Operations security

From Soyjak Wiki, the free ensoyclopedia
Jump to navigationJump to search
This is actually... helpful?

You can read this for more info about the topic

loose lips might sink raids

OPSEC, short for Operations Security are a set of practices which help hide potentially useful information to adverseries and other bad actors, that could potentially be used to find out who you are.

Proper OPSEC technique is paramount to staying safe whilst raiding,[it actually just is, ok??] as even small amounts of information can be pieced together over time to identify and locate you.

Guide[edit | edit source]

This guide is mostly centered around how to stay safe during raids, and does not explicitly cover how you should secure your day-to-day life.

Hardening your internet[edit | edit source]

This step is probably the most important, as protecting yourself from fingerprinting and datamining is relatively easy and lets you visit potentially hostile sites without risking anything.

  • Use some form of VPN, one that isn't being shilled by JewTubers and with a good track record of complying with law enforcement requests that haven't revealed anything of use to them. Preferably one which doesn't require any form of personal information to begin with, like Mullvad. PAY IN CASH OR CRYPTO IF YOU CAN
  • Use some form of hardened browser:
    • Mullvad Browser: Certified Swedish win, co-developed with the Tor Project. Doesn't allow you to use .onion links doebeit.
    • LibreWolf: Has uBlock Origin pre-installed, good for normalGOD use as well.
    • Ungoogled Chromium: Good for all the nusois who can't imagine themselves using something not (((chromium))) based.[a]
    • Tor: Extremely slow when connected to the Tor network but is the most effective at stopping backtrace attempts, also allows you to visit darknet sites using .onion links.
  • Install the following browser extensions: (May only be available on Firefox based browsers cause (((Jewgle))) has to track you to make money)
    • uBlock Origin: Blocks ads and trackers, basic necessity for browsing the modern web.
    • Privacy Badger: Blocks trackers and various other methods websites can use to create a digital fingerprint of you.
    • Port Authority: Blocks websites from scanning which ports you have open, this can be used for instance to tell if you have Discord open, or if you're hosting some kind of service on another port.
    • User Agent Switcher and Manager: Allows you to spoof your user-agent, a string of text which identifies what browser, Operating System, processor architecture, type of device (i.e. Desktop, Mobile, etc.) you're currently using. Will cause the infamous "You look like a bot" error when posting on the sharty if enabled.
  • Switch your default search engine to a privacy focused one:
    • DuckDuckGo: Uses Bing as it's indexing dataset, image results are often lacking, also has an AI model wrapper without any tracking[supposedly][1] called Duck.ai
    • Searx: A metasearch engine, aggregating the results of other search engines.
    • Qwant: Another metasearch engine, it has results similar to Bing but lacks information regarding certain websites and image searches.

SNCA: Types of fingerprinting[edit | edit source]

>You will let us datamine you, because you just will ok??

This a bit of SNCA that you can read more about if you're curious.

Websites can retrieve data about your browser, which can be used to generate a unique signature or "fingerprint" of your device, which can be used to identify you across accounts. This is why it's critical to use a hardened browser that doesn't allow access to these parameters.

  • Javascript APIs:[2] Javascript has several APIs that can reveal what type of device you're using, such as if your device doesn't support battery information, you're probably on a desktop computer.
  • WebGL API:[3] WebGL has an API to retrieve your exact graphics hardware configuration, GPU manufacturer (Nvidia, AMD, Intel, etc), model, firmware version, etc.
  • Font API:[4] Your browser has access to what fonts you have installed.
  • Canvas API:[5] The Canvas API is used by your browser to draw images on the screen, the resulting image drawn is minutely different on each device, browser, and graphics device.

Keeping yourself anonymous[edit | edit source]

Don't be retard and use anything directly connected you, personal emails, phone numbers, usernames, passwords, etc. Several 'teens have gotten themselves exposed and potentially gotten a knock on the door by the feds by for instance using their own phone number to order 'za, spamming 'oxeralds on personal accounts, and accidentally clicking on tracking links.

If you ever use something that's connected to your personal life, even once, you've already fucked up. Burn your burner and start over.

Prerequisites[edit | edit source]

Use a different browser than you do day-to-day, or use incognito mode as this gives you a clean browser state that doesn't contain any saved logins (tokens), as if these get compromised an attacker will have access to your accounts without your username, password, or two-factor authentication code. You do not want your personal accounts being compromised because you accidentally clicked on a malicious link.

Registering burner accounts[edit | edit source]

When buying phone numbers for verification, NEVER use a credit card or anything else, only crypto. As these services are known to be unreliable with data privacy.
Free phone verification services rarely ever work, their entire purpose is to show you ads while you wait for a code that never arrives.

Before you participate in a raid or similar event, make sure to register your accounts well in advance. As newly registered accounts look incredibly suspicious on things like 'cord servers and for automated spam detection systems.

  • Create burner email accounts:
    • 10minutemail.com (or similar services): Email addresses from these services are often disallowed for registering accounts on some services, otherwise a very good choice since it's free.
    • Gmail: Quite simple, allows you to use "Sign in with Google" which automatically makes your account look less suspicious, especially if your Google account has a phone number linked.[it just does, ok??]
    • Proton Mail: Free and encrypted, might be flagged as a suspicious email on some extremely strict websites.
    • Firefox Relay: Allows you to mask your email address, forwards emails from the burner address to your inbox of choice. (Note: Do not use your personal email as your inbox in case of a dataleak)
  • Use a burner phono: (if phone verification is required)
    • 5sim.net: Fast and reliable. Quite cheap as well, prices are listed as "credits" but are in fact just rubles.
    • onlinesim.io: Bit more expensive but works more often.
  • Pick a username:
    • Randomly generated ones are fine, or use whatever nuvariant you're forcing, or some sharty phrase. (i.e. peculiar_seranade1488, mogsonWABAG, embedded_p)
  • Use a randomly generated password:
    • DO NOT REUSE PASSWORDS, if it ever were to get leaked it VVILL be able to be traced back to you.
    • Use a password manager, the one built into Firefox or Chrome is fine.

Purchasing cryptocurrencies[edit | edit source]

When purchasing crypto, make sure you use an exchange that doesn't require Know Your Customer (KYC) checks, which often involves uploading your actual government issued ID, and if the glowies ever track your bitcoin (or shitcoin of choice) transaction history and ask the exchange for your personal information you're fucked.

  • Bitcoin (BTC): Most accepted and supported, not the most private
  • Monero (XMR): Private and untraceable, not every site accepts this though (Recommended)

Account linking[edit | edit source]

Never ever link something like a PayPal or CashApp to your anonymous accounts, this will give the glowies and jannies immediate access to your name and potentially where you live. On some services like der 'cord, this information becomes public unless you opt-out.[it might not anymore but still don't]

Uploading images[edit | edit source]

Make sure to always strip the filenames (i.e. replace them with a string of random letters and numbers) and remove the EXIF data of any images you upload.

The EXIF data on images may contain the make and model of the camera that captured the image, name of the author, date and time the image was taken, GPS coordinates of where the image was taken. Or if the image was created in an app, the name of that app will be in the EXIF data. This is information is attached to all pictures taken on smartphones and professional cameras.[6] Stripping this information is normally the responsibility of the website before it gets published but some either don't or store it for themselves before stripping it for publishing.

Further reading[edit | edit source]

Notes

  1. Chromium based browsers include: Chrome[duh], Opera and Opera GX, Brave, Microsoft Edge, and literally every other browser ever that (((they))) control.

Citations

  1. https://duckduckgo.com/duckduckgo-help-pages/duckai
  2. https://browserleaks.com/javascript
  3. https://browserleaks.com/webgl
  4. https://browserleaks.com/fonts
  5. https://browserleaks.com/canvas
  6. https://en.wikipedia.org/wiki/Exif
IRC

Operations security is part of a series on Computer Science.

Languages Low Level AssemblyCC++C#Holy CRust

High Level JavaGoPHPPythonSQLBashJavaScriptPowerShellActionScriptScratchRubyLua

Markup HTMLCSSSVGXML
Software Imageboards nusoiVichanYotsubaOpenYotsuba

OSes WindowsLinuxAndroidTempleOS

Other BabybotMcChallengeSystemdMS PaintJS PaintPhotoshopFlash
AI

ChatGPTGeminiGrokVibe codingGenerative AIStable Diffusion

More SoyGNUCGIDDoSGame developmentPiracyRegexDoxingMicrosoftAppleGoogleDataminingWebPArtificial soyduelRatio duelingCustomizationRicingFSLWindows debloatingThe Ultimate Doxing GuideOperations security
Retrieved from "https://soyjakwiki.org/index.php?title=Operations_security&oldid=295962"