OPSEC Importance: Part 1

Operational Security, abbreviated by all the hip kids as “OPSEC” is a highly complex subject. Entire books can (and have) been written on the subject, and even they are not exhaustive in their scope. This multipart extravaganza will be focused on digital OPSEC and will only be introducing some basics concepts. In this first part, we will go over some of the technical components of good digital OPSEC. The next part of the series will go over behaviors that take advantage of those technical considerations.

The first thing a dissident must realize is that if they really want you, they’re going to get you. The question is how much effort you are worth to them. The idea of being “more effort than your worth” is two fold. You must not only make your doxxing/identification difficult, you must also make sure your online activity does not make you worth the effort of jumping the hurdles you’ve put in place. Running a massive criminal enterprise, i.e. Silk Road, will get you arrested no matter how good your digital OPSEC is. Ask Ross Ulbricht. He is not a dissident per se, but he became worth the unlimited time, effort, and budget of law enforcement to capture.

The more technically savvy readers will rightly point out that some of what is listed below is not the most effective possible approach. I would remind them that this is basics for the beginner, not advanced concepts for ubernerds that know the deep magic. This is for beginners and those who are unable or unwilling to involve themselves in such esoterics. More in-depth explanations are available for each tip, but for the sake of brevity they have been removed.

  • Use a VPN, and do not use a free one. Most of them are reasonably priced and will cover mobile devices and laptop/desktops.
  • Whatever browser you use, the first thing you should do is install script blocking add-ons like Ghostery, NoScript and Privacy Badger.
  • Go through your browser of choice’s settings and do not allow it to store usernames and passwords.
  • If you choose to let your browser search through the address bar, do not let it use anything but DuckDuckGo.
  • Do not have a dissident site open in one tab and social media of any kind open in another one at the same time.
  • Have a separate email account for dissident things that is not Gmail, Yahoo, Outlook or one of the other standard email providers.
  • Uninstall software you don’t use.
  • Make sure the software you do have installed is kept up to date and install operating system updates no more than 24 hours after they come out.

Your mobile device is the one place you must be paranoid, since it is linked to so much of your life. Like your desktop/laptop, always update your software and all apps you have installed. If you use your device to access any dissident information or even send edgy texts to trusted friends, it is crucial you do the following list-in-a-list.

  • Never install any social media on your phone. If you have social media of any kind on your phone, even if it came with the device and you did not associate an account with it, uninstall it.
  • Never install games on your phone. No matter how simple or small the game is, never install it on your phone.
  • Never install an app you don’t positively NEED. No hotel apps, car rental apps, sportsball apps, dating apps, shopping apps or other apps that are not necessary for communication. Businesses will often recommend you install their app and will offer a reward of some kind for doing so. This is a trick and a trap.
  • Turn your location setting off if you aren’t using it.
  • Turn off any and all settings that involve sharing data with your phone manufacturer to include ads, “diagnostic data,” or user activity data they promise is anonymized (it isn’t).

Depending on your phone’s manufacturer, settings will be different and in different places. It is recommended you go through them and turn off things that simply don’t make sense. In some devices, you can see what apps have permission to what things, i.e. what apps can access your SMS texts or account information. Don’t be afraid to take permission away from an app. At worst you will have to give the permissions back.

To be continued…

-By Atilla

2 comments

  1. If you use social media in the year 2020 abort. There isn’t a reason for it. Enough said, I think.

  2. I’m 70 and using any tech at all will reduce “Opsec”, the algo’s will find you!

    A wyrd for you youngin’s in the midst of the Fourth Turning, be mindful of this in regard to the outer “church”:

    “You cannot buy the revolution. You cannot make the revolution. You can only be the revolution. It is in your spirit, or it is nowhere.”

    ― Ursula K. Le Guin, The Dispossessed

Comments are closed.