BGP hijacking and internet routing security failures.
"The Border Gateway Protocol has no built-in security, allowing nation-states and attackers to hijack internet traffic."
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes by Karlin, Forrest, and Rexford (2006)
https://people.eecs.berkeley.edu/~adj/publications/paper-files/pgbgp.pdf

#OPSEC365 079/365
Library records reveal what you're researching.
Books checked out, databases searched, articles requested. While libraries historically protect patron privacy, digital systems create logs. Law enforcement has sought library records, and library database vendors may have access to usage data.
Libraries fought for patron privacy for decades. Digital lending systems erased most of those protections quietly.
The American Library Association recommends libraries purge records as soon as possible after return. Ask your library about their retention policy.
#OPSEC365 078/365
Online reviews under your real name build a public history of where you go.
Google reviews, Yelp reviews, TripAdvisor reviews. Every opinion you post is tied to your profile and maps your movements. That review of your dentist confirms you live nearby. That hotel review confirms you were traveling that week.
Every review posted under your real name is a timestamped confirmation of your presence at that location.
Use pseudonymous accounts for reviews if location privacy matters. Some platforms require real names for verified reviews, which means deciding whether the verification badge is worth the exposure. Consider whether each review you post reveals something you'd rather keep private.
FBI, Europol, IRS, CipherTrace, Chainalysis, and Elliptic have all tried to break Monero's privacy,
six of the most well-funded surveillance operations on Earth,
and they're still publishing research papers instead of arrests.

#OPSEC365 077/365
That QR code might not go where you think.
Attackers stick malicious QR codes over legitimate ones on parking meters, restaurant menus, and public posters. You scan expecting one destination and land somewhere else. The link could be a phishing page, a malware download, or a tracking URL.
Preview QR code destinations before visiting them, and be suspicious of codes in public spaces.
Most phone cameras now show a URL preview before opening. Read it before tapping. If a QR code in a public place looks like a sticker placed over something else, don't trust it. When in doubt, navigate to the destination manually instead of scanning.
#OPSEC365 076/365
Browser extensions execute across all tabs and contexts — bank, medical, work — simultaneously.
MITRE Pre-ATT&CK PRE-T1119: adversaries build digital footprints across platforms to establish credible personas. A malicious extension does the inverse with one install.
Cronk's HIDE/Restrict: enforce access controls limiting visibility. 'Read all data on all sites' bypasses every logical compartment.
Separate browser profiles per identity. Extensions don't cross profiles.
Create distinct browser profiles per context: work, personal, research, anonymous. Extensions installed in one profile are invisible to another. Never grant broad cross-site permissions inside your primary identity profile — the permission scope defeats compartmentalization.
Members of Congress have private gold elevators, private gyms, dining rooms, they exempt themselves from laws and have a lifetime pension after one term.
The people who fund all of it have to abide by an uncountable amount of laws (google it), pay late fees, get pulled over for going 5 mph over the speed limit.

#OPSEC365 075/365
Warranty registrations ask for data they don't need.
When you register a product for warranty, they ask for name, address, email, phone, purchase date, sometimes even income range. This data goes to marketing databases, not just warranty files. The warranty itself usually just requires proof of purchase.
The warranty doesn't require registration. The registration form exists to collect your data.
Most warranties are valid whether you register or not if you keep your receipt. If you do register, use minimal accurate information and skip optional fields. A separate email address for product registrations keeps spam and data collection segregated from your primary inbox.
Same agency that ran COINTELPRO now begs for financial surveillance access, and Monero keeps saying no.

#OPSEC365 074/365
When you sell a home, real estate photos live online forever.
Interior layouts, security system placements, window positions, landscaping details. Zillow, Redfin, and Realtor.com cache these images indefinitely. Future occupants might not appreciate having their floor plan public, and you might still appear in photos.
Zillow and Redfin cache listing photos indefinitely. The interior of a home you sold years ago is still publicly browsable.
Some sites honor removal requests, others don't. When selling, consider what interior details those photos reveal to burglars. After moving, check if your face or possessions appear in previous listing photos.
You work 3 months out of the year for the government.
It's not a choice.
If you think that money goes towards the roads and shit, you're wrong.
They will kill or imprison you if you refuse.
I rob you and buy you a 5 dollar sandwich from the 30,000 I stole,
this is the logic.
#OPSEC365 073/365
Shared family streaming accounts are a compartmentalization failure disguised as savings.
Every profile feeds one behavioral model. Viewing patterns across all users collapse into one household record — one subpoena retrieves everything.
The Privacy Spectrum (Polyonymy): distinct identities prevent cross-contamination. Shared accounts dissolve that.
Separate accounts per person keeps each person's behavioral record independently non-attributable.
Each household member should operate under distinct credentials with no shared payment linkage where avoidable. Viewing behavior, search history, and content preferences aggregated across persons creates a richer combined profile than either alone.
#OPSEC365 072/365
A skilled investigator doesn't start with you. They start with a name and a zip code.
In the first 30 minutes: ThatsThem links your name to a phone number. That number pulls your address history from Whitepages. Your county clerk has your voter registration with your exact address. PACER surfaces any federal court involvement. Google indexes you across everything.
You've been profiled before they've spent a dollar.
The first 30 minutes of OSINT on anyone uses entirely free, publicly indexed sources. Voter registration is searchable by name in most U.S. counties. Court records are public. Data brokers aggregate all of it. The investigator isn't hacking anything.
The government will let corporations pump high fructose corn syrup into everything on the shelf, despite heart disease being the #1 killer in America. But you need $35,000 in permits to sell homemade salsa to your neighbor, because you never paid off Congress with lobbyists.

#OPSEC365 071/365
Thermal receipt paper fades, but the transaction record doesn't.
That receipt you kept for warranty purposes will be blank in a few years. Meanwhile, the merchant, the payment processor, and the bank all have permanent records of what you bought, when, and where. The paper is ephemeral, but the data isn't.
Stop relying on receipts for records and consider what permanent transaction logs exist about you.
If you need receipts for warranties or returns, photograph them immediately before they fade. For privacy purposes, understand that keeping or discarding receipts doesn't affect the digital records that exist. Cash purchases at stores without cameras create the fewest records.
Anyone with an internet connection can search your Bitcoin balance, trace your transaction history, and link it to your identity
but tell me again how "number go up" makes that a feature and not a catastrophic design flaw.

#OPSEC365 070/365
Most color printers embed invisible tracking codes on every page.
These machine identification codes, also called printer dots, encode the printer's serial number and timestamp on every printout in a pattern invisible to the naked eye. The NSA leaker Reality Winner was caught partly because of these dots.
If you're printing something sensitive, know that the printout itself may identify the printer used.
Black and white laser printers generally don't include these dots. If you must print anonymously, use a printer you don't own, purchased with cash, from a public location. The EFF maintains a list of printers known to embed tracking codes.
#OPSEC365 069/365
Gym access logs track when you work out down to the minute.
Card scans at entry and exit, equipment check-ins, class registrations. If your gym sells data or gets breached, your fitness schedule becomes part of your public profile. Combined with other data, this reveals when you're not home.
Your gym knows when you're not home. So does whoever buys their data.
Some gyms sell aggregated data to brokers. Others have been breached repeatedly. If your gym requires a membership card, you're logged every time. Vary your schedule occasionally, or choose gyms with less surveillance.
#OPSEC365 068/365
Pet microchips and registrations link animals to owners.
When you chip your pet, that database entry contains your name, address, and contact info. Pet licensing, vet records, and adoption paperwork all create associations. Someone looking for you could find you through your pet.
Your pet's microchip database entry contains your name, address, and phone number. Someone looking for you could find you through your dog.
If you've moved and haven't updated your microchip registration, do it now. Consider whether the address on file needs to be your home or whether a PO Box works. For high-threat individuals, this is another vector that often gets overlooked when hardening other areas.
FCMP++ turns the entire Monero blockchain into your anonymity set instead of just 16 decoys.
