Use a Uleway "dumbphone" along with Qubes OS on computer to frustrate GCHQ attempts at intercept comms/plant malware. Spread to as many as possible and donate!

First buy a Uleway G180 "dumbphone" and use instead of a smartphone - doesn't come with wifi/internet will reduce attack surface. If into gaming use a Xbox console instead of PC! I also recommend putting a block on online transactions on your account to make harder to steal, only allow ethernet/wired connections in your wifi also qubes and linux in general don't work so well on wifi (look up how to do this) and become physically strong, learn BJJ and other martial arts, and know your rights. This will help you "turn tables" on the intelligence services.

Second, install Qubes OS on your computer. WARNING: Qubes OS will delete any OS already on computer and files etc and will encrypt hard drive as a security measure with full disk encryption will a password of your choice. Qubes will be on a USB Stick and from there boot on USB will install Qubes OS on the hard drive of your computer. After this don't need the USB!

Install here: https://www.qubes-os.org/downloads/

Verify signatures so download not tampered with: https://www.qubes-os.org/security/verifying-signatures/

When installed onto hard drive you may have to wait for computer to run out of power and next time load (remove USB) and will start for first time. First time load qubes startup will need to configure Qubes. I recommend enable updates over tor and install Whonix Debian Fedora templates all enabled.

Qubes OS uses a "security by isolation" approach and is considered the most secure OS - everything in Qubes OS runs in isolated virtual machines. Networking and firewall run in their own VMs (called Qubes) as well. Similar to VirtualBox in windows except no operating system "above" it - a "bare metal hypervisor." Malware in one VM/Qube cannot spread to others - you can have a Work VM, Shopping VM, Banking VM, untrusted/random VM and not connected to internet Vault VM to store passwords. If malware infects one VM, it cannot spread so contains damage. You run multiple operating systems including Fedora, Debian and even Windows. For added security you can use "disposable" VMs all the time that self destruct when shut down. Like multiple computers on same computer!

Getting started: https://www.qubes-os.org/doc/getting-started/

Organize your Qubes: https://www.qubes-os.org/doc/how-to-organize-your-qubes/

Update Qubes: https://www.qubes-os.org/doc/how-to-update/

Backup Qubes: https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/

Copying and pasting text (between Qubes): https://www.qubes-os.org/doc/how-to-copy-and-paste-text/ 

Copy and paste files: https://www.qubes-os.org/doc/how-to-copy-and-move-files/

Copy from dom0 (admin qube): https://www.qubes-os.org/doc/how-to-copy-from-dom0/

Install software: https://www.qubes-os.org/doc/how-to-install-software/

Use USB and other devices: https://www.qubes-os.org/doc/how-to-use-devices/

We will install various privacy tools: including Whonix (with Tor Browser), Signal Desktop for video calls, Pidgin Instant Messenger with XMPP and OTR (over Tor) and Ricochet Refresh (does have chat but we will use it for File Transfer OTR doesn't encrypt file transfers.) 

I recommend updating Qubes OS every week daily seems overkill.

Next use KeePassXC password manager in the default "vault" qube is recommended. Go to the default created Vault qube by clicking top left then go down hover over "vault" and click on settings bottom right. Go to Applications and move KeePassXC and File Manager to "Applications shown in App Menu." Click on KeePassXC in file menu and create new database. After enter password load database and click plus symbol in a circle middle left says "Add a new entry." Enter username and Title (say Gmail) and generate password ensuring eye has diagonal line click symbol to left of it.click apply password and click OK. Right click on the row that is your title and click "copy username" and later "copy password." Even if under physical surveillance IT DOES NOT EXPOSE THE DOTS. KeePassXC will clear clipboard in 10 seconds so click Control + Shift + C to copy to global/inter-Qube keyboard and control shift v then click on qube say firefox web browser - then control v paste password!

If under physical surveillance KeePassXC means they can't steal passwords as doesn't expose dots and a great password manager for other reasons!

Importantly you can use Tor and Tor Browser in Whonix Workstation - sends all traffic over Whonix Gateway forced thru tor. Tor Browser allows you to browse web anonymously sends thru 3 relays layer of encryption removed each relay sites see exit relay IP Address totally legal in most countries. Read Tor Browser manual to understand Tor: https://tb-manual.torproject.org/

You may use obsf4 bridges that make Tor traffic look like random noise - go to service, sys-whonix, Anon Connection Wizard, Configure, press Next, tick i need tor bridges, select built in bridge obsf4. If in a country censors tor (like Iran, russia etc) test obsf4, meek-azure, snowflake see if any can get around censorship. Explained here: https://tb-manual.torproject.org/circumvention/

"Disposable" VMs can be used for any reason say to browse web or open dodgy files, click on top left Qubes Application Menu, click on either default-dvm or whonix-workstation-17-dvm (if in future 17 might be different number.) 

I recommend create new qube pidginqube based on fedora, in the template (fedora-41-xfce number might not be 41 in future) boot up terminal install pidgin otr plugin: sudo yum install pidgin-otr

In template configure OTR after settings add pidgin in template, go to Tools in Buddy List, Plugins, Off the Record messaging, tick Automatically initiate private messaging and require private messaging.

Configure pidginqube go settings, net qube sys-whonix (WILL GO THRU TOR), then create an account with this xmpp hidden/onion service: https://xmpp.is/account/register/hidden_service/ the .onion address:

6voaf7iamjpufgwoulypzwwecsm2nu7j5jpgadav2rfqixmpl4d65kid.onion

how to explained here use the .onion address instead of jabber.calyxinstitute.org or systemli

https://www.youtube.com/watch?v=HsSssbs-Sso

In pidginqube, now create a XMPP account over tor using the video (video meant for tails os but a qube connected to sys-whonix whonix gateway works same way.) Recommend click save password. Can store password in vault qube in keepassxc database. Be sure to re-enter username and password when create account on server as shown video. You can now chat to friends on qubes os or tails os using a XMPP hidden service - very difficult for gchq to track. Spread to as many friends as possible and file transfer using ricochet refresh instead.

I will leave it to you reader to install ricochet refresh and signal desktop in seperate (AppVM) qubes. Its tricky to setup windows qube/VM but possible but best avoid windows unless you need that 1 program to work. If you want extreme security install I2P and run relay and XMPP over I2P prevents timing attacks constantly routing traffic for others.

Spread Qubes OS and XMPP chat to as many people as possible and get them spread at least 1 person if 100,000 people use it defeat gchq surveillence especially use obsf4 bridges and vpn router! Get everyone donate to Qubes OS and Tor $5/month each only $60 a year easily affordable $120 a year both services:

Donate to Qubes: https://www.qubes-os.org/donate/

Donate to Qubes recurring donation ($5/month): https://opencollective.com/qubes-os#support

Donate to Tor: https://donate.torproject.org/