====== Operational Security ======

  - Identify the information you need to protect
  - Analyze the threats
  - Analyze your vulnerabilities
  - Assess the risk
  - Apply countermeasures 

Understand your own risk/[[threat-model|threat model]]: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

===== Help, I was hacked! =====
  - [[admin:backup:|Back up]] all your important data
  - factory reset / wipe all of your compromised devices
    * if there is a possibility the hardware has been tampered with, buy new hardware.
  - Change all your passwords
    * most important:
      * email,
      * [[:guide:messenger:|messengers]],
      * social media,
      * WLAN,
      * infrastructure accounts (phone company, ISP)
  - use a [[:guide:passwords|password]] manager like KeePassXC on a trusted device
    * trusted = factory new or freshly reset
    * Do not change or enter passwords on compromised devices.
==== Smartphone ====
  - Factory reset the phone.
  - Change your Google or Apple ID password.
  - **do not** restore app data from Google or Apple, you could potentially restore a backdoor.
  - Reset [[2FA]] information.
  - Reset your desktop PC or laptop (maybe there's a keylogger installed as well).

You won't need to get a new phone and number.

===== Tools =====
  * [[https://secfirst.org/umbrella/|Umbrella]] – Android App with security handbook

===== Talks =====
  * [[https://www.youtube.com/watch?v=J1q4Ir2J8P8|Zoz - Don't Fuck It Up! (DEF CON 22)]] – this talk offers an amusing introduction to how you can maximize your chances of enduring your freedom while not fucking it up.
  * [[https://www.youtube.com/watch?v=S9vXTSOFp_o|Tails - Security, Maintainability and Usability, pick three! (NDH2K16)]]

===== Chat =====
  * verify your contacts out-of-band (e.g. via phone call or in person)
  * if you send sensitive information (contacts, passwords etc.), delete it for both sides after saving
  * don't disclose sensitive information in public chatrooms

===== further reading =====
In this wiki: [[privacy|Privacy]], [[whistleblowing|Whistleblowing]], [[encryption|Encryption]]

  * [[https://opsec.readthedocs.io/en/latest/team/index.html]]
  * [[https://ruptur3.github.io/toolkit/]]
  * [[https://www.reddit.com/r/onions/comments/9uhuic/opsec_by_example_e1_digitalink_aka_jacob_theodore/|Opsec By Example – Digitalink]]
  * [[https://www.reddit.com/r/deepweb/comments/9ywlm5/opsec_by_example_e2_steven_w_chase_founder_of_the/|Opsec By Example – Steven W Chase / Playpen]]