Build a threat model. I don't know what that means but thats what every opsec thread always say.
this post was submitted on 16 Jun 2025
30 points (100.0% liked)
askchapo
23069 readers
189 users here now
Ask Hexbear is the place to ask and answer ~~thought-provoking~~ questions.
Rules:
-
Posts must ask a question.
-
If the question asked is serious, answer seriously.
-
Questions where you want to learn more about socialism are allowed, but questions in bad faith are not.
-
Try !feedback@hexbear.net if you're having questions about regarding moderation, site policy, the site itself, development, volunteering or the mod team.
founded 5 years ago
MODERATORS
I accidentally ordered some Gunpla and made a treat model.
The basic idea is to identify what you’re trying to protect, what threats exist or may exist, and outline possible protections against those threats, as well as the tradeoffs of those protections. So for example, someone who doesn’t do any praxis and browses Hexbear all day (not trying to call anyone out) doesn’t need to be running Edward Snowden levels of opsec and privacy software, but they should almost certainly get a cheap VPN and be regularly cycling accounts.
What this basically means is that it's a set of assumptions about how powerful and skilled your potential adversaries are in ways to compromise you and your data, and then you list all those avenues of attack and try to safeguard your privacy and devices against each of those.
For example let's take the CIA as an adversary, on one extreme you could assume they have incredible sci-fi quantum whatever technology where they can breach any system arbitrarily and completely, or on the other extreme you could assume they're entirely incompetent and can barely turn on the computer, leaving you to do whatever you want online. Obviously neither of those extremes are true, the truth is somewhere in the middle but getting closer to the truth unfortunately requires a lot of technical knowledge and experience.
I'm not extremely knowledgeable myself but I think you can go a long way with just the basics like getting a good VPN (make sure your payment is anonymous tho, I personally use Mullvad) and not posting any personally identifiable details online.
Don't talk to cops.
If you're going to do the revolution or anything remotely illegal don't discuss it on or even near a computer, phone, or any device that can send or received telecommunication signals.
Lie frequently and realistically about pretty much any personal details about yourself. Once somebody knows enough details about you pretty much no matter how small, they or someone else listening in will be able to figure out your identity.
Post your passwords here so we can weigh in on how secure they are and provide recommendations for better ones if needed.
hunter2
https://privacyguides.org/ has overall good recs and advice, beware run by libertarian ish westerners ignore the politics
Take the SIM out of your phone before throwing it through someone's window
This only works if you brick your phone first
Telling people you have no opsec makes your opsec worse btw
ask your nearest Iranian general what they do, then do the exact opposite.
Sew your mouth, eyes and ears shut (maybe not in that order)
There’s a lot of funny responses in this thread. What you change in your life depends on what you do now and how you expect to be targeted.
If you’re a normal person, my advice is always to speak less and recognize your surroundings. Recognize that the internet is a social media advertising platform.