Operational Security for Normal People

OpSec for Foxtrot Delta Tango grunts

Operational Security (OpSec) is about keeping your personal (and any associated groups) information private and minimizing the risk of bad actors exploiting what you share. Oh, read the short story at the bottom! Here are some essential tips to protect yourself in everyday life:

1. Keep Your Personal Information to Yourself

  • Avoid sharing personal details like your full name, real name, physical address, phone number, or daily routines online.
  • Be cautious about what you put on social media—every post can reveal locations, habits, and associations.
  • Think twice before using bumper stickers or personalized license plates that give away personal details about you or your family (e.g., “Proud Parent of a Honor Student at XYZ School”).
  • Consider the use of personal info scrubber services such as Cloaked, Aura, DeleteMe or Incogni to remove your info from websites.  Google yourself or your nome-de-plume to find out what info is out there already.

2. Social Media Caution

  • Adjust privacy settings to limit who can see your posts, but remember that nothing is truly private once online. Pay attention to what is limited to Friends and what is set to Public.
  • Pay attention that your Icon or Profile Picture doesn’t expose too much information. It is best to use something not too personal – consider not using a selfie or actual image of yourself.
  • Avoid tagging locations in real-time.
  • Don’t announce vacations or extended absences publicly.
  • Refrain from listing your current employer on social media unless necessary (especially on personal pages).
  • Keep LinkedIn professional; do not link it to personal social media.
  • Do NOT rage post. What you post can and will be used against you in perma-ban, site-boot and, if you really go off, in a court of law. Threats, intimidation and violent words do not help you stay under the radar.

3. Digital Security Best Practices

  • Use Multi-Factor Authentication (MFA) whenever possible to secure your accounts.
  • Use a password manager to store and generate complex, unique passwords for each site.
  • Good passwords should be at least 10-12 characters long and completely random. You can create easy to remember passphrases like !This-Is18-@-Pa$word# using words, numbers, and symbols, as your Password manager login.
  • Never reuse passwords across sites—if one gets compromised, others remain secure.
  • If you need to share sensitive information, use a secure info link, such as password.link or onetimesecret.com where info is kept for a limited time and can be viewed a limited number of times before being scrubbed forever.
  • Consider a secure email service such as ProtonMail, or others. For a different way to send secure, check RMail to send Registered Email using an existing email address. (see way below for more)

4. Don’t Mix Business with Pleasure

  • Keep work and personal online activities separate.
  • Avoid discussing workplace matters on social media.
  • Do not share sensitive or confidential company information online.

5. Be Mindful of Apps & Online Services

  • Many apps collect and sell your data. Be cautious about what permissions you grant.
  • Women may want to avoid menstrual tracking apps that could potentially share sensitive data.
  • Regularly review the privacy policies of the apps you use.
  • Be mindful of using stuff like Google Calendar, scheduling apps, online reminders – anything that could be subpoenaed.

6. Anonymity & Posting Online

  • If you must post sensitive opinions or comments, do so anonymously.
  • Use encrypted messaging apps (e.g., Signal) for private conversations.
  • Consider using a VPN to mask your IP address when browsing. Private Internet Access or NordVPN or SurfShark.
  • Use a Password manager, such as LastPass or BitWarden, and do not reuse passwords on different sites.
  • Never share anything online that could be used against you in the future.

7. Think Like a “Zero Trust” System

  • IT environments use Zero Trust policies—assume everything and everyone is a potential threat until proven otherwise.
  • Apply this to your personal life: verify information before acting, question unexpected messages (phishing), and never assume online platforms have your best interests at heart.

Webmail Security – you can send emails via PGP encryption using some plugins, such as Mailvelope. For example, my web host integrates Mailvelope to send encrypted emails and it works fairly well. Mailvelope also works with major webmail providers such as Google. Just add the plugin to your browser, create your PGP keys and save them in a good location.

Marley and Sapphyre, An OpSec Story:
Marley Simone, impeccably dressed in a tailored pantsuit, smiled serenely at Mrs. Henderson, explaining the nuances of a Victorian-era fireplace. By day, she was the picture of polished professionalism, a real estate broker with a reputation for discretion and a client list that included some of the city’s most prominent (and often, conservative) figures. By night, she was Sapphyre, a whirlwind of defiant energy at anti-fascist protests, her face masked, voice amplified through a megaphone, challenging power with fiery rhetoric. The two lives existed in carefully constructed, separate spheres. Her phone, a sleek business model, never held anything related to Sapphyre’s activities. Her activist phone, a burner procured through a trusted contact, remained hidden, its location services permanently off. Emails were compartmentalized; PGP encryption protected her activist communications, a skill honed through years of online activism. Social media was a carefully curated tightrope walk. Her real estate profile projected affable competence; her activist persona, only visible to trusted contacts on heavily secured platforms. Once, a careless comment on a shared online forum almost jeopardized her double life. A political opponent mentioned a real estate deal that coincidentally involved a client who also attended a protest where Sapphyre was notably active. A cold sweat broke out as Marley meticulously reviewed her digital footprint, agonizing over the possibility of a connection. Fortunately, her compartmentalization had held; there was no direct link between her two identities. The lesson, though terrifying, was invaluable. She utilized different transportation methods, avoiding any overlap between her pristine car and the beat-up bicycle she used for protests. Even her choice of clothing was strategic: the tailored business attire provided a complete contrast to Sapphyre’s dark, practical clothing. She learned the subtle art of plausible deniability, offering vague, innocuous answers when questioned about her weekends. The greatest challenge, however, was emotional compartmentalization. The exhaustion from balancing two wildly different lives was immense. The anger and frustration she channeled into Sapphyre’s activism couldn’t spill into her dealings with clients, lest a slip of the tongue or a flicker of defiance jeopardize her career and her safety. Marley/Sapphyre maintained this precarious balance through meticulous planning and an almost obsessive attention to detail. She lived a double life, walking a tightrope between two worlds, knowing that a single misstep could bring the whole elaborate structure crashing down. But she persevered, fueled by her commitment to both her profession and her unwavering belief in fighting fascism, however stealthily she had to do it.

Leave a Comment

© 2018 All rights reserved.