TikTok tried to make it hard for content creators to delete their content. I wrote a script that deletes every video one after the other. Copy code -> F12 in browser -> Paste in console -> hit enter Free, open source. https://github.com/DoingFedTime/TikTokDelete

Tracking the spam value chain from click to payment. "We present the first comprehensive analysis of the spam value chain, from initial email to final product purchase." - 𝗖𝗹𝗶𝗰𝗸 𝗧𝗿𝗮𝗷𝗲𝗰𝘁𝗼𝗿𝗶𝗲𝘀: 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗦𝗽𝗮𝗺 𝗩𝗮𝗹𝘂𝗲 𝗖𝗵𝗮𝗶𝗻 by Kirill Levchenko et al. (2011) https://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf

#OPSEC365 030/365 Your phone's WiFi probe requests are a surveillance signature. Every time your device searches for known networks it broadcasts every network name you've connected to, alongside your MAC address. A passive receiver logs these probes w/o any connection being made, building a movement profile. Disable WiFi when not in use. Enable MAC address randomization in device settings - iOS and Android support this per-network. For high-sensitivity environments: airplane mode eliminates probe broadcasts entirely.

#OPSEC365 029/365 Every time you check in somewhere, you're timestamping your location in a public database. Facebook check-ins, Swarm badges, Yelp reviews with locations attached. You're building a detailed record of where you go, when you go there, and who you go with. Anyone who can see your profile can see your patterns. Scroll back through your check-in history and see the routine you've documented for strangers. If you must use location-based social features, check in after you leave rather than when you arrive. Better yet, share locations only in private messages with people who actually need to know. Public check-ins serve no purpose except advertising your whereabouts.

Happy birthday to the only 12-year-old the FBI, IRS, Chainalysis, and Europol all failed to groom into an informant. $XMR

There's a Linux distro that exists specifically to break California's age verification law. "Full, knowing, and intentional noncompliance" with AB-1043. They're mailing $12 RISC-V boards to schools. Watch:

Six years of sustained darknet market usage with zero traced users versus a coin whose founder asked to build law enforcement backdoors, the market already decided which privacy actually works.

#OPSEC365 028/365 Every loyalty card swipe builds a profile of your habits. The grocery store knows what you eat, the pharmacy knows what prescriptions you fill, the gas station knows where you drive. That data gets sold to brokers who correlate it with everything else they have on you. The points are worth pennies. The purchase history is worth considerably more — to them. Pay cash without a loyalty card and you're invisible to the data collection. If you want discounts without surveillance, some people use fake names and burner phone numbers for loyalty accounts, or share cards with friends to muddy the data.

#OPSEC365 027/365 License plate readers log your car's location thousands of times per year. Police vehicles, parking garages, toll systems, and private companies all capture plates automatically. That data gets stored, sold, and searched. In most states, there's no law limiting how long it's kept or who can buy access. Your car's movement last week exists in a half-dozen databases you've never heard of. Companies like Vigilant Solutions and MVTrac aggregate billions of plate scans and sell access to anyone who pays. Your driving patterns, regular locations, and travel history are being compiled into a profile if you know it or not.

Basically, it really pissed me off that I HAD to use an app for my thermal printer, so I reverse engineered it, and made GhostLabel, in Rust. It might or might not work for you, I dunno. More details in the readme. https://github.com/DoingFedTime/ghostlabel

#OPSEC365 026/365 That photo you posted can be reverse-searched to find every other place you've uploaded it. TinEye and Google Images let anyone drop in a picture and find matching images across the web. If you used the same profile photo on your anonymous account and your real LinkedIn, those identities are now linked. Run a reverse image search on your most-used profile photos and see what comes back. Use different photos for different identities, or crop and modify images enough that reverse search doesn't find matches. Some people use AI-generated faces for anonymous accounts, but those have their own tells. The safest option is unique images that exist nowhere else.

Anyone with a computer can mine XMR, which is how decentralization was supposed to work.

#OPSEC365 025/365 A Surveillance Detection Run is standard methodology. A proper SDR uses deliberate direction changes, speed variations, and chokepoints force anyone following to reveal themselves or break contact. Intelligence officers run them before every sensitive meeting. The route needs at least two direction changes to draw in surveillance. Design your SDR like a professional: identify two or three chokepoint locations - a narrow entry, a cafe door, a transit turnstile - where anyone behind you must commit. Vary your pace. Stop naturally at a shop window and use the reflection.

The state will always side with the franchise over the independent because the franchise pays lobbyists.

#OPSEC365 024/365 Every Word document and PDF you create embeds your name, your computer's name, edit history, and sometimes the file path showing your folder structure. Before you send a document to someone you don't fully trust, that metadata tells them more about you than the content does. Right-click a document you've shared recently, check Properties or Get Info, and see what's embedded. ExifTool strips metadata from documents and images. MAT2 handles batch cleaning. For quick fixes, Save As to a new file often drops edit history, and printing to PDF can strip some metadata. Check your work before sending.

Virtualization security and hypervisor isolation mechanisms. "Virtual machine monitors must provide strong isolation between guest operating systems." - 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗠𝗲𝗰𝗵𝗮𝗻𝗶𝘀𝗺𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗩𝗠/𝟯𝟳𝟬 𝗛𝘆𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿 by R.J. Creasy (1981) https://dl.acm.org/doi/10.1145/800217.806615

#OPSEC365 023/365 In 2018, Strava's global heatmap revealed the locations and layouts of secret military bases because soldiers were tracking their runs. Fitness apps broadcast where you exercise, what routes you take, and what time you're usually there. If your profile is public, anyone can see your patterns. Strava's default is public. Soldiers exposed military base layouts in 2018 because nobody changed it. Set your fitness profiles to private. Strava, Garmin Connect, Apple Fitness, and Nike Run Club all have privacy settings buried in menus. Set profiles to private, disable activity sharing, and consider whether you need GPS tracking at all for workouts near your home.

#OPSEC365 022/365 JP 3-13.3 OPSEC doctrine defines a Critical Information List — data whose disclosure degrades operational security. Your home has one too. Every smart speaker expands that CIL to a corporate entity you never vetted. Bedroom. Home office. Kitchen. Each room is a compartment. Each speaker collapses it. Hoepman's SEPARATE strategy: isolate actors from their data proxies. The fix is removing the device from sensitive contexts entirely. Apply need-to-know at the room level. Your home office — work calls, finances, health discussions — has no operational reason to be audible to an Amazon server. Physically separate listening devices from high-sensitivity contexts.

Monero didn't come from a whitepaper and a marketing team, it's the direct descendant of four decades of cypherpunk work from Chaum, Zimmermann, May, Back, Finney, and Szabo, built by people who actually read their papers.

#OPSEC365 021/365 OPSEC Step 2 is threat analysis: research your adversary's actual collection capabilities. Public records, court databases, social media aggregators, data brokers, and reverse image search form a surveillance infrastructure anyone can access for under $50/month. Your adversary doesn't need hacking skills. They need patience. NTTP 3-13.3 lists adversary collection as HUMINT, SIGINT, OSINT, GEOINT, and MASINT. For most civilians, HUMINT and OSINT are the primary threats. Digital countermeasures alone fail if your adversary collects via human contact.