Operational Security (OpSec) Basics

Operational Security (OpSec) Basics[edit | edit source]

Foundational habits and mindset for protecting people, plans, and data.

Overview[edit | edit source]

Operational Security (OpSec) is the practice of identifying and minimizing risks to sensitive information, people, or operations. It's not just about using encryption or secure tools — it’s a way of thinking and behaving that helps protect movements from surveillance, infiltration, sabotage, and unintentional leaks.

Strong OpSec isn't about paranoia — it's about protecting the people you work with, reducing risks, and staying resilient in hostile environments.

Core Principles[edit | edit source]

1. **Need to Know**: Only share sensitive information with those who actually need it. 2. **Compartmentalization**: Keep identities, plans, and roles separated to reduce risk if one part is compromised. 3. **Assume Surveillance**: Behave as if you’re being watched — not out of fear, but to cultivate caution. 4. **Minimize Metadata**: Limit what is revealed by how and when you communicate. 5. **Trust Is Earned**: Vet people before sharing access, and be cautious of social engineering.

Practical Habits[edit | edit source]

Don’t discuss sensitive plans over insecure channels (SMS, normal email, social media DMs)
Avoid using real names, faces, or exact locations unless necessary
Use separate devices or accounts for different roles (e.g., public outreach vs. direct action)
Shred or burn paper records with sensitive information
Disable or cover webcams and microphones when not in use

Digital OpSec[edit | edit source]

Use encrypted apps (Signal, Session, Briar) and secure email (ProtonMail, PGP)
Keep software up to date and use trusted sources only
Avoid linking phone numbers to activist accounts when possible
Turn off GPS, Bluetooth, and Wi-Fi when not in use
Use Tor or a VPN when researching or browsing sensitive topics

Physical OpSec[edit | edit source]

Avoid bringing phones to in-person planning meetings
Be aware of your surroundings and who is nearby
Practice secure meeting logistics (e.g., rotating spaces, need-to-know location sharing)
Don’t bring unnecessary tech (smartwatches, fitness trackers) into sensitive spaces

Situational Awareness[edit | edit source]

Monitor who is asking questions or showing sudden interest
Be cautious with new contacts and requests for access or information
Recognize patterns of infiltration or surveillance
Stay calm — overreaction can cause just as much harm as inaction

Red Flags to Watch For[edit | edit source]

Unfamiliar people asking for internal info quickly
Requests to use personal devices or accounts for group activities
Sudden introductions of risky behavior or divisive rhetoric
People insisting on centralizing control without transparency

Culture of Safety[edit | edit source]

Practice regular check-ins with team members
Support each other in learning OpSec instead of shaming mistakes
Have contingency plans for leaks, arrests, or digital compromise

Limitations and Disclaimers[edit | edit source]

No system is 100% secure — the goal is to reduce risk, not eliminate it entirely
Perfect security can’t compensate for poor trust dynamics or weak group accountability
OpSec needs to evolve with new threats and tools — stay informed and adapt

Resources and Further Reading[edit | edit source]

https://ssd.eff.org – Surveillance Self-Defense (EFF)
https://tacticaltech.org – Digital and operational security guides
https://crimethinc.com/field-guide – Street-level security and action guides

Legal Disclaimer[edit | edit source]

This page is for informational purposes. Practicing OpSec can reduce risk but cannot guarantee safety. Always assess your threat model, legal context, and collective responsibilities when choosing strategies.