OpSec for Porn Bloggers

DRAFT DOCUMENT SUBJECT TO CHANGE

Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

GPS metadata

Photos taken by your phone can sometimes contain very accurate GPS location data by default. If you send someone these photos directly it's like you're giving them your home address. This is because "Location Services/Reporting" is typically enabled by default on the phone, you can turn it off, but it makes it difficult to do navigation or anything else requiring GPS coordinates.

Instead you can use various tools to strip data from photos or examine existing ones to see what data leaks from them:

• Scan Photos for Metadata
• Scrub Metadata from Photos

Email

It should go without saying but you should have a separate account for stuff you don't want to be connected to your real life account. Guys got blackmailed because they were using their personal or work email addresses for AshleyMadison. This is very bad, don't do this. If you don't want something tied to your real name, don't use your normal email for it.

One of the most secure secondary email providers I can suggest it Protonmail, it's based in Switzerland and encrypts your mail at rest on their servers. You have to remember two passwords but for security, I'm a big fan. A big benefit is that you don't require a phone verification number and you can leave off the recovery email as well, so you can have it completely separate from your personal identity.

VPN

A VPN can be an awesome tool to keep yourself anonymous and prevent anyone else on your own network from seeing what you're accessing on the internet. It's a Virtual Private Network, which encrypts your traffic on your local machine and sends it to the endpoint, wherever the VPN server is, so it looks like the traffic is being requested from that machine instead of your machine. The only thing someone on your network can see is that you're accessing a VPN and sending data back and forth, there's no way to see what that traffic is. So checking your IP address will show you the remote server as your original IP instead of the one you're actually using.

There are lots of VPN server options, you want a "no logging" one in a country with strong privacy protections.

Passwords

Storing unique passwords for every site you use is a good habit to get into, unless you use random strings, the passwords you use can give away who you are.

Let's say you have an account with LinkedIn and an account with Tumblr, both have been hacked in the past. Different email addresses to protect your identity, but you use the same supersecurepassword password on both sites. How long do you think it would take to correlate the two emails addresses together? If you think there's no way anyone else could be using the same super secret password, then it's even less likely the two accounts using the same password could be doing so by chance.

I've seen people bruteforce 70% of a database's password hashes in under a day, people aren't nearly as random as they think they are.

The bottom line is that you should be relying on a computer to be random for you.

Use a Password Manager!

BitWarden is decent

Tor

Coming soon

TorBrowser