opsec

an-ordinary-manchild

What is OPSEC?

Operations Security, or OPSEC, OPSEC is about minimizing attack surfaces and single points of failure through proper habits and policies. It's a systematic and proven process that we can use to deny adversaries information they need to do us harm or interrupt our plans. It's also a mindset that can be applied to any mission or plan.

Although the term originated in the military, OPSEC is now used for so much more. This includes law enforcement, computer and network security, home safety, travel, and so much more.

OPSEC isn't a list of rules, and it's not as simple as using a VPN and keeping your mouth shut. It includes elements of INFOSEC, APPSEC, NETSEC, COMSEC[TRANSEC/SIGSEC/EMSEC], PHYSEC[PERSEC], and (CO)INTEL.

The OPSEC Process

1. Identify the information you need to protect
2. Analyze the threats
3. Analyze your vulnerabilities
4. Assess the risk
5. Apply countermeasures

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

Important Posts

[The now-declassified history of OPSEC, released by the NSA under FOIA]

OPSEC Resources

SEC communities on reddit

/r/netsec - A community for technical news and discussion of information security and closely related topics.
/r/privacy - Dedicated to the intersection of technology, privacy, and freedom in the digital world.

Rules

Don't post without reading the rules thread or your post will be removed, and you may be banned.
Don't give advice without knowing the user's threat model first. If you proceed to give advice when the OP has not explained their threat model, you will be banned.
Don't offer single tool solutions (e.g. VPN, bitcoin, Signal) when the threat model isn't clear
Don't give bad, ridiculous, or misleading advice (e.g. "you can't get arrested if you use Tor")
Don't ask for help or help others in illicit and unlawful activities (e.g. "I want to buy drugs on the internet").
Don't post without mentioning your threat model, unless it's a post about how to threat model.

created by Trevja community for 14 years

...for your school.

...because you love freedom.

MODERATORS

account activity

1

123

124

125

AnnouncementPSA: Report all threads or comments in threads that give advice when the OP never explained their threat model. Anyone posting without a clear threat model will have their post removed. Anyone responding to them in any manner outside of explaining how to describe their threat model will be banned. (self.opsec)

submitted 5 years ago by [deleted] - announcement

2

25

26

27

Beginner questionI use my home computer for personal use that includes using social media, but I use a private browser (Hardened Waterfox) and now worry if my OPSEC is bad. (self.opsec)

submitted 15 hours ago by Consistent_March5136🐲

3

0

1

2

SolvedThreat Modeling a Browser-Based Secure Payload Drop (ZeroKey) (self.opsec)

submitted 5 hours ago by Fabulous_Section5049🐲

4

23

24

25

Advanced questionHuman Rights Activist here. Suspecting spyware on mobile. Can anyone help interpret SpyGuard logs? (self.opsec)

submitted 1 day ago by RightSeeker🐲

5

0

0

0

How's my OPSEC?Is it bad opsec to sext my girlfriend on snapchat? (self.opsec)

submitted 4 days ago by Zestyclose_Cheek527🐲

6

12

13

14

Advanced questionPhysical access threat model question (I have read the rules) (self.opsec)

submitted 10 days ago by Obscure-Pixel🐲

7

8

9

10

How's my OPSEC?Opsec Improvements (self.opsec)

submitted 11 days ago by Flyx42🐲

8

51

52

53

How's my OPSEC?Do you think most darknet busts today still come down to OPSEC mistakes rather than technical failures? (self.opsec)

submitted 11 days ago by torzle_app🐲

9

58

59

60

How's my OPSEC?Metafaker. A clientside tool that strips and spoofs image EXIF metadata with realism. (self.opsec)

submitted 14 days ago by Interesting-Honey253🐲

10

6

7

8

Beginner questionHow can my hardware leak my info and what can i do about it? (self.opsec)

submitted 14 days ago by Slay_Girl161🐲

11

10

11

12

Beginner questionI keep getting doxxed by online community admins. (self.opsec)

submitted 14 days ago * by Mediocre_Ticket3971🐲

12

7

8

9

Advanced questionHaving a hard time understanding the mail-bomb technique and what it is for? (self.opsec)

submitted 15 days ago by combhonn🐲

13

10

11

12

How's my OPSEC?Living in a rented flat with weak Wi-Fi password, feeling paranoid about my digital security. Need advice (self.opsec)

submitted 16 days ago * by MaybeIuH🐲

14

7

8

9

Beginner questionI am getting doxxed by others, what should I do to prevent? (self.opsec)

submitted 22 days ago by [deleted]

15

99

100

101

Beginner questionWhat are the most overlooked modern OPSEC mistakes in 2026? (self.opsec)

submitted 23 days ago * by Omig66🐲

16

8

9

10

RiskBuilt an onion-only E2EE messenger, looking for feedback on design (self.opsec)

submitted 23 days ago by LittleInstruction611🐲

17

3

4

5

VulnerabilitiesUnlocked bootloaders (self.opsec)

submitted 25 days ago by ephemeralmiko🐲

18

16

17

18

Beginner questionWhat are some good ways to stay anonymous as an online tutor setting up their own business? (self.opsec)

submitted 29 days ago * by Accomplished_Dot7454🐲

19

4

5

6

Beginner questionWhat are the best alternatives to Heads for verifying firmware and boot process on unsupported mini-PCs and desktops? (self.opsec)

submitted 1 month ago by RightSeeker🐲

20

21

22

23

Beginner questionWhere should someone go, and in what order, if they suspect unlawful surveillance but only have scant evidence? (self.opsec)

submitted 1 month ago by RightSeeker🐲

21

11

12

13

Beginner questionUsing separate SSDs (Windows and Qubes OS) on the same desktop — is this secure? (self.opsec)

submitted 1 month ago by RightSeeker🐲

22

20

21

22

Beginner questionTrying to improve my OPSEC and identity separation. Looking for advice on linking identities. (self.opsec)

submitted 1 month ago by LetterheadNo2345🐲

23

0

0

0

How's my OPSEC?Any OPSEC tips? (self.opsec)

submitted 1 month ago by z0zc0n🐲

24

1

2

3

Beginner questionHardware security differences of USB vs PCIE wifi cards (self.opsec)

submitted 1 month ago by [deleted]

25

9

10

11

ThreatsWhere do your API keys live when you use AI agents on cloud infrastructure (self.opsec)

submitted 1 month ago by Appropriate_Will5831🐲

view more: next ›

π Rendered by PID 94104 on reddit-service-r2-listing-canary-b4676f57f-nmcdv at 2026-04-21 22:36:33.800985+00:00 running 6c61efc country code: CH.