Sam Bent's avatar
Sam Bent
contact@sambent.com
npub1y7rv...d0r3
Agorist. Counter-economist. Privacy maximalist. Student of OPSEC. Anti-authoritarian. Free speech absolutist. Logician. Ex-Darknet Vendor. Youtuber.
Sam Bent's avatar
SamBent 1 week ago
#OPSEC365 104/365 Emergency contact information spreads further than you'd expect. The person you list on forms at work, gyms, schools, and medical offices can be called and given information about you. Some organizations share this data with third parties. Your emergency contact now has their phone number in a system they didn't sign up for. Your emergency contact never agreed to have their phone number entered into that system. Your emergency contact's phone number enters databases they didn't consent to join. For your own privacy, consider whether every form that asks for emergency contact actually needs one. For time-sensitive emergencies, yes. For gym memberships and newsletter signups, probably not.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 103/365 Your sleep schedule is visible in your online activity patterns. When you're last active on messaging apps, when you post on social media, when you send emails. Anyone tracking your activity can map when you wake up, when you go to sleep, and what timezone you're in regardless of what you claim. Message timestamps alone are enough to establish your timezone, sleep schedule, and daily routine. Some apps let you hide last active timestamps. Others you can't control. If timezone privacy matters, consider scheduling posts for times that don't match your actual schedule. Messenger apps with visible activity status broadcast when you're awake to everyone in your contacts.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 102/365 Your handwriting is a biometric you leave on paper. Unique letter formations, pressure patterns, slant angles. Forensic document examiners can match handwriting samples across documents. That note you wrote, that card you signed, that form you filled out by hand all contain identifiable patterns. Forensic document examiners have matched handwriting samples decades apart. For most people this is not a threat. For activists, whistleblowers, and others with elevated threat models, handwritten documents create traceable evidence. Printed labels and typed documents avoid this entirely.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 101/365 OPSEC Step 4 is risk assessment: compare the cost of a countermeasure against the probability your adversary will collect, analyze, and act on that information. Most people either overcorrect — building fortress security against zero-capability adversaries — or undercorrect, ignoring real threats. Both failures come from skipping the calculation. Most people skip the calculation entirely and treat OPSEC as an all-or-nothing practice. Military OPSEC risk assessment has two components: identify the vulnerability, then select countermeasures based on cost versus probability of exploitation. NTTP 3-13.3M rates threat probability as High/Medium/Low. For personal use: not every exposure is worth correcting.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 100/365 Account recovery options become attack vectors. That phone number for two-factor authentication, that backup email address, those security questions. Each one is a way back into your account if you forget your password, which means each one is also a way for attackers to take over your account. Account recovery is how most accounts get stolen. The phone number you added in 2014 for recovery is now the weakest link in every account it's attached to. Phone numbers can be SIM swapped. Backup emails can be compromised. Security questions can be researched. Consider removing recovery options you don't need and securing the ones you keep.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 099/365 Frequent flyer accounts track every flight for decades. Miles earned, segments flown, destinations visited, seat preferences, travel companions when booking together. Airlines sell this data to partners and use it for profiling. Your complete air travel history exists in loyalty program databases. Your loyalty number is a permanent index to every flight you've ever taken. Some people skip loyalty programs for travel they'd rather not have recorded. Others use the benefits and accept the tracking. If you have old accounts with airlines you no longer fly, request deletion. That historical data still exists and could be breached or subpoenaed.
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 098/365 Banks store images of every check you deposit for years. Mobile deposits capture high-resolution photos of checks showing signatures, account numbers, addresses, and handwriting. Banks keep these images for seven years or more. A breach exposes not just your account but everyone who wrote you a check. Every check image in your bank's archive contains someone else's account number, address, and signature. Checks are fundamentally insecure. They expose your bank account number and routing number to everyone you pay. For receiving payments, ACH transfers or payment apps create fewer artifacts. When you must use checks, know permanent images of both sides exist in banking systems.
Sam Bent's avatar
SamBent 2 weeks ago
Every "illegal" market used to be legal until someone in office decided they wanted a cut. image
Sam Bent's avatar
SamBent 2 weeks ago
#OPSEC365 097/365 Smart home devices remember previous owners. Ring doorbells, Nest thermostats, and smart locks may retain links to previous accounts even after factory reset. The person who lived there before you might still have access to your doorbell camera or your thermostat schedule. When you move into a home with smart devices, factory reset isn't enough. Remove them from previous accounts. Contact manufacturers to fully dissociate devices from previous accounts. Some require proof of ownership. Better yet, replace smart devices entirely when moving into a new home, or remove them if the previous owner won't cooperate. You don't know who might still be watching.
Sam Bent's avatar
SamBent 3 weeks ago
#OPSEC365 096/365 Google and Apple store years of your location history. Every place you've been with your phone, timestamped and mapped. Google Timeline shows your movements going back years if you haven't disabled it. Apple stores significant locations in your device. This data reconstructs your entire life's movements. Google Timeline has mapped your movements for years unless you've explicitly turned it off. Most people never have. On Google go to myactivity.google.com and check Location History. On iPhone check Settings, Privacy, Location Services, System Services, Significant Locations.
Sam Bent's avatar
SamBent 3 weeks ago
#OPSEC365 095/365 Your app store download history is a behavioral record — including everything you deleted. Fertility trackers. Mental health apps. Debt tools. VPN clients. All retained under one account. Cronk's aggregation problem: unremarkable data points combine into disclosures more sensitive than any single item. Apple and Google both respond to warrants for purchase history. Maintain distinct accounts per context. Your install and delete timeline is a dossier of your private life. Aggregation attacks don't require a breach. Your app history is accessible to any entity with legal process and to the platform itself for ad targeting in real time. Cronk's MINIMIZE/Exclude tactic: limit collection to what is operationally necessary.
Sam Bent's avatar
SamBent 3 weeks ago
#OPSEC365 094/365 DNA testing means your genetic information exists in a corporate database. 23andMe, AncestryDNA, and others have been breached. Law enforcement uses genetic genealogy to identify suspects through relatives who tested. Once you submit DNA, you can't take it back, and it affects not just you but everyone you're related to. Your DNA test enrolls every biological relative in a searchable database they never agreed to join. You can request deletion of samples and data from most services, but database matches with relatives persist. The Golden State Killer was found through a relative's DNA in GEDmatch. This technique is now routine.
Sam Bent's avatar
SamBent 3 weeks ago
#OPSEC365 093/365 Your toll transponder logs every highway you drive. EZPass, SunPass, FasTrak, and other systems track your vehicle at every toll point with timestamps. This data persists for years and has been used in divorce cases, criminal investigations, and civil lawsuits. Your driving history is recorded and retrievable. Toll records have appeared in divorce proceedings, criminal trials, and civil suits. The transponder doesn't know what kind of case you're involved in. Some people use cash lanes when they want trips unrecorded, though cameras may still capture plates. Others keep their transponder in a signal-blocking bag and remove it only when they want the toll discount. The data exists regardless, but you can choose when to create it.
Sam Bent's avatar
SamBent 3 weeks ago
#OPSEC365 092/365 Mail forwarding with USPS eventually expires without notice. When you move and set up forwarding, it lasts twelve months for First Class mail and only sixty days for periodicals and magazines. After that, mail goes back to sender or gets discarded. Meanwhile, USPS sells your new address to data brokers. Update your address directly with important senders rather than relying on forwarding. The USPS National Change of Address database is sold to commercial entities for address verification. Moving triggers a cascade of address updates you didn't authorize. For privacy, consider using a PO Box as your address of record and forwarding from there when you move.
Sam Bent's avatar
SamBent 1 month ago
Three countries' intelligence tools sit in the quote your local cops bought, Italian hardware, Israeli Unit 8200 spyware, US ex-special-forces resellers. The same gear used on foreign targets now tracks you on a public road you paid for.
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 081/365 Your neighbors' doorbell cameras record your comings and goings. Ring, Nest, and other video doorbells capture everyone who walks past, not just visitors. Police can request footage. Neighbors share clips on social media. Your movements outside your own home might be documented by devices you don't control. You don't own the cameras recording your comings and goings from your own driveway. You can't control what neighbors install, but you can be aware of coverage. Ring has shared footage with police without user consent in emergency circumstances. Amazon Sidewalk extends Ring coverage beyond properties. Walking past is enough to be recorded and identified.
Sam Bent's avatar
SamBent 1 month ago
If you use battle born batteries you may want to... not use them. Great video by Louis Rossmann and Will Prowse image
Sam Bent's avatar
SamBent 1 month ago
#OPSEC365 080/365 Newspaper announcements broadcast your life events to everyone. Wedding announcements with both families named, birth announcements with baby's name and parents' names, obituaries listing surviving family members and their relationships. These become permanent records indexed by search engines and genealogy sites. Newspaper announcements are indexed by search engines and genealogy sites permanently. You can often write or edit announcements before publication to limit details. Obituaries in particular are goldmines for identity thieves and social engineers, listing maiden names, hometowns, and family relationships.