re protecting, who might want access to it, how likely the threat is, how severe the consequences would be, and how much effort you’re willing to invest in protection. The foundation for all personal security decisions. (Ch 3)

Threshold (as used in this book) — Not a gate, badge, or token. A self-assessed readiness based on demonstrated competency. You cross the threshold by having done the work, not by receiving permission. (Ch 12)

Threshold mechanic — The transition point between Level 2 (group capability) and Level 3 (network coordination). Crossed not by completing a task but by demonstrating readiness through sustained practice, outward connection, and collective action. (Ch 26)

Tier 1 / Tier 2 / Tier 3 — A rough classification of personal risk levels. Tier 1: baseline risks from living in a surveillance economy. Tier 2: elevated risks from activism, journalism, teaching, or personal situations involving hostile actors. Tier 3: risks involving sophisticated adversaries where operational security is a safety issue. (Ch 3)

Triadic closure — The network science principle that a three-node network is qualitatively more resilient than a two-node partnership, enabling redundancy, mediation, and distributed specialization. (Ch 32)

Two-factor authentication (2FA) — A security method requiring two separate forms of proof to access an account — typically a password plus a code from an app or device. Hierarchy: SMS (weakest) → authenticator app (strong) → hardware key (strongest). (Ch 4)

Tyranny of structurelessness — Jo Freeman’s 1972 concept: every group has structure, whether explicit or hidden. Groups that claim to be “leaderless” are led by whoever has the most social capital, free time, or volume — and that informal authority can’t be questioned or rotated. (Ch 17, 34)

Username reuse — Using the same username across multiple platforms, creating traceable connections between accounts. A primary vector for OSINT identification. (Ch 8)

Voice phishing (vishing) — Phone-based social engineering using AI-cloned voices to impersonate family members, executives, or officials. Exploits urgency and emotional response. Surged over 400% in 2024–2025. (Ch 10)

Vouching — The practice of an existing member taking personal responsibility for introducing a new person. The voucher isn’t guaranteeing the new person’s character — they’re saying “I know this person well enough to recommend this conversation.” (Ch 22)

VPN (Virtual Private Network) — Encrypts internet traffic between your device and a VPN server, hiding browsing from your ISP and local network. Shifts trust from ISP to VPN provider — does not eliminate the need for trust. Most useful on public Wi-Fi or when ISP logging is a concern. (Ch 9)

Weak ties — Acquaintance-level connections that bridge separate social networks. From Granovetter (1973). In organizing, weak ties are more valuable than strong ties for expanding reach because they connect to communities outside your existing circle. (Ch 15)

Weakest-link problem — The principle that a group’s security is defined by its least-secure member, not the average. One person with notification previews on and a four-digit PIN defines the group’s exposure, regardless of what everyone else does. (Ch 14, 19)