This is your disclaimer that I have no idea what I'm talking about. Now let's get started.
OPSEC is about how to reduce the chances you'll get hacked, doxxed, or otherwise have private information stolen from you.
We're going to briefly touch on: ad blockers, password managers, 2FA, encrypted messaging apps, and VPNs.
You don't need to read this if you already know everything I just listed. If you don't know what something is, scroll to that part of the post and consider implementing it.
If you haven't yet installed an ad blocker, I don't know what to tell you. You're either a boomer or a marketer who studies ads.
uBlock Origin is a popular ad blocker that does what you need it to do. Just search for "ublock origin" + "Chrome/Firefox/browser name".
There are websites that don't function when your ad blocker is enabled. Temporarily disable your ad blocker or don't visit shitty websites.
You should be using a password manager. There are two notable options to choose from, and it doesn't matter which one you choose.
Password managers are important because they give you the upside of highly secure passwords without the downside of potentially forgetting said highly secure passwords.
When using a password manager, you only need to remember 1 password: the password that unlocks your password manager.
Password managers are extremely convenient because they auto-fill your logins and auto-generate your passwords if you install the corresponding browser extensions.
You need a password manager. Go sign up for one of the two options linked above.
Two-factor authentication requires you to enter a one-time security code each time you login. This adds an additional layer of security to your account, preventing an attacker from accessing your account even if they had your password.
You need to use app-based 2FA. Google Authenticator is the most popular option. Text-based 2FA is not safe.
Here's why: attackers have been known to convince your phone carrier to transfer your phone number over to a SIM card they own, thus enabling access to your text messages.
Seriously! This guy lost $100,000 because of it.
Enable app-based 2FA on your most important accounts. Email and banking are the big two.
Encrypted Messaging Apps
The short version: use encryption whenever possible.
SMS is not encrypted and neither are the vast majority of emails. (Encryption via email is technically possible, but it's difficult to setup and both parties need to complete the steps. Look into "pgp email encryption" if you're interested.)
Messenger apps are the convenient way to go here:
- WhatsApp is encrypted, though privacy minded folks dislike that it's owned by Facebook—not exactly the most privacy friendly company.
- Telegram is encrypted, though it uses proprietary encryption, which is considered a big red flag.
- Signal is a popular mostly-consensus pick, though it's not nearly as mainstream as the options above.
You should be using a VPN if you use public internet. Privacy minded folks would argue you should be using a VPN at home too.
VPNs funnel your internet activity through a remote server, preventing anybody on your local network from spying on (or altering) your internet activity.
VPNs inhibit mass surveillance, but they're not perfect. Governments have the power to subpoena VPN companies to uncover customer information. There are VPN companies that advertise a "no log policy", meaning they would have nothing to handover in the case of being subpoenaed, but verifying these claims are difficult.
It's important to remember that while you are protected with a VPN, you are never fully anonymous.
Researching VPNs is difficult. VPN companies offer large affiliate commissions and thus it's nearly impossible to find content without bias. The best site for finding a VPN is That One Privacy Site, which refuses to use affiliate links.
I am not an expert and any technical explanations above are coming from memory.
If you're interested in reading more about OPSEC, check out these resources: