OPSEC: VPNs only help stop your network from invading your privacy. The biggest threat is still you!
![[Deleted User]](https://www.privateinternetaccess.com/forum/applications/dashboard/design/images/defaulticon.png)
Most users looking into a VPN are doing so because they want to try to mask their identity from obvious threats, whether that be online stalkers, hackers, or the threat of abuse and misuse of the legal system to ruin their life (by civilians and governments alike).
A VPN can be an easy and relatively simple chocie for masking the simplest of unknown threats, but the biggest threat is the actions we perform or the information we ourselves voluntarily share to the wrong eyes or ears.
The concept of protecting information from ears and eyes that aren't meant to see it is referred to as Information Security, or INFOSEC for short.
INFOSEC is a subset of Operations Security, or OPSEC for short. Since information alone is not all we need protecting, but also systems, environments, communication channels, and hardware, a greater understanding and appreciation of OPSEC is necessary to protect yourself completely. A VPN such as PIA or even Tor, is just a tool of a larger OPSEC strategy.
In the following posts of this thread, I will try to explain what OPSEC really means, how you can start to practice the OPSEC mindset and begin to implement it into your life for a safer existence, offline and on, in business and personal life.
As a member of the Operations Security Professional's Association (OSPA) ( https://www.opsecprofessionals.org/what-is-opsec/ ) I am always happy to help educate and promote the concept of OPSEC to the general public, and believe that proper OPSEC is something everyone should learn, not just military or members of a particular organization.
A VPN can be an easy and relatively simple chocie for masking the simplest of unknown threats, but the biggest threat is the actions we perform or the information we ourselves voluntarily share to the wrong eyes or ears.
The concept of protecting information from ears and eyes that aren't meant to see it is referred to as Information Security, or INFOSEC for short.
INFOSEC is a subset of Operations Security, or OPSEC for short. Since information alone is not all we need protecting, but also systems, environments, communication channels, and hardware, a greater understanding and appreciation of OPSEC is necessary to protect yourself completely. A VPN such as PIA or even Tor, is just a tool of a larger OPSEC strategy.
In the following posts of this thread, I will try to explain what OPSEC really means, how you can start to practice the OPSEC mindset and begin to implement it into your life for a safer existence, offline and on, in business and personal life.
As a member of the Operations Security Professional's Association (OSPA) ( https://www.opsecprofessionals.org/what-is-opsec/ ) I am always happy to help educate and promote the concept of OPSEC to the general public, and believe that proper OPSEC is something everyone should learn, not just military or members of a particular organization.
Comments
Looking forward to what you can bring to the table.
Too many people see VPNs as "ways to get US Netflix" or "the thing that lets you torrent without copyright notices"...
Agree with Max-P, VPN is not efficient if one does not take into consideration many factors. Just can't turn on VPN and go about one's business. One has to be very aware of what their local machine is doing. It very well could be spilling all sorts of information outside the VPN tunnel.
Most people have no understanding of the technology nor are they interested in learning. They want it to "Just work" -(credit to Apple) and it generally does - but not necessarily in a secure way. Given that social media such as Facebook or Twitter are so open to abuse ( can you really trust your "Friends" ?) - I personally wont use social media, 'though my wife does to keep in contact with her overseas family members who have no hesitation in posting everything and anything - her account is accessed via PIA and a fake registration and a disposable email address, so problems are mostly limited to family posting her image and tagging her on their pages.
Just goes to show how alarmed the general population is at their complete erosion of any semblance of privacy online.
The exponential growth spurt in the last couple of years of people all over the world signing up for a VPN is not happenstance, it wasn't out of the blue and without reason.
The out-of-control surveillance state complex globally has brought forth this response from the common people who are increasingly made to feel like criminals for daring to demand privacy in their online dealings.
Signing up for a VPN is a great first step, but there is no shortcut around the fact that you really need to know what a VPN can and cannot do. If you are a novice user, there is no escaping reading tons of articles online about how VPN's work and how they protect you, and more importantly where they cant help you.
Part II: Introduction to basic concepts
If you are looking for a highly detailed and technical review and description of OPSEC, I encourage you to visit the OSPA (Operations Security Professionals Association) website at https://www.opsecprofessionals.org/what-is-opsec/ to get just that. This post and all posts in this thread will be geared towards layman's terminology, simplifications, and examples intended for the average person.
OPSEC, to put it very simply, is a practice and a mindset, much like that of a gardener.
When a gardener wants to grow, they don't just throw seeds on the ground and come back the following year. They figure out first what they want to accomplish (e.g. grow corn), what the typical risks are (e.g. floods, animals, bugs, drought), the conditions in which the seed grows best (e.g. weather, soil, fertilizer, sunlight), and just what the return on investment would be (e.g. 2 bushels of Corn, 2 acres of Tomatoes, 200 bottles of grape wine). Then and only then do they move forward. This allows not only a greater chance of success, but enables them to react in a quick and concise manner, free from doubt.
OPSEC is much like this, except instead of planting seeds, we plant ourselves into situations with specific desired outcomes.
What does OPSEC look like?
For those like me who learn best from examples, let me draw a picture for you.
You've just been invited to an interview for a job you didn't imagine would call on you. How exciting is this!
The interview begins and you're asked to provide your Facebook login details so they can get a good sense of your character.
Uh-oh!
Can you pinpoint the exact moment that you endangered yourself unnecessarily and took your future out fo your own control? Was it when you agreed to the interview without giving it proper consideration? Or how about when you didn't properly prepare for it? Was it when you were introduced with a request you weren't expecting?
The exact moment you failed at OPSEC was when you applied for the job in first place without understanding that the employer would likely require access to Facebook. This kind of information was critical to your chances of employment, and now you've handed over your Facebook password so that your every movement can be critiqued and used against you.
Test your instincts
Let's try an exercise. In this example, which of the following did you practice poorly?
If you answered "All of the above", you're right!
Practicing proper OPSEC is not just for military with missions to accomplish, it's all for your personal safety and wellbeing, and the success of any endeavor.
The above was mostly an example of poor INFOSEC and COINTEL (counterintelligence).
How complex is OPSEC?
OPSEC is like a martial art in that it's not just kicking, punching, blocking, or grappling, it's all those things as tools used in a specific arrangement that serves to eliminate the threat and beat the bad guy. And just as you wouldn't block someone swinging a baseball bat at you by punching it, there is a logical and reasoned response for every situation that requires a unique assessment each time. This is called risk assessment or theat modeling. "What threatens me? What will it likely do? Am I safe from that? Can I counter attack and succeed or should I run? If I'm not safe from it, how can I be? What do I risk losing if I fail?"
OPSEC is split up into major categories too that are themselves entire fields of study, some of which you don't need to be concerned about mostly because you are not likely to be in a position to control them.
INFOSEC - This one comes down to keeping information secret from those who don't need to know it. You practice INFOSEC by having a password on your Facebook, sharing posts only with friends and families, or making sure your uploaded photos don't contain your GPS coordinates in the EXIF metadata.
APPSEC - This one could be summed up easiest by talking about the mobile apps most people download so trustingly, and those pesky permissions given without thought of consequence. Why does your calculator need internet access and to use your camera?
NETSEC - This is what PIA helps protect. It's also what Tor is for, and firewalls! It refers to the security around networks, connecting to them, using them -- we practice good NETSEC by not connecting to Wifi spots we don't trust as it may spy on our data.
(CO)INTEL - This is where creativity in lying is rewarded! Remember the interviewer who wanted your facebook credentials? What if you instead providing a separate account that you had purposely curated ahead of time to make you look less reckless? This would be providing false intelligence to the interviewer, and thus counterintel. Using a VPN in some ways could be considered COINTEL.
Others you will likely never hear about much less need to be concerned about are:
COMSEC
TRANSEC
SIGSEC
Stay tuned
In the next section, I will explore in simple terms how INFOSEC can not only guide your success, but paint your demise as well.
I don't understand why so many people think this way, It's almost as if VPN's target this group specifically by buying up ad spaces on torrent sites with scary looking ads. Obviously this is purely not the case but you would think it was just by how these people are acting and thinking what a VPN is for. Maybe we should really buy ad space and inform the public?
Speaking of OPSEC, when you create an account to post in a single thread with a passive-aggressive tone, it leaves a bigger fingerprint for who you probably are. Might want to mix it up by posting in other threads first next time.