Tag: OPSEC

No, I still won’t accept your LinkedIn invitation.

No, I still won’t accept your LinkedIn invitation.

I made the above statement on LinkedIn once my invitation queue hit 40, and you could say it went a bit viral. That wasn’t surprising, but what was surprising was the reaction from some people who (based on their job titles) were either in tech or even in cybersecurity.

43 and counting…

LinkedIn IS used for recon. It is used for phishing. It is used for creating sockpuppets and spreading fake networks. Accounts are taken over, ransomed, or otherwise used to further malicious intent. All of this is well-known and easily verifiable with a quick search.

Yet these professionals essentially all get stuck on “if your profile is public (even partly), then not accepting invites doesn’t increase your OPSEC.”

My brother in Christ, OPSEC is not a constant state, is it the end-all-be-all. If nothing else, I don’t want to be the guy who accepted the shady invitation from an account that was later used to contact and phish our CEO.

On top of everything, since I published that original post, we’ve learned that Topline has basically scraped all LinkedIn user data (or repackaged a lot of older scraped data) and is using it to sell their service. In October, LinkedIn also sued ProAPI for scraping legitimate data through more than a million fake accounts.

So once again, I’ll remind everyone: everything you do on LinkedIn publicly will get scraped. Everything you do on LinkedIn privately will get used to train their AI LLM.

LinkedIn is brainrot, and joke’s on me for having a profile. The only winning move is not to play.

Everyman’s Cyber Defence

Everyman’s Cyber Defence

The following is my translation of “Jokamiehen kyberpuolustus”, Everyman’s Cyber Defence, a short snippet from publicly available document #kyberpuolustus : kyberkäsikirja Puolustusvoimien henkilöstölle (2019) by Laari, Flyktman, Härmä, Timonen and Tuovinen. Source material is encrypted in Finnish and free to download from National Defence University of Finland’s website. I intend no copyright infringement and share this as cyber security awareness material for public interest.

Continue reading “Everyman’s Cyber Defence”

How to Setup LinkedIn for Better Privacy and OPSEC

How to Setup LinkedIn for Better Privacy and OPSEC

NOTE: Due to changes in LinkedIn features, privacy settings, and their policies in general, this guide is now mostly outdated. A more up to date article can be found on F-Secure’s site: https://www.f-secure.com/en/articles/is-linkedin-safe-how-to-spot-fake-profiles-and-secure-your-account 

When it comes to privacy and social media platforms, LinkedIn is the necessary evil we have to put up with. While it’s a no-brainer to delete your Facebook account, but as so much of job recruitment revolves around LinkedIn, it’s a lot harder to severe ties with it. Many companies don’t even post their career opportunities anywhere else than on LinkedIn, and prefer applications that come directly through the platform. It’s also a great tool for headhunters to find suitable candidates.

So let’s assume you have a LinkedIn profile, you want to build up your online resume and personal brand, and want to be able to jump on an opportunity if it presents itself. However, you can accomplish all that without revealing every aspect of your professional self for the whole world to see by default. Let’s start of with LinkedIn settings and then move on to behavior on the platform, and other tips.

Continue reading “How to Setup LinkedIn for Better Privacy and OPSEC”

The Best Online Privacy Guides (updated July 2022)

The Best Online Privacy Guides (updated July 2022)

This is a collection of the best, most reputable and generally most acknowledged online privacy guides on the web. The list is updated frequently.

Links are sorted in alphabetical order to avoid any biases, and each of them contains a short snippet quoted from the respective sites. I have not and will not add privacy guides that are created by VPN “review” sites or other such entities that create content just to spam it with affiliate links.

I dare to say that these guides together cover all the bases when it comes to the best privacy practices, OPSEC, and basic online anonymity – even for the advanced users. However, if you think I’m missing a guide, please leave a comment below and I’ll happily review and possibly add it to the list, thank you.

Continue reading “The Best Online Privacy Guides (updated July 2022)”

Controlled Identity Exposure as a Doxxing Countermeasure

Controlled Identity Exposure as a Doxxing Countermeasure

Usually when talking about personal data in the context of increasing (online) privacy, the discussion is revolving around either one or two of the following subjects:

  1. Removing as much of your data as possible
  2. Populating data about you with disinformation

What I see talked about less (or barely at all) is the active management of your online data and the controlled method of data disclosure. Maybe some dismiss this as a no-brainer, but in my opinion there’s some easy and powerful wins to be gained by giving this third subject the attention it deserves.

Continue reading “Controlled Identity Exposure as a Doxxing Countermeasure”

10 OPSEC Tips That Everyone Should Follow

10 OPSEC Tips That Everyone Should Follow

Following in the footsteps of two great guides, “10 Commandments for a Safer Internet” and “0x0A Hack Commandments”, I was inspired to give something back to the community. For the average Joe, operational security – or OPSEC for short – is basically just about risk management through identifying specific pieces of information requiring protection, and employing measures to protect them. Sounds intimidating? Don’t worry, because you’re already doing it.

Continue reading “10 OPSEC Tips That Everyone Should Follow”