What is the goal of the Opsec blog ?
Priority number 1: Solving the lack of Education
To explain the whole context, you need to understand first of all that having good operational security, means that you are ungovernable. Therefore, when you have online discussions online on how to have good operational security you have 2 types of people:
On the one hand you have people that want to protect their individual freedom, which are largely seeking Truth, which prefer to know the solution rather than protect their ego, that are continuously asking questions because they want to know things, while at the same time not asking the same question 100 times to slow down the overall progress of the discussions. These are people that are acting in good faith.
However, don't be naive and believe that anonymity only benefits the good people,you have statists that also use anonymity to blend in with everyone else, to try and stir things their way. In practice, to spot them you need to look for the following:
- FUD Spreading (over-skepticism) (ex: SimpleX not being compilable)
` 
Most of the times this is the most effective tactic because according to brandolini's law, the time it takes to refute bullshit is an order of magnitude greater than that required to produce it. It takes time to refute someone's made up lies, more time than it took time to for them to create them. Lucky for you, this entire blog is here to dispel people's lies, and show you the raw truth. In this instance someone was spreading FUD that simplex wasn't compilable (they were only partly right in saying that simplex didnt have reproducible builds yet, to their credit). So we went ahead and explored if it was possible to compile simplex ourselves, which we confirmed that it actually was,as explained in this post. (we obviously listed all the steps to compile it, so that the other party can test it and verify it as valid from his end).
Obviously, the guy wasn't happy that we spent one afternoon just to prove him wrong, and he refused to admit fault. Here you have a clear sign of egocentrism (see how he ignores that i admit he was partly right on the non-reproducible build and resorts to calling me a big bad meanie). A real truth seeker would have remained objective about the topic, and not resorted to calling me names. In fact, he should have thanked us that we did the heavy lifting for him, to clear up his misunderstanding on the topic. The co-opting threats are absolutely real, don't be naive about it. The bitcoin project itself fell prey to the co-opting aswell, it no longer has individual freedom as it's core value, it's almost only statist propaganda now.
This is the type of opsec discussions you're going to see all around in the most communities that talk about opsec an ocean of bullshit, where actual quality is hidden 10000 feet below the surface, with people too lazy (or not even caring) to refute dishonest people's made up claims. And whenever someone actually explores a topic, they get ad hominem'd, discredited, called names, with continuous thread derailing and no concern given to actual truth seeking nor having productive discussions. Egocentrism is an actual plague that erodes the quality of the debates, which is sadly way too common these days. (if it were up to me to manage that website, i'd make signing up cost some monero, that way people would have something to lose in case if they considered eroding the quality of the talks there)
You get the idea, we're here to reverse this trend, and bring back actual truth seeking to the table. Like i covered in this dread post, most people fail to realize the enormity of what the field of Operational security ecompasses. It is a HUGE task to actually cover everything opsec is about, even when you limit the topic exploration to Privacy, Anonymity and Deniability.
This mountain of work that explaining operational security is, cannot be summarized in 1 afternoon, in a 4 hour effort post. This is a multiple thousand-hour effort, to effectively plan it out, list all the blogposts to explain all the concepts, all of the topics to be explored, to actually explore them, rewrite them whenever valid criticism gets thrown at it, on and on and on it goes. AND you have to apply a quality standard on ALL posts, to make sure that you effectively convey your knowledge to your audience properly.
Not to mention the organization of the whole blogpost will affect whether or not you can reach that goal of making that one place to contain every possible opsec advice one needs under 3000 hours of work or 9000 hours of work. It needs to be correctly organized from the start, otherwise it will remain a distant target that you'll never reach. (not to mention that one needs to have enough humility to realize the enormity of the task, and also effectively organize recieving external contributions).
TLDR: if you're not serious about it, in the long run, you're bound to make a mess out of it.
You can also encounter the opposite with laxists giving into over-simplifications at the expense of their objectivity:
- Minimization Fallacies (ex: Pretending that using closed-source software is OK for privacy)
Clear example of a complacency-first argument, where Apple corporation-lovers are so hooked up on using some piece of technology that they are unwilling to change their habits, and even go as far as pretending that it's okay to be spied on by one of the top 5 biggest corporations out there and call the tool ""private"" and ""secure to use"". While in fact their privacy is non-existant if you run closed-source software, and they are operationally insecure, and made vulnerable to corporation-enabled mass surveillance.
And when they get called out for it, they refuse to fix the issue:
There is a balance to be had. One the one hand you can't be over-skeptical and dismiss solutions based on opinions (aka, falling into FUD fallacies), and on the other hand you can't just pretend that everything is okay, and all preety flowers (aka, falling into minimization fallacies). Logic is all there is, follow your logic, and explore these topics yourself to verify them. In this instance, being watched by a corporation's employees is not okay when you want to have privacy on your computer.
The current opsec (privacy/anonymity/deniability) context is such, that actual quality advice is being threatened by either blatant incompetence, or by extensive malicious disinformation and dishonest argumentators, which are doing everything to mislead people into either not caring about it, or discouraging people from achieving it, or straight up lying to them that something is OK or that something is not OK.
Everyone has to do their part in preserving quality opsec advice from this wides-spread erosion. Don't give in to that ocean of bullshit, stick to logic, contribute to keeping that quality intact, and also make sure that this Opsec advice reaches the ears of the normies (because yes censorship is also part of the quality advice erosion, especially on centralised social media websites like youtube, twitter or else. These are places where statists control who gets to speak loudly and who gets to remain unseen by the masses).
For example, Monero talk is the example of an actual Good show correctly trying to tell every normie out there that monero is the way to achieve private transactions (quality opsec advice). But the youtube platform is such that they are shadow-banned, and kept invisible from the masses (look at how few views they have). This is done on purpose because they don't fit the statist propaganda narrative, to prevent them from reaching their full visibility potential.
In short, Objectivity is our priority number 1. This blog is meant to remain a safe haven for actual opsec advice that has been thought through, tested, and validated by us. We are actively refuting everyone's bullshit with each and every blogpost we write, with no plans of stopping. To refute someone's bullshit, all you need is to send them the link to the relevant blogpost we wrote. Fast and simple. You don't need to re-explain everything yourself 100 times and waste your time on them. (aka the RTFM technique).
If we recommend something that is objectively not protecting against an obvious threat, and you know of a valid solution to actually fix it, we'll admit fault, and we're going to mention the better solution in the later versions of the given tutorial. We're not going to throw a tantrum to try and protect any worthless ego. We seek the truth, we're all wrong at some point along the way, we always choose to learn from our previous mistakes.
Truth seeking is definitely required in Opsec, since it is about combining all valid relevant perspectives on a given topic. For instance, you have the perspective of privacy, the perspective of anonymity, the perspective of deniability, the perspective of the adversary, the perspective of all the relevant parties in a given setup (the cloud provider, the peer you are transacting with, the law enforcement, the internet service provider, etc). ALL of those perspectives need to be taken into account when you give accurate operational security advice , you may see something that i missed, and i may see something you missed. It happens all the time, therefore remain open-minded, and stay objective as much as possible. Don't be an egocentrist, and become a truth seeker. Seek to percieve the truth from all the different valid perspectives, because that's the only way to get closer to it.
Priority Number 2: Applicability to 90% of the people out there, to defeat 99% of the risks
When you're giving operational security advice, people need to care about it first of all. Everyone cares about privacy sooner or later in their life. Whether it is to do something private in the bedroom, or to have some private discussion about something, it is a clear topic that people want to know about. Especially on the digital side of things.
Thing is, context matters immensely. you can't give advice that applies to everyone in the world at once because you need to take into account threats that may exist in a country and not in another. For example, when to it comes to using VPNs in combination with Tor to protect your anonymity we need to contextualize it correctly:
If you were to use Tor directly in a dictatorship country like China, you may just get sent to the concentration camp straight off, which requires you to hide it behind a VPN or behind v2ray. contrary to running Tor in the EU, where it is absolutely fine to let the ISP know that you're using Tor. The advice you give needs precise context , as threats differ from one country to the other.
Another example of context importance, is wheter or not you need anonymity to safely post on social media. If you live in the UK you ABSOLUTELY need anonymity , because their new laws dictate that context of a given social media post doesn't even matter anymore, and the message itself, interpreted however the prosecutor sees fit for his narrative, is enough justification to throw you in jail.
The report discussed by Newsweek β authored by Agora, a Russian human rights group β **found that 411 criminal cases were brought against internet users in Russia in 2017.** The article does not give a figure for arrests.
In 2017 The Times made a Freedom of Information request which found **3,395 arrests had been made by 29 UK police forces for βsection 127β offences, which is used for cases of online abuse.** According to the article, 1,696 people were subsequently charged. Section 127 offences cover harassment that takes place via an βelectronic communications networkβ, and is not limited to social media posts β harassment via email or other forms of online communication can also fall under this definition.
(source: https://pa.media/blogs/fact-check/russia-has-far-more-restrictions-on-social-media-use-than-the-uk/)
TLDR: there were 9 times more arrests for social media posts in the UK than in Russia.
Therefore, contextualize, list the threats, and explain the appropriate solution for a given situation
Anonymity for example also has a serverside context. You may want to anonymously visit websites that block Tor, therefore in that context you need to hide Tor behind a VPN, before accessing the website, so that it looks like you're accessing that website via the VPN. Multiple different perspectives, multiple different contexts, and opsec advice needs to ideally take all of it into account (but we're aiming for that 90% usecases applicability), in order to actually be relevant.
All of this to say, we seek to give advice that is applicable to 90% of the people out there, to defeat 99% of the risks one may face. We don't care about the advice that only 10% of the people can actually pull off, to protect against the 1% most unlikely risk that could happen. We want to make sure that as many people as possible actually get to have relevant opsec advice for their day to day lives, wheter it be privacy, anonymity or deniability related.
For instance, we won't recommend you to hook up wires to your motherboard, risk bricking your laptop permanently, all to just hopefully disable some closed-source software that came with the closed-source hardware you bought. that's a 1% unlikely risk whose protective action only 1% of the people can actually pull off. No, instead we're going to recommend you purchase a laptop that is open-hardware by default once it hits the market, and you won't have any closed-source hardware backdoor to remove in the first place.
TLDR: We put forward realistic advice only that can be applied to 90% of the people out there to defeat 99% of the risks
Priority number 3: Simplifying the advice as much as possible
Going back to priority number 1 above, objectivity requires that you're not over-skeptical, nor over-simplifying. Therefore, if you give advice that is overly complicated (as it is actually easier to over-complicate things, than to simplify them), then you're not helping either.
For example, recommending to use signal to message someone privately is more complex than to use simplex, because on one solution you need a phone number, while on the other you don't need it.
Every complication needs to be justified, and requiring a phone number to chat privately with someone is not justifiable. You need to realize that sometimes there exists a huge amount of possible solutions to solve a given problem (yes there exists a TON of chat apps out there). The only difference is that some solutions are overly complex, while others are simpler. The simpler solution that actually delivers opsec-wise IS the best solution.
The first goal is to make sure to show that privacy, anonymity and deniability is required AND achievable, but then we need to make sure that as many people as possible can achieve it, by simplifying it as much as possible, without making the individual vulnerable to any statist threat.
We need to ensure that everyone knows that with the correct technology, when used correctly, they cannot be silenced, oppressed, and governed anymore. We are directly going against the statist's panopticon propaganda , where they argue that supposedly nobody could hide, nor remain outside of their unjust laws.
Yes, this is an Anarchist blog. We are telling you how exactly you can become ungovernable. We don't care about what you intend to do with the setups we showcase, in fact we hope that you intend to use it to better the world with it, but one thing is for sure; the individual is free to do whatever they like, as long as their actions are protected from any possible repercussions, be it by implementing the appropriate setups that protect their Privacy, their Anonymity, or their Deniability.
TLDR: Stop complaining that government / corporation / company did X, Y or Z. Learn about those tools that are here to protect your freedom, Learn how to use them, Implement them yourself, and by using become free.
You have ZERO excuse to not choose to be free right now. All you need is to learn how to do it, and to just do it.
Suggest changes
nihilist 2025-04-30
Donate XMR to the author:
8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8