OPSEC Tutoring From Lettuce

Submitted by lettuceLeafer in security_culture (edited )

okay, so OPSEC is important for people to get. I will cover any internet or IRL OPSEC questions. And yes you need to know both because they intersect even if you just do stuff irl or just do stuff on the internet. I will try my best to be patient and kind while not letting you not understand the severity of many flaws. Here are some example questions that you can ask if you don't know

  • where do I start

  • I know basic stuff but how do I get more proficient

  • any specific personal question

  • bring up what kinda things you do that you aren't sure of the proper procedure.

  • what sources are good and what sources are bad

  • read through OPSEC readings and then if you are confused or have a question shoot me a question on the fourm

  • tell me what your OPSEC proceedure is for whatever threat model and I tell you flaws of it or if I think its good.

I request that people only comment publicly so I don't have to answer the same question twice. Though DMs are fine if you really must.This offer is open or a while. Heck if you are reading this in like 6 months still comment I might actually answer. Though I can't tell the future so I also might be busy.

Also don't ask questions like "how do I rob a jewelry store and not get caught" or "how do I become a drug kingpin and not get caught" because my threat model on raddle doens't allow for me to answer those questions.

All questions are fine, though I hope you actually put in a little effort and dont just ask obvious stuff you could have just googled. But thats fine either way

11

Comments

You must log in or register to comment.

Majrelende wrote (edited )

Is there anything in particular you find important that isn't much mentioned elsewhere?

5

lettuceLeafer OP wrote

Often times it isn't talked about how good security culture sometimes is being less secure. Sometimes people take the mindset they they gotta be super secure all the time. Which is secure but also a detriment with no benefit.

Do a threat analysis and decide if lots of security is needed. So for instance if I do crimes which are civil fine I openly say I do them. Because the risks are less than the cons of covering it up. The same is true with mistomenors that the police don't enforce.

Now this doesn't mean that u commuted a murder and the cops have a low chance of finding out so u lax security culture. If the risk of it coming out is really high than I think you should have high risk OPSEC. Though it's up to personal preference.

For instance some people are super anal about not revealing he general area where they live. When the reality is I can host my blog and post a link. Then I get the IP address of everyone who clicks it. And ip can give u exact home address to general area. Plus it's not too difficult to find name and address with an IP.

So it's odd for people to loose potential social relationships to have basically pseudo security against being doxxed.

For my raddle profile I talk so much on the clear web LettuceLeafer and my real name are easily tied together. I'm only pseudo anonymous to those who bother to try to not find out who I am.

Which sounds bad but this means I have no issues with showing my face, talking a lot about my life, things of anarchy that work and ones that fail. My lax security culture has granted me so many benefits that I wouldn't have gained if I had tight security culture. But other draw backs are I have to be careful about advocacy of illegal actions and a few other things.

Now I won't change my username to my full legal name and put my address in my bio. Because that just increases the chance o annoyance for no reason. But if I did get doxxed which is very possible, I wouldn't care. I decided the risk is outweighed bu the benefit and dropped security culture.

So be conscious of your choices. Having really anonymous and secure OPSEC is really difficult and time consuming, so u just have to make smart decision on when to do it. And it al relies on making a good threat model

7

stagn wrote

I usually analize a lot when I post something that may give some clue as to where I live or who I am, as a matter of convenience I am not hiding my connesion (so my ips know im connected to raddle), and the "detectives" already know I am anarchist and in the past have even served me with a few "minor complaints"
Since the things i do are low risk and are not illegal maybe is better be less paranoid about what I post? In thi context is convenient tring to use tool for hiding connection? (vpn are expansive and cannot be trusted, tor is slow and a little inconvenient to use all the time)

3