The government's first lesson to every kid entrepreneur is that your labor belongs to them first.

#OPSEC365 112/365
Facial recognition is running on you in stores, stadiums, and airports without your knowledge.
Clearview AI scraped billions of photos from social media to build a searchable database used by law enforcement and private companies. Madison Square Garden uses facial recognition to ban lawyers suing the company from attending events.
Walking through a public space puts your face into multiple of these systems at once.
#OPSEC365
#OPSEC365 111/365
Your Tesla logs every trip, stop, and charge with timestamps and GPS coordinates.
All modern connected cars do this. GM, Ford, and BMW all collect driving data. Some sell it to insurers. Tesla's telemetry has been subpoenaed in criminal cases and divorces, placing drivers at specific locations at specific times.
Before you drive somewhere you'd rather not have on record, your car is taking notes.
#OPSEC365
The network stays decentralized because random people in basements run nodes, and you should be one of them.

Delisted from exchanges, banned from on-ramps, attacked by regulators, and still the default currency of every serious darknet market.

[fixed link] Three countries' intelligence tools sit in the quote your local cops bought, Italian hardware, Israeli Unit 8200 spyware, US ex-special-forces resellers. The same gear used on foreign targets now tracks you on a public road you paid for.

#OPSEC365 110/365
Counter-surveillance operators think like the team they are trying to detect.
Jenkins describes the core CS drill: walk the route and ask where you'd put the trigger if you were running monitoring, where you'd cover the exit. Then observe those positions from a vantage that doesn't match them.
#OPSEC365 109/365
Smart meters report your electricity usage in near real time.
Usage patterns reveal when you are home, when you sleep, and how many people live with you. Utilities share this data for demand planning. Researchers have reconstructed household activities from smart meter data alone.
At fifteen-minute intervals, the meter mainly exposes occupancy and sleep schedule. Appliance-level identification needs sub-second sampling.
#OPSEC365
[new link, github bombed my account] Pick any darkweb handle...Instantly see every other forum the same actor used.775,621 usernames cross-referenced across 27 cybercrime forums, in one offline file with 3D link graphs.Run it LIVE:
https://pages.sambent.dev/sam/ThreatActorDB/src/branch/master/index.htmlDownload: https://github.com/DoingFedTime/ThreatActorDB
Pick any darkweb handle...Instantly see every other forum the same actor used.775,621 usernames cross-referenced across 27 cybercrime forums, in one offline file with 3D link graphs.
https://github.com/DoingFedTime/ThreatActorDB
The CIA doesn't do interviews about Monero.Tell me more about your transparent fed coin and the L2 duct tape you bolt on to pretend it's private.Use Monero. Privacy at the protocol level since 2014.Maxis, chimp out below.Credit: Anthony Pompliano
#OPSEC365 108/365
Keycard systems log every door you badge through.
Building access at work, hotel rooms, parking garages, gyms with keycard entry. Each swipe creates a timestamped record of where you were. This data can be subpoenaed, requested by employers, or exposed in breaches.
Every badge swipe in a building you've ever worked in is retrievable under subpoena.
#OPSEC365
A 25-word seed phrase memorized means your entire net worth crosses any border inside your skull.

They say MAC randomization protects you.
If it worked, they wouldn't bother collecting it.
Naval Academy researchers showed Apple's Bluetooth leaks the real MAC anyway.
Markets form wherever there's demand, and the only people who try to stop them are the ones who can't compete.

#OPSEC365 107/365
Threat profiling separates adversary intent from capability. A stalker: high intent, low technical capability. A state actor: high capability, likely zero intent against you. A data broker: moderate capability, zero intent, indiscriminate collection.
Countermeasures should target the intent-capability combination of your actual adversaries: usually an ex-partner, an employer, or a data broker, not a state actor. #OPSEC365
#OPSEC365 106/365
Indicators are observable actions an adversary can piece together to derive critical information. Your podcast history alone means nothing. Combined with location data, purchase history, and search queries, it builds a behavioral profile.
The aggregated profile is your real exposure. No single data point reveals much. The combination reveals nearly everything.
#OPSEC365
#OPSEC365 105/365
Interview scheduling apps reveal when employees are job hunting.
Calendly links shared with recruiters, interview blocks visible to curious coworkers, reference calls to colleagues who might mention it. The process of finding a new job creates signals that your current employer might notice.
Recruiter activity on LinkedIn is visible to your current employer's HR team.
Use personal email and phone for job searches. Schedule interviews outside work hours when possible. Create separate scheduling links for interviews. Be careful colleagues you trust with references until you're ready to announce.
#OPSEC365 104/365
Emergency contact information spreads further than you'd expect.
The person you list on forms at work, gyms, schools, and medical offices can be called and given information about you. Some organizations share this data with third parties. Your emergency contact now has their phone number in a system they didn't sign up for.
Your emergency contact never agreed to have their phone number entered into that system.
Your emergency contact's phone number enters databases they didn't consent to join. For your own privacy, consider whether every form that asks for emergency contact actually needs one. For time-sensitive emergencies, yes. For gym memberships and newsletter signups, probably not.