OPSEC: Operations Security, Internet Anonymity and You
Welcome to 1984 and the age of Big Brother.
Any information you desire about yourself or another person is available on the Internet. Most of your basic information like age, gender, race, marital status, astrological sign, political affiliation, education, occupation, relatives and religion are available to anyone with an internet connection. If you search long enough you can find current and previous physical addresses, email accounts, cell phone numbers, blog posts, social networking accounts, blog comments, home phone numbers, political campaign contributions, current salary, lifestyle and other interests.
Are you scared yet?
If not, you should be.
Now, I’m not talking about signing up for one of those sites that promises to search public records and give you a background check on a person for just $2.95, I’m talking about using you favorite search engine and searching for a name. It doesn’t even have to be a full name. First initial, last name is usually good enough. Twitter handles, Facebook profiles, street addresses, home phone numbers will all suffice as well.
What’s so bad about that, you say? It helps you connect with your friends, find lost relatives and stay in touch with co-workers. Well before we get into that, let’s talk a little about Operations Security.
By the Wikipedia definition, Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
A more pertinent definition from the U.S. Marines is:
OPSEC is keeping potential adversaries from discovering critical Department Of Defense information. As the name suggests, it protects US operations – planned, in progress and those completed. Success depends on secrecy and surprise, so the military can accomplish the mission more quickly and with less risk. Enemies of freedom want this information, and they are not just after the military member to get it. They want you, the family member.
In other words, OPSEC is a military term that means “Loose Lips Might Sink Ships” or in other more, Survival Station styled words, “Keep your damned mouth shut.”
So now you’re probably scratching your head wondering what keeping the US Military safe has to do with you and the Internet. Well, if you followed the link from the Marines and read the whole page, you would have seen this little gem at the bottom.
Puzzle Pieces These bits of information may seem insignificant. However, to a trained adversary, they are small pieces of a puzzle that highlight what US forces are doing and planning. Remember, the elements of security and surprise are vital to the accomplishment of US goals and collective DOD personnel protection.
Puzzle pieces are what your Internet activity amounts to. From a tech savvy stalker or a credit collection company to a government agency, everything you do on the Internet is collected, sorted and stored in a database somewhere. Every time you Tweet, update your Facebook profile, log in to Foursquare or post a Craigslist ad, your information goes into a profile database, thanks in part, to your friendly, local search engine, archived FOREVER.
Maybe you’ve heard the stories about collection agencies using social media to track down debtors. Or how about the criminals that rob you when you update your profile and say that you’re out with friends?
When it comes to the Internet, posting private information should be taboo. I grew up in a time before the Internet, a time when people didn’t discuss certain things. It used to be that you didn’t discuss your personal finances, your sexual preferences or your crazy Uncle Harold with anyone that you didn’t consider a “close personal friend.” Telephone numbers and street addresses, hobbies and interests, employers and politics were only discussed on a need-to-know basis. My, how times have changed!
Now we freely give our full first and last name including birthdate to open a Facebook account. We update our employer information what schools we attended, what books we read and what music we listen too. We like political parties, we tweet our locations and we give our private cell phone numbers to stay “connected.” In short, we have become a data mining engineer’s wet dream.
Have you noticed the recent trend to provide your cell phone number for a n SMS text verification? Google’s Gmail started requiring that back in 2009. Sure, it sounds innocent enough, from Google’s help section:
Why Google asks for your phone number
In an effort to protect our users from abuse, we sometimes ask users to verify their identity before they’re able to create or sign into accounts. Requiring proof of identification via phone is an effective way to keep spammers from abusing our systems.
And of course, Google promises “We will never share your number or use it to send you unwanted messages.” Ha! I say that’s a promise that isn’t worth the paper it’s written on. Interestingly enough, Craigslist also started requiring phone verification, not just from new accounts, but accounts that had been active for many years with no history of spamming. Here’s the text of Craigslist’s verification page:
We need you to provide a valid, working phone number so that we can verify your account.
To help enforce our terms of use, craigslist requires an account, verified by phone, for posting in certain categories. Terms of use violations will be subject to account suspension and blacklisting of the phone number used to verify the account. After entering your phone number below, you will receive an automated call or SMS and an authorization code will be provided to you.
Enter this authorization code on the next page, and your account will be verified.
Yeah, when Craigslist says “certain categories,” they mean all of them.
So what’s so bad about providing your real name and birthdate to set up an account? Ask yourself this, knowing how web content can be hacked and identity theft is at an all time high, do you feel safe providing 6 billion people with all your information? Would you be willing to walk around with a sign around your neck listing your name, date of birth, current address, phone number, email address and your employer? I thought not.
The more services like Facebook, Google+, Gmail, YouTube, Craigslist and various other government agencies declare and end to Internet anonymity, the more you need to resist it.
So what can you do? Simple really. Do exactly what the U.S. Military is doing, create an online persona.
Writers have been using pen names or nom de plume for hundreds of years. Whether to hide their identity, distance themselves from their literary works or hide their gender, many famous authors like Mark Twain, Lewis Carroll and J.D. Robb were nothing more than pen names.
All you need to do is come up with a first name, middle name and last name to start. Choose a birthdate somewhere around you own age. Pick a town and a state, then a street in that town and add an address. Sign up for a free email address like Yahoo or Hotmail that doesn’t ask alot of questions or need verification like Gmail does and then you are pretty much set to blog, update your profile, tweet or otherwise raise hell on the Internet with little to worry about.
If you really get stuck on the last part take a look at FakeNameGenerator for some helpful tips. Best of luck in your Internet Anonymity.
