Six years of sustained darknet market usage with zero traced users versus
a coin whose founder asked to build law enforcement backdoors,
the market already decided which privacy actually works.

Blur backgrounds in video calls when possible. Before posting indoor photos, check what's visible in reflections, windows, and background details. Real estate listings and social media posts have been used to case homes for burglary because people forget what's in the frame.

#OPSEC365 019/365

Photos of your home reveal more than you think. The Zoom background shows your bookshelf and your art. The new-couch photo includes the street through the curtains. Each detail helps someone build a picture of where you live. Scan the frame before you post.

Shostack's threat modeling framework asks: realistic attackers vs you specifically? The Verizon RISK A4 model categorizes actors by Actors, Actions, Assets, and Attributes. For personal OPSEC: map adversaries to their most collection methods before choosing any countermeasure.

#OPSEC365 018/365

Before picking countermeasures, OPSEC doctrine says profile your adversary. A stalker uses HUMINT. A data broker scales OSINT. A state actor adds SIGINT and GEOINT on top. Treating those threats identically wastes your effort on the wrong attack.

If you have to take a sensitive call in public, keep it vague and finish the details later. Saying you'll send the specifics reveals less than reading your SSN out loud to the insurance company while standing in line at Starbucks.

#OPSEC365 017/365

Taking a call in public means everyone around you is in the meeting. The coffee shop hears your deal, the airport gate hears your medical results, the elevator hears you giving a delivery service your address. Glance around next time and notice who's listening.

Start your personal CIL with three columns: what you want protected, who could weaponize it, and how they'd likely obtain it. Military doctrine (JP 3-13.3) defines critical info as answers to key questions your adversary is actively trying to answer.

#OPSEC365 016/365

The military calls it a Critical Information List. OPSEC step one is identifying which data points, if collected, would degrade your ability to operate safely. Most people skip this and jump straight to countermeasures they don't actually need.

Basically, it really pissed me off that I HAD to use an app for my thermal printer, so I reverse engineered it, and made GhostLabel, in Rust.
It might or might not work for you, I dunno.
More details in the readme.

https://github.com/DoingFedTime/ghostlabel

A PO Box or private mailbox service breaks the link between your name and home address for most deliveries. It costs around twenty dollars a month and keeps your physical location out of dozens of corporate databases that will eventually get breached.

#OPSEC365 015/365

Every package you order links your name to your address forever. Amazon orders, supplements you'd rather keep private, gifts that reveal your relationship status. A database somewhere connects your identity to your home and most of them never needed it.

Re-keying is cheaper than replacing entire locks and takes about fifteen minutes per door. If you've lost track of who has copies, it's worth the cost to reset the access list. Smart locks with revocable codes solve this for new access but create their own attack surface.

#OPSEC365 014/365

List everyone who has a key to your home right now. Family, the ex who never gave it back, the neighbor watching your place, the cleaner, the property manager. Each one is an entry point you don't control. If you can't name them all, you've lost track.

Anyone with a computer can mine XMR, which is how decentralization was supposed to work.

Professional intelligence officers target bars and social events specifically because people talk more freely there. If you work with sensitive information, consider who might be listening when your guard is down and adjust your drinking accordingly.

#OPSEC365 013/365

Alcohol kills the filter between what you know and what you say. The classified project, the friend's divorce, the coworker you can't stand. After a few drinks those leak to whoever's next to you at the bar. Notice next time what almost slipped.

You don't need to strip your car bare, but consider what each sticker or accessory reveals. The honor student bumper sticker just told a stranger your child's school and approximate age. The parking permit narrows down your employer. Each one is a piece of a puzzle.

#OPSEC365 012/365

Your car says more about you than you think. The parking permit reveals where you work. The bumper stickers list your politics, your kids' schools, your gym. The pattern of where you park tells anyone watching where you'll be tomorrow.

The state will always side with the franchise over the independent because the franchise pays lobbyists.

Services like DeleteMe and Privacy Duck can remove you from data broker sites, but they're not perfect. The free version is doing it yourself by finding the opt-out page for each broker and submitting removal requests manually. It takes time, but it works.

#OPSEC365 011/365

Google your full name in quotes. Data brokers, old forum posts, voter records, that 10K you ran in 2014. Most people have no idea how much of their history is indexed. Whatever shows up on page one is what your adversary finds first.

Content can be encrypted, but metadata often can't. Who you call, when, and how often creates a pattern that reveals relationships, habits, and associations without anyone reading a single message. The structure of your communications tells its own story.

#OPSEC365 010/365

Your phone logs every call you make and the duration of each one. Even with encrypted apps, your carrier knows who you contacted, when, and for how long. Pull up the call history and imagine someone mapping your relationships from it.

A cross-cut shredder handles paper, but don't forget about labels on packaging and prescription bottles. Peel them off, shred them, or black them out with a marker before they go in the bin. The few seconds it takes is cheaper than the identity theft it prevents.

#OPSEC365 009/365

Your trash tells a story every week. Pill bottles with your name, bank statements, shipping labels with your address, receipts showing where you shop. Anyone willing to dig builds a full profile without breaking a single law.

Virtualization security and hypervisor isolation mechanisms.

"Virtual machine monitors must provide strong isolation between guest operating systems."

- 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗠𝗲𝗰𝗵𝗮𝗻𝗶𝘀𝗺𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗩𝗠/𝟯𝟳𝟬 𝗛𝘆𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿 by R.J. Creasy (1981)
https://dl.acm.org/doi/10.1145/800217.806615

Your adversary determines your threat model, and your threat model determines what precautions make sense.

#OPSEC365 008/365

Everyone has an adversary, whether they realize it or not. An ex who won't let go, a competitor hunting for an edge, a scammer building a target list, a future employer searching your name. Write down the three most likely.

Treat security questions like additional passwords. Give false answers that only you would know, store them in a password manager, and never use real information that could be researched. Mother's maiden name can be a random phrase if you remember to save it.