OpSec Lounge (Security, Privacy, etc.)

redbeard

Hummingbird
Moderator
With the growth of the "Medical Gulag," there's been an uptick of discussion on the RVF about OpSec, also known as Operational Security.

From Wikipedia:

Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

In a more general sense, OPSEC is the process of protecting individual pieces of data that could be grouped together to give the bigger picture (called aggregation). OPSEC is the protection of critical information deemed mission essential from military commanders, senior leaders, management or other decision-making bodies. The process results in the development of countermeasures, which include technical and non-technical measures such as the use of email encryption software, taking precautions against eavesdropping, paying close attention to a picture you have taken (such as items in the background), or not talking openly on social media sites about information on the unit, activity or organization's Critical Information List.

The term "operations security" was coined by the United States military during the Vietnam War.


Threads where this has been popping up:

Digital Privacy for the Neomasculine Man

Decoding the words and works of Bill Gates

Switching from Windows to Linux
 

TheFinalEpic

Pelican
Gold Member
You can go down quite the rabbit hole when it comes to OpSec and Privacy. I will give some of my thoughts on how to do this while remaining somewhat sane:

1. Get a Password manager, and use only generated passwords on each service you use. I use KeePassXc https://keepassxc.org/ for this, as it is open source, stored locally, and managed by you. You should use one exceptionally hard to crack passPHRASE for this manager - think a sentence of 30+ characters.

2. Switch over to a Linux distro for most of your day to day. Because many apps are browser based now, the OS is mattering less and less. I have two partitions on all my computers - One Linux partition for all my work and where I spend 90+% of my time, the other 10% for video editing, photoshop, occasional gaming etc. is a Windows partition.

3. Use a VPN in public spaces. There are plenty, I like NordVPN and a few others. You can learn about OpenVPN and those protocols if you so choose.

4. Compartmentalize your browsing in a couple different browsers - Chromium based should not be used for anything other than social media (this is debatable if you should even have social media). Firefox can be hardened for all of your more work intensive stuff, and I like it for most of my day to day. If you are shopping online, use TOR to get prices, but only make purchases in your firefox browser. Do not do anything in TOR that would compromise your identity - do not sign in to email accounts, social media, or post as you (no brainer).

5. Make sure your wifi networks have a strong password, generated by your password manager.

6. Get browser extensions that cut out all advertising and targeted ads.

You can get so intense on this stuff that you render many websites unusable (shutting off Javascript, etc.) I don't think most people need to go this far.

If you are doing illegal things that are illegal enough, and people want to find you - they'll find you. I do believe that you should render the advertising, tracking, and targeting of corporations completely useless, and a lot of what I've said above will get you very close to that.
 
If there's one thing Uncle Sam taught me...


I'm pretty sure they made this poster because it's predecessor, "Edward Snowden is a traitor!", came across as too Orwellian.
 

redbeard

Hummingbird
Moderator
TheFinalEpic said:
If you are shopping online, use TOR to get prices, but only make purchases in your firefox browser. Do not do anything in TOR that would compromise your identity - do not sign in to email accounts, social media, or post as you (no brainer).
Besides looking at prices, what else do you use Tor for?

It seems like most websites require you to have a log-in these days. So wouldn't it be useless if you're trying to avoid connecting Tor to your personal accounts?
 

redbeard

Hummingbird
Moderator
For browsers I like Firefox plus the following extensions:

Privacy Badger
UBlock Origin
HTTPS Everywhere
Cookie Autodelete
History Autodelete

I've played with the settings as well and that helps. Removing Javascript can be beneficial but it does a ton of damage to your browsing. I really wish sites would stay away from Javascript, it's pretty terrible for privacy. I'm thankful for the bare bones no-JS sites out there.
 

TheFinalEpic

Pelican
Gold Member
redbeard said:
TheFinalEpic said:
If you are shopping online, use TOR to get prices, but only make purchases in your firefox browser. Do not do anything in TOR that would compromise your identity - do not sign in to email accounts, social media, or post as you (no brainer).
Besides looking at prices, what else do you use Tor for?

It seems like most websites require you to have a log-in these days. So wouldn't it be useless if you're trying to avoid connecting Tor to your personal accounts?
TOR can be used day to day, I wouldn't recommend it though, even just speaking on consideration of speed. I don't use it outside of shopping prices, as I am not a political dissident, criminal, or journalist in a persecuted position. That's not to say it's not a useful tool, I just don't have the patience in most cases.

As for the sign ins on many sites - use a different password for each and every one, and do so on your firefox browser. I would go so far as to say have multiple emails for these sites and use them based on purpose - I have a certain email for marketing stuff, one more formal email that I don't use for much, and others for various subjects.
 

KYT88

Robin
redbeard said:
For browsers I like Firefox plus the following extensions:

Privacy Badger
UBlock Origin
HTTPS Everywhere
Cookie Autodelete
History Autodelete

I've played with the settings as well and that helps. Removing Javascript can be beneficial but it does a ton of damage to your browsing. I really wish sites would stay away from Javascript, it's pretty terrible for privacy. I'm thankful for the bare bones no-JS sites out there.
Multiple instances of Firefox Portable with private proxy and Chameleon for spoofing browser information works quite well on a flash drive

Multilogin basic package also has 100 profiles so you can assign an IP for each account you login too, though it is more costly
 
I bought a secured mailbox made of steel. If you have a rural mailbox like I do, you want to make sure it is harder to break into than all the mailboxes next to it. With the China Virus destroying so many jobs, many desperate people will turn to mail and package theft as a "living". You need to secure your physical space, not just your digital one.
 

TheFinalEpic

Pelican
Gold Member
I occasionally use TOR for checking prices online, as it's common practice for sites (specifically travel sites) to bump up prices when you return due to the implementation of cookies.

This renders those cookies useless, and you can get better prices by doing your research in a no tracking browser - that's not to say you can't turn firefox into a pretty solid browser for this as well.

You then buy in another browser as if you are a first time visitor and get the better price.
 
Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.
 

monsquid

Kingfisher
Would it be impossible to live without a smart phone? Covid has me working from home and it makes me want to get rid of my phone.
 

redbeard

Hummingbird
Moderator
monsquid said:
Would it be impossible to live without a smart phone? Covid has me working from home and it makes me want to get rid of my phone.
I've been thinking the same, to be honest. When Roosh mentioned on stream that he's using a Nokia, that got the wheels turning for me.

I think it's very possible, but there's a few things you'd have to re-format:

Maps - get directions before you leave the house

Music/podcasts - I listen to these for exercise, but you can still listen to these either on an iPhone with no cell service or an iPod touch (yes they still make these).

Other than that you'll have to remove all apps, messengers, and email clients. You gotta be ready to only text and call on your phone.

I'm curious if anyone here has gone full dumbphone mode.
 

SvenTuga

Sparrow
Gold Member
Emperor Constantine said:
Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.
I've recently come across Purism which has both phones and computers that are built from scratch with privacy in mind. I might get one when I replace my laptop.
 

redbeard

Hummingbird
Moderator
SvenTuga said:
Emperor Constantine said:
Do any of you guys have a privacy-friendly phone you'd recommend? After Snowden's interview with Vice, I've been looking to downgrade from my iphone. But it looks like even the qwerty and the flip phones now have internet browsers, etc.
I've recently come across Purism which has both phones and computers that are built from scratch with privacy in mind. I might get one when I replace my laptop.
Definitely post a review if you get one. Thanks
 
Top