Civil disobedience is only celebrated when it's old enough to be in a textbook.

#OPSEC365 055/365 Your family members mention you online without thinking. Mom's birthday post with your full name and age, your sibling's throwback photo from the house you grew up in, your spouse's check-in at the restaurant where you're celebrating your anniversary. Each one leaks information you might prefer stayed private. Have a conversation with close family about what you'd rather they didn't post. This isn't about controlling family, it's about asking for consideration. Most people will honor reasonable requests if you explain why it matters. A simple ask like avoiding location tags or using nicknames instead of full names goes a long way without damaging relationships.

#OPSEC365 054/365 Surveillance teams work in cycles: Stakeout, Pick-Up, Follow, Housing. Understanding how pro foot monitoring operates is the foundation of detecting it. The team boxes the target in Stakeout. The trigger gives warning of movement. The Pick-Up establishes the follow. Housing is when the target stops. This cycle repeats all day. To detect foot surveillance, vary your departure time and route. Surveillance teams stakeout from fixed trigger positions near your home or office - parked vehicles, cafe windows, bus shelters. Jenkins notes: operators get bored and co-locate.

Every "Monero can't scale" argument from 2018 aged like milk after Bulletproofs++ went live.

#OPSEC365 052/365 Your email address reveals more than you think. [email protected] confirms your employer. A birth year in an address tells your age. College emails persist in breach databases long after graduation. HaveIBeenPwned indexes over 14 billion breached accounts—your old address is almost certainly in one. An email address is a key. Most people hand out copies to anyone who asks. Compartmentalize by purpose: professional email for work, a separate address for accounts you don't trust, and a private address only trusted contacts know. SimpleLogin and AnonAddy generate per-service aliases (e.g., [email protected]) forward to your real inbox.

Return-to-libc attacks when stack protection made shellcode harder. "Return-to-libc attacks allow code execution without injecting any code onto the stack." - 𝗕𝘆𝗽𝗮𝘀𝘀𝗶𝗻𝗴 𝗦𝘁𝗮𝗰𝗸𝗚𝘂𝗮𝗿𝗱 𝗮𝗻𝗱 𝗦𝘁𝗮𝗰𝗸𝗦𝗵𝗶𝗲𝗹𝗱 by Bulba and Kil3r (2000) https://phrack.org/issues/56/5.html

#OPSEC365 053/365 A USB drive left in a parking lot is not a lucky find. Security researchers have demonstrated that most people who find USB drives will plug them into their computers to see what's on them. This is how malware gets distributed, how networks get breached, and how curiosity becomes compromise. Treat unknown USB drives like you'd treat a syringe you found on the ground. This attack has a name: USB drop. Companies use it in penetration testing because it works so well. If you absolutely must examine a found drive, do it on an air-gapped machine with no network access and nothing you care about on the disk. Better yet, just don't.

#OPSEC365 051/365 Voter registration records are public in most states. Your full name, home address, party affiliation, and voting history are available to political campaigns, researchers, journalists, and data brokers. Some states publish this online for free. Others sell it in bulk. Voter registration data is public record in most states. Name, address, party, and voting history — available to campaigns, researchers, and anyone else who asks. Some states let you request confidentiality if you have a noted threat, but most don't. Address Confidentiality Programs exist for survivors of domestic violence. For everyone else, the best you can do is use a PO Box where allowed and know your registration is public regardless.

#OPSEC365 050/365 Your car's infotainment system remembers everywhere you've been. Navigation history, paired phone contacts, call logs, text messages if connected via Bluetooth. Rental cars retain previous drivers' data. Used cars come with the previous owner's information. And when you sell or return your car, your data stays behind. Factory reset your infotainment system before selling, trading, or returning a vehicle. Every car handles this differently, but look for Reset or Factory Defaults in the settings menu. Don't just delete your phone from paired devices, wipe the entire system. For rental cars, avoid pairing your phone at all or use a clean burner phone for navigation instead.

HSBC's own ad copy explains exactly why Monero needs to exist when someone controls your finances, they control you, and the only money that can't be controlled, frozen, or surveilled is the money they're trying to ban.

#OPSEC365 049/365 Every call you make is logged: number dialed, duration, cell tower, timestamp. Under Smith v. Maryland (1979), you have no Fourth Amendment protection over records you give a third party — including your carrier. A subpoena is all it takes. No warrant. No notification. The DEA calls toll records the backbone of phone-based cases. Contact patterns matter as much as content. Who you called, how often, and from tower builds an investigative map without a single intercepted word. Investigators work call logs before seeking wiretaps.