Comprehensive Guide to Operations Security (OPSEC)

Operations Security (OPSEC) is crucial for maintaining the privacy and security of your activities. The following guidelines, divided into specific zones, will help you safeguard your identity and operations. Use common sense and conduct your own research to supplement these recommendations. Remember, these guidelines are meant for lawful purposes only.



Social OPSEC

  1. Avoid Social Media: Delete all accounts to prevent data collection and possible doxxing. If you can’t delete an account, change all identifiable information associated with it.
  2. Secure Email Communication: Avoid using email for important communications. If necessary, use PGP encryption with a trustworthy provider.
  3. Use Encrypted Communication Tools: Only use end-to-end encrypted tools and avoid platforms like Discord and Snapchat.
  4. Phone Number Precautions: Do not register online accounts with your real phone number. Use services like quackr.io.
  5. Enable 2FA: Avoid SMS 2FA’s, Use open-source two-factor authenticators, such as Aegis.
  6. Voice Anonymity: Use voice changers to prevent identification through voice fingerprinting.
  7. Monitor Data Breaches: Use services like haveibeenpwned.com to check for compromised information, ensuring you separate searches by identity.
  8. Avoid Unique Writing Styles: Use translation services to obfuscate your writing style.
  9. Never Reuse Identifiers: Avoid reusing passwords, email addresses, profile pictures, or usernames.
  10. Use Simple and Changing Aliases: Use basic aliases like colors or animals, and change them frequently.
  11. Separate Identities: Do not share content between your real-life and online personas.
  12. Create Fake Identities: Maintain different hobbies, interests, and characteristics online.
  13. Secrecy of Operational Details: Never disclose your use of security tools like Tor.
  14. Spread Disinformation: Use false information to mislead trackers.
  15. Stay Updated: Follow recent cybersecurity and privacy news.
  16. Remove Metadata: Strip metadata from photos before sharing.
  17. Carefully Inspect Photos: Ensure no identifiable details are present in shared images.
  18. Avoid Making Enemies: Maintaining positive relations reduces the risk of being targeted for doxxing and other tomfoolery.



Mobile Device OPSEC

  1. Update Your Device: Ensure your phone has the latest security patches.
  2. Purchase Devices Anonymously: Buy devices with cash to avoid supply chain attacks.
  3. Use Privacy-Friendly Phones: Consider de-googled devices like those running Graphene OS and Lineage OS.
  4. Avoid Sensitive Discussions on Calls/SMS: Use encrypted messaging apps such as Signal instead.
  5. Google Alternatives: Use services like Aurora Store and F-Droid instead of Google services.
  6. Disable Unused Connectivity: Turn off Wi-Fi, Bluetooth, and location services when not in use.
  7. Hardware Modifications: If you really need to stay hidden, consider removing your phone’s microphone and camera.
  8. Encryption and Passwords: Use strong encryption and passwords for your device.
  9. Monitor for Spyware: Watch for unusual activity that may indicate spyware.
  10. App Permissions: Restrict app permissions and remove unused apps.
  11. Cautious Use of Tor: Avoid using Tor on your phone; if necessary, disable JavaScript.
  12. Manage Background Processes: Prevent apps from running in the background without your knowledge.



Network OPSEC

  1. VPN Usage: Use reliable VPN services such as Mullvad; avoid making your own unless you are an expert.
  2. Tor Network: Use Tor for anonymity but be aware of its limitations and potential risks.
  3. Always Use HTTPS: Ensure your web traffic is encrypted.
  4. Prefer Wired Connections: Use wired connections over wireless for better security.
  5. Avoid IoT Devices: Keep IoT devices on a separate network and avoid Chinese products.



Browser OPSEC

  1. Browser Isolation: Use different browsers for different purposes and isolate them.
  2. Disposable VMs: Open suspicious links in disposable virtual machines.
  3. No History Saving: Configure your browser to delete history and cookies upon closing.
  4. Use Tracker Blockers: Install uBlock Origin to block trackers and ads.
  5. Trustworthy Browsers: Use privacy-focused browsers and avoid full-screen mode to prevent fingerprinting.
  6. Avoid Downloads via Tor: Verify software signatures to avoid tampered downloads.
  7. Browser Fingerprinting: Check your browser’s fingerprint on amiunique.org and use strict settings on Tor Browser.



System OPSEC

  1. Overwrite Deleted Data: Use tools like Bleachbit and DBAN to ensure deleted files are unrecoverable.
  2. Keep OS Updated: Regularly update your operating system and harden it, if not using Qubes OS.
  3. Use VMs: Isolate tasks within virtual machines to enhance security.
  4. Full Disk Encryption: Encrypt your hard drives and mobile devices.
  5. Prevent Logging: Stop all unnecessary logging to avoid evidence collection.
  6. Annual Device Formatting: Format and overwrite data on devices annually.
  7. Secure File Storage: Store sensitive files offline or on encrypted external drives.
  8. System Cleanup: Regularly clean your system with tools like Bleachbit.
  9. Prepare for Seizure: Be ready to destroy storage devices if necessary.



Crypto OPSEC

  1. Use Monero (XMR): Prefer Monero over Bitcoin for enhanced privacy and lower fees.
  2. Learn Safe Crypto Practices: Educate yourself on secure cryptocurrency usage.



Software OPSEC

  1. Avoid Antivirus Software: Opt for manual security practices over antivirus programs. Common sense is your friend.
  2. Use Secure Operating Systems: Always prefer Linux or FreeBSD over Windows.
  3. Browser-Based Discord: If you need Discord, use it in a trusted browser instead of the app or install a modified client that strips the telemetry, such as Vencord.
  4. Keep Software Updated: Regularly update all software to patch vulnerabilities.
  5. Avoid Closed-Source Software: Use open-source alternatives where possible.
  6. Verify Software Signatures: Ensure downloads are authentic and untampered.



Physical OPSEC

  1. Power Down Devices: Fully power down and unplug devices to prevent cold boot attacks.
  2. Mute Microphones: Use hardware mute buttons or cover microphones and cameras.
  3. Monitor Contact Security: Ensure the security practices of people around you are solid.
  4. Hide Your Address: Prevent public listing of your address to avoid harassment.
  5. Avoid US Travel: Be aware of the legal risks of traveling to certain countries.
  6. Facial Recognition Precautions: Use masks and sunglasses to avoid facial recognition.
  7. Privacy Screens: Use privacy screens to protect your screen from prying eyes.
  8. Clean Keyboards: Remove fingerprints from keyboards to protect passwords.
  9. Avoid DNA Tests: Do not provide DNA samples to avoid data being used against you.
  10. Emergency Preparedness: Have a survival kit and plan ready when shit hits the fan.
  11. Avoid Long Absences: Do not leave your home unattended for extended periods.
  12. Public Activity Awareness: Be cautious of surrounding cameras when in public.
  13. Avoid Making Enemies: Like mentioned in the first chapter; Maintaining positive relations reduces the risk of being targeted for doxxing and other tomfoolery.

Following these comprehensive OPSEC guidelines will help you protect your identity and activities from surveillance and potential threats. Always stay informed and adapt to new security developments, and remember to use common sense.

I’ll also recommend you to checkout channels such as Mental Outlaw for cybersecurity, linux and opsec, and following Vx Underground for cybersecurity news and more.


See you space cowboy.

~Vili