What I typed up in my original Reddit post:
I’m trying to use pictures and footage in a way that’s not copyright infringement. I’m trying to take a note from Hbomberguy here. But of course, that may be impossible, I’m just not sure. Maybe it’s a high bar. Do YouTubers often check or give credit in their pictures?
I’m trying make sure I don’t get into trouble and remain ethical, take the moral path, so to speak. I have sources, at least. Maybe not full citations, but I talk about my sources in my book reviews. But the pictures and slides confuse me. Is there a way to cite them or do I just take them from Google images or some stock photo and use them? What about screenshoting some?
What about using footage or footage from other YouTubers? Stock footage? Or footage from another YouTube channel, like historical footage or black-and-white footage? Or, say, you wanted to use a gaming stream footage? I’m trying to cover my bases here.
I’m just trying to not get in trouble and remain respectful.
What are the ethics here?
Sorry, dumb questions, I know, but I feel that a clear answer is needed and Reddit gives me answers better than Google searches, though I am using those.
I didn’t get as many answers as I would’ve liked. I’m also looking for resources for stock imagery or footage or music. In addition, anything else I need. Maybe a website with free images? I don’t know, but anything I might be missing.
Cheers!
I am looking through Googel and Bing on this topic so I’m still doing my own research; this is just in case I’ve missed anything.
If you do need to use copyrighted images for fair use purposes, modifying them a bit can help obfuscate them from bots. Let’s say you want to criticize Nestlé. Their logo is birds in a nest. You could swap the birds for different cartoon birds, for example. This can be an opportunity to do something artistic or interesting as well as satire, like making the nest be made of dollar bills, a baby bird be porky, etc.
Another tip is totally separate from the copyright question but I do think it is importsnt. In terms of social media, both platforms are not anonymous by default. While you can obfuscate via your username so that randos can’t ID you, both Facebook and Google tend to require a phone number to sign up/log in and both work with governments. So I recommend taking one of two approaches:
Accept that this may eventually be associated with your name and cater your messaging accordingly.
Go down the rabbithole of infosec to become more anonymous. For example, finding a way to buy a phone number with cash and not associated with your name and exclusively using a trustworthy VPN / VPS tunnel, again paid for with cash (Mullvad offers this, including with a voucher that is probably as secure as cash). This is a bunch of work but it is a generally enriching exercise that can provide value in irl organizing.
Also, thanks for being comprehensive in your replies.
Good news, at the least: I already have Mullvad VPN.
I do not have another phone number except my old house number (which maybe I can use?) but that’s about it (I’ve since moved from that location in particular). How do you purchase such a thing?
I am becoming more and more interested in infosec… which isn’t to say that I wasn’t before, but I took my privacy for granted, and now they’re searching damn phones and tablets in airports (I’ve traveled a lot).
Also, I have a Proton account, but I know that they supported the “Hong Kong protestors” back then and I think support Ukraine (which… I don’t consider to be damning, per se, considering that’s all fine and popular to do, but I’m sure, if asked, they would give certain info or ID to other people, if pressured enough to do so). I have an Element or Matrix account as well.
I tried to install Linux already, but made a stupid error, and had to get my laptop unlocked, but I can try again, I’m sure.
Glad you’ve got Mullvad! It’s the best VPN imo.
I haven’t tried buying a phone number anonymously in a long time and the last time I tried it no longer worked for fooling Google, so unfortunately I won’t be super helpful there. But I do know it ia theoretically possible. It’s basically a VOIP provider that is verified to work with Google. Payment anonymously (like with cash) is probably the hardest part. If you go that route I would recommend using something other than a phone number for 2FA, like a yubikey or open source authenticator app, so that if Google eventually says, “we don’t accept this number anymore” you have a chance to log in. Sorry for being less helpful on this question!
Proton is theoretically better than Google for email. IMO email is inherently insecure as a technology and due to the domination from the big providers that will blacklist you for “spam” if you don’t jump through their hoops, which lractically necessitates paying a company to send your emails. The “best” setup that uses that third party and does not use GPG is to buy a domain, self-host your own inbox so that received email goes only to you, and and pay the third party just to send outgoing messages - which should be assumed to be insecure. In theory the best option is to run everything yourself with a domain purchased under a fake name with an anonymous paymeny method (which I haven’t personally tried yet) and being very on top of things so your sent mail doesn’t get marked as spam. And to encryot all your messages via GPG. But at that point of security concer , for most purposes I would just not use email at all and instead use something more inherently secure, ideally in-person conversations. Element and Matrix are better buy their funding model raises red flags so it is jusy something to regularly audit and understand. Avoid the habit of being too candid because you trust the software to protect you!
Linux is great and will help with getting more comfortable with digial security, so that’s a good thing to keep trying at! It has a learning curve so don’t get discouraged when things break the first few times.
Thanks, and yeah, emails are the worst part of security, I can already tell, and probably a real weakness or even potential Achilles’ heel of one’s privacy. I mean, you can’t really survive without them, not at first, and everyone has one and has to use one for their jobs. Really big problem, arguably a systematic and even cultural one.
Also, what is GPG (probably a dumb question)?
And yeah, in-person convos were used in the 2000s for the CPUSA; some people would literally go into the forest or some private area to talk, or that’s one story I once heard.
Also, regarding numbers, I see the terms “2FA” and “VOIP provider” and apps like “open source authenticator” and “yubikey.” I will keep them in mind…
Ultimately, I don’t expect things to be 100% air-tight; the point is to make it more difficult, difficult enough for them not to bother, so that they will “glance over” you, and then move on to more high-profile individuals or groups.
Yeah email sucks, I don’t use it for anything requiring infosec.
GPG is an open source encryption package, you can use it to sign / encrypt your emails and allow others to verify/decode them so long as they have a certain kind of one of your keys.
Going into a forest to talk is legit. It leaves only one source of infosec risk: the people attending not being careful afterwards. As good as it gets! Of course this is not needed for fairly safe things unless your country is at risk of a harsh crackdown.
2FA = 2 factor authentication. Like when sites make you put in a number texted to you after you provided your password. There are key-bases options that are more secure and offer a way to not use a phone number. An authenticator app can also work, after verifying it you pit in numbers as if they were texted to you but they come from an app. A physical device like a yubikey acts basically the same way but you actually plug it into yout phone or computer and it cryptographically verifies that it is the one you registered with the website.
VOIP = voice over IP, a service for digitally calling people on the normal phone network.
For infosec you always want a threat model. IMO the first threat is fascists and other creeps, i.e. don’t get doxxed. Using a totally separate account for something and not sharing personal info does this. The next is corporate-government spying which can amount to the same thing at first, as in, “oops we leaked all the names of pro-Palestinian organizers reom this Google Doc”. If the state turns even more internally fascistic they might even target all socialists, in which case you want a minimized digital footprint to decrease th3 chances of getting caught in their net - which is sure to be an incompetent process on the state’s part.
Following the strats I’ve laid out would protect you from all 3 but are a bit of work.
And of course, once targeted by the state, they will have little trouble tracking people down digitally. The third case is just for minimizing the chance if being targeted. We should all have real escape plans if things start moving fast.
Thanks for the rundown, comrade.