Digital Discipline
Digital Discipline[edit]
Introduction[edit]
Digital discipline means forming smart, cautious habits when navigating the internet. This isn’t just about being "tech-savvy" — it’s about self-defense. Bad OPSEC gets people doxed, stalked, hacked, and profiled.
If you post online, engage in activism, participate in drama-heavy communities, or even just want basic privacy — you need to get this stuff right. What you reveal online builds a profile, and once it's out, you can't pull it back in.
⚠️ Common OPSEC Mistakes That Get People Doxed
- Reusing the same username on multiple sites.
- Signing up for anonymous accounts with your main email or phone number.
- Using weak or reused passwords across platforms.
- Posting real photos or personal details (pets, tattoos, car plates, etc.).
- Forgetting that your friends or followers might leak your info.
- Logging into private accounts while connected to your real IP address.
- Keeping metadata in photos (EXIF can reveal GPS location).
- Talking too much — your habits, timezone, slang, and grammar can all identify you.
Digital discipline isn't just tools — it's behavior. Practice silence and separation.
Why This Matters[edit]
Your name, IP address, emails, reused usernames, even slight password reuse — all of it becomes breadcrumbs. Doxing doesn't require "hacking", it just takes sloppy digital hygiene.
Governments, companies, trolls, stalkers, and bots all rely on people giving too much away without realizing it. Digital discipline keeps your personal identity disconnected from your online presence.
About the Author[edit]
This guide was written by Dove.
I come from a background in both tech and business — working across scripting, systems deployment, and OSINT. Alongside that, I’ve had more exposure than I’d like to various online communities, some of which were chaotic, high-risk, and filled with people who learned the hard way what bad OPSEC looks like.
That experience taught me where people slip up, how doxing actually happens, and how digital systems quietly collect everything you don’t actively secure. This guide is built on firsthand exposure, technical insight, and the intent to help others avoid common — and costly — mistakes.
Use what helps, ignore what doesn’t. Just don’t wait until it’s too late to start caring. Dont be "Sad Coz Bad".
Email Hygiene[edit]
Trusted Providers[edit]
Not all email providers are created equal. Most free services (Gmail, Outlook, Yahoo, etc.) scan your messages, sell metadata, and are integrated with surveillance-heavy ecosystems.
There are a few privacy-first providers worth trusting:
- ProtonMail – Swiss-based, open-source, encrypted, supports aliasing, and has a good mobile app.
- Tuta Mail – German-based, zero ads, open-source, and doesn't rely on third-party trackers.
Tips[edit]
- Don’t use your real name when signing up.
- Use different email addresses for different tasks (banking, forums, backups).
- Don’t add a recovery phone number tied to your real identity.
- Turn on 2FA (two-factor authentication) using a TOTP app like Aegis or andOTP.
Example Email Compartmentalization[edit]
Personally, I split my emails like this:
- 1 for professional/work – used with real name, tied to employment and banking.
- 1 for named social media – like Instagram or LinkedIn, with some identity attached.
- 1 for named gaming accounts – Steam, Xbox, etc.
- 1 for each anonymous persona – each alias gets a separate inbox (no cross-contamination).
- Several throwaways – for random signups, one-time use, or shady services.
This compartmentalization means a breach or dox of one address doesn’t expose the rest of your digital life.
Usernames[edit]
One of the easiest ways to get doxed is by using the same username on every platform. Even a variation of your handle can be enough to link accounts.
Do:[edit]
- Use random, unique usernames for each platform.
- Avoid anything tied to your real name, nickname, or birth year.
- Use tools like Namecheckr to check if a handle is used elsewhere.
Don’t:[edit]
- Use the same handle on Discord, Twitter, Telegram, Reddit, and forums.
- Leave breadcrumbs by linking accounts together via bio links, reposts, or shared avatars.
Passwords[edit]
Bad passwords will get you owned. Reused passwords will get you cross-compromised. Even "unique" ones can sometimes be used to fingerprint you if they’ve been seen in a breach.
Bad Examples[edit]
123456
james2002
hunter2
Better Examples[edit]
ScorpionEgg!2951$whiteToad
Best Practice[edit]
- Use a password manager to generate long, random, and unique passwords for every site.
Recommended Password Managers[edit]
- Bitwarden – Cloud-synced, open-source, works across devices, and allows encrypted sharing.
- KeePassXC – Fully offline, stores data locally, ideal for air-gapped or privacy-heavy setups.
Bitwarden Strengths[edit]
- Syncs between devices.
- Browser extension and autofill.
- Easier for beginners.
KeePassXC Strengths[edit]
- Fully offline, no cloud syncing.
- You control where your vault lives.
- Supports YubiKey, TOTP, and custom field types.
Use what suits your risk model — Bitwarden is more convenient, KeePassXC gives you full control.
Bonus Tip: Generate passwords with 20–40 characters. Include symbols, numbers, uppercase, and lowercase. Store recovery codes securely. Back up your vault encrypted.
VPNs and Clicking Links[edit]
Link Safety[edit]
Clicking random links online is one of the fastest ways to get yourself compromised — especially if you're not behind a VPN. Tracking links, IP loggers, malicious redirects, shortened URLs — all of these can reveal your real IP, location, or even deliver malware.
Never click unknown links from strangers, Discord servers, sketchy forums, or unverified emails without precautions.
Why Use a VPN[edit]
Your real IP address is a direct line to your rough location and ISP. Every site you visit logs it. Without a VPN, you're exposing yourself — even if you're using Tor, even if you're using incognito.
Use a VPN at all times. Turn it on when your computer starts. Treat it like pants: if you're online without it, you're basically naked.
VPNs:
- Mask your real IP address.
- Encrypt your traffic from your ISP.
- Help bypass geo-blocks and censorship.
- Make tracking and fingerprinting harder.
Recommended VPNs[edit]
Most VPNs are trash. They lie about "no logs", they sell your traffic, and they're based in countries that will fold the moment they're pressured.
Use One of These:[edit]
- Mullvad – No email required. Pay with Monero, Bitcoin, or cash. Doesn't log. Based in Sweden. Deletes payment history after a short window.
- ProtonVPN – Swiss-based. Transparent. Tied to the same people who made ProtonMail. Also supports anonymous payments.
Avoid These:[edit]
- NordVPN, Surfshark, ExpressVPN – They're owned by sketchy parent companies, based in 5-eyes jurisdictions, and likely to log or hand over data under pressure.
Payment & Privacy[edit]
You can (and should) pay anonymously where possible:
- Use Monero or Bitcoin via a mixing service.
- Mullvad allows literal cash in an envelope with just your account number.
- ProtonVPN supports crypto and doesn’t require real details.
Server Location Strategy[edit]
Where you connect to matters.
- Chile, Iceland, Switzerland – Countries with strong privacy laws and no real alliances with 5-Eyes. Great for keeping your identity safe.
- US, UK, Australia – 5-Eyes countries. Data from these servers can and will be handed over to intelligence agencies if requested.
- Close-by servers – If your only option is a server in your own country, it's still better than no VPN at all. At least it hides your ISP and stops most trackers.
Best practice? Choose a server in a neutral or privacy-friendly country — but close enough to not ruin your speed.
Final Tips[edit]
- Turn your VPN on before opening your browser, Discord, or any apps.
- Never log into a personal account from the same IP you use for an anonymous identity.
- Don’t click suspicious links without first checking them via tools like:
Internet Browsing[edit]
Your browser is one of the biggest privacy and security liabilities you have. It's where tracking, fingerprinting, data harvesting, and identity leaks most often happen.
Using Chrome, Edge, or even regular Firefox is a bad idea. These browsers are:
- Integrated with Google/Microsoft telemetry.
- Constantly leaking metadata and user behavior.
- Designed to “personalize” your experience, which means collecting data on you.
Recommended Browser[edit]
Use LibreWolf — a hardened, fork of Firefox focused on privacy, security, and user control. It disables telemetry, removes pocket/sync features, and comes pre-configured with better defaults.
If you can't use LibreWolf for some reason, Brave is okay — but remember, it's still run by a company, has crypto stuff baked in, and you’re better off with Chromium manually hardened.
Recommended Extensions (For OPSEC)[edit]
Here are the browser extensions I use, and why:
- Chameleon – Spoofs your browser profile (User-Agent, timezone, screen resolution, etc.). Helps defend against fingerprinting.
- Mullvad Browser Extension – Ensures that your browser uses Mullvad’s DNS settings and enforces strict connection rules. Works best alongside Mullvad VPN.
- Privacy Badger – Developed by the EFF. Automatically learns and blocks invisible trackers based on their behavior, not just lists.
- uBlock Origin – Powerful ad and tracker blocker. Lightweight, fast, open-source, and widely trusted.
(These all improve anonymity or reduce fingerprinting.)
Optional Extensions (Not OPSEC-Critical)[edit]
- Dark Reader – Adds dark mode to all websites. Useful for reducing eye strain, but it changes how pages are rendered. Disable during OPSEC-heavy activities to reduce fingerprinting variance.
Final Browser Tips[edit]
- Disable WebRTC – This leaks your IP even with a VPN.
- Disable JavaScript when not needed – Or use a per-site whitelist.
- Use a fresh browser session for each persona – Cookies and sessions can leak cross-context data.
- Never log into a real identity account (e.g., Gmail) from your OPSEC browser.
- Use containers or separate browser profiles for each identity or task.
Browser Hardening Settings[edit]
Even with a good browser like LibreWolf, some manual configuration goes a long way:
Search Engine: Change your default search engine to a privacy-respecting one:
Home Page: Set it to `about:blank` or a minimal local dashboard. No unnecessary external requests.
Do Not Track: Enable “Send websites a ‘Do Not Track’ request.” Not all sites honor it, but it's a good default.
Prevent Accessibility Services: Disable “Allow accessibility services to access your browser.” This prevents external tools from reading your browser state.
Privacy & Security Settings[edit]
Cookies and Site Data:
- Block third-party cookies.
- Enable “Delete cookies and site data when Firefox is closed.”
HTTPS Only Mode: Set this to “Always use HTTPS.”
Permissions: Globally block location, camera, microphone, and notification access unless strictly needed.
Advanced Tweaks (in about:config)[edit]
For advanced users, here are some settings you can change in about:config
to improve privacy and reduce fingerprinting:
media.peerconnection.enabled
– set tofalse
. Disables WebRTC to prevent IP leaks.geo.enabled
– set tofalse
. Disables geolocation.privacy.resistFingerprinting
– set totrue
. Makes your browser present a more generic fingerprint.privacy.firstparty.isolate
– set totrue
. Isolates cookies and cache to the domain level.extensions.pocket.enabled
– set tofalse
. Disables Mozilla's built-in Pocket integration.
Browser hardening reduces how much your environment stands out. Stay minimal, consistent, and deliberate.
Anti-Fingerprint Pro Tips[edit]
- Don’t install too many extensions — ironically, they increase uniqueness.
- Don’t maximize your window — keep it in a non-standard size (fingerprinting includes screen resolution).
- Consider using Tor Browser for extreme cases — but never mix Tor with real identity.
Browser hardening isn't a one-click solution — it's an ongoing process. Test regularly, stay minimal, and isolate everything.