OPSEC Guide
whos-zycher.github.io
Decent Opsec Guide.

I recently put together a detailed opsec guide that covers practical steps for reducing your digital footprint, securing communications, and avoiding common pitfalls people make when trying to stay private online.

The goal was to create something that’s actually useful and not just the usual “use a vpn and tor” advice. I tried to break down realistic methods that can help both beginners and people already familiar with opsec.

Id love to get some feedback from the community - what’s missing, what could be improved, and if there’s anything you disagree with.

  • The Bard in Green@lemmy.starlightkel.xyzEnglish
    7·
    1 day ago

    I’ll read through this. I’m teaching a free class on cybersec / opsec to members of local activist organizations starting next month, so resources like this are potentially really useful.

      • The Bard in Green@lemmy.starlightkel.xyzEnglish
        1·
        3 hours ago

        UPDATE:

        I’ve had a chance to read through it.

        • It’s short, to the point, an easy read, covers a lot of bases. I think that makes it an excellent starting point for people at the beginning of their journey.
        • It doesn’t contain a lot of specific information, but I think it’s a good thing to have literature that’s just a general overview as a starting point.
        • Stylometry is far from an exact science (https://pmc.ncbi.nlm.nih.gov/articles/PMC11707938/). However, I bet this won’t stop the current administration from using it (and possibly falsely accusing people because of it), so it’s good to know about.
        • This will be extremely useful as I’m creating my lesson plan and I will probably pop it out to the class on day one as suggested reading.

        Overall: Great resource and very timely. Thank you.

        I would add, that if you’re planning to make a lot of use of tor, and run tor hidden services locally, syncing the Monero block chain over tor (possibly to multiple local machines) and solo mining on old slow computers is a great way to generate a bunch of random tor traffic.

        • whoszycher@lemmy.mlOPEnglish
          1·
          3 hours ago

          Hey, appreciate the review! You’re absolutely right - stylometry isnt bulletproof, but its practical threat lies in correlation rather than precision. Intelligence agencies dont need 100% certainty - just enough probability to justify further surveillance. And with modern AI driven linguistic analysis, even “imperfect” stylometry becomes a powerful profiling tool.

          Good point on tor traffic obfuscation. Random background activity helps break traffic patterns, but it’s important not to tunnel everything through tor - that just makes correlation attacks easier. Using monero syncing, onion services, and intermittent activity as cover noise is a solid approach, but layering it with non-tor traffic is key.

          I’m Curious are you designing your lesson plan for general opsec education, or is it for a more specific field?

          • The Bard in Green@lemmy.starlightkel.xyzEnglish
            1·
            10 minutes ago

            I’m actually doing two classes on alternating weeks, but they’re both

            “Here’s basic opsec principles and now we’ll talk about a bunch of tools that are useful specifically for activism in (against) the current political climate.”

            I’m doing a basic class where we’ll just try to help people organize in safer ways (Telegram is like the number one organizational platform right now). One of our goals there is to try to set specific projects / organizations up with dedicated Matrix servers and help them get non-technical people to use them.

            We’re also doing a more advanced class where we want to help people set up their own hardened laptops and (for those able to secure the hardware) GrapheneOS phones. That will probably be like Unit 2 of that class. We want to start with threat modeling and help people figure out the tools they specifically need to do their work.