OPSEC & Cyber Security Basic Guide (2025)
A basics to OPSEC & Cyber Security
This work is licensed under a Creative Commons Attribution 4.0 International License
Socials at bottom of the article. Donate to my ko-fi account to support my work!
Disclaimer:
First and foremost, it’s damn near impossible to be anonymous to the US government itself given the existence of PRISM & Xkeyscore. However the following can massively help you stay anonymous and protected from them and everyone else.
Cyber security & OPSEC are massively overlapped, with some elements of cyber security & OPSEC relating to physical behavior, practices and awareness in addition to digital. You need to understand that to maximize your cyber security & OPSEC, it is changes to your entire lifestyle and practices, and is ever evolving and constant.
Depending on your cyber security & OPSEC plus how wanted you are by groups or the government, will matter on how much of their resources and funds they wish to exhaust.
My First & Biggest Recommendation:
If you want to minimize the amount of data that is collected about you, you’ll need to begin the process of abandoning massive data harvesting software like Google & Windows. Google is only good for certain occasions like needing a gmail for applying for jobs, or using the search engine and Google Dorking techniques to find specific OSINT information. If you can begin moving away from Chrome, which is a big step; export and save a file of your bookmarks, get rid of the browser and replace it with Brave or Firefox which is customizable (in settings) to minimize or stop any data collection completely. Use UBlock extension with Firefox or Braves inbuilt Shields function to block trackers, ads, popups, etc. Brave is built especially to do this, but Shields adds additional protection.
My Second & Biggest Recommendation is - You’re Going to Need to Make Some Investments:
Yubikey (2 minimum) for 2nd Factor Authentication.
Flashdrives for files on the go. Keep in mind any flashdrives or hard drives exposed to high or direct heat will destroy the device and any data on them.
A 5 terabyte external hard drive, you can get a bigger one if you want (get a decently durable one) to backup all your more important files and information, keep unplugged until you need to use it.
Faraday bags, faraday bags stop all radio frequency to a device. It will protect you in times when you need your phone to not ping off a cell tower, which it still will do so if the phone is off.
Camera covers specifically for your phone’s front and back cameras and other covers for your computer’s camera.
MullVad VPN, which is the best VPN you can buy as it doesn’t save any traffic logs that would be requested by law enforcement unlike 95% of other VPN’s. You pay them and they give you a generated account code you’ll need to save somewhere and you use that to login & protect your devices.
If you want a phone that is completely anonymous and secure, I’d recommend investing in a Google Pixel and replacing the operating system with Graphene OS. Graphene is a privacy centered OS which recreates the functions of a normal Android with Google apps, but without the actual data collection aspect, as it’s a modified copy that sandboxes all your apps to keep all functions in individual apps separately from others or the device itself. I wouldn’t recommend this as a personal, unless you want it that way, but I’d recommend it for any sensitive information or use, especially political.
Beyond an anonymous phone, I’d deeply encourage paying for a good VOIP phone number for when you need to make a phone call to a specific contact but don’t want to leak your personal phone number that may be tied to your actual name and information. The Burner app is a good recommendation in this regard.
Protect Your Social Media Activity & Accounts:
Make a private email specifically separating your socials from your personal email. You can use Protonmail or Tuta for this. Keep in mind some Linux pen testing/hacking software can scan all your accounts for data like emails or phone numbers affiliated. Having multiple emails is optimal - personal for applying to jobs, another one for any personal accounts, another one for political accounts under a specific username, and another one for anything outside of those two relations.
Protect your socials with a Yubikey, have a second as a backup if you lose the first and keep it at home, and use a password manager (Bitwarden, 1password, lastpass, etc) to manage your passwords safely as session hijacking can leak personal login data. A password manager that has a 2nd FA to your Yubikey with additional recovery features to email and phone is optimal. Remember, the more secure the least likely a hacker is getting in.
Make sure you scrub the metadata of all files or images before sharing or upload as this data can identify you. There is apps and websites for this.
Never upload images with your background showing something that can identify you. Such as your house or yard in the background, or your local city as this can narrow search and can lead people to finding out who you are via geolocation and triangulation. This is a method among 12 of intelligence gathering techniques called GEOINT. This is least likely but still important to mention.
Be careful with links, specifically clicking shady links or downloading shady downloads. A bit of caution is good in protecting your accounts or information. Run everything through virustotal.com and any.run (if you have a LLC you can make an any.run account to sandbox file/URL testing). Or use a Virtual Machine like VMWare or Virtual Box.
Don’t share too much personal information as part of the intelligence gathering technique, OSINT, relies on collecting shared data you give which can be used to trace and identify you. Such as personal mention of your hometown, doctor’s visits, the kind of car you drive, stores you frequent, etc.
Use Cryptpad for securing sensitive information or data that you don’t want accessible by anyone. Cryptpad is an encrypted cloud the company doesn’t access.
For Encrypted, Anonymous Communication:
AVOID for Organizing: Discord, Facebook Messenger, WhatsApp, SMS, etc.
Operating System:
For your computer I recommend Linux as you can customize it to maximize anonymity and security. Before you download it to replace your windows computer, I deeply recommend you study Linux basics for at least a good month straight, as Linux has a learning curse and is often dependent on terminal and how to use it. It’ll help following and asking questions on Linux subreddits or forums. There is also certain software that can help it function more reliably.
Make sure you backup all your files and data before you begin switching over unless your computer has the space and capabilities to duel run both Windows and Linux. Mac isn’t mentioned as Apple doesn’t allow swapping their operating system with any other operating system.
For low spec laptops & desktops, get Linux Mint, Manjaro or Elementary OS. Linux Mint is more UI friendly and similar to Windows, Elementary OS is similar to Mac.
For privacy & anonymity, use Qubes OS (recommend by Edward Snowden). I would also encourage having a backup, live portable flashdrive of Tails OS for when necessary.
For Linux, please use these!
Get ClamAV for virus and malware system scans.
Turn on autoremove to auto clean your boot drive so it doesn’t overfill.
Download, configure and make sure you turn on your Linux firewall.
Get Proxy Chains, this will keep your device protected and proxy chains will auto swap you IP address every 15 seconds.
Personal Practices & Financial:
Use aliases, both digitally and physically. Always evaluate when and where to use them, majority of the time you should be using an alias. Having multiple aliases for specific communities or people is honestly the best. Practice hearing these aliases that way you subconsciously respond to them when mentioned.
No one can know your identity; way many more people have loose lips than you expect, and anyone can leak information. Even if they aren’t aware as people can socially engineer (manipulate and lie) to find out information that could link or expose you.
Always have your everyday carry items be necessities (wallet, phone, keys, etc) and anything you may be using to protect your OPSEC or cyber security.
Always be vigilant and aware of your surroundings. Always evaluate the environment to make decisions based on safety of the environment.
Don’t share too many identifying information online or publicly. Most people get doxxed because they wasn’t careful enough or because they talked too much.
When on the phone with someone talking about sensitive information, make sure you are out of everyone’s earshot.
Use a crypto wallet and trade in Monero which is an untraceable cryptocurrency. Cash is also largely untraceable. Use only for transactions you don’t want recorded.
Additional Resources:
PrivacyGuides.org is a updates version of privacytools that provides a lot of recommended services and information.
PrivacyTools.io is a great website with resources you can use for privacy, anonymity, and more.
OSINT Dojo & OSINT Framework are lists of resources you can use to find your information or others on publicly available databases. This can help you in further securing your anonymity as it shows you where you are vulnerable and gives you places where you can request them to remove your information.
Remember to subscribe and follow my other socials; this is my uncensored webpage, as Linktree has censored some of my links:
https://islamicsocialist.systeme.io/socials
Subscribe to my Patreon or make a donation on Ko-fi to support my work:
https://www.patreon.com/IslamicML
https://ko-fi.com/islamicsocialist
Follow the Telegram:
https://t.me/islamicsocialist
This work is licensed under a Creative Commons Attribution 4.0 International License