OPSEC Basics for Your Life

A Quick Overview of Individual Operational Security (OPSEC)

This will be a quick overview of Individual Operational Security (OPSEC), especially Physical OPSEC, which is sometimes a disregarded aspect of OPSEC. Organizations apply OPSEC functions in different ways, but the fundamental ideas remain the same. Considering nothing is perfect, taking these precautions enhances your privacy to some extent.

OPSEC is about fragility and antifragility. Double-checking everything and having redundancy are essential components. On the other hand, some things should not be antifragile because they tend to remain. Fragility or antifragility is about adaptation. You must remain attentive and recognize that you are always being traced and observed.

Additionally, there will always be leaks! Just like in digital space, there are always leaks. The same applies to the physical world.

You must create a balance between paranoia and readiness. OPSEC is about mental clarity and not being overwhelmed with noise. It's not just what you observe, but also what you don't. You need to be very clear about what is important and what is not.

What is OPSEC/PERSEC

There is a proverb: "Loose lips sink ships". In other words, lots of talking is bad for your OPSEC. Sometimes you might say something that you don't want to. Be careful what information is okay to share and what is not.

OPSEC and PERSEC (Operational security and personal security) are very similar in many approaches. For our purposes as persons residing or visiting different countries, let's merge these techniques because they have many similarities. For our purposes as sovereign individuals, we can summarize this as:

1. Identifying critical information: Identify information that might be damaging to you, such as personal information, location, relatives, etc.

2. Assess threats: Examine the locations, facilities, and overall physical security in the environment to identify particular risks and weaknesses. Overall environment assessment.

3. Evaluate Existing vulnerabilities: Examine the current security mechanisms in place to prevent, detect, and respond to recognized threats and vulnerabilities.

4. Analyze Risks and Impacts: Determine the possible IMPACT of the identified threats and evaluate the effectiveness of current security measures. Concentrate on impact rather than probability. You cannot detect and neutralize every possible threat. The most crucial ones are those that have the most impact on you.

5. Implement Countermeasures: Develop and execute suitable security measures to reduce identified threats, such as upgrading hardware, software, and behavior, as well as improving own security of the environment in which you operate.

Which way, anon?

You're at a crossroad. OPSEC consists of two main strategies: "Going off the grid" as well as "Gray Man". "Going off the grid" is to disappear. This is a really difficult assessment for a beginner. "Gray man" is about blending in. BUT... as always there is no silver bullet.

It is up to you to pick which approach to choose. Be familiar with both, but if possible, choose the "gray man".

Let us begin by focusing on "Gray Man". 99% of you will find this of better use.

The Gray Man

Blending in means knowing what is "standard" behavior. You need to be clear what the local rules are, what people do, what they wear, how they act, when they commute, when they have free time. Basically knowing the time schedule of daily life. If you seem and act like everyone else, it will be quite difficult for someone to differentiate you from another. Being the Gray man means fitting in and being ordinary for other people/observers.

Being a gray man is ideal, if feasible. Gray man provides you extra options for whatever you do usually and does not interfere with your daily life much.

If you find yourself in a location where there might be some "heat," be careful with talking on the street. Even though you might be perfect with foreign languages, it is very difficult to speak with the right accent. Every location, country, and city have their own accents, and this might be the "thing" that reveals you. Like I said, pay attention to important details that could easily compromise you.

Physical security

Gray man gives you many advantages in the environment. Let's look into basic examples of what you might want to tackle:

• Blend in with clothes and shoes. Have variety in clothing depending on geo location and event. Do not make the mistake of thinking "one type of clothes fits all". This is a very common mistake. Remember that you are a gray man. You need to know what to wear and when. You are not on a "survival mission" where everything needs to be light, functional and heavy duty. And remember shoes have the same importance as other parts of your wardrobe. Many times improper shoes selection will ruin everything...

• Do not show wealth on the street at 3 A.M. On the other hand, if you are planning to attend a social event in a wealthy area, you should wear proper attire and other accessories to blend in. Remember being a gray man requires becoming a chameleon in dressing.

• Know how the city works and what is the pace of the city. How taxis and ubers work. Are they working 24/7? If you want to eliminate any physical encounter at night, I always suggest going with uber/taxi instead of walking. Walking in unfamiliar areas is always a bad idea. You should check and know the area prior to walking and assess risks prior to that.

• If you are leaving from a social event, you never should walk. Wrong dress code on streets will always put you in the spotlight.

• Wear a hidden knife or at least small dagger that can be around your neck. It is unnoticeable but a powerful piece that can save you. Here is the one I like.

• I have created a normal looking "gray man belt" that fits all pants and can store some items inside, without being recognized by others. Items such as paper bills, blade or very important confidential "notes" that can't be stored online. It works great in every environment.

• Always have some cash on you. Now let's set up an example. (Note: Not required while living/moving in rich neighborhoods or attending high-class social gatherings, when many risks are eliminated by design).

However, if you live in a regular location and continue to assess your environment, you never know what may happen. 90% of all street criminal activity has one common denominator: money. If such an unfortunate event occurs, you should carry some cash in your easily accessible pocket that is "enough" to feel like "it was a good mug". Assess what is "enough money" in that geolocation, and you should be OK most of the time. Being mugged is a probabilistic and ratio-based game. If you are being robbed, giving away "enough" cash typically ends in you protecting your phone and other goods since more encounters and more time work against criminals. They play the same game. With "enough" cash, they will recognize it was a successful "run" and will swiftly vanish.

Devices

Almost everyone has a phone, laptop etc. They are living tracking devices. Be careful and if possible to live without it, just deactivate GPS services. It might be a good idea to install a system where you can trust (to some degree) what system does and keeping you informed if microphone, camera or GPS are turned on and what apps or programs require it.

Eventually, you may want to modify all your devices, software, and hardware.

Do not forget to tape your microphones and cameras on your devices. Yes, it can create "raised eyebrows" from other people but the justification with "you read the mainstream article where everyone's doing it" or "some friend suggested that to me" normally works.

Purchases

Cash is king when it comes to privacy. Cryptocurrencies can help like bitcoin (if you know what you are doing), bitcoin lightning or Monero.

For online purchases use prepaid cards via bitcoin or gift cards. There are many services these days that can help with that, such as Bitrefill.

For physical shopping remember that in the majority of countries cash is king. Also using cash helps you to keep privacy while looking totally normal no matter where you are. Be sure to have smaller denominations as bigger bills are often hard to spend plus it is not standard (vendors tend to remember this). Having and using most common bank notes is the low profile approach.

Digital OPSEC and INFOSEC

Let's mention just basic approaches to implement in case you don't want to jeopardize your privacy and physical security:

• Try not to use location services
• Get rid of google services or at least compartmentalize them
• Do not share anything sensitive on social media like locations, family photos, timelines, plans with certain dates, etc... Take anything you share as public information
• Use ad-blockers - to strip social media trackers, etc.
• Use trusted VPN or Tor
• Ideally connect via privacy router to own internet (especially in locations where you can't trust the provider)

Threat model

To wrap it up. You always should answer this question first: Who is the adversary? Who are you protecting against?

It can be very different in different countries. You can't protect against everything at the same time. The game is that you need to identify what is the threat first. Later you can build the whole plan around it. Do not try to have a very complex threat set-up. As I mentioned in the beginning, you can't protect against everything, there are always going to be leaks and you need to stay sharp and not overwhelmed with the "noise".

The best-case scenario may be to go undetected and unacknowledged if the life/event/operation allows it. The "OODA loop" approach perfectly defines it.

The OODA Loop

It comes from the military. Like many other excellent techniques. Understanding them is critical, as is tailoring the application to our specific needs.

What is the OODA loop? "Observe, orient, decide, act" is what it implies. This is a never-ending loop of assessing opponents, environments, threats, meetings, etc...

And how can we profit from it in OPSEC? There are two approaches:

1. You complete the entire cycle on others. You observe the situation, orient yourself in it, determine what is best for you (what are the problems, setbacks, and simplest ways), and then execute them.

2. If you are in a position where someone is applying the OODA loop on you, in that case you want to break the loop on the first or second step. Not later. The reason is that the opponent is trying to observe your actions and by breaking OODA loop you are minimizing confrontations. It is a great technique to stay low, unnoticed.

It is best not to be observable. It is difficult to do this in physical life and often depends on the situation. You can remain "in the dark" very effectively in a digital space. In this case, you have already broken the OODA loop in the first step. When you break the loop, nobody can use it to execute other steps. When the adversary cannot observe what is going on, they cannot even orient in the problem.

If you cannot break the loop in the first step (as is often the case in the physical world), you can do it in step 2: orient. Someone can observe your actions (in the physical or digital world) but later needs to orient themselves in what it means and what your goal is. This can be done in such a way that the actions do not make sense to the adversary and cannot be related to each other. In the digital world all actions can be encrypted and therefore mean nothing to the adversary because they cannot decipher what is happening on your side. Again you have broken the OODA loop and that is why steps 3 and 4 cannot be applied.

Try to apply it because this loop can be applied in all possible scenarios and it will definitely improve your privacy and security while you are quickly in the loop by applying it on your "counterpart".

When sh*t hits the fan

It is not a topic of this article and it is beyond the scope. Let's set just 3 basic ideas. This is the last resort in very hostile environments. As I believe I speak to world-citizens it probably ain't gonna be your case.

• Having an "emergency bag" is a good plan. You can create various bags in various locations. But that depends on your operating style. Emergency bag should not miss travel documents, cash, access to crypto (at least some part), survival items (depending on your operational style), etc.

• It is good to have a safe house if you can afford it.

• Avoid routines and habits. Be ready to cut ties.