OPSEC Intro

This section covers operation security (OPSEC). Much of the knowledge here is focused on the "theory" of cybersecurity. This is one of the most important sections on this site, because the focus on mostly on the person, not on the device. It's worth repeating that the biggest vulnerability is the person. Most infections of a device, a scam, etc, can be attributed to a person either not knowing what they are doing or being careless. In addition to this section, check out the book recommendations to learn more about this topic and ways to protect yourself.

OPSEC is an acronym that is used frequently in the government, usually within the intelligence communities and the military. There was a popular World War 2 phrase which was, “Loose lips sink ships.” It was a catch phrase for people to think about what they were going to say and to think about who might hear it. The idea carried on through WW2, into the Cold War and now to present day, to help prevent spies from learning critical secrets.

There’s also other acronyms like PERSEC (personal security) and COMSEC (communications security). To keep things simple, I just use OPSEC when something would actually be considered PERSEC or COMSEC.

There are a lot of facets to cover when it comes to staying safe online and this guide could never cover all the different and some seemingly insignificant ways that highly sensitive information could leak out. A common idea has been that once something is posted on the internet, that it is there forever. There is some nuance to that, but it is true. For example, just because you delete a post on Facebook doesn’t mean it goes away. Facebook will keep an archive of it. I’ll cover data retention laws later on.

Another aspect that many people don't consider is that a determined hacker or scammer can piece together a lot of info. I see plenty of posts online of people doing things like taking those ridiculous quizzes where they say how old they are, what they like to eat, where they were born, etc. Many of those places are mining the hell out of that data and it creates more issues for the people that post that info. An important aspect of OPSEC is that you think about what you're going to post or info you're putting into a website before you actually enter anything.

I cover some of the most significant areas to consider in the following sections, which includes social media usage, keeping personal information limited online, keeping your devices safe regarding physical access, considerations when using public wifi, deleting metadata, how you are fingerprinted online, etc.