Family Security

First of all, you are not your kids' best friends; you are their protector and last line of defence against all the threat actors lurking in the dark corners of the Internet. Having said that, here is what you will learn in the episode.

1. The Types of Threats Present in Video Games and Online Forums
2. How To Explain Family Security Procedures to Your Spouse
3. How to Talk To Your Kids About Grooming and Extortion
4. Social Media Rules to Have Around the House
5. Maintaining Your Kid's Security While He Plays Online Games
6. Followers Vetting Processes and Second Device Auditing 

Your children and your family's security and privacy are your responsibility. They don't have the ability or capability to do it themselves, and you already know what's out there. Harden Up. 

#Opsec #Security #Family #Home #Veteran

Hosted on Acast. See acast.com/privacy for more information.

Steps to audit your social media exposure:

1. Make a full list of every social-media profile or public/social online account you’ve ever created (active or dormant). Include mainstream platforms and smaller/less-used ones.

2. Visit each account and carefully examine what can be seen publicly: profile pictures, bio information (name, location, birthdate, contact info), past posts, comments, photos, tags, friend lists.

3. Adjust privacy and visibility settings on each account so that only trusted contacts (friends/followers) can see sensitive content. Delete, lock down or hide: personal details, contact info, location data, old posts.

4. Remove or deactivate any accounts you no longer use, or that you don’t want publicly visible. Dormant accounts may still leak personal data.

5. Scan for “people-search” or public-record sites listing you (or old usernames/email) check what information about you is exposed outside social media.

6. Periodically repeat the audit (every 3–6 months) privacy settings and platform defaults can change; content from connections (tags, shares) or old posts may re-expose you.

Hosted on Acast. See acast.com/privacy for more information.

Steps to Harden Your Communications and Services:

1. Switch to encrypted messaging platforms: Replace default SMS/text or unencrypted chat apps with services that provide end-to-end encryption (E2EE) so that only you and the recipient can read your messages.
2. Use secure email services: Choose email providers with strong encryption by default (like Proton Mail or Tuta), and enable encryption features (PGP/automated E2EE) where possible to protect email contents in transit and at rest.
3. Encrypt files before cloud storage: Use cloud services or tools that perform client-side encryption (zero-knowledge encryption) so data is encrypted before it leaves your device, and the provider can’t read it.

Recommended Tools:

1. Encrypted Messengers: apps like Signal, Wire, or Threema that use end-to-end encryption to protect messaging and calls from third-party access.
2. Encrypted Email: providers like Proton Mail, Tuta, or Hushmail that support encryption of email content and attachments.
3. Encrypted Cloud Storage: services that offer client-side encryption (e.g., Proton Drive, Sync.com, or tools that integrate local encryption before upload) to ensure your stored data remains private even from the cloud provider.

Hosted on Acast. See acast.com/privacy for more information.

1. Audit all important accounts (email, banking, cloud storage, social media, password manager) to check whether MFA is supported.

2. For each account, go to the security or login settings and enable MFA. Choose the strongest method the service supports.

3. If using an authenticator app or hardware key, save backup/recovery codes securely (in case you lose your phone or key).

4. For accounts using SMS/email 2FA consider upgrading to a stronger method when available, especially for sensitive accounts.

5. Test the MFA setup by logging out and logging back in to confirm that the second factor works as expected.

Recommended Tools

Authy: a widely used authenticator app that generates time-based codes for TOTP-based MFA.

Proton Authenticator: privacy-focused app for generating MFA codes offline.

YubiKey: a hardware security key providing FIDO2/WebAuthn authentication for the strongest protection.

More At:

https://opsecpodcast.com/

Hosted on Acast. See acast.com/privacy for more information.

Modern financial attacks start with reused passwords, exposed debit cards, unsecured networks, and excessive data leakage.

In this episode of The OPSEC Podcast, we apply the full Covert Protocol framework — Control, Obfuscate, Verify, Encrypt, Reduce, Track — to financial security.

From eliminating debit card exposure and deploying masked credit cards, to removing banking apps from mobile devices and enforcing transaction alerts, this is about tightening control and reducing attack surface.

Audit every account. Limit access. Monitor relentlessly.

Your privacy (and your money) are your responsibility.

#OPSEC #CovertProtocol #FinancialSecurity #OperationalSecurity #PrivacyFirst #DigitalHygiene #ThreatReduction #CyberAwareness #PersonalSecurity #RiskManagement

Hosted on Acast. See acast.com/privacy for more information.

Action 1#: Implement a Password Manager

Recommended tools:

1. Bitwarden: a popular, open-source password manager that supports syncing, autofill, passkeys, and

cross-device use.

2. Proton Pass: a privacy-focused password manager with encryption and strong privacy posture.

3. KeePassXC: an offline/local password manager that stores the vault on your device for maximum

control and minimal external dependencies.

Steps to implement:

1. Pick a password manager tool (see Recommended tools below) and install it on your primary

devices (computer, phone, tablet). Make sure it supports MFA for the vault itself for future

hardening.

2. Create a strong master password/passphrase - this should be long, complex, and unique

(don’t reuse it anywhere).

3. Begin adding your online account credentials to the vault. For each new account: generate a long

random password via the manager, then save it in the vault. For existing accounts: replace weak or

reused passwords with new vault-generated ones.

4. If using a cloud-based manager: set up syncing across devices so you have access on laptop, phone,

etc. If using an offline/local manager: make regular encrypted backups of the vault (e.g. to an

external drive or secure location).

5. From now on, use the vault’s auto-fill or copy/paste feature when logging in, rather than

memorizing or reusing passwords elsewhere.

#OPESCPodcast #CovertProtocol #CyberSec #Intelligence

Hosted on Acast. See acast.com/privacy for more information.

Your phone doesn’t just listen. It watches how you walk. It measures how you move. Not only that, but it predicts your emotional state, loneliness cycles, purchasing intent, and even what you’ll search next, before you search it.

And you’re paying for the privilege.

In this episode of The OPSEC Podcast, Allen and Ahmed break down how modern surveillance works when everyone (from convenience stores to dating apps to foreign intelligence services) is harvesting your data. Not by hacking you, but by exploiting the sensors you voluntarily carry.

You’ll discover:

• How retail stores use enhanced camera networks to track your movement, biometrics, and purchasing behaviour

• Why your phone’s gyroscope, accelerometer, and Bluetooth signals can identify you even if everything else is turned off

• How dating apps use motion-sensor analytics to determine when you're lonely, then target you.

• Why are executives travelling to China with their personal phones are walking SIGINT targets.

• The truth about burner phones, why 99% of people use them wrong, and how surveillance teams detect them instantly.

• Why Europe is sleepwalking into a surveillance state through digital ID, KYC expansion, and anti-encryption laws.

• The hidden danger of bringing compromised devices back into your home network after international travel

• How modern ads appear seconds after conversations,  and why it’s not a coincidence

Privacy isn’t dying, it’s being optimised out of existence.

Your devices broadcast more intel about you than most people will ever realise. And unless you actively shut down those signals, someone is always listening.

Your privacy is your responsibility. Do your due diligence, or accept the consequences.

Hosted on Acast. See acast.com/privacy for more information.

In this episode of The OPSEC Podcast, we break down a hard truth: modern tracking doesn’t require hacking — just proximity. Bluetooth skimmers, RFID harvesters, rogue NFC readers, silent ping collectors… they’re everywhere, especially during the holiday travel boom.

You’ll learn how Faraday sleeves, RFID-blocking wallets, and shielded travel kits shut down these attacks by cutting off the signals entirely. Not with software. Not with “anti-tracking apps.” But with the same electromagnetic isolation techniques used in classified facilities and intelligence operations since the 1940s.

In this episode, you’ll discover:

• How Bluetooth hijacking and RFID skimming actually work (and why tourists are the easiest targets)

• Why your phone still broadcasts identifiers even when it’s “off”

• The difference between consumer-grade Faraday products vs. intelligence-grade shielding

• Why doubling-layer protection (sleeve + wallet, sleeve + bag) mirrors professional tradecraft

• The silent rise of contactless credit card theft in crowded holiday shopping zones

• Why a $10 RFID sleeve can stop a $500 attack before it begins

• The truth about Faraday backpacks, travel organisers, and which brands actually hold up

• How to integrate Faraday protection into daily OPSEC without looking like a tactical wannabe

If intelligence agencies rely on signal isolation to protect classified hardware, identities, and operational assets, why shouldn’t you use the same principles to protect your phone, passport, and money?

Your devices broadcast more about you than you think.

Your security is your responsibility.

Hosted on Acast. See acast.com/privacy for more information.

What you’ll learn:

• The threat model: how e-commerce breaches, merchant telemetry, and secondary data linkages convert routine transactions into persistent identifiers.

• Capability assessment of masked card services: merchant-locking, single-use tokens, disposable virtual cards, and how each mitigates specific attack vectors.

• Operational procedures: safe account linking, rotation of credentials post-link, and handling of recurring payments to deny blindside billing.

• Regional tradecraft: practical alternatives when Privacy.com isn’t available (Revolut, IronVest, Moon/PayWithMoon) and the tradeoffs imposed by KYC/GDPR regimes.

• Rules of engagement: when a masked card improves your security posture — and when it merely shifts trust to another third party.

This episode reads like a field directive: adopt masked payment cards as a standard control for online purchases, instrument them with strict lifecycle management (create → limit → monitor → kill), and treat payment tokens as mission-critical assets.

Practical, repeatable, and defensive — because operational security begins at the point of payment.

Hosted on Acast. See acast.com/privacy for more information.

Now it’s happening again. But this time, they’re buying your VPN companies. Kape Technologies – an Israeli company founded by former adware criminals with ties to Unit 8200 (Israel’s NSA) – quietly bought ExpressVPN in 2021. They also own CyberGhost, PIA, and Zenmate. Plus all the VPN “review” sites that conveniently rank their products at the top.

In this episode of The OPSEC Podcast, you’ll discover:

• Why Chinese VPNs like Turbo VPN are 51% owned by the Communist Party (and why they target American teenagers on TikTok)
• How Russian VPNs like Kaspersky are legally required to give the FSB access to all your traffic
• Why “free VPNs” turn your computer into a botnet zombie (the Hola VPN scandal)
• What VPNs actually do vs. the anonymity BS they claim in their marketing
• The only 3 VPN companies that pass the trust sniff test: ProtonVPN, Mullvad, and NordVPN

A VPN does not equal automatic privacy. It’s outsourcing trust from one party to another. If you take trust from your ISP and give it to a malicious actor, you’re worse off than having no VPN at all.

Free VPNs make YOU the product. Israeli companies inject adware. Chinese companies feed data to the CCP. Russian companies hand everything to the FSB.

Check who owns the VPN – not just where the servers are located. Because if the CIA launched a VPN service promising “guaranteed privacy,” they’d sell exactly zero subscriptions. So why trust companies with the same intelligence agency connections?

Your privacy is your responsibility. Do your due diligence or accept the consequences. 

Hosted on Acast. See acast.com/privacy for more information.

In 2024, one court declared geofence warrants “categorically unconstitutional” mass surveillance. Another court said they’re perfectly legal. When the law can’t agree on what’s legal, you need to take matters into your own hands.

Google Play Services is spyware. It takes over your Android device, harvests all your data, and hands it to law enforcement in dragnet operations. The January 6th investigation proudly used geofencing to track everyone in the area – including innocent bystanders caught in the dragnet who had to defend themselves against crimes they didn’t commit.

In this episode of The OPSEC Podcast, you’ll discover:

•Why GrapheneOS is now 90-95% functional as a daily driver (the excuses are dead)

•How sandboxed Google Play Services gives you control without sacrificing functionality

•The Aurora Store’s tracker-counting feature that exposes which apps are spying on you

•Why airplane mode on stock Android doesn’t actually turn off your cell tower beacon

•The two-factor screen lock that stops you from checking texts while driving (inconvenience as a feature)

If you don’t volunteer the information, they have no right to use it. Stock Android and iOS are designed to make you volunteer everything – your location, your patterns, your entire digital life.

GrapheneOS gives you back control. The flashing process is now stupidly simple. The functionality is there. The only sacrifice is convenience – and convenience is a trap.

Take the leadership role with your family. Build devices for your parents like Alan did. Show them the small differences. Be their tech support. Your care for their privacy is leadership in action.

Remember: Your privacy is your responsibility. Your vulnerabilities are on you too.

Hosted on Acast. See acast.com/privacy for more information.

In the Russia-Ukraine conflict, troops are being hunted down through cell phone signatures. One Ukrainian soldier used Apple’s “Find My Device” to track Russian forces who stole his iPhone and earbuds. They thought they got free electronics – instead, they got a death sentence.

Your daily life is no different. Every app, every search, every conversation near your phone creates a signature that’s being collected, analysed, and monetised.In this episode of The OPSEC Podcast, you’ll discover:

• Why the CIA calls your smartphone “the single best spying device ever invented”
• The 10-step signature reduction (SIGRED) strategy used by offensive cyber operations
• How your car’s “emergency service” is actually a location beacon you can’t control
• Why those “coincidental” ads after private conversations aren’t coincidences at all
• The metadata in your photos reveals everything about your life and location

You’re walking around with multiple tracking beacons in your pocket every single day. Your advertisement ID, GPS location, Wi-Fi connections, and app installations – they all create a signature that follows you everywhere.

Convenience breeds weakness. Every easy login, every auto-connect, every smart device is another way for adversaries to track your patterns and predict your behaviour.

The same signature reduction tactics that keep special forces alive can keep you invisible online. Stop broadcasting your life to corporate surveillance networks. Your signature is your vulnerability – and reducing it is your responsibility. 

Hosted on Acast. See acast.com/privacy for more information.

Companies have created fake rules that 99% of people would reject on a fundamental level: surrender all your personal data or you can’t use our services. But here’s the truth – unless there’s a legal requirement, they don’t need your real information.

In this episode of The OPSEC Podcast, you’ll discover:

1. How to build bulletproof online personas that can’t be traced back to you
2. The 3-4 alias categories that cover all your digital needs (and keep you organized)
3. Why VoIP numbers and masked credit cards are your new best friends
4. How data breaches become learning opportunities instead of disasters
5. The alias isolation techniques that prevent cross-contamination between identities

Your convenience is their profit. Every newsletter signup, fitness tracker, and social media account is feeding a massive surveillance machine designed to strip away your privacy.

Companies monetize your data as the default standard – so make up your own rules. Use AI-generated profiles, government building addresses, and public holiday birthdays. Get creative, have fun, and watch corporate data collectors lose your trail completely.

Remember: We never subscribed to this system where we default give all our data to these companies.

It’s time to go against the grain. Your privacy is your responsibility – and your aliases are your armor.

Hosted on Acast. See acast.com/privacy for more information.

Most people make the same fatal mistake: they use one checking account for everything. Income flows in, bills flow out, debit cards get compromised, and criminals drain everything while you sleep.

In this deep-dive episode of The OPSEC Podcast, you’ll discover:

• Why your “monolith” bank account is a single point of catastrophic failure
• The 5-step OPSEC process applied specifically to your financial accounts
• The “Onion Strategy” – a 5-layer financial structure that isolates and protects your money
• How Privacy.com masked credit cards give you complete control over every purchase
• Why debit cards should never touch the internet (and what to use instead)
• The non-negotiable multi-factor authentication rules for anything touching money

Your current bank setup is probably wrong. One compromised account shouldn’t wipe out your entire financial life, but for most people, that’s exactly what happens.

The criminals are getting smarter, the losses are getting bigger, and nobody’s coming to save you.

Learn the same financial OPSEC strategies that protect intelligence professionals and high-value targets. Because in 2025, everyone with money is a high-value target.

Stop being low-hanging fruit. Your financial survival depends on it.

Hosted on Acast. See acast.com/privacy for more information.

• How fitness trackers turned into enemy intelligence goldmines (the military scrambled to fix this OPSEC disaster)
• The 5-step OPSEC process born from Vietnam War failures that could protect you today
• Why your 5 AM run routine makes you vulnerable to stalkers, thieves, and worse
• The “nobody’s coming to save you” reality of digital privacy (hint: it’s all on you)
• Simple countermeasures that take 5 minutes but could save you thousands

Your smartphone is tracking your every move. Your fitness apps know when you’re home alone. Your daily routines are being sold to data brokers right now. The same OPSEC failures that exposed military secrets are happening in your pocket every day. Don’t let your morning workout become someone else’s intelligence operation. Your patterns are being watched – make sure you’re the one in control.

Remember: Just because you’re paranoid doesn’t mean they’re not after you. 

Hosted on Acast. See acast.com/privacy for more information.

While Alex slept peacefully, a hacker drained his bank accounts, stole his identity, and destroyed his digital life. His crime? Posting a photo of his new iPhone at the Verizon store.

In this inaugural episode of The OPSEC Podcast, you’ll discover:

• The exact 20-minute process hackers use to destroy lives (Alex’s story will shock you)
• The “3 P’s of Privacy” OPSEC framework that could have saved Alex thousands of dollars and months of agony
• Why your smartphone is actually a “sensor suite designed to spy on you”
• The 5-step OPSEC process intelligence professionals use to stay invisible
• Simple OPSEC identity management techniques that make you a “ghost” to bad actors

Your privacy is under constant attack. Every app, every smart device, every social media post creates digital breadcrumbs that criminals follow straight to your bank account.

The good news? The same OPSEC techniques that protect CIA operatives can protect you too. Don’t become the next Alex. Your digital life depends on it.

Hosted on Acast. See acast.com/privacy for more information.