OpSec Basics
OpSec (operational security) is the discipline of not leaking the information that links your identities together. On a pseudonymous forum where reputation has financial value, OpSec leaks compound — a small clue you posted in 2017 might enable a doxxer in 2025.
The compartmentalization principle
Decide which "identities" you operate. For most active forum members:
- Public forum persona — your Bitcointalk username + writing
- Real-name professional identity — LinkedIn, work
- Off-forum casual identity — Twitter, Reddit, hobby communities
- Anonymous research identity — for sensitive topics
Different identities = different email, different password, different writing style, different timing patterns. Don't bridge them.
Common bridging mistakes
Do
- +Use a dedicated browser profile per identity
- +Vary your posting timing — don't always post in the same hour band
- +Use a different password manager vault per identity
- +Strip metadata from images you post (location EXIF data is the #1 leaker)
Don't
- −Mention your real-life location, employer, university, or family
- −Post a photo with identifiable background (a window, a landmark, your reflection in a screen)
- −Use the same writing tics across identities (catchphrases, signature emoji, formatting quirks)
- −Log into your forum account from your employer's network
Image metadata
Phones embed location coordinates, device model, and timestamps in image files. Strip them before posting:
- Use a privacy-aware image processor (ExifTool, Photo Investigator, your phone's "share without metadata")
- Take screenshots of images rather than sharing originals where possible
- Be aware that "reverse image search" can match cropped or recompressed versions
Writing style is identity
Stylometry — the science of identifying authors by writing patterns — is real and effective. Mature LLM-driven tools can link pseudonymous writing across platforms with surprising accuracy.
Defenses:
- Write in distinctly different registers for different identities
- Periodic style audits: "could a tool match my forum posts to my Twitter?"
- Avoid distinctive structural patterns (specific punctuation tics, capitalisation oddities)
Network-level OpSec
- Use a different IP for different identities (Tor browser for sensitive ones)
- Don't access multiple identities in the same browser session
- Be aware of browser fingerprinting (Tor Browser is hardened against it; mainstream browsers leak heavily)
The threat-model question
Decide which threats you're defending against:
- Casual snoopers — basic hygiene defeats them
- Determined doxxers — needs disciplined compartmentalization
- Nation-state level — needs full air-gap + Tor + isolated devices
Most forum users only need to defend against the first two. Don't burn out trying to defeat threats you're not actually facing.