OPSEC Fundamentals: Protecting Yourself in a Digital Surveillance State

Last Updated: March 26, 2026
Category: Digital Protection / Operational Security
Difficulty: Beginner to Intermediate
Time to Implement: 2-4 hours for basics, ongoing practice

When This Matters

OPSEC (Operational Security) is not just for spies and soldiers. In an era of mass data collection, facial recognition, license plate readers, social media doxxing, and employment consequences for lawful political activity—operational security becomes a life skill for anyone who values privacy, safety, or the ability to organize without interference.

This guide helps you build a defensive privacy posture—not to hide wrongdoing, but to protect your right to live freely.

What is OPSEC?

OPSEC is a systematic process for protecting sensitive information from adversaries. Originally developed by the U.S. military during the Vietnam War, it is now used by journalists, activists, security professionals, and privacy-conscious citizens.

The Five-Step OPSEC Process

1. Identify Critical Information — What do you need to protect?
2. Analyze Threats — Who wants this information?
3. Analyze Vulnerabilities — How could they get it?
4. Assess Risk — What is the likelihood and impact?
5. Apply Countermeasures — What will you do about it?

Step 1: Identify Your Critical Information

Personal Information Worth Protecting

Step 2: Understand Your Threats

Common Threat Actors

Step 3: Apply Countermeasures

Immediate Actions (Do Today)

1. Password Hygiene

• Use a password manager (Bitwarden, 1Password, KeePass)
• Generate unique 16+ character passwords for every account
• Never reuse passwords between important accounts

2. Two-Factor Authentication (2FA)

• Enable 2FA on email, banking, social media, cloud storage
• Use authenticator app (Authy, Raivo, Aegis) NOT SMS
• Save backup codes in your password manager

3. Email Compartmentalization

Create multiple email addresses:

• Primary: Banking, government, important accounts (Proton Mail)
• Secondary: Social media, shopping, newsletters (Proton Mail)
• Disposable: One-time signups, risky sites

4. Browser Privacy

• Install Firefox with uBlock Origin and Privacy Badger
• Or use Brave Browser (privacy built-in)
• Switch to DuckDuckGo or Brave Search

5. Phone Security

• Disable location services except when needed
• Turn off advertising ID
• Review app permissions monthly
• Use Signal for messaging (encrypted)

Short-Term Actions (This Week)

6. Social Media Hardening

• Set profiles to private
• Remove birth year, hometown, workplace
• Disable face recognition
• Use alias if possible

7. Data Broker Opt-Out

Opt-out of major data brokers:

• Acxiom, Experian, Equifax, TransUnion
• Whitepages, Spokeo, BeenVerified

8. Secure Messaging

• Use Signal for encrypted messaging
• Enable disappearing messages
• Verify safety numbers with contacts

Medium-Term Actions (This Month)

9. VPN Selection

• Mullvad (anonymous, no email required)
• Proton VPN (free tier available)
• IVPN (privacy-focused, audited)

10. Financial Privacy

• Use credit cards for online purchases (fraud protection)
• Use cash for local, everyday purchases
• Consider Privacy.com for virtual card numbers

11. Home Network Security

• Change default router admin password
• Update firmware regularly
• Use WPA3 encryption
• Create guest network for IoT devices

Common OPSEC Mistakes

Critical Mistakes to Avoid

1. Using real name on anonymous account (even once)
2. Logging into anonymous account from personal device without precautions
3. Discussing sensitive topics on SMS/email
4. Posting photos that reveal location
5. Reusing passwords between anonymous and real accounts
6. Connecting anonymous accounts to phone number

Resources

Organizations

• Electronic Frontier Foundation (EFF)
• Privacy International
• Access Now

Tools

• Signal — Encrypted messaging
• Proton Mail — Encrypted email
• Tor Project — Anonymous browsing
• Mullvad VPN — Anonymous VPN
• Bitwarden — Password manager

Education

• EFF Surveillance Self-Defense
• Privacy Tools

Legal Disclaimer

This guide provides information for educational purposes about protecting your privacy and security. The techniques described are legal when used for legitimate purposes: protecting personal privacy, securing communications, preventing identity theft, and organizing lawful activities.

This guide is part of the Survival & Resistance Content Project. Last updated: March 26, 2026.

OPSEC Fundamentals: Digital Footprint Reduction & Data Broker RemovalDifficulty: Intermediate

Time to Complete: 60-90 minutes—### OverviewYour digital footprint is larger than you think. Data brokers collect and sell your personal information to anyone who pays. This tutorial covers reducing your digital footprint and removing yourself from data broker databases.—### UNDERSTANDING DATA BROKERSWhat They Do:- Collect personal information from public records- Purchase data from apps, websites, loyalty programs- Aggregate and sell to marketers, insurers, employers- Some sell to government agencies and bail bondsmenMajor Data Brokers:- Acxiom (largest, 3000+ data points per person)- Experian, Equifax, TransUnion (credit bureaus)- Whitepages, Spokeo, PeopleFinder- Intelius, BeenVerified, TruthFinder- Epsilon, CoreLogic, LexisNexisInformation They Have:- Name, addresses (current and historical)- Phone numbers, email addresses- Age, date of birth- Family members, relatives- Income estimate, purchasing habits- Political affiliation, religious views- Health conditions (some brokers)—### OPTING OUT: MAJOR BROKERSAcxiom:- Visit: optout.acxiom.com- Enter name, address, email- Select all listings for removal- Processing time: 30 days- Re-opt-out annuallyExperian:- Visit: experian.com/optout- Choose marketing opt-out- Can opt out permanently or for 2 years- Also freeze credit (separate process)Equifax:- Visit: equifax.com/personal/credit-report-services/credit-privacy-lock/- Free credit freeze prevents new accounts- Marketing opt-out separateTransUnion:- Visit: transunion.com/credit-help/privacy-center- Opt out of credit offers: optoutprescreen.com—### PEOPLE SEARCH SITESManual Opt-Out Process:1. Whitepages - whitepages.com/optout - Search your name, select listing - Follow removal instructions - Takes 24-48 hours2. Spokeo - Spokeo | People Search | Opt Out - Enter URL of your listing or search - Confirm email to complete3. Intelius - intelius.com/opt-out - Search and select listing - Complete verification4. BeenVerified - beenverified.com/optout - Search, select, confirm5. TruthFinder - truthfinder.com/optout - Similar processAutomated Services:- DeleteMe (paid, ~$100/year)- Optery (paid, ongoing monitoring)- Kanary (freemium model)- PrivacyDuck (paid service)—### REDUCING FUTURE DATA COLLECTIONBrowser Privacy:- Use privacy-focused browser (Firefox, Brave)- Install uBlock Origin (blocks trackers)- Install Privacy Badger (EFF tracker blocker)- Enable Do Not Track- Clear cookies regularly or use auto-delete- Use private browsing for sensitive searchesSearch Engine:- Switch to DuckDuckGo or StartPage- Google tracks all searches- Bing also tracks extensivelyEmail Privacy:- Use separate emails for different purposes- Don’t use primary email for shopping/social media- Consider ProtonMail for sensitive communications- Use email aliases (SimpleLogin, AnonAddy)Phone Number Protection:- Use Google Voice for public-facing number- Don’t give real number to businesses- Text apps (Signal, Session) for messaging- Remove from reverse lookup databases—### SOCIAL MEDIA PRIVACYFacebook:- Settings > Privacy > Limit Past Posts- Settings > Privacy > Who can see your friends list (Only Me)- Settings > Ads > Ad Preferences (limit data)- Settings > Your Information > Download (see what they have)- Consider deactivating or deletingInstagram:- Set account to private- Remove tagged photos you don’t want- Limit data sharing in settingsLinkedIn:- Settings > Privacy > Profile viewing options (private mode)- Settings > Privacy > Data shared with third parties (off)- Limit visible informationTwitter/X:- Protect your tweets- Disable photo tagging- Limit data sharingGeneral:- Audit followers/friends regularly- Don’t post location in real-time- Remove EXIF data from photos before posting- Think before posting (assume permanent)—### SMARTPHONE DATA COLLECTIONApp Permissions Audit:- Review all app permissions monthly- Revoke unnecessary permissions- Delete apps you don’t use- Use web versions instead of apps when possibleAdvertising ID:- iOS: Settings > Privacy > Advertising > Reset- Android: Settings > Google > Ads > Opt outLocation History:- iOS: Settings > Privacy > Location Services > System Services > Significant Locations (off)- Android: Settings > Google > Location > Location History (off)App Tracking:- iOS: Settings > Privacy > Tracking > Allow Apps to Request to Track (off)- Android: Settings > Privacy > Permission manager—### FINANCIAL PRIVACYCredit Card Offers:- Opt out at optoutprescreen.com- Reduces junk mail with personal infoBanking Privacy:- Use credit unions (often more privacy-focused)- Consider cash for small transactions- Cryptocurrency for online (with proper OPSEC)Shopping:- Pay with cash when possible- Use privacy.com for virtual card numbers- Don’t use loyalty cards (track purchases)- Use burner email for online shopping—### VEHICLE PRIVACYLicense Plate Readers:- Private companies and police track plates- Data stored for years- No opt-out availableCar Modern Features:- Modern cars collect extensive data- Location, driving habits, contacts- Research privacy settings for your vehicle- Disable connectivity features if possible—### MONITORING YOUR FOOTPRINTRegular Self-Searches:- Google yourself quarterly- Check people search sites- Set Google Alerts for your name- Monitor social media mentionsDark Web Monitoring:- HaveIBeenPwned.com (data breach alerts)- Credit monitoring services- Identity theft protection services—### QUICK CHECKLISTImmediate Actions:- Opt out of Acxiom- Opt out of credit bureaus (marketing)- Opt out of 5 major people search sites- Review social media privacy settings- Install tracker blockers on browser- Switch to privacy search engineOngoing Maintenance:- Quarterly self-searches- Annual re-opt-out (some expire)- Monthly app permission review- Monitor for data breaches—OPSEC Fundamentals Series - Vivaed @ endscenar.ioSources: Electronic Privacy Information Center (EPIC), EFF Surveillance Self-Defense, Privacy Rights Clearinghouse, FTC Consumer Information

OPSEC: Physical Surveillance Detection & Counter-Surveillance BasicsDifficulty: Advanced

Time to Complete: 60-90 minutes—### OverviewPhysical surveillance is real and detectable. This tutorial covers recognizing when you’re being followed, basic counter-surveillance techniques, and when to seek professional help.—### UNDERSTANDING SURVEILLANCEWho Conducts Surveillance:- Law enforcement (with or without warrant)- Private investigators- Corporate security- Stalkers and harassers- Foreign intelligence services- Cybercriminals (digital only)Types of Surveillance:| Type | Description | Detection Difficulty ||------|-------------|---------------------|| Static | Fixed position observation | Medium || Mobile | Following on foot/vehicle | Medium || Technical | Cameras, bugs, trackers | Hard || Digital | Online tracking, metadata | Very Hard || Combined | Multiple methods together | Very Hard |—### SURVEILLANCE INDICATORSOn Foot:- Same person seen multiple times in different locations- People appearing to take interest in your activities- Vehicles parked for extended periods- Workers in area that seems unusual- People avoiding eye contact or suddenly looking away- Someone mirroring your movementsWhile Driving:- Same vehicle behind you for multiple turns- Vehicle pulls out when you pull out- Headlights appear in mirrors consistently- Unfamiliar vehicle at your regular destinations- Cars pacing you (one ahead, one behind)At Home:- Unfamiliar vehicles in neighborhood- People walking dogs repeatedly past your house- Workers in area you don’t recognize- Signs of entry when you return home- Items slightly moved from where you left them- Unusual sounds on phone line—### SURVEILLANCE DETECTION ROUTE (SDR)Purpose: Determine if you’re being followedFoot SDR:1. Start from normal location (coffee shop, store)2. Take route with multiple direction changes3. Include at least 4 turns (right, left, right, left)4. Pass by reflective surfaces (store windows)5. Stop unexpectedly, observe who stops6. Enter crowded area, observe who enters7. Use public transit (get on/off quickly)8. End at secure locationVehicle SDR:1. Drive normal route initially2. Make 4+ turns in residential area3. Include at least one right turn followed by left4. Use multiple lanes, observe mirrors5. Stop at 4-way stops (observe who stops)6. Drive slightly below speed limit7. Take route unfamiliar to most drivers8. End at secure location (not your home)Timing:- Should take 15-30 minutes- Long enough to reveal pattern- Short enough to be practical—### COUNTER-SURVEILLANCE TECHNIQUESNatural Behaviors:- Act normally (surveillance expects nervous behavior)- Don’t constantly check mirrors- Maintain regular speed and patterns- Use peripheral vision for observationObservation Points:- Shop windows (reflective surfaces)- Elevated positions (parking garages)- Intersections with good visibility- Public places with multiple exitsAmpush Technique:1. Turn corner, immediately stop2. Observe who appears in next few seconds3. Anyone turning same corner = suspectPublic Transit:- Get on just before doors close- Get off at unexpected stop- Change cars mid-route- Use stations with multiple exits—### TECHNICAL SURVEILLANCE DETECTIONVehicle Trackers:****Common Locations:- Wheel wells (magnetic)- Under bumpers- Inside bumpers- Under hood (wired)- OBD-II port (wired)- Inside vehicle (bluetooth)Detection:- Visual inspection weekly- Run hand along wheel wells- Check OBD-II port (under dash)- Look for new scratches on exterior- Use RF detector for active trackersRemoval:- Photograph before removing- Wear gloves (preserve evidence)- Bag and document- Consider reporting to authoritiesBugs/Listening Devices:****Signs:- Phone battery draining faster- Unusual sounds on calls- Electronics interfering with each other- Finding unfamiliar devicesDetection:- Sweep with RF detector- Check for new objects in room- Look for moved items- Professional TSCM sweep for high-risk—### DIGITAL SURVEILLANCE INDICATORSPhone:- Battery draining unusually fast- Phone warm when not in use- Background noise on calls- Delayed shutdown- Apps you don’t recognize- Increased data usageComputer:- Webcam light turning on unexpectedly- Cursor moving on its own- Programs opening/closing- Slow performance- Unusual network activity- Antivirus disabledResponse:- Don’t use compromised device- Factory reset or replace- Change passwords from clean device- Enable 2FA on all accounts—### IF YOU CONFIRM SURVEILLANCEImmediate Actions:1. Don’t confront - Confirms you’ve noticed2. Go to safe location - Police station, crowded area3. Document everything - Photos, descriptions, times4. Change patterns - Different routes, times5. Inform trusted contacts - Let someone know6. Consider legal options - Restraining order, police reportWhen to Seek Help:- Surveillance continues for days- You feel physically threatened- Home has been entered- Devices are compromised- You’re a high-value targetProfessional Resources:- Private security firms (TSCM sweeps)- Digital forensics experts- Legal counsel- Law enforcement (if appropriate)—### SAFE MEETING PRACTICESLocation Selection:- Public places with multiple exits- Moderate crowd (not empty, not packed)- Good lighting- Away from surveillance cameras if possible- Not your regular locations- Not near your home or workTiming:- Vary meeting times- Don’t establish patterns- Arrive separately, leave separately- Have cover story if neededCommunication:- Use encrypted messaging- Confirm meeting day-of- Have backup location- Establish check-in protocol—### LEGAL CONSIDERATIONSWhat’s Legal:- Walking/driving normal routes- Observing your surroundings- Photographing public spaces- Installing cameras on YOUR property- Recording conversations (one-party consent states)What’s NOT Legal:- Trespassing on private property- Wiretapping without consent- Installing trackers on vehicles you don’t own- Harassment or stalking- Breaking and enteringYour Rights:- Right to photograph in public- Right to refuse consent to search- Right to remain silent- Right to attorney- Right to ask if you’re free to leave—### QUICK REFERENCE: Surveillance ChecklistDaily Habits:- Vary your routes and times- Check vehicle for trackers weekly- Monitor phone/computer for anomalies- Be aware of surroundings- Note recurring faces/vehiclesIf Suspicious:- Document observations (time, location, description)- Conduct surveillance detection route- Change your patterns- Inform trusted contact- Consider professional helpHigh-Risk Situations:- Use secure communication only- Meet in public locations- Vary all routines- Consider relocation temporarily- Seek professional security advice—OPSEC Fundamentals Series - Vivaed @ endscenar.ioSources: Former Intelligence Community Professionals, Private Security Industry Standards, Electronic Frontier Foundation, ACLU Know Your Rights

OPSEC: Secure Device Setup Guide - Clean Install Best PracticesDifficulty: Intermediate

Time to Complete: 60-90 minutes—### OverviewStarting with a clean, secure device setup is crucial for maintaining operational security. This guide covers secure installation and configuration of phones and computers.—### COMPUTER SECURE SETUPBefore Installation:- Download OS from official source only- Verify checksums/hash values- Create bootable USB from trusted computer- Backup important data (encrypted)- Have network ready (preferably privacy-focused)Operating System Choices:| OS | Security | Privacy | Ease of Use | Best For ||----|----------|---------|-------------|----------|| Linux (Qubes) | Excellent | Excellent | Hard | Maximum security || Linux (Mint) | Very Good | Very Good | Easy | Daily driver || Linux (Tails) | Excellent | Excellent | Medium | Temporary/anonymous || Windows 10/11 | Good | Poor | Easy | Compatibility || macOS | Good | Medium | Easy | Apple ecosystem |Installation Steps:1. Boot from USB installer2. Wipe entire drive (secure erase)3. Install OS with full disk encryption4. Create non-admin user for daily use5. Install only essential software6. Configure firewall immediately7. Disable unnecessary servicesPost-Installation Hardening:****Linux:- Enable automatic security updates- Configure UFW firewall (deny incoming)- Install privacy extensions on browser- Disable telemetry and analytics- Use encrypted DNS (DNS-over-HTTPS)- Set up automatic screen lockWindows:- Disable Cortana completely- Turn off all telemetry in Settings- Disable advertising ID- Configure Windows Firewall- Install local account (no Microsoft account)- Disable cloud sync featuresmacOS:- Disable Siri and Spotlight suggestions- Turn off analytics sharing- Limit ad tracking in Privacy settings- Enable FileVault encryption- Configure firewall in Security settings- Disable iCloud if not needed—### PHONE SECURE SETUPAndroid (Privacy-Focused):****Option 1: GrapheneOS (Pixel devices)- Best security and privacy- Regular security updates- Google Play Services optional- Hardened memory allocatorOption 2: CalyxOS (Pixel, some Xiaomi)- Good balance of privacy/usability- Includes microG for app compatibility- Privacy-focused defaultsOption 3: Stock Android (de-Googled)- Disable all Google services- Use F-Droid for apps- Minimal Google account useInstallation Process:1. Unlock bootloader (wipes device)2. Install custom recovery3. Flash new OS4. Verify installation5. Configure privacy settingsiOS (Locked Down):While iOS is less privacy-friendly, you can minimize tracking:1. During Setup: - Don’t sign into iCloud initially - Disable all analytics - Turn off location services - Skip Apple ID if possible2. Privacy Settings: - Settings > Privacy > Analytics > Disable all - Settings > Privacy > Location > Disable system services - Settings > Safari > Block all cookies - Settings > Siri > Disable all Siri features3. App Store: - Only install essential apps - Review app permissions before installing - Use App Tracking Transparency (deny all)—### BROWSER CONFIGURATIONFirefox (Recommended):****Essential Settings:- about:config enhancements: - privacy.resistFingerprinting = true - privacy.trackingprotection.enabled = true - network.http.referer.default_policy = 2 - browser.send_pings = falseExtensions:- uBlock Origin (ad/tracker blocking)- Privacy Badger (EFF tracker blocker)- HTTPS Everywhere (force encryption)- ClearURLs (remove tracking from URLs)- CanvasBlocker (anti-fingerprinting)- Multi-Account Containers (isolate sites)Chrome/Edge Alternatives:- Brave (privacy-focused, blocks trackers)- Chromium (open source, less tracking)- Avoid standard Chrome for privacy—### ESSENTIAL SOFTWARESecurity Essentials:- Password manager (Bitwarden, KeePassXC)- 2FA authenticator (Raivo, 2FAS)- Encrypted messaging (Signal, Session)- VPN (Mullvad, ProtonVPN)- Encrypted email (ProtonMail, Tutanota)Productivity:- LibreOffice (Microsoft Office alternative)- Thunderbird (email client)- VLC (media player)- GIMP (image editing)- Obsidian or Joplin (notes)Avoid:- Adobe products (telemetry-heavy)- Google Chrome (tracking)- Microsoft Office 365 (cloud dependency)- Skype (Microsoft-owned, metadata)- Any software requiring constant internet—### NETWORK SECURITYRouter Configuration:- Change default admin password- Disable WPS (vulnerable)- Use WPA3 encryption (or WPA2)- Disable remote administration- Update firmware regularly- Disable UPnP if not neededDNS Configuration:- Use privacy-focused DNS: - Quad9: 9.9.9.9 (blocks malware) - Cloudflare: 1.1.1.1 (fast, privacy) - NextDNS (configurable filtering)- Configure DNS-over-HTTPS in browser- Consider running local DNS (Pi-hole)WiFi Security:- Separate guest network for visitors- Separate IoT network for smart devices- Disable WiFi when not in use- Use VPN on public WiFi always—### ACCOUNT SECURITYEmail Accounts:- Use different emails for different purposes: - Personal (close friends/family) - Financial (banks, investments) - Shopping (online purchases) - Public (forums, social media)- ProtonMail for sensitive communications- Enable 2FA on all accountsOnline Services:- Use password manager for all passwords- Enable 2FA everywhere possible- Use aliases for non-critical services- Review connected apps regularly- Delete unused accounts—### MAINTENANCE ROUTINEDaily:- Lock screen when stepping away- Check for security alerts- Review browser for tracking attemptsWeekly:- Install pending updates- Review installed applications- Clear browser data- Check account activity logsMonthly:- Full system backup (encrypted)- Review firewall logs- Audit app permissions- Update threat modelsQuarterly:- Password audit and rotation- Security setting review- Software inventory- Training/skill development—### RED FLAGSSigns of Compromise:- Unexpected software installations- Browser homepage changed- New toolbars or extensions- Slow performance- Unusual network activity- Popups and ads increasing- Antivirus disabled- Files encrypted or missingResponse:- Disconnect from network- Backup important data (carefully)- Full system wipe and reinstall- Change all passwords from clean device- Monitor accounts for suspicious activity—### QUICK REFERENCE: Secure Setup ChecklistComputer:- Install from verified source- Full disk encryption enabled- Firewall configured- Automatic updates enabled- Telemetry disabled- Privacy-focused browser installed- Essential security software installed- Non-admin user for daily usePhone:- Privacy-focused OS (or locked down)- Minimal apps installed- Location services restricted- Analytics disabled- Encrypted messaging installed- 2FA authenticator configured- Biometric + passcode enabledNetwork:- Router password changed- WPA3/WPA2 encryption enabled- Guest network configured- Privacy DNS configured- VPN subscription active—OPSEC Fundamentals Series - Vivaed @ endscenar.ioSources: EFF Surveillance Self-Defense, NIST Security Guidelines, Privacy International, Electronic Privacy Information Center

OPSEC Series: Complete Guide Summary & Quick ReferenceDifficulty: All Levels

Time to Complete: Reference Guide—### Complete OPSEC Tutorial Index| Tutorial | Topic | Key Skills ||----------|-------|------------|| #1 | Device Security Basics | Phone/computer hardening, updates, permissions || #2 | Phone Security Lockdown | iOS/Android specific settings, app permissions || #3 | Encrypted Communication | Signal, ProtonMail, secure messaging || #4 | Password Security | Password managers, 2FA, authentication || #5 | Digital Footprint Reduction | Data broker removal, privacy settings || #6 | Browser Fingerprinting | Anti-detection, Tor, privacy browsers || #7 | Physical Surveillance | Detection routes, counter-surveillance || #8 | OPSEC Mindset | Daily habits, situational awareness |—### Quick Reference: Security ChecklistDaily Habits:- Lock devices when stepping away- Maintain situational awareness- Use encrypted messaging for sensitive topics- Vary routines and routes- Check for unusual account activityWeekly Tasks:- Review financial statements- Check account login activity- Update software/applications- Review app permissionsMonthly Tasks:- Audit social media privacy settings- Review security camera footage- Check credit reports- Practice emergency proceduresQuarterly Tasks:- Password audit and rotation- Full security setting review- Training/skill development- Update emergency contacts—### Critical Security Principles1. Defense in Depth- Multiple layers of security- No single point of failure- Assume individual layers may fail2. Least Privilege- Give minimum access necessary- Revoke access when not needed- Regular access audits3. Need to Know- Share information selectively- Compartmentalize sensitive data- Verify before sharing4. Assume Compromise- Plan for when security fails- Have backup communication methods- Regular security assessments—### Emergency Security ProtocolIf You Suspect Surveillance:1. Don’t confront or act differently2. Document observations3. Conduct surveillance detection route4. Go to safe location if concerned5. Inform trusted contactsIf Accounts Compromised:1. Change passwords from clean device2. Enable/strengthen 2FA3. Revoke all active sessions4. Monitor related accounts5. Consider credit freezeIf Device Compromised:1. Disconnect from network2. Backup important data carefully3. Full wipe and reinstall4. Change all passwords5. Monitor for further issues—### Resource LinksPrivacy Tools:- Signal: signal.org- ProtonMail: proton.me- Bitwarden: bitwarden.com- Tor Project: torproject.orgEducation:- EFF Surveillance Self-Defense: ssd.eff.org- Privacy International: privacyinternational.org- Electronic Privacy Information Center: epic.orgTesting:- Have I Been Pwned: haveibeenpwned.com- Browser Leaks: browserleaks.com- Panopticlick: panopticlick.eff.org—OPSEC Fundamentals Series - Complete Reference GuideCompiled from tutorials by Vivaed @ endscenar.io**Sources:** EFF, Electronic Privacy Information Center, Former Intelligence Community Professionals, Security Industry Best Practices

OPSEC Tutorial #7: Credit Freezes & Identity Protection

Difficulty: Beginner
Time to Complete: 30-45 minutes

Overview

Credit freezes and fraud alerts protect against identity theft. This tutorial covers securing your credit and financial identity.

CREDIT FREEZE VS FRAUD ALERT

Credit Freeze:

• Blocks ALL access to your credit report
• Creditors cant see your credit = automatic denial
• You control when to lift
• FREE by law (US)
• Doesnt affect credit score

Fraud Alert:

• Requires creditors to verify your identity first
• Less restrictive than freeze
• FREE by law
• Lasts 1-7 years

HOW TO PLACE CREDIT FREEZE

Freeze at All Three Bureaus:

Also: Innovis - Unable to complete request | Innovis

Information Needed:

• Full name, SSN, date of birth
• Current and previous addresses
• Government ID
• Proof of address

LIFTING A FREEZE

Temporary Lift:

• Specify date range
• Takes effect within 1 hour
• Automatically refreezes

Permanent Removal:

• Contact each bureau
• Can refreeze anytime

IF YOURE A VICTIM

1. Place fraud alert or freeze
2. Review credit reports for fraudulent accounts
3. File FTC report at IdentityTheft.gov
4. File police report
5. Contact fraudulent creditors

OPSEC Series - Tutorial #7 (Identity Protection)

Sources: FTC, CFPB, IdentityTheft.gov

OPSEC Tutorial #11: Data Broker Removal & Digital Footprint Reduction

Difficulty: Intermediate
Time to Complete: 2-4 hours (initial), 30 minutes/month (maintenance)

Overview

Data brokers collect and sell your personal information. This tutorial covers removing your information from major data broker sites.

WHAT ARE DATA BROKERS?

Data brokers collect:

• Personal info from public records, websites, purchases
• Aggregate into detailed profiles
• Sell to marketers, insurers, employers

Types:

• People Search: Whitepages, Spokeo, BeenVerified
• Marketing: Acxiom, Epsilon, Experian
• Risk/Fraud: LexisNexis, Verisk

DISCOVER YOUR FOOTPRINT

Self-Search:

1. Google your name in quotes
2. Search phone number (all formats)
3. Search current/previous addresses
4. Check haveibeenpwned.com for email breaches
5. Document all findings in spreadsheet

OPT-OUT PROCESS

General Steps:

1. Find your listing
2. Look for Opt-Out/Privacy link
3. Follow removal process
4. Verify via email/phone
5. Save confirmation

Key Sites:

• Whitepages: whitepages.com/removals
• Spokeo: Spokeo | People Search | Opt Out
• BeenVerified: Search - BeenVerified
• Acxiom: optout.acxiom.com
• LexisNexis: optout.lexisnexis.com

AUTOMATED SERVICES

Paid Removal Services:

• DeleteMe: $200-250/year (30+ brokers)
• Optery: $100-200/year (100+ brokers)
• Kanary: $100-180/year (50+ brokers)
• Incogni: $80-120/year (150+ brokers)

Pros: Saves time, continuous monitoring
Cons: Annual cost, not all brokers covered

PREVENTION

• Use aliases for non-critical accounts
• PO Box for mailing address
• Google Voice for phone
• Privacy-focused email
• Opt-out of credit offers: optoutprescreen.com
• DNC list: donotcall.gov

MAINTENANCE

Monthly (30 min): Quick search, check top 5 brokers
Quarterly (2 hours): Full audit, re-check removed listings
Annually: Complete footprint audit

OPSEC Series - Tutorial #11 (Data Broker Removal)

Sources: FTC Consumer Information, Privacy Rights Clearinghouse, EPIC