Skip to content

OpSec Basics

OpSec (operational security) is the discipline of not leaking the information that links your identities together. On a pseudonymous forum where reputation has financial value, OpSec leaks compound — a small clue you posted in 2017 might enable a doxxer in 2025.

The compartmentalization principle

Decide which "identities" you operate. For most active forum members:

  • Public forum persona — your Bitcointalk username + writing
  • Real-name professional identity — LinkedIn, work
  • Off-forum casual identity — Twitter, Reddit, hobby communities
  • Anonymous research identity — for sensitive topics

Different identities = different email, different password, different writing style, different timing patterns. Don't bridge them.

Common bridging mistakes

Do

  • +Use a dedicated browser profile per identity
  • +Vary your posting timing — don't always post in the same hour band
  • +Use a different password manager vault per identity
  • +Strip metadata from images you post (location EXIF data is the #1 leaker)

Don't

  • Mention your real-life location, employer, university, or family
  • Post a photo with identifiable background (a window, a landmark, your reflection in a screen)
  • Use the same writing tics across identities (catchphrases, signature emoji, formatting quirks)
  • Log into your forum account from your employer's network

Image metadata

Phones embed location coordinates, device model, and timestamps in image files. Strip them before posting:

  • Use a privacy-aware image processor (ExifTool, Photo Investigator, your phone's "share without metadata")
  • Take screenshots of images rather than sharing originals where possible
  • Be aware that "reverse image search" can match cropped or recompressed versions

Writing style is identity

Stylometry — the science of identifying authors by writing patterns — is real and effective. Mature LLM-driven tools can link pseudonymous writing across platforms with surprising accuracy.

Defenses:

  • Write in distinctly different registers for different identities
  • Periodic style audits: "could a tool match my forum posts to my Twitter?"
  • Avoid distinctive structural patterns (specific punctuation tics, capitalisation oddities)

Network-level OpSec

  • Use a different IP for different identities (Tor browser for sensitive ones)
  • Don't access multiple identities in the same browser session
  • Be aware of browser fingerprinting (Tor Browser is hardened against it; mainstream browsers leak heavily)

The threat-model question

Decide which threats you're defending against:

  • Casual snoopers — basic hygiene defeats them
  • Determined doxxers — needs disciplined compartmentalization
  • Nation-state level — needs full air-gap + Tor + isolated devices

Most forum users only need to defend against the first two. Don't burn out trying to defeat threats you're not actually facing.

Loading quiz…