OPSEC isn't just about what you use; it's also about what you say!

This is a reiteration of /post/0aa3325a867752879c1a which goes more in-depth with the phrase "OPSEC isn't just about what you use; it's also about what you say." In this post, I'll talk about three common scenarios where this strongly applies. In those three scenarios, I'll also be talking about some tips me and my cybersecurity friend have discussed which we hope is helpful for you guys!

Overview:

In a world where everything you say and do is used to inscribe your digital footprint; reaching pure anonymity and 'perfect' OPSEC is like herding cats! Discussions about OPSEC are normally about what a person uses rather than what a person says, which a lot of people neglect. While having good OPSEC in terms of what you use is a good step, what you say equally contributes to how good your OPSEC ultimately is. The things you say, the things you share, the things you take part in, this is all collected by the ever-so-hungry intelligence agencies and they collect your information like collection cards. The reason these intelligence agencies collect so much information about us is to build up the evidence which can later be used against someone in court if by an unfortunate chance that someone is taken to court. Don't let these people build up their files of evidence any longer; take care of what you say online!

How this applies on social media platforms: [The things you say]

The law enforcement are there to snoop around suspicious behavior which includes accessing Dread and they are arguably the worst people you'll ever encounter here on Dread. They are very well known for scraping sites such as Dread (and pretty much any other social media platforms) them scraping Dread poses a major threat to our anonymity as they collect permanent information about everything, which could potentially de-anonymize us if we aren't wary about what we say. One should be well aware that Forums held in the Dark-Net will always be surveilled by law enforcement and it's inevitable for a forum to be without. With keeping this in mind, when creating an account we suggest choosing a username & password that's different from other platforms. Also please be wary of what you comment and post, omit information that could potentially be used to identify you. A post here never truly gets deleted as there are always scrapers snooping around Dread for the purpose to collect information, editing posts won't do it either as scrapers would also collect information about the post before editing. The way to get around this as per quote from one of my friends who studies cybersecurity more thoroughly than myself, they say to create different accounts when contributing and to never make a noticeable profile. While I believe this is a good way to prevent bringing attention to yourself, do I believe it's absolutely necessary? This all depends on your threat level, if you're for example wanted or have engaged in controlled activities in the past and your OPSEC wasn't so good then yes, that's a path you should follow. While for the average audience, this isn't absolutely necessary, they should know that if their OPSEC slips from the start, they can simply re-start their account. It's also a good idea to set a different persona and a complete different way of typing than before. For example if you used unique phrases/words and had a unique behavior, you should change them so your account doesn't get traced back to you! Contributing on forums shouldn't feel like something you should avoid as that's one of the leading causes for forums such as these to fail, contributing on forums also help people know where the rights and wrongs stand in a person's knowledge. People can also learn from these forums by asking questions which is a great way to expand your knowledge! As obvious as it may sound, avoid giving out personal details or talking about your personal life in-depth! If needed, be vague!

How this applies to private chats: [The things you share]

Law enforcement are also known for disguising themselves as normal Dread user, their purpose is not to be friends with you but to collect information about you! For all we could ever know here on the Dark-net, I could be an informant, you reading this could be an informant, someone you're talking to could be an informant! This means you should never wholeheartedly trust someone and go on to have personal conversations! Informants and law enforcement evolve as they collect more and more information about us. They learn what our interests are and what people tend to talk about. Distinguishing an informant/law enforcement is normally hard but common signs are when they ask personal questions such as what country you're from, how old you are, or anything similar which you believe is too personal to answer. Don't be discouraged to end a conversation with someone whom you suspect is an informant/law-enforcement as normally those gut feelings are right! You as a user want to stay at a point where regardless if you're in contacts with an informant/law-enforcement or not, they'll have little information to identify you. Some of my friends who deeply study cybersecurity say you should type like a robot, only straightforward replies/answers. While I believe that's a really good way to block off the informants/law enforcement, it can get quite awful and hard to express yourself, which is key to most friendships. What I believe in is giving minimal responses to people and not answer personal questions. For example, if the topic is about personal preferences, you could go on and talk about what things you like such as what video-game, food, hot chicks.. and so on! But, if the topic is something like your culture, don't express yourself too much and say what culture you follow, give vague responses which would typically be an indication of one not being comfortable about the topic. The other person should understand and change the topic. The number one rule for OPSEC is to never give personal details to someone no matter how much you trust them. Also be very wary of saying "good-morning/afternoon/evening/night" as much as politeness is everything, this could potentially be used to identify you through timezones (or at least give an estimate about where you live). For example if one says "good morning" while you live somewhere in Europe where it's the afternoon, you'd assume the other person to be in the USA.

How this applies in controlled activities: [The things you take part in]

Controlled activities quite literally mean activities controlled by law enforcement because they're illegal !!! These are things such as being an admin/moderator, vendor, buyer, taking part in activist groups, etc. As this is a broad topic with specific activities having specific inside knowledge, I'll generalize this part so this may or may not apply to everyone. A lot of the time, taking part in such activities has ego attached to it, you have power and you have status. Having power and status comes with great responsibilities, even more so importantly when it comes to the Dark-Net! The Dark-Net is a place where ego should be sealed off with a chastity and you cannot let ego get over you. The Dark-Net revolves around a skill set of knowledge and emotional stability, being humble is the key to staying anonymous; showing off only fragments your anonymity into pieces. An example of this is Alexandre Cazes, while his OPSEC wasn't great in any direction, lots of evidence was built where he was found bragging about his financial assets, his newly bought Porsche, and sharing details about his purchase on the Roosh V Forum. More prominently, Ross Ulbricht also used to vaguely boast about himself running a marketplace on Linkedin! As much as we all want to brag about how successful and clever we are, keep in mind this can also potentially be one's downfall. My little cybersecurity friend said bragging is never a good thing and it only leads to revealing more about yourself, and I agree! Bragging about what you have is never good, especially on the Dark-Net as it can be used as evidence and it can also potentially be used to identify you! It's also important to never tell anyone what you're doing in the Dark-Net as you'll never know if that person will keep your secrets confidential. Furthermore if by an unfortunate event, you get investigated, there's a chance that the person you spilled your Dark-Net life to, they could rat you out. Never be in a position where you're inferior.

More advanced or experienced users might want to look into red-herring, a tactic where you spread misinformation to essentially lead law enforcement. This is most effective when you happen to be talking to a law enforcement and instead of ending the conversation, you could pretend to be naive and make it seem like you're falling for their trap but you're actually planting false information and bluffing them. Unfortunately, it wouldn't be ideal for me to give examples as law enforcements would catch up to the tactics I mention. If you have little clue to what I am talking about or have no knowledge to how this might work the please avoid this, it's always better and there's no harm in just blocking the informant!

TLDR: You want to be in a place where law enforcements have no information to identify you and no evidence to incriminate you.

/u/SquidMarket P · 4 votes · 3 weeks ago · Link

This is really well said! "Bragging about what you have is never good" this one is especially true! Bragging about what you do in the DN whether that's in real life or with someone you know online is never good. The red-herring tactic is interesting, while I personally have never done it because I keep my circle small and trust the people I contact, it's still interesting nonetheless.

/u/Aphrodite

· 1 votes · 3 weeks ago · Link

I also keep my circle small, something about having multiple contact just puts me off.

But yes, red-herring is a nice little tactic to make the LE run around like chickens

/u/wgetass · 2 votes · 3 weeks ago · Link

You know what is better than having a small circle, having none.

/u/Invariant · 1 votes · 3 weeks ago · Link

bragging in real life is the death of all opsec

/u/this_is_a_username · 1 votes · 3 weeks ago · Link

[removed]

/u/newbieforever2018 "You've got ★bail★" · 3 votes · 3 weeks ago · Link

Excellent post and remember everyone that there is a save function for topics and comments that you find valuable and want to maintain ready access to.

To anyone that I might have claimed to have gynecologist certification to it might be a misdirection but certainly not a lie.

/u/bl6ckm6gic · 1 votes · 3 weeks ago · Link

LMFAO

/u/franksindaback · 3 votes · 3 weeks ago · Link

Ill try that out when I'm done being water-boarded for having a bigger dick than them

/u/bl6ckm6gic · 2 votes · 3 weeks ago · Link

Flexin' the stuff you have is a deathwish that people don't perceive as dangerous. Flexin gets you robbed and potentially hurt, or even killed.

I understand wanting to be socially accepted and whatever, but flexin' money and expensive clothing or whatever is definitely not the way to go about it. It's so stupid and will ultimately end up with you down bad with nothing left.

Keeping as much of this shit as completely private as you possibly can is the only way to go about doing any of this correctly.

As far as everyone else is concerned I'm broke and I'm a bum... and that's exacly how I want to keep it.

It's astonishing how badly some people need to read a post like this. Good write up!!

/u/ModernGhost · 1 votes · 3 weeks ago · Link

Yep, ego is a massive enemy of opsec. Its something you have to constantly keep in check as it pops its ugly head up often as well.

Yessss, I 100% agree with you :)

/u/cutecat · 2 votes · 3 weeks ago · Link

Thats also how most users are getting caught, not because they don't use Tails or Whonix, but because they were talking too much.

/u/TakeMore · 1 votes · 3 weeks ago · Link

will keep this in mind thanks

You're welcome!

/u/Puppet · 1 votes · 3 weeks ago · Link

Great post! It's indeed very important not to brag IRL and to avoid having our spooky darknet activities and behavior be correlated with any other online identity tied to our real-life selves. I wouldn't have much to worry about in that regard though, since I only exist as a pseudonymous persona :)

Also, not to be a grammar nerd, but I think you may have meant "scraping" in your post, rather than "scrapping" when referring to web scraping, right?

· 2 votes · 3 weeks ago · Link

And mine is goddess of prostitution! :D

Yes whoops sorry, I keep mistaking those words

/u/miner21 · 1 votes · 3 weeks ago · Link

Very good read just as a reminder

/u/myd1ck · 1 votes · 3 weeks ago · Link

It's again the Roosh V forum! I didn't know Cazes was also a member of?

What's so special about that forum lol

From my understanding it's just filled with misogynistic men

It's a strange forum. I've used it a few times, I don't know if it's misogynistic, questionable yeah. I don't really understand it myself.

/u/splinterishaxiomatic · 1 votes · 3 weeks ago · Link

/u/XanInc · 1 votes · 3 weeks ago · Link

Forever convinced that /u/newbieforever2018 is the FBI

Heres hoping me and him are good enough friends that I get a pass

On a serious note the way you talk, the grammar you use, the style of text etc can all be used to cross check with your everyday conversations and glue all the evidence to you. Stay careful out there

XanInc

/u/newbieforever2018 "You've got ★bail★" · 2 votes · 3 weeks ago · Link

Hey, remember that pack that was seized? Guess who made that file disappear. You are welcome.

/u/RedPhosphorus · 1 votes · 3 weeks ago · Link

Well said! Thanks, these rules are perfect for CN too

Especially Clear-Net sites, big tech companies like Facebook horribly collect our data

/u/Tobi4v · 1 votes · 3 weeks ago · Link

Really good post. I personally know people IRL that just found out about dread and as soon as they got into it, started posting shit online and always bragging about "shit they found on the dark web". Keep in mind these were the kind of people that just installed tor on their windows pc, and searched up dread and clicked the first link they saw lmao. People bragging is always so funny to me, especially when theyre bragging about shit that they have no idea about but still try to sound "cool" lol

Yup, they are for sure fucked if they continue to do this lmfao

/u/Edmond-Dantes · 1 votes · 3 weeks ago · Link

This post highlights a critical aspect of operational security: the need for rigorous compartmentalization. It's all too common for individuals to become their own adversaries, allowing their egos to cloud their judgment and inadvertently contaminate their online persona with their real-world identity. The key principle to remember is to simply STFU. As the well-known saying goes, "Loose lips sink ships," which perfectly encapsulates the significance of discretion in this context.

Thank you /u/Aphrodite for bringing attention to this vital topic and providing a much-needed reminder to the community. You have earned an up-vote from me.

E.D.

Correct! And ooo I like that idiom, I might use it hahaha

And thanks for the upvote!

/u/drugshub P · 1 votes · 3 weeks ago · Link

Good afternoon. UH naive is my second name, *eye roll* how do you think I got myself into porn. Also people call me Abella Danger but people from my neighbourhood in Miami call me Abby. So mr. officer reading this, is there anything I can do to make things disappear. *clear_loud_moan.mp4*

/d/OpSec

Comments (30)