OPSEC means operational security, and if you’re going to be a Johnny-On-The-Spot with everything that can get you blackbagged and shuttled to the gayest concentration camp imaginable, you’d better wear protection.
This article is going to stand as a work-in-progress and most likely evolve over time, but the purpose is to document the best ways to ensure security, anonymity, and ladness online. Year over year, certain apps or providers may become compromised or just shut down outright, so this page will endeavor to keep up to date.
Dimes OPSEC Mantra
First off before we begin, I’d like to preface this with what I believe: Behave Schizophrenically Online. This means that dedicate each social network to a purpose and one aspect of your identity, have multiple communication accounts, and avoid the tendency to go psychologically innawoods with everything. Part of this is plausible deniability, part of it is creating false leads, but most importantly it’s creating cover as a citizen as to not attract attention.
Nobody should ever use Facebook, but if someone finds you don’t exist on Facebook that will send up red flags. If you’re impossible to find online at first glance, get ready for infinite glances. If you’re on the verge of being doxed, release fake dox. The goal isn’t to be a ghost, it’s to live peacefully and securely in your everyday lives.
Having said that,
Online OPSEC
• Password Security: Keepass
I’m starting with this because it is all too common for people to have one or two passwords they use for everything. This is more frequent the more accounts you have, and if one is compromised it is easy to spread elsewhere even if you believe the compromised accounts are insignificant. Keepass is a desktop program that helps you create, record, and store your passwords.
Here’s what you want to do: for every single account you use or have ever used, either delete that account or create a very complicated password, usually something at least 15 characters long, mixed with upper- and lower-case letters, numbers, and symbols. The program can generate these for you. To log into Keepass, you must create an equally complicated Master Password which you should record elsewhere. Everyone should be using this, right now.
• Email Hack Security: Have I Been Pwned?
A friend turned me onto this one, but ignore the name. In the last entry above when I said you want to have security across all accounts? Here’s an easy way to check which accounts your email was used for. You enter your email addresses, and it will tell you which security breaches you may have been compromised in. It doesn’t show you every single account ever associated with the email, but you’ll probably find a few in there if you’ve had one account for a few years. It scans social media networks, news sites, and companies like Adobe. I used this to see that I made an Imgur account a long time ago, imagine being that much of a pile of piss.
• VPN Service: Nord VPN or Express VPN
There are many VPN services out there with varying reviews and levels of reliability, but I see a pattern of two: Nord VPN is one of the more popular ones, but many also cite Express VPN and you can go with either. This is a base-level of data filtering, so don’t expect to be kept off of the most boffo dissident lists, especially if you’re in a country with a government.
• Encrypted Email Service: Protonmail or Tutanota
This is the one to keep an eye on because secure email providers tend to get compromised quicker than most, and they’re typically compromised by governments. The most popular one right now is Protonmail, but to illustrate the point another competitor was Tutanota just recently forced to hand over accounts after a German court ruling, while Lavabit famously shut down suddenly and deleted all its user accounts after pressure from the FBI and US government. On the other hand, Protonmail is run from Israel, so all of this really bottlenecks around which country/government you distrust the least. As we frequently say: don’t rely on one email, and make sure to keep a mainstream one for basic everyday use or even plausible deniability.
• Encrypted Browsers: Brave or TOR
Brave is a fantastic default everyday browser simply due to security from malware, bandwidth conservation, and its founding history (created by the guy who originally created Javascript and founded Mozilla.) TOR is the top level of what you ought to be using and should exist as a permanent secondary browser in the event of Total Internet Shitting The Fan, however the valid complaints are that it is slow to load sites and many people just don’t want to bother. This is a reminder that one does not need to be secure online all the time if one is doing something legitimate, and it’s better for plausible deniability to have some sort of online footprint. Have both, or die in the Vietnam War.
• Encrypted Messaging: Line or Signal
Line gets the official Blood $atellite Seal of Approval since that’s what we use every day, and there are a few options not just for message encryption but timed self-deletion of messages. We use it to discuss such privacy-sensitive concepts such as “it would rule if MILO became trans.” Signal is one we’ve only tried briefly and seems okay, but keep in mind that most people will use these primarily on their mobile devices which can introduce a host of security flaws if you’re not being safe on what I assume is a vast and intricate network of dopamine screens.
A good tip I find is to train yourself not to fedpost with a keyboard in any situation, and reserve it only for your drinking games or your barber.
• Image EXIF Data Scrubbing: Metadata 2 Go
I notice a lot of people ignore this and it’s a key factor in why people get doxed. Essentially, every time you take a photo with a camera it automatically codes information into it such as the device used, the date it was taken, photo info, and often times the GPS location using EXIF Data. This is used by programs to help users sort through their digital pictures easily, but if posted on a chan board it can also reveal where you live. This service can not only tell you what EXIF data is in an image you submit but allows you to remove it from anything you choose to share online. Before you post a photo on a network you don’t believe is secure, run it through her. But also try to avoid doing it altogether, your vanity sickens us and God.
• Camera Security: Obscuracam
Similar to our previous entry, this is photo security as an app designed to be utilized by your mobile device. It has a few other interesting capabilities, especially if you are considering reporting from live events. From their website:
“Take a picture or load a photo or video from the Gallery, and ObscuraCam will automatically detect faces that you can pixelate, redact (blackout) or protect with funny nose and glasses. You can also invert pixelate, so that only the person you select is visible, and no one in the background can be recognized. This app will also remove all identifying data stored in photos including GPS location data and phone make & model.”
You hear that, guy who wants a career in documenting the meme-ready moments of the goddamn apocalypse? You’re welcome.
• Social Networks: Telegram, Fediverse, Closed Networks
This one will likely change faster than email and there’s many who will say Telegram is even compromised by location data leaks and federal honeypots. Not long ago Parler was an attractive option until it was revealed that using the platform automatically implicates you any content that they might be sued over. This was revealed a few days after it became popular, and is somehow a haven for all the big-name censored people because they are obviously geniuses.
I’ve recently become aware of a platform called Fediverse, which I am including now simply because it’s a blockchain ecosystem where people can create their own platforms on their own server nodes, and that seems like one of the best ways to ensure uptime. But that presents the same problem we always seem to run into:
These apps and platforms rise and fall – sometimes within months – but the most important thing to remember is to vet who you are communicating with, keep your groups relatively small, and stay on top of excommunicating anyone who seems suspicious. This has happened generationally, with Millennials beginning to choose smaller friend-networks and closed groups, and Zoomers especially leaving behind the Twitter and Facebook world of broadcasting updates to everyone you have ever known. This is Web 1.0 stuff but I’m boomerbrained and the one writing the article.
• Secure Economy: Bitcoin and Other Cryptocurrency
This is an obvious one and I’m going to keep this short for brevity’s sake, but if you don’t understand Bitcoin of cryptocurrency in general here is a brief overview.
Per Andrew Anglin’s writeup, who will know a thing or two about secure payments:
“Bitcoin is a digital currency, built on an algorithm that no person is in charge of. It is completely decentralized. Coins are stored in “blockchain,” which is a record of transactions. The transaction record is what decides who has access to the money, as you obviously don’t have the ability to physically hold bitcoin, as it exists in the ether. The way you access your section of the blockchain, and identify yourself as the owner of whichever part of it, is by using a key, which is stored in your wallet as a passcode. The total amount of currency is limited, so unlike with fiat currencies printed by governments, no one can expand or contract the supply to manipulate the value. This is often overlooked but, in my opinion, is the most important part.”
A popular place to purchase, sell, and trade bitcoin is a site called Coinbase. It’s where I bought all my Ethereum back when I was smart, then stupid, and am now smart again. Another popular app that’s linked directly to your mobile device is called Gemini.
What happens if these sites go down, the government takes control, the police yeet your computer, or you’re a based paranoid schizophrenic? I have been recommended a service called Electrum which is available on all the major operating systems. It adds an extra layer of security and essentially allows you to access your Bitcoin wallet anywhere, which is essential if you’re worried about having everything on one computer. The security is based upon a 12-word password known as a “seed,” which you can record as a hard copy and squirrel away somewhere. The only way to recover the money if you lose or destroy device is with the seed code, which should be memorized or written down on paper. They even warn you as you’re making your account to do this.
• Backing Up Webpages: Archive or PDF My URL
This is not altogether important but I find it is essential for social media to prove things were said at the time they were said, or saving important websites if you are worried about them being taken down, losing their hosting etc. While taking a screenshot works, this is more valid.
IRL OPSEC
• PO Box Rental:
If you’re into weird books, receiving money orders from fans, or keeping up correspondence with people you don’t want to know your address, consider renting a PO Box. The prices and sizes will vary depending on your location or post office, and they can be rented at federal mail locations as well as private companies like UPS. While PO Boxes are one level of security to receiving mail, they still require personal identification to own and use. This is why another intermediary can be useful, such as:
• Encrypted Operating System: Tails
Tails is a portable operating system that protects against surveillance and censorship. From the site: “Tails uses the Tor network to protect your privacy online and help you avoid censorship. Enjoy the Internet like it should be. Shut down the computer and start on your Tails USB stick instead of starting on Windows, macOS, or Linux. Tails leaves no trace on the computer when shut down.” I haven’t used this personally, but if it’s associated with Tor and you’re conducting any sort of independent journalism this seems like a must.
• Phone Tracking Check: *#21#
This is something I tried out the other day on my Android phone and I find it pretty cool. If you simply type the aforementioned code into your phone, you can see if any call/message forwarding on your mobile device. Presumably this is to check if any authorities are tracking what passes through your phone, so this is something you can try out right now.
• Temporary Phone Numbers: Quackr or OnOff
This can be used for temporary SMS confirmation if you are creating an account. I’ve had mixed experiences with things like this, as with some VPNs the big players have blacklisted certain IP addresses and many of these phone numbers get burned quickly. In any event, it’s an option to verify you’re a regular human and not a devious human in aviators.
• Hard Drive Encryption: Veracrypt
Have you had your hard drive or computer stolen, confiscated, or ferried away under the rolls of a mouthy fat broad? I hope you used hard drive encryption so they can’t get at your sarcastically violent reaction images. Veracrypt is how you protect your files if you lose possession of your device, which would be ideal principally for laptops and external hard drives with documents, personal info, or private projects. You can create an entire partition on your drive and make it hidden (the program itself states this is good if you are being gun-to-your-head extorted and you don’t want its existence known,) or if you want something quick and easy to set up you can simply create a single encrypted folder and drop whatever you want in there.
This isn’t even a thing for internet psychos like you most certainly are; if you work in IT or any government organization, you’re going to want to be learning a thing or two about computers and learning how to implement this for sensitive documents. It can also be fun to make it look like you’re hiding something and then once Interpol cracks it, it’s just anime feet. Show them who’s boss!
More Info
Here are a couple of resources to generally keep up with online security and will have more options for you to explore if you think I am an idiot liar.