Real world opsec

OPSEC For the Real World

OPSEC FOR THE REAL WORLD: NOT JUST SPOOKS AND HACKERS

Operational Security (or OpSec) gets thrown around like it’s only for spies, soldiers, or hoodie wearing hackers in dark basements. That’s bullshit. In the real world, OpSec is for you. It’s for the activist organizing meetups. It’s for the whistleblower, the journalist, the abuse survivor, the curious kid poking around online. It’s for anyone who doesn’t want to be tracked, profiled, or watched. It’s for anyone who values privacy as a basic human right.

You don’t need to be in a war zone to care about OpSec. You just need to realize this: everything you do online is logged, profiled, and sold. Your clicks, locations, contacts, even your “private” messages. If someone wanted to build a map of your life, they already could and they have.

So let’s cut the spy movie nonsense. This is realistic OpSec for real people.

WHAT IS OPSEC, REALLY?

OpSec is short for Operational Security. It’s the practice of identifying what sensitive information you have, figuring out who might want it, and taking steps to protect it. That’s it. No ninja moves, no secret handshakes.

Think of it like locking your front door. You’re not paranoid, you just don’t want random people walking in.

OpSec is about habits. Discipline. Awareness.

STEP 1: KNOW WHAT YOU’RE PROTECTING

Before you download some sketchy privacy app, stop. You need to threat model.

Ask yourself:

  • What do I want to keep private?
  • Who do I want to keep it from?
  • What are the consequences if I fail?
  • What am I willing to trade off to protect it?

There’s no one size fits all. If you’re avoiding data brokers, your OpSec will look different than someone avoiding an abusive ex. And that’s fine. What matters is clarity.

Hint: check out the free tool Threat Model Quicksheet in the SECURE CHANNEL

STEP 2: BREAK THE LINK BETWEEN YOU AND YOUR DATA

Here’s the reality: modern surveillance is passive. They don’t need to target you. They just collect everything and sort it later.

So your job is simple: minimize what’s collected, and sever the identifiers.

Start here:

  • Use Firefox + uBlock Origin. Not Chrome. Not Edge. Firefox with hardened settings (search “arkenfox”).
  • Ditch Google Search. Use DuckDuckGo or startpage.com. Better yet, try Whoogle hosted on your own machine.
  • Encrypt your phone and computer. Full disk encryption. If your device is ever stolen, that’s the only line of defense.
  • Use a password manager. Bitwarden, KeePassXC, etc anything but your brain or browser.
  • Enable 2FA (hardware if possible). Hardware keys (i.e. Yubikey) are ideal. Authentication apps are good. SMS codes are garbage.

STEP 3: COMMUNICATE LIKE THEY’RE WATCHING. BECAUSE THEY ARE.

Stop assuming messages are private. Assume every message is a postcard.

Fix that:

  • Use Signal. Default to disappearing messages. Maybe consider Molly and lock it with a PIN.
  • Email? Use ProtonMail or Tuta. Better yet, learn PGP and use Thunderbird.
  • Social media? Treat it like shouting in a crowded bar. Never post anything you wouldn’t say with a cop or your boss standing behind you.

Don’t put your life in plaintext.

STEP 4: KNOW YOUR DEVICES

Your phone is a surveillance device with a calling feature.

Hard rules:

  • Location off. Always. Unless you need GPS, it’s leaking your position.
  • Disable biometrics. Face unlock and fingerprints are for convenience, not security. A cop can force your finger onto your phone. They can’t force your password.
  • Use faraday bags as a kill switch. In high risk moments, cut the signal.

Better yet? Consider a de-Googled Android phone like GrapheneOS. It’s not for everyone, but it’s the gold standard.

STEP 5: STAY PARANOID, BUT PRACTICAL

OpSec isn’t about being invisible. That’s a myth. It’s about being resilient.

Examples:

  • Don’t log into Facebook from your private browser.
  • Don’t use your real name for accounts that don’t need it.
  • Don’t recycle usernames across platforms.
  • Don’t talk about your OpSec practices publicly.

Every link is a liability. Break the chain.

FINAL THOUGHTS

You’re not crazy for wanting privacy. You’re not a criminal. You’re someone who understands that what you do, say, and think should be yours.

OpSec isn’t just for spooks and hackers. It’s for anyone who still gives a damn about freedom in the digital age.

So don’t wait for the knock on the door. Harden your habits now.

Start small. Build the muscle. And when the day comes that you really need it, you’ll be ready.

-GHOST
Written by GHOST, creator of the Untraceable Digital Dissident project.

This is part of the Untraceable Digital Dissident series — tactical privacy for creators and rebels.
Explore more privacy tactics at untraceabledigitaldissident.com.