perational Security (OPSEC) goes beyond tools—it's a mindset of compartmentalization, threat modeling, and disciplined behavior. This level focuses on protecting yourself against targeted surveillance and sophisticated adversaries.
Threat Modeling
Ask yourself:
- What do I want to protect? (Data, communications, identity, location)
- Who do I want to protect it from? (Corporations, government, hackers, abusers)
- How likely is it that I need to protect it? (Risk assessment)
- What are the consequences if I fail? (Arrest, harassment, financial loss, physical danger)
- How much trouble am I willing to go through? (Convenience vs. security tradeoff)
Compartmentalization
Identity Compartments
- Separate real name from pseudonyms
- Different emails for different contexts
- Never cross-contaminate identities
- Use different browsers for each identity
- Different payment methods per identity
- Separate phone numbers or VoIP
Device Compartments
- Work device vs. personal device
- Burner phones for sensitive activities
- Air-gapped computers for crypto keys
- Virtual machines for risky browsing
- Separate hardware for different identities
Secure Operating Systems
Tails OS
Best For: Maximum anonymity, leaving no traces
Type: Live USB/DVD—runs in memory, nothing saved to disk
Features: Routes all traffic through Tor, amnesia mode, portable
Qubes OS
Best For: Compartmentalization via virtualization
Type: Security-focused Linux with isolated VMs
Features: Different VMs for different tasks, disposable VMs
Whonix
Best For: Anonymous workstation + gateway
Type: Two VMs—one gateway (Tor), one workstation
Features: IP/DNS leaks impossible, works inside Qubes
GrapheneOS
Best For: Privacy-hardened Android
Type: Mobile OS for Google Pixel phones
Features: Hardened kernel, sandboxed Google services, no tracking
Anonymous Communication
- Tor Browser: Route traffic through Tor network [Download]
- VPN Chains: Multiple VPN providers in sequence (trust distribution)
- Proxy Chains: SOCKS5 proxies + Tor for additional layers
- Disposable Emails: guerrillamail.com, 10minutemail.com
- Anonymous Phone Numbers: JMP.chat (XMPP), MySudo, burner SIMs
- Pseudonymous Payments: Monero, Bitcoin through mixers/coinjoin
OPSEC Failures to Avoid
- Reusing Usernames: Same username across real and anonymous identities
- Time Zone Leaks: Posting times reveal your location
- Stylometry: Writing style can identify you—use Tor browser's security slider
- Metadata in Files: Photos contain GPS, documents contain author info
- Browser Fingerprinting: Unique browser configs identify you
- Trusting VPN Marketing: Most VPN providers log and comply with subpoenas
- Social Engineering: The weakest link is usually human trust
Physical Security
- Full Disk Encryption: VeraCrypt, LUKS, FileVault 2, BitLocker (verify keys)
- Evil Maid Attacks: Tamper-evident seals, BIOS passwords, secure boot
- Border Crossings: Clean devices, encrypted cloud storage for data
- Camera Covers: Physical webcam covers when not in use
- Faraday Bags: Block phone tracking when needed
- Secure Deletion: shred, BleachBit, DBAN for drives
Advanced OPSEC Mindset
Perfect security doesn't exist. Every tool can fail. Every human makes mistakes. The goal is raising the cost of surveillance beyond what adversaries will pay.
Think in layers: if one fails, others protect you. Think in probabilities: reduce attack surface, increase attacker effort, minimize consequences of compromise.