Templates & Tools

Every template, tool, and framework referenced in the book, collected in one place. Each item links back to the chapter where it’s introduced in full context.

Level 1: See Clearly

Chapter 2: The Invisible Auction

  • Field Journal — Start an offline record of your security actions and findings. Recommended tools: paper notebook, Obsidian (free, local-first), or Logseq (free, local-first). Do not use cloud-based tools like Google Docs or Notion.

Chapter 4: Your Passwords Are Already For Sale

  • Bitwarden — Free, open-source password manager. Code is publicly available and independently audited. Available at bitwarden.com.
  • Authenticator apps — Google Authenticator, Authy, or Bitwarden’s built-in authenticator. Generate time-based one-time codes that change every 30 seconds.
  • YubiKey — Hardware security key (USB device). Strongest 2FA option. Recommended for Tier 2–3 threat models.

Chapter 5: Who’s Listening?

  • Signal — Free, open-source, nonprofit encrypted messaging app. End-to-end encrypted content with minimal metadata collection. Available at signal.org.
  • Signal Registration Lock — Prevents re-registration of your Signal account on another device using your phone number. Settings → Account → Registration Lock.
  • Disappearing messages — Signal feature that automatically deletes messages after a set period (recommended: 1 week). Reduces data exposure if a device is compromised.

Chapter 6: The Watchers

  • EFF Street-Level Surveillance atlas — Interactive map of surveillance technology acquired by local law enforcement agencies. Available at atlas.eff.org.
  • Field journal: physical environment map — Record what surveillance infrastructure exists in your area: ALPR cameras, facial recognition use, social media monitoring contracts. This builds on the digital environment mapping from earlier chapters.

Chapter 7: COINTELPRO Never Ended — It Just Got an Upgrade

  • ACLU Know Your Rights — Overview of rights during interactions with law enforcement, immigration agents, and at protests. Available at aclu.org/know-your-rights.
  • Four phrases for legal encounters — “Am I free to go?” / “I do not consent to this search.” / “I am exercising my right to remain silent.” / “I want to speak to a lawyer.” Establishes a legal record; does not prevent actions but creates documentation if rights are violated.

Chapter 8: You Are Not Hard to Find

  • TruePeopleSearch — Free people-search site. Opt-out: scroll to bottom of homepage → “Do Not Sell or Share My Personal Information.”
  • Spokeo — Free people-search site. Opt-out: spokeo.com/optout → enter listing URL → provide email → confirm.
  • Whitepages, BeenVerified, Radaris — Additional major people-search sites. Each has its own opt-out process; five to ten minutes per site.
  • Google “Results About You” — Tool for requesting removal of search results containing your personal contact information. Available at myactivity.google.com/results-about-you. Free; flags new results as they appear.
  • Optery — Free scan searches 1,000+ data broker sites. Paid tier handles removals; free tier provides results for manual opt-outs. Available at optery.com.
  • Self-OSINT audit — Google yourself (name + city, name + phone, name + email). Check username reuse across platforms. Map connections between professional and private identities. Record exposure baseline in field journal.

Chapter 9: Your Browser Is a Fingerprint

  • Cover Your Tracks (EFF) — Browser fingerprint test at coveryourtracks.eff.org. Shows how many bits of identifying information your browser broadcasts. Run before and after installing uBlock Origin to compare.
  • uBlock Origin — Free, open-source browser extension that blocks trackers, ads, and malicious domains. Full version available on Firefox (recommended) and Brave. Chrome limited to uBlock Origin Lite (reduced functionality).
  • DuckDuckGo — Search engine that doesn’t log searches or tie queries to user profiles. Pulls results from Bing. Privacy difference from Google is structural, not cosmetic.
  • Firefox Multi-Account Containers — Extension that isolates browsing activities into separate containers (e.g., banking separate from social media). Prevents cross-site cookie tracking between contexts.
  • DNS over HTTPS — Firefox setting that encrypts DNS queries, preventing your ISP from seeing which domains you visit. Enable in Settings → Privacy & Security → DNS over HTTPS → “Max Protection.”
  • Mullvad VPN — No email required to sign up (random account number). Accepts cash payment by mail. Independently audited. No-log policy held up under legal pressure.
  • ProtonVPN — Swiss-based. Free tier available. Integrates with Proton Mail and other Proton services. Independently audited. No-log policy held up under legal pressure.

Chapter 10: Seeing Through the Noise

  • SIFT Method — Stop → Investigate the source → Find better coverage → Trace claims to origin. Apply to any claim before sharing or acting on it. Record results in field journal.
  • Download: SIFT Framework Reference Card
  • Family Code Word Protocol — Agree on a word or phrase with immediate family/close contacts for phone identity verification. Requirements: never used in normal conversation, not findable in social media posts, shared only in person or via encrypted channel. Use when receiving any unexpected urgent call requesting money or action.
  • Primary Source Repositories — PACER (pacer.uscourts.gov) for federal court records. Congress.gov for congressional records and legislation. FBI Vault (fbi.gov/vault) for FOIA documents. NSA declassified documents page. Your state judiciary website for state/local court records.
  • Lateral Reading — Verification technique: instead of reading deeper into a source to evaluate it, leave the source and check what other sources say about it. Search for the claimant, not just the claim.

Chapter 11: When to Worry and When to Live

  • Personal Security Checklist Template — Three-section framework: (1) Permanent changes / new defaults, (2) Scheduled maintenance with calendar frequency, (3) Situational activations with trigger conditions. Build in your field journal.
  • Download: Personal Security Checklist

Chapter 12: The Hardest Skill

  • Persuasion script framework — Match the case study to the listener’s concern: privacy → Burrill, wrongful suspicion → McCoy, identity exposure → Blumenthal pattern. Lead with care (“I found something that helps”), not fear (“you’re being watched”).
  • Signal migration checklist — (1) Install together, in person or on call. (2) Move one active group chat. (3) Make Signal the default for sensitive conversations. (4) The mundane conversations normalize the tool.
  • Level 1 self-assessment — Four checks: field journal with threat model and security checklist; Signal installed with at least one active conversation; at least one teaching interaction completed and documented; maintenance schedule set with calendar reminders.

Level 2: Find Each Other

Chapter 13: The First Conversation

  • One-to-one relational meeting script — (1) Find 45 minutes, in person preferred. (2) Each person gets 15 minutes of uninterrupted speaking time. Three guiding questions: Why do you care? What are you afraid of? What do you want to protect in your community? (3) Listener’s only job: listen. No responding, no “me too,” no solving. (4) After both have spoken, 10–15 minutes of open conversation about what you heard — not what you agreed with. (5) Each person writes an impression in their field journal.
  • Field journal prompt — What moved your partner? What moved you? Where do your concerns overlap? Where do they diverge? What surprised you about listening for 15 uninterrupted minutes?

Chapter 14: Security Is a Conversation Now

  • Shared security floor template — (1) Communication: all conversations on Signal, disappearing messages set to one week. (2) Device baseline: alphanumeric passcode, current OS, notification previews off. (3) Information boundaries: who knows about the partnership, what stays private, agreed response to questions. (4) Verification: Safety Numbers confirmed in person via QR code scan.
  • Shared threat model worksheet — Compare individual threat models side by side. Identify: overlapping concerns, divergent risks, the least-secure practices in the pair, and specific commitments to raise the floor.

Chapter 15: How to See Your Neighborhood

  • Neighborhood mapping template — Three categories: (1) People who care about local issues (minimum five per partner). (2) Places where people gather face-to-face. (3) Existing organizations or informal networks. Map individually, then combine. Mark overlaps and unique access points.
  • Weak-tie identification prompt — For each person on your map, note: How do you know them? How often do you interact? Who do they know that you don’t? The people you interact with least frequently but most consistently are likely your strongest bridges.

Chapter 16: The Approach

  • Approach framework (not a script) — (1) Start with something local and real that you’ve both observed. (2) Listen for care and frustration, not political positions. (3) Share what you’ve been doing when it feels honest — as something true about your life, not a pitch. (4) Invite curiosity: “Would you want to talk more about this sometime?” (5) Graceful exit if they’re not ready: “No pressure at all — I just wanted to mention it.”
  • Debrief prompts for your partner conversation — What happened? What surprised you? What did the person care about? Were they ready, or not yet? What was underneath the words? Would you approach them again?
  • Field journal prompt — Don’t record what you said. Record what you heard. What mattered to them? What was the local thing you both could see? Did you feel yourself rehearsing — and if so, when did you stop?
  • Anti-manipulation check — Before approaching, ask yourself: Am I genuinely curious about this person? Would I be fine if they said no? Am I sharing something true, or deploying a strategy? If the answer to any of these is wrong, wait.

Chapter 17: What You’re Building (And What Breaks It)

  • First-meeting script — Full scripted agenda included in this chapter. Print and bring to the first meeting. The facilitator reads it aloud from the page. Sections: Opening (2 min) → Go-Round #1: Why are you here? (15 min) → Go-Round #2: What should we work on? (15 min) → Dot-vote prioritization (10 min) → Closing (5 min). Total: ~45–60 minutes.
  • Shared purpose statement template — One sentence: “We’re here because…” Criteria: honest, plain, something any member could say to a stranger and have it make sense.
  • Three ground rules (starter set) — (a) One person speaks at a time. (b) What’s shared here stays here unless agreed otherwise. (c) When you disagree, say what you need, not what’s wrong with someone else. These draw from Freeman’s principles, Ostrom’s work on commons governance, and nonviolent communication.
  • Three rotating roles — Facilitator (reads script, watches clock), Note-taker (records decisions and action items), Process-checker (notices who hasn’t spoken and names it). Rotate every meeting.
  • Field journal prompt — After your first meeting: What worked? What was awkward? What surprised you? What would you change for next time?

Chapter 18: The First Meeting

  • Field journal prompt — After the meeting, each person answers individually: (1) What worked? (2) What was awkward? (3) What surprised you? Reflect alone first; compare notes with the group before your next meeting.
  • Pre-meeting checklist — Before the first meeting, confirm: script printed (Chapter 17), roles assigned (facilitator, note-taker, process-checker), purpose statement visible, ground rules visible, time and location confirmed, food/drinks arranged if possible.
  • Role rotation tracker — Simple log: Date | Facilitator | Note-taker | Process-checker. Rotate every meeting, no exceptions. Track it so the pattern stays visible.

Chapter 19: Security Culture Is Care

  • Group security floor template — Four agreements to write together: (1) Communication platform: all group conversations on Signal, disappearing messages one week, Safety Numbers verified in person. (2) Information boundaries: what stays in the group, what can be shared outside. (3) Breach protocol: acknowledge (no blame) → identify what made the mistake easy → adjust practices. (4) Security champion: one person, rotating monthly, chosen for empathy.
  • Blameless breach response steps — When a security practice is violated: (a) The person who made the mistake reports it without fear of blame. (b) The group identifies the structural factor that made the mistake easy — not the person, the system. (c) The group adjusts its practices to prevent recurrence. Borrowed from software engineering incident response.
  • Security champion role description — Stays current on relevant threats. Sends gentle reminders when practices slip. Models the behavior they’re asking for. Says “want me to help?” not “you need to fix this.” Rotates monthly. Not the most technical person — the most empathetic.

Chapter 20: The Platform Move

  • Signal group configuration checklist — Disappearing messages: on, one week. Notification previews: off. Link previews: disabled. Registration lock: on. Screen lock: on. Device passcode: alphanumeric, not four-digit or pattern.
  • Migration timeline — Day 1: Champion sets up Signal group, in-person setup party. Days 1–7: Parallel running period (keep old channel but move all new conversations to Signal). Day 7: Sunset — champion deletes old group. No archive, no fallback.
  • Safety Number verification — In person, scan QR codes in Signal. Takes 30 seconds per person. Confirms no interception. Re-verify whenever someone reinstalls Signal or gets a new device.

Chapter 21: The Groan Zone

  • Consensus spectrum reference card — Four positions: (1) Agree — I support this. (2) Reservations — I have concerns but can live with it. (3) Stand Aside — I disagree and won’t participate in this decision, but I won’t block it. (4) Block — This would violate our purpose, ground rules, or agreements. I’m asking the group to find another way.
  • Download: Consensus Spectrum Reference Card
  • Group agreements template — Four agreements to write together: (1) Disagreement: “We use the consensus spectrum. When someone disagrees, they name their position.” (2) Upset: “We use ‘I feel… when… because… I need…’ statements, not ‘you always/never’ statements.” (3) Political disagreement: “We focus on local action. We don’t debate national politics in meetings. When political topics come up, we ask how they connect to what we’re doing.” (4) Norm violations: “First response is curiosity: ‘What happened?’ Gentle reminder → private conversation → group discussion.”
  • “I” statement structure — From nonviolent communication. Format: “I feel [emotion] when [specific situation] because [need or value]. I need [specific request].” Example: “I feel frustrated when decisions get made between meetings because I need to be part of the process.”
  • Operating document checklist — By this point your group’s operating document should contain: (1) Purpose statement (Chapter 17), (2) Ground rules (Chapter 18), (3) Security agreements (Chapter 19), (4) Group agreements (this chapter). Revisit whenever something happens the existing agreements don’t cover.

Chapter 22: Growing Without Breaking

  • Concentric circles model — Three-tier information classification (public / operational / sensitive) for managing what new members learn and when.
  • Download: Concentric Circles of Trust Reference Card
  • Onboarding sequence — Five-step process: vouching → one-to-one → document review → first meeting → shared activity → full membership.
  • Post-addition debrief — Three questions: How did onboarding go? What needed more explanation? What agreements need updating?
  • Field journal prompt — Who did you bring in? Who vouched? What changed at four? What do you expect at five?

Chapter 23: Who We Are (And How We Work)

  • Story of Self protocol — 2 minutes per person, no cross-talk. Structure: challenge → choice → outcome. Question it answers: “Why do you care enough to be in this room?”
  • Story of Us protocol — 15 minutes, open conversation. Three questions: What brought us together? What do we share? What are we building? Output: a sixty-second narrative any member could tell a stranger.
  • Peer coaching protocol (debrief card) — Four questions after every meeting: What did we try? What worked? What was hard? What do we want to try next time? Written on a card. Read back at the start of the next meeting. Process-checker leads. Rotates with meeting roles.
  • Five infrastructure elements — Role rotation, fixed meeting rhythm, social element, accountability question, debrief protocol. All written into the group’s operating document.

Chapter 24: Teaching Each Other

  • Skill share format — 15 minutes to teach, 10 minutes to practice together, 5 minutes to discuss. Three popular education moves: (1) ask what the group already knows, (2) fill the gaps, (3) practice together.
  • First-steps guide — One-page onboarding document written collaboratively by the group. Constraint: one page, plain language, essentials only. Answers the question: “If someone walked in next week, what would they need to learn first?”
  • Field journal prompt — What did each person teach? What surprised you? What’s on the first-steps guide? Anything to add after a week?

Chapter 25: What Keeps You Together

  • Identity conversation protocol — Three questions for a thirty-minute meeting: (1) What brought us together? (2) What keeps us together if the original urgency fades? (3) What are we building that matters regardless of what happens next? Write answers down as the group’s anchor document.
  • Motivation mapping — Each person names their actual motivations for attending. Document them honestly. Revisit when participation dips.
  • Outward connection guide — What to share on first contact (your group exists, you’re interested in local issues). What to hold back (security practices, internal dynamics, operating document). What to assess (What are they working on? Is there overlap? Do you trust them?).
  • Field journal prompt — What surprised you in the identity conversation? What motivations did people name? Who did you connect with and what did you learn?

Chapter 26: What Five People Can Do

  • Collective action planning checklist — Who does what? What’s the security posture? What’s the communication plan? Who’s the point of contact? What’s the fallback if something goes wrong?
  • Debrief protocol — (Established in Chapter 23.) What did we try? What worked? What was hard? What do we want to try next time?
  • Behavioral recognition markers — Not secret signals but observable competencies: structured meetings with clear roles, security awareness without theater, concrete local focus, graduated trust, debrief culture, distributed leadership.
  • Field journal prompt — What did your first collective action teach you? What are you ready for now? What would you tell someone just starting?

Level 3: Build Together

Chapter 30: Decisions Without a Boss

  • Spokes Council Protocol — Pre-meeting preparation, opening, proposal process, consent test, closing and debrief cycle.
  • Decision Domain Mapping Template — Four categories: internal, joint, individual, gray areas.
  • Coalition Agreement Template — One-page document covering membership, decision-making, shared/autonomous domains, disagreement handling, amendment process.

Chapter 31: The Landscape Around You

  • Institutional Mapping Framework — Six-factor assessment: name/function, constituency, overlap, engagement history, opportunity, co-optation risk.
  • Legal Awareness File — State-specific compilation of protest law tracker results, ACLU guides, NLG contacts, local legal aid organizations.

Chapter 32: What Holds When It’s Hard

  • Peer Mediation Protocol — Pre-session separate meetings, opening ground rules, diagnostic question, resolution spectrum, documented outcome.
  • Network Health Check — Structured 30-minute assessment: workload distribution, pace identification, friction/success inventory, transition planning.
  • Sustainability Framework — Rotating roles with descriptions and term limits, structural workload check-ins, crisis/sustaining pace distinction, explicit rest provisions.

Chapter 33: More Than the Sum

  • Civic Monitoring Observation Template — Date, body, location, attendance (members/staff/public), agenda vs. actual discussion, decisions and vote type, public comment, observer’s surprises. Shared through liaison channel after each meeting.
  • Civic Monitoring Rotation Schedule — Group-to-body assignment grid, rotating monthly. Spoke coordinates each group’s assignment.
  • Standing Coordination Meeting Agenda — Civic monitoring updates, active coordination items, upcoming consent decisions, group concerns and proposals.

Chapter 34: Shared Principles, Separate Paths

  • Shared Principles Facilitation Process — Four-question sequence for a joint meeting: (1) What brought our groups together? (2) What holds us together beyond the original reason? (3) What commitments do we share? (4) What do we refuse to do? Aim for 3–7 principles. Document and share through liaison channel.
  • Freeman Diagnostic Questions — Three questions for a joint discussion after reading the essay: (1) Where do we see informal hierarchy? (2) Where is structure helping? (3) Where is it constraining?
  • Onboarding Protocol — Boundary-spanner meetings → probationary coordination period (1–2 meetings as observers) → shared principles review and discussion → consent-based admission by existing network.

Chapter 35: What You’d Tell Someone Starting

  • Starter kit four-question framework — (1) What are the essential skills? (2) What are the protocols that worked? (3) What did you learn the hard way? (4) What would you tell someone just starting? Designed for multi-meeting production with cross-group drafting teams.
  • Starter kit production timeline — Meeting 1: draft (assign questions to teams). Meeting 2: assemble, read aloud, revise. Meeting 3: finalize, share via liaison channel, identify recipients.

Chapter 36: The Path Is People

  • Reference library index — Organized by function — maps each coordination need to the specific chapter and tools that address it. Designed for non-sequential consultation after completing the curriculum.
  • Final field journal prompt — Snapshot: how many groups, what you’re working on, what’s functioning, what’s unresolved, what you’re worried about, what you’re proud of. Date it.
  • “What would you tell someone starting” prompt — Write for the person who hasn’t begun yet. Not advice — what you know now that you didn’t know then.