#OPSEC365 010/365 Your phone logs every call you make, every text you send, and the duration of each conversation. Even with encrypted messaging, your carrier knows who you contacted, when, and for how long. Pull up your call history and imagine someone trying to map your relationships based purely on who you talk to and how often. The connections are already logged. Content can be encrypted, but metadata often can't. Who you call, when, and how often creates a pattern that reveals relationships, habits, and associations without anyone reading a single message. The structure of your communications tells its own story.

Anon, Feds hate you, it's not just a meme. 𝗔𝗹𝗶𝗰𝗲 𝗠𝗮𝗿𝗶𝗲 𝗝𝗼𝗵𝗻𝘀𝗼𝗻 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 + 𝟮𝟱 𝘆𝗲𝗮𝗿𝘀 Relaying phone messages in a cocaine conspiracy. First arrest ever. 𝗪𝗲𝗹𝗱𝗼𝗻 𝗔𝗻𝗴𝗲𝗹𝗼𝘀 | 𝟱𝟱 𝘆𝗲𝗮𝗿𝘀 Three sales of $350 worth of marijuana with an alleged ankle holster. No prior record. 𝗗𝗶𝗰𝗸𝘆 𝗝𝗼𝗲 𝗝𝗮𝗰𝗸𝘀𝗼𝗻 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 Transported meth on his truck route to pay for his dying toddler's $250,000 bone marrow transplant after insurance dropped them. 𝗚𝗲𝗼𝗿𝗴𝗲 𝗠𝗮𝗿𝘁𝗼𝗿𝗮𝗻𝗼 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 Pleaded guilty to drug charges expecting 40-54 months per the prosecution's own recommendation. The judge gave him the maximum to pressure him into snitching on the Philly mob. 𝗧𝗶𝗺𝗼𝘁𝗵𝘆 𝗧𝘆𝗹𝗲𝗿 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲Mailed LSD to a Grateful Dead concert friend. Two prior nonviolent drug offenses triggered the federal three-strikes provision. 𝗙𝗮𝘁𝗲 𝗪𝗶𝗻𝘀𝗹𝗼𝘄 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 Acted as a $5 middleman in a $20 crack sale to an undercover cop in Shreveport, Louisiana. 𝗖𝗼𝗿𝘃𝗮𝗶𝗻 𝗖𝗼𝗼𝗽𝗲𝗿 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 Federal marijuana conspiracy. Never touched the product, no violence. Sentenced under the federal three-strikes drug law. 𝗣𝗮𝘁𝗿𝗶𝗰𝗸 𝗠𝗮𝘁𝘁𝗵𝗲𝘄𝘀 | 𝗟𝗶𝗳𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗽𝗮𝗿𝗼𝗹𝗲 Stole tools from a shed in Slidell, Louisiana. Enhanced by prior nonviolent convictions under habitual offender laws.

SSL/TLS ecosystem analysis showing pervasive implementation failures. "We systematize knowledge about SSL/TLS and present a comprehensive analysis of its security." - 𝗦𝗼𝗞: 𝗦𝗦𝗟 𝗮𝗻𝗱 𝗛𝗧𝗧𝗣𝗦: 𝗥𝗲𝘃𝗶𝘀𝗶𝘁𝗶𝗻𝗴 𝗽𝗮𝘀𝘁 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗮𝗻𝗱 𝗲𝘃𝗮𝗹𝘂𝗮𝘁𝗶𝗻𝗴 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝘁𝗿𝘂𝘀𝘁 𝗺𝗼𝗱𝗲𝗹 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁𝘀 by Jeremy Clark and Paul C. van Oorschot (2013) https://www.ieee-security.org/TC/SP2013/papers/4977a511.pdf

#OPSEC365 009/365 Your trash tells a story about you every week. Prescription bottles with your name and medications, bank statements with account numbers, shipping labels with your address, and receipts that show where you shop and what you buy. Anyone willing to go through your garbage can build a detailed profile without breaking any laws. Before your next trash day, look through what you're throwing out and see what you'd learn about yourself. A cross-cut shredder handles paper, but don't forget about labels on packaging and prescription bottles. Peel them off, shred them, or black them out with a marker before they go in the bin. The few seconds it takes is cheaper than the identity theft it prevents.

Medieval peasants kept more of their harvest than you keep of your paycheck.

Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert after community outrage. Unpaid compliance simp. https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/

Motorola is building a phone specifically for GrapheneOS. The Pixel monopoly on mobile privacy is over. https://youtu.be/Y5GrbhB2HHQ

#OPSEC365 008/365 Everyone has an adversary, whether they realize it or not. It might be an ex who won't let go, a competitor digging for leverage, a scammer building a target list, or a future employer searching your name. The question isn't whether someone wants information about you, it's who and why. Write down the three most likely people or groups who might want to know more about you than you'd want them to. Your adversary determines your threat model, and your threat model determines what precautions make sense.

The White House app ships with a sanctioned Chinese tracking SDK, the FBI app serves ads, and FEMA wants 28 permissions to show you weather alerts. https://www.sambent.com/the-white-house-app-has-huawei-spyware-and-an-ice-tip-line

Monero devs have never once suggested building backdoors for law enforcement, Zcash's founder suggested it publicly then asked you to memory-hole his own words.

#OPSEC365 007/365 Security questions aren't secure. They're public records and social media trivia. Your mother's maiden name is on genealogy sites. Your first pet's name is in a Facebook post from 2012. Your high school mascot is one Google search away. Anyone doing basic research on you can answer these questions as easily as you can. Go check what security questions protect your most important accounts and ask yourself who else could answer them. Treat security questions like additional passwords. Give false answers that only you would know, store them in a password manager, and never use real information that could be researched. Mother's maiden name can be a random phrase if you remember to save it.

#OPSEC365 006/365 Posting vacation photos while you're still on vacation tells everyone exactly when your home is unoccupied. The timestamp, the location tag, and the caption all confirm you're hundreds of miles away and won't be back for days. Save the photos. Post them when you're home. See if you can resist the urge to broadcast your absence in real time. If you have to post during travel, strip location data and avoid revealing details that pin down your specific location or how long you'll be gone. General photos without landmarks are harder to geolocate than a poolside shot with a resort logo visible in the background.

> builds a GRUB replacement in 2016 > spends 5 years breaking GRUB piece by piece > strips LUKS encryption from /boot "for security" > proposes to remove: btrfs, xfs, zfs > keeps SquashFS, two CVEs, one rated 7.8 HIGH > controls the signing keys for all of it > Canonical promoted him. https://www.sambent.com/canonicals-grub-saboteur-has-a-10-year-plan

If you have to ask permission it was never a right in the first place, it was a privilege they can revoke.