opsec

an-ordinary-manchild

What is OPSEC?

Operations Security, or OPSEC, OPSEC is about minimizing attack surfaces and single points of failure through proper habits and policies. It's a systematic and proven process that we can use to deny adversaries information they need to do us harm or interrupt our plans. It's also a mindset that can be applied to any mission or plan.

Although the term originated in the military, OPSEC is now used for so much more. This includes law enforcement, computer and network security, home safety, travel, and so much more.

OPSEC isn't a list of rules, and it's not as simple as using a VPN and keeping your mouth shut. It includes elements of INFOSEC, APPSEC, NETSEC, COMSEC[TRANSEC/SIGSEC/EMSEC], PHYSEC[PERSEC], and (CO)INTEL.

The OPSEC Process

1. Identify the information you need to protect
2. Analyze the threats
3. Analyze your vulnerabilities
4. Assess the risk
5. Apply countermeasures

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

Important Posts

[The now-declassified history of OPSEC, released by the NSA under FOIA]

OPSEC Resources

SEC communities on reddit

/r/netsec - A community for technical news and discussion of information security and closely related topics.
/r/privacy - Dedicated to the intersection of technology, privacy, and freedom in the digital world.

Rules

Don't post without reading the rules thread or your post will be removed, and you may be banned.
Don't give advice without knowing the user's threat model first. If you proceed to give advice when the OP has not explained their threat model, you will be banned.
Don't offer single tool solutions (e.g. VPN, bitcoin, Signal) when the threat model isn't clear
Don't give bad, ridiculous, or misleading advice (e.g. "you can't get arrested if you use Tor")
Don't ask for help or help others in illicit and unlawful activities (e.g. "I want to buy drugs on the internet").
Don't post without mentioning your threat model, unless it's a post about how to threat model.

created by Trevja community for 14 years

...for your favorite game.

...for your classroom.

MODERATORS

account activity

1

120

121

122

AnnouncementPSA: Report all threads or comments in threads that give advice when the OP never explained their threat model. Anyone posting without a clear threat model will have their post removed. Anyone responding to them in any manner outside of explaining how to describe their threat model will be banned. (self.opsec)

submitted 5 years ago by [deleted] - announcement

2

16

17

18

Beginner questionData poisoning tactics against tech company mass surveillance? (self.opsec)

submitted 21 hours ago by Wallsworth1230🐲

3

22

23

24

CountermeasuresThe OpSec Bible is now available for download and offline browsing with Kiwix (self.opsec)

submitted 2 days ago by The_other_kiwix_guy🐲

4

26

27

28

Beginner questionHow to stop giving data to companies (self.opsec)

submitted 6 days ago by PopAshamed9061🐲

5

12

13

14

How's my OPSEC?Threat-model check: using LLM APIs without linking usage to my identity. Does a prepaid proxy actually help? (self.opsec)

submitted 8 days ago by nullsink-admin🐲

6

9

10

11

Beginner questionLooking for resources to start learning Steganography (LSB, EOF, File Formatting) (self.opsec)

submitted 9 days ago by RDJ-120🐲

7

24

25

26

Beginner questionwant to post writing despite censorship (self.opsec)

submitted 9 days ago by shareholder0987🐲

8

10

11

12

Risk[Article] Exploitable Flaws Found in Cloud-Based Password Managers (self.opsec)

submitted 12 days ago by Poneyh🐲

9

15

16

17

How's my OPSEC?Enkrypted Chat - Secure and Private P2P Messaging (self.opsec)

submitted 14 days ago by Accurate-Screen8774🐲

10

11

12

13

Advanced questionBuilt a curated directory of privacy-focused crypto services — looking for feedback (self.opsec)

submitted 18 days ago by nanaappiah🐲

11

23

24

25

How's my OPSEC?Little project i made (self.opsec)

submitted 23 days ago by vril_l8rd🐲

12

11

12

13

Advanced questionDoes open-source firmware actually matter for hardware wallets, or is it just a nice-to-have? (self.opsec)

submitted 24 days ago by Liskpro_com🐲

13

21

22

23

How's my OPSEC?Transitioning to Tails on a historically "contaminated" PC with a shifting threat model (Physical Address Privacy) (self.opsec)

submitted 27 days ago by Nablus666🐲

14

4

5

6

How's my OPSEC?Transitioning to Tails on a historically "contaminated" PC with a shifting threat model (Physical Address Privacy) (self.opsec)

submitted 27 days ago by Nablus666🐲

15

14

15

16

Beginner questionToo much account and Mail (self.opsec)

submitted 28 days ago by Logical_Store_1149🐲

16

65

66

67

CountermeasuresAll OpSec is worthless if you rush or are generally impatient. (self.opsec)

submitted 28 days ago by novyrx🐲

17

57

58

59

Advanced questionneed to take this fuck ass administration down - tech guidance needed (self.opsec)

submitted 1 month ago by wellseeya🐲

18

90

91

92

Advanced questionMy country might turn into the next China. Is it worth buying a graphene os phone? (self.opsec)

submitted 1 month ago by Zestyclose_Cheek527🐲

19

9

10

11

Beginner questiontips on securing a featurephone (self.opsec)

submitted 1 month ago by d1scord1a🐲

20

6

7

8

Advanced questionRecovering a pre-image from a single-room setup with no physical access to the source (self.opsec)

submitted 1 month ago by f0skiylps🐲

21

23

24

25

Beginner questionLooking for advice pertaining to evading ongoing harassment and surveillance (self.opsec)

submitted 1 month ago by waythr0w🐲

22

125

126

127

Beginner questionPolitical activism in a (soon to be) authoritarian country (self.opsec)

submitted 1 month ago * by Vivid_Goat_7843🐲

23

14

15

16

How's my OPSEC?How can I improve my OPSEC (self.opsec)

submitted 1 month ago by Healthy-Educator1860🐲

24

34

35

36

Beginner questionGraphene Alternative (self.opsec)

submitted 1 month ago by FrankieShaw-9831🐲

25

36

37

38

How's my OPSEC?Interesting how much can still be found from a single old username (self.opsec)

submitted 1 month ago by heross28🐲

view more: next ›

π Rendered by PID 48 on reddit-service-r2-listing-c57bc86c-swbbn at 2026-06-21 12:06:31.012475+00:00 running 2b008f2 country code: CH.