Sam Bent's avatar
Sam Bent
contact@sambent.com
npub1y7rv...d0r3
Agorist. Counter-economist. Privacy maximalist. Student of OPSEC. Anti-authoritarian. Free speech absolutist. Logician. Ex-Darknet Vendor. Youtuber.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 079/365 Library records reveal what you're researching. Books checked out, databases searched, articles requested. While libraries historically protect patron privacy, digital systems create logs. Law enforcement has sought library records, and library database vendors may have access to usage data. Libraries fought for patron privacy for decades. Digital lending systems erased most of those protections quietly. The American Library Association recommends libraries purge records as soon as possible after return. Ask your library about their retention policy.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 078/365 Online reviews under your real name build a public history of where you go. Google reviews, Yelp reviews, TripAdvisor reviews. Every opinion you post is tied to your profile and maps your movements. That review of your dentist confirms you live nearby. That hotel review confirms you were traveling that week. Every review posted under your real name is a timestamped confirmation of your presence at that location. Use pseudonymous accounts for reviews if location privacy matters. Some platforms require real names for verified reviews, which means deciding whether the verification badge is worth the exposure. Consider whether each review you post reveals something you'd rather keep private.
Sam Bent's avatar
SamBent 1 month ago
FBI, Europol, IRS, CipherTrace, Chainalysis, and Elliptic have all tried to break Monero's privacy, six of the most well-funded surveillance operations on Earth, and they're still publishing research papers instead of arrests. image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 077/365 That QR code might not go where you think. Attackers stick malicious QR codes over legitimate ones on parking meters, restaurant menus, and public posters. You scan expecting one destination and land somewhere else. The link could be a phishing page, a malware download, or a tracking URL. Preview QR code destinations before visiting them, and be suspicious of codes in public spaces. Most phone cameras now show a URL preview before opening. Read it before tapping. If a QR code in a public place looks like a sticker placed over something else, don't trust it. When in doubt, navigate to the destination manually instead of scanning.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 076/365 Browser extensions execute across all tabs and contexts — bank, medical, work — simultaneously. MITRE Pre-ATT&CK PRE-T1119: adversaries build digital footprints across platforms to establish credible personas. A malicious extension does the inverse with one install. Cronk's HIDE/Restrict: enforce access controls limiting visibility. 'Read all data on all sites' bypasses every logical compartment. Separate browser profiles per identity. Extensions don't cross profiles. Create distinct browser profiles per context: work, personal, research, anonymous. Extensions installed in one profile are invisible to another. Never grant broad cross-site permissions inside your primary identity profile — the permission scope defeats compartmentalization.
Sam Bent's avatar
SamBent 1 month ago
Members of Congress have private gold elevators, private gyms, dining rooms, they exempt themselves from laws and have a lifetime pension after one term. The people who fund all of it have to abide by an uncountable amount of laws (google it), pay late fees, get pulled over for going 5 mph over the speed limit. image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 075/365 Warranty registrations ask for data they don't need. When you register a product for warranty, they ask for name, address, email, phone, purchase date, sometimes even income range. This data goes to marketing databases, not just warranty files. The warranty itself usually just requires proof of purchase. The warranty doesn't require registration. The registration form exists to collect your data. Most warranties are valid whether you register or not if you keep your receipt. If you do register, use minimal accurate information and skip optional fields. A separate email address for product registrations keeps spam and data collection segregated from your primary inbox.
Sam Bent's avatar
SamBent 1 month ago
Same agency that ran COINTELPRO now begs for financial surveillance access, and Monero keeps saying no. image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 074/365 When you sell a home, real estate photos live online forever. Interior layouts, security system placements, window positions, landscaping details. Zillow, Redfin, and Realtor.com cache these images indefinitely. Future occupants might not appreciate having their floor plan public, and you might still appear in photos. Zillow and Redfin cache listing photos indefinitely. The interior of a home you sold years ago is still publicly browsable. Some sites honor removal requests, others don't. When selling, consider what interior details those photos reveal to burglars. After moving, check if your face or possessions appear in previous listing photos.
Sam Bent's avatar
SamBent 1 month ago
You work 3 months out of the year for the government. It's not a choice. If you think that money goes towards the roads and shit, you're wrong. They will kill or imprison you if you refuse. I rob you and buy you a 5 dollar sandwich from the 30,000 I stole, this is the logic.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 073/365 Shared family streaming accounts are a compartmentalization failure disguised as savings. Every profile feeds one behavioral model. Viewing patterns across all users collapse into one household record — one subpoena retrieves everything. The Privacy Spectrum (Polyonymy): distinct identities prevent cross-contamination. Shared accounts dissolve that. Separate accounts per person keeps each person's behavioral record independently non-attributable. Each household member should operate under distinct credentials with no shared payment linkage where avoidable. Viewing behavior, search history, and content preferences aggregated across persons creates a richer combined profile than either alone.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 072/365 A skilled investigator doesn't start with you. They start with a name and a zip code. In the first 30 minutes: ThatsThem links your name to a phone number. That number pulls your address history from Whitepages. Your county clerk has your voter registration with your exact address. PACER surfaces any federal court involvement. Google indexes you across everything. You've been profiled before they've spent a dollar. The first 30 minutes of OSINT on anyone uses entirely free, publicly indexed sources. Voter registration is searchable by name in most U.S. counties. Court records are public. Data brokers aggregate all of it. The investigator isn't hacking anything.
Sam Bent's avatar
SamBent 1 month ago
The government will let corporations pump high fructose corn syrup into everything on the shelf, despite heart disease being the #1 killer in America. But you need $35,000 in permits to sell homemade salsa to your neighbor, because you never paid off Congress with lobbyists. image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 071/365 Thermal receipt paper fades, but the transaction record doesn't. That receipt you kept for warranty purposes will be blank in a few years. Meanwhile, the merchant, the payment processor, and the bank all have permanent records of what you bought, when, and where. The paper is ephemeral, but the data isn't. Stop relying on receipts for records and consider what permanent transaction logs exist about you. If you need receipts for warranties or returns, photograph them immediately before they fade. For privacy purposes, understand that keeping or discarding receipts doesn't affect the digital records that exist. Cash purchases at stores without cameras create the fewest records.
Sam Bent's avatar
SamBent 1 month ago
Anyone with an internet connection can search your Bitcoin balance, trace your transaction history, and link it to your identity but tell me again how "number go up" makes that a feature and not a catastrophic design flaw. image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 070/365 Most color printers embed invisible tracking codes on every page. These machine identification codes, also called printer dots, encode the printer's serial number and timestamp on every printout in a pattern invisible to the naked eye. The NSA leaker Reality Winner was caught partly because of these dots. If you're printing something sensitive, know that the printout itself may identify the printer used. Black and white laser printers generally don't include these dots. If you must print anonymously, use a printer you don't own, purchased with cash, from a public location. The EFF maintains a list of printers known to embed tracking codes.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 069/365 Gym access logs track when you work out down to the minute. Card scans at entry and exit, equipment check-ins, class registrations. If your gym sells data or gets breached, your fitness schedule becomes part of your public profile. Combined with other data, this reveals when you're not home. Your gym knows when you're not home. So does whoever buys their data. Some gyms sell aggregated data to brokers. Others have been breached repeatedly. If your gym requires a membership card, you're logged every time. Vary your schedule occasionally, or choose gyms with less surveillance.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 068/365 Pet microchips and registrations link animals to owners. When you chip your pet, that database entry contains your name, address, and contact info. Pet licensing, vet records, and adoption paperwork all create associations. Someone looking for you could find you through your pet. Your pet's microchip database entry contains your name, address, and phone number. Someone looking for you could find you through your dog. If you've moved and haven't updated your microchip registration, do it now. Consider whether the address on file needs to be your home or whether a PO Box works. For high-threat individuals, this is another vector that often gets overlooked when hardening other areas.
Sam Bent's avatar
SamBent 1 month ago
FCMP++ turns the entire Monero blockchain into your anonymity set instead of just 16 decoys. image