Privacy

33459 readers

482 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

A Practical opsec guide – looking for feedback & suggestions (whos-zycher.github.io)

submitted 1 day ago by whoszycher@lemmy.ml to c/privacy@lemmy.ml

6 comments fedilink hide all child comments

I recently put together a detailed opsec guide that covers practical steps for reducing your digital footprint, securing communications, and avoiding common pitfalls people make when trying to stay private online.

The goal was to create something that's actually useful and not just the usual "use a vpn and tor" advice. I tried to break down realistic methods that can help both beginners and people already familiar with opsec.

Id love to get some feedback from the community - what's missing, what could be improved, and if there's anything you disagree with.

you are viewing a single comment's thread
view the rest of the comments

[–] thebardingreen@lemmy.starlightkel.xyz 7 points 1 day ago (4 children)

I'll read through this. I'm teaching a free class on cybersec / opsec to members of local activist organizations starting next month, so resources like this are potentially really useful.

[–] whoszycher@lemmy.ml 4 points 1 day ago (3 children)

Thanks! Hope it will help you sharing the knowledge, good luck!

[–] thebardingreen@lemmy.starlightkel.xyz 1 points 5 hours ago* (last edited 5 hours ago) (2 children)

UPDATE:

I've had a chance to read through it.

It's short, to the point, an easy read, covers a lot of bases. I think that makes it an excellent starting point for people at the beginning of their journey.
It doesn't contain a lot of specific information, but I think it's a good thing to have literature that's just a general overview as a starting point.
Stylometry is far from an exact science (https://pmc.ncbi.nlm.nih.gov/articles/PMC11707938/). However, I bet this won't stop the current administration from using it (and possibly falsely accusing people because of it), so it's good to know about.
This will be extremely useful as I'm creating my lesson plan and I will probably pop it out to the class on day one as suggested reading.

Overall: Great resource and very timely. Thank you.

I would add, that if you're planning to make a lot of use of tor, and run tor hidden services locally, syncing the Monero block chain over tor (possibly to multiple local machines) and solo mining on old slow computers is a great way to generate a bunch of random tor traffic.

[–] whoszycher@lemmy.ml 1 points 5 hours ago (1 children)

Hey, appreciate the review! You're absolutely right - stylometry isnt bulletproof, but its practical threat lies in correlation rather than precision. Intelligence agencies dont need 100% certainty - just enough probability to justify further surveillance. And with modern AI driven linguistic analysis, even "imperfect" stylometry becomes a powerful profiling tool.

Good point on tor traffic obfuscation. Random background activity helps break traffic patterns, but it's important not to tunnel everything through tor - that just makes correlation attacks easier. Using monero syncing, onion services, and intermittent activity as cover noise is a solid approach, but layering it with non-tor traffic is key.

I'm Curious are you designing your lesson plan for general opsec education, or is it for a more specific field?

[–] thebardingreen@lemmy.starlightkel.xyz 1 points 2 hours ago

I'm actually doing two classes on alternating weeks, but they're both

"Here's basic opsec principles and now we'll talk about a bunch of tools that are useful specifically for activism in (against) the current political climate."

I'm doing a basic class where we'll just try to help people organize in safer ways (Telegram is like the number one organizational platform right now). One of our goals there is to try to set specific projects / organizations up with dedicated Matrix servers and help them get non-technical people to use them.

We're also doing a more advanced class where we want to help people set up their own hardened laptops and (for those able to secure the hardware) GrapheneOS phones. That will probably be like Unit 2 of that class. We want to start with threat modeling and help people figure out the tools they specifically need to do their work.