On Security and Intelligence

OPSEC

OpSec is the military term for Operational Security. Which (super-simplified) means: Critical information that should (or must) be protected from falling into the wrong hands where they can use the info for their benefit. Examples include (but not limited to) special force members, their full capabilities, weapon arsenals, operations capability, troop movement, radio codes, ciphers, and so much more.

As it is paramount for the military, it is important for civilians to apply this to their daily lives. To protect one's information, data, and privacy from prying eyes, waiting for the opportunity to use such pieces of information for their own good. Information such as where you live, your income, your holiday plan, your travel plan, your working hours, where your kids went to school, are a few of the information to name. And with the sharing function on social media being normalized, it is nothing new to see excited parents posting their kids first day at school, or their new car (with the license number) or the picture of a new house they just bought with the key, and so much more. 

It seems normal doesn't it, to post on social media? Where almost everyone can see it, including strangers. If you take a moment to think about it, you wouldn't be telling any stranger at the mall where you live? Or where your kids went to school? Or would you tell that suspicious-looking guy who just moved in when you're going to leave your home on a vacation? It's kind of absurd to think that we would do so with complete strangers but it seems okay to do it on social media?

(pardon me this is getting a bit longer than I intended but bear with me, this information is worth the read and the thought)

OSINT

The problem here is not with the information, the problem comes when someone wants to take it, use and exploit it for their own benefit, or worse using them against you. Yeah, sure when no one wants it, it's no big deal, but when someone does, and they are determined enough to get it, you making it easier for them isn't any help at all for yourself and your security. With Open Source Intelligence (OSINT) being widely available, anyone who knows their way around things and have enough patience can get a tonne of information about you. With people giving out crucial information so casually, one of the easiest ways of "getting to know" them is by picking 3 of the social media platform they are most active at and work your way from there. Facebook, Instagram, Twitter, or any other platforms that exist out there.

The 21st century is a digital book, learn to read it and you'll find your way.

The question isn't can you hide all your information? Obviously, well yes if you decide to go completely under the net but with the current world where we rely on these platforms for our social communications, work, and networking, it's almost impossible. And doing so will require us to sacrifice a lot of things that make our life better and easier, and slightly more bearable. It CAN be done but at a cost, obviously. But do you want to go through all the problems to hide all the information if you're simply just a civilian? If you're just the average Joe, your chances of people wanting to get your information are much lower than those working with the armed forces or for the government or some secret project. 

The chances are low, but never zero.

If anyone with the right skills and attitude wants it, they can and will get that information. Our job is to make it harder for them and in the meantime drive anyone interested to be uninterested. The same way banks can't really stop robbers from taking notes and information about them, there's very little that we can do to stop anyone who intends to peek for our Infos. What we can do, however, is make it harder for them. Like banks put security guards, use walls, put CCTV, use timed locks, and more. What we can do is minimize the output of critical information such as our ID number, cell number, address, schools, work schedule, usual travel route, etc. Simply done by filtering what we put out on social media.

Practice Proactive OPSEC

Filter out your audience, unless necessary, limit your post to a number of known audiences, maybe go private on your main social media posting account if you want to have a bit more freedom on posting.

Start assessing what we put out by asking ourselves: "What information can I extract from this picture/detail that I'm about to put out?"

Blur or blackout crucial information such as license number, home address, birth date, etc

Share, but don't show everything. Keep a little secret and privacy here and there, for your own peace of mind and the added element of surprise.

Wait, screw that, let me simplify even more.

1. Practice common sense. Just like you won't be telling strangers crucial information, don't do that with strangers online.

2. Stay vigilant of your online audience. Filter, reduce, minimize when necessary.

3. Be aware of the information you put out. Always, ask before posting or filling, how can this be manipulated against me?

4. Educate. In anything, education is always key. The better educated, the more aware you are.

A little friendly advice from a guy who's been into these kinds of things for the past couple of years, practice caution but doesn't be paranoid. It'll make your life less miserable. Trust me. Most of us will go through our life without no one ever wanting to even give a damn on whatever the hell we do and whatever f*king information that we have, but surely it'll come in handy if anyone does because you've taken precautions beforehand.

As the saying goes, an ounce of prevention...

update: Of course, as you progress, it gets more advanced and complicated, but at the same time it gets simplified much more. Advance is nothing but basics but with heavier emphasis, more branch, and even more details. So yeah, it gets more complex yet becomes much more simple once you understand and apply.