The Golden Rule
OpSec is not about being "hidden"—it is about **controlling what is visible**. Once data is leaked, it can never be truly deleted. Your safety depends on the wall between your digital self and your physical self.
1. The "Invisible" Leak: Metadata
Every photo you take with a smartphone contains **EXIF data**. This can include your exact GPS coordinates, the time of day, and your device ID.
The Threat
A stalker or predator downloads your photo and uses an EXIF viewer to find your home address or workplace.
The Defense
Use a metadata scrubber or take screenshots of your photos instead of uploading the original file.
2. Social Engineering & PII
Manipulators often gather information through "soft" questions over long periods. This is known as **Information Piecing**.
Environmental Clues
A specific coffee shop cup, a landmark out the window, or even a unique carpet pattern can be used to geolocate you.
Workplace Slips
Mentioning your specific job title or industry makes it easy to find you on LinkedIn or professional registries.
Username Parity
Using the same username on the IBB as you do on your personal Instagram or Reddit is a major security hole.
Hardening Your Perimeter
- VPN Always: Use a reputable VPN to mask your IP address from server owners and potential attackers.
- Burner Emails: Use services like ProtonMail or SimpleLogin for community accounts—never your primary Gmail.
- 2FA Everywhere: Use an authenticator app (like Authy or Bitwarden). Never use SMS-based 2FA if possible.
Immediate Action
If you believe your IRL identity has been compromised, contact an administrator immediately and consider a full "Identity Scrub" of your digital presence.