OPSEC isn't just about what you use; it's also about what you say!
Context:
This is a reiteration of /post/0aa3325a867752879c1a which goes more in-depth with the phrase "OPSEC isn't just about what you use; it's also about what you say." In this post, I'll talk about three common scenarios where this strongly applies. In those three scenarios, I'll also be talking about some tips me and my cybersecurity friend have discussed which we hope is helpful for you guys!
Overview:
In a world where everything you say and do is used to inscribe your digital footprint; reaching pure anonymity and 'perfect' OPSEC is like herding cats! Discussions about OPSEC are normally about what a person uses rather than what a person says, which a lot of people neglect. While having good OPSEC in terms of what you use is a good step, what you say equally contributes to how good your OPSEC ultimately is. The things you say, the things you share, the things you take part in, this is all collected by the ever-so-hungry intelligence agencies and they collect your information like collection cards. The reason these intelligence agencies collect so much information about us is to build up the evidence which can later be used against someone in court if by an unfortunate chance that someone is taken to court. Don't let these people build up their files of evidence any longer; take care of what you say online!
How this applies on social media platforms: [The things you say]
The law enforcement are there to snoop around suspicious behavior which includes accessing Dread and they are arguably the worst people you'll ever encounter here on Dread. They are very well known for scraping sites such as Dread (and pretty much any other social media platforms) them scraping Dread poses a major threat to our anonymity as they collect permanent information about everything, which could potentially de-anonymize us if we aren't wary about what we say. One should be well aware that Forums held in the Dark-Net will always be surveilled by law enforcement and it's inevitable for a forum to be without. With keeping this in mind, when creating an account we suggest choosing a username & password that's different from other platforms. Also please be wary of what you comment and post, omit information that could potentially be used to identify you. A post here never truly gets deleted as there are always scrapers snooping around Dread for the purpose to collect information, editing posts won't do it either as scrapers would also collect information about the post before editing. The way to get around this as per quote from one of my friends who studies cybersecurity more thoroughly than myself, they say to create different accounts when contributing and to never make a noticeable profile. While I believe this is a good way to prevent bringing attention to yourself, do I believe it's absolutely necessary? This all depends on your threat level, if you're for example wanted or have engaged in controlled activities in the past and your OPSEC wasn't so good then yes, that's a path you should follow. While for the average audience, this isn't absolutely necessary, they should know that if their OPSEC slips from the start, they can simply re-start their account. It's also a good idea to set a different persona and a complete different way of typing than before. For example if you used unique phrases/words and had a unique behavior, you should change them so your account doesn't get traced back to you! Contributing on forums shouldn't feel like something you should avoid as that's one of the leading causes for forums such as these to fail, contributing on forums also help people know where the rights and wrongs stand in a person's knowledge. People can also learn from these forums by asking questions which is a great way to expand your knowledge! As obvious as it may sound, avoid giving out personal details or talking about your personal life in-depth! If needed, be vague!
How this applies to private chats: [The things you share]
Law enforcement are also known for disguising themselves as normal Dread user, their purpose is not to be friends with you but to collect information about you! For all we could ever know here on the Dark-net, I could be an informant, you reading this could be an informant, someone you're talking to could be an informant! This means you should never wholeheartedly trust someone and go on to have personal conversations! Informants and law enforcement evolve as they collect more and more information about us. They learn what our interests are and what people tend to talk about. Distinguishing an informant/law enforcement is normally hard but common signs are when they ask personal questions such as what country you're from, how old you are, or anything similar which you believe is too personal to answer. Don't be discouraged to end a conversation with someone whom you suspect is an informant/law-enforcement as normally those gut feelings are right! You as a user want to stay at a point where regardless if you're in contacts with an informant/law-enforcement or not, they'll have little information to identify you. Some of my friends who deeply study cybersecurity say you should type like a robot, only straightforward replies/answers. While I believe that's a really good way to block off the informants/law enforcement, it can get quite awful and hard to express yourself, which is key to most friendships. What I believe in is giving minimal responses to people and not answer personal questions. For example, if the topic is about personal preferences, you could go on and talk about what things you like such as what video-game, food, hot chicks.. and so on! But, if the topic is something like your culture, don't express yourself too much and say what culture you follow, give vague responses which would typically be an indication of one not being comfortable about the topic. The other person should understand and change the topic. The number one rule for OPSEC is to never give personal details to someone no matter how much you trust them. Also be very wary of saying "good-morning/afternoon/evening/night" as much as politeness is everything, this could potentially be used to identify you through timezones (or at least give an estimate about where you live). For example if one says "good morning" while you live somewhere in Europe where it's the afternoon, you'd assume the other person to be in the USA.
How this applies in controlled activities: [The things you take part in]
Controlled activities quite literally mean activities controlled by law enforcement because they're illegal !!! These are things such as being an admin/moderator, vendor, buyer, taking part in activist groups, etc. As this is a broad topic with specific activities having specific inside knowledge, I'll generalize this part so this may or may not apply to everyone. A lot of the time, taking part in such activities has ego attached to it, you have power and you have status. Having power and status comes with great responsibilities, even more so importantly when it comes to the Dark-Net! The Dark-Net is a place where ego should be sealed off with a chastity and you cannot let ego get over you. The Dark-Net revolves around a skill set of knowledge and emotional stability, being humble is the key to staying anonymous; showing off only fragments your anonymity into pieces. An example of this is Alexandre Cazes, while his OPSEC wasn't great in any direction, lots of evidence was built where he was found bragging about his financial assets, his newly bought Porsche, and sharing details about his purchase on the Roosh V Forum. More prominently, Ross Ulbricht also used to vaguely boast about himself running a marketplace on Linkedin! As much as we all want to brag about how successful and clever we are, keep in mind this can also potentially be one's downfall. My little cybersecurity friend said bragging is never a good thing and it only leads to revealing more about yourself, and I agree! Bragging about what you have is never good, especially on the Dark-Net as it can be used as evidence and it can also potentially be used to identify you! It's also important to never tell anyone what you're doing in the Dark-Net as you'll never know if that person will keep your secrets confidential. Furthermore if by an unfortunate event, you get investigated, there's a chance that the person you spilled your Dark-Net life to, they could rat you out. Never be in a position where you're inferior.
More advanced or experienced users might want to look into red-herring, a tactic where you spread misinformation to essentially lead law enforcement. This is most effective when you happen to be talking to a law enforcement and instead of ending the conversation, you could pretend to be naive and make it seem like you're falling for their trap but you're actually planting false information and bluffing them. Unfortunately, it wouldn't be ideal for me to give examples as law enforcements would catch up to the tactics I mention. If you have little clue to what I am talking about or have no knowledge to how this might work the please avoid this, it's always better and there's no harm in just blocking the informant!
TLDR: You want to be in a place where law enforcements have no information to identify you and no evidence to incriminate you.