Difference between revisions of "Digital Discipline"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
= Digital Discipline = | = Digital Discipline = | ||
| − | == | + | == Introduction == |
Digital discipline means forming smart, cautious habits when navigating the internet. This isn’t just about being "tech-savvy" — it’s about self-defense. Bad OPSEC gets people doxed, stalked, hacked, and profiled. | Digital discipline means forming smart, cautious habits when navigating the internet. This isn’t just about being "tech-savvy" — it’s about self-defense. Bad OPSEC gets people doxed, stalked, hacked, and profiled. | ||
| Line 30: | Line 30: | ||
Governments, companies, trolls, stalkers, and bots all rely on people giving too much away without realizing it. Digital discipline keeps your personal identity disconnected from your online presence. | Governments, companies, trolls, stalkers, and bots all rely on people giving too much away without realizing it. Digital discipline keeps your personal identity disconnected from your online presence. | ||
| − | == Email == | + | == Email Hygiene == |
| + | |||
| + | === Trusted Providers === | ||
Not all email providers are created equal. Most free services (Gmail, Outlook, Yahoo, etc.) scan your messages, sell metadata, and are integrated with surveillance-heavy ecosystems. | Not all email providers are created equal. Most free services (Gmail, Outlook, Yahoo, etc.) scan your messages, sell metadata, and are integrated with surveillance-heavy ecosystems. | ||
| Line 39: | Line 41: | ||
* [https://app.tuta.com/ Tuta Mail] – German-based, zero ads, open-source, and doesn't rely on third-party trackers. | * [https://app.tuta.com/ Tuta Mail] – German-based, zero ads, open-source, and doesn't rely on third-party trackers. | ||
| − | + | === Tips === | |
| + | |||
* Don’t use your real name when signing up. | * Don’t use your real name when signing up. | ||
* Use different email addresses for different tasks (banking, forums, backups). | * Use different email addresses for different tasks (banking, forums, backups). | ||
* Don’t add a recovery phone number tied to your real identity. | * Don’t add a recovery phone number tied to your real identity. | ||
* Turn on 2FA (two-factor authentication) using a TOTP app like Aegis or andOTP. | * Turn on 2FA (two-factor authentication) using a TOTP app like Aegis or andOTP. | ||
| + | |||
| + | === Example Email Compartmentalization === | ||
Personally, I split my emails like this: | Personally, I split my emails like this: | ||
| Line 59: | Line 64: | ||
One of the easiest ways to get doxed is by using the same username on every platform. Even a variation of your handle can be enough to link accounts. | One of the easiest ways to get doxed is by using the same username on every platform. Even a variation of your handle can be enough to link accounts. | ||
| − | + | === Do: === | |
| + | |||
* Use random, unique usernames for each platform. | * Use random, unique usernames for each platform. | ||
* Avoid anything tied to your real name, nickname, or birth year. | * Avoid anything tied to your real name, nickname, or birth year. | ||
* Use tools like [https://namecheckr.com/ Namecheckr] to check if a handle is used elsewhere. | * Use tools like [https://namecheckr.com/ Namecheckr] to check if a handle is used elsewhere. | ||
| − | + | === Don’t: === | |
| + | |||
* Use the same handle on Discord, Twitter, Telegram, Reddit, and forums. | * Use the same handle on Discord, Twitter, Telegram, Reddit, and forums. | ||
* Leave breadcrumbs by linking accounts together via bio links, reposts, or shared avatars. | * Leave breadcrumbs by linking accounts together via bio links, reposts, or shared avatars. | ||
| Line 72: | Line 79: | ||
Bad passwords will get you owned. Reused passwords will get you cross-compromised. Even "unique" ones can sometimes be used to fingerprint you if they’ve been seen in a breach. | Bad passwords will get you owned. Reused passwords will get you cross-compromised. Even "unique" ones can sometimes be used to fingerprint you if they’ve been seen in a breach. | ||
| − | + | === Bad Examples === | |
| + | |||
* <code>123456</code> | * <code>123456</code> | ||
* <code>james2002</code> | * <code>james2002</code> | ||
* <code>hunter2</code> | * <code>hunter2</code> | ||
| − | + | === Better Examples === | |
| + | |||
* <code>ScorpionEgg!2951$whiteToad</code> | * <code>ScorpionEgg!2951$whiteToad</code> | ||
| − | + | === Best Practice === | |
| − | * | + | |
| + | * Use a password manager to generate long, random, and unique passwords for every site. | ||
== Recommended Password Managers == | == Recommended Password Managers == | ||
| Line 88: | Line 98: | ||
* [https://keepassxc.org/ KeePassXC] – Fully offline, stores data locally, ideal for air-gapped or privacy-heavy setups. | * [https://keepassxc.org/ KeePassXC] – Fully offline, stores data locally, ideal for air-gapped or privacy-heavy setups. | ||
| − | + | === Bitwarden Strengths === | |
| + | |||
* Syncs between devices. | * Syncs between devices. | ||
* Browser extension and autofill. | * Browser extension and autofill. | ||
* Easier for beginners. | * Easier for beginners. | ||
| − | + | === KeePassXC Strengths === | |
| + | |||
* Fully offline, no cloud syncing. | * Fully offline, no cloud syncing. | ||
* You control where your vault lives. | * You control where your vault lives. | ||
| Line 104: | Line 116: | ||
== VPNs and Clicking Links == | == VPNs and Clicking Links == | ||
| + | |||
| + | === Link Safety === | ||
Clicking random links online is one of the fastest ways to get yourself compromised — especially if you're not behind a VPN. Tracking links, IP loggers, malicious redirects, shortened URLs — all of these can reveal your real IP, location, or even deliver malware. | Clicking random links online is one of the fastest ways to get yourself compromised — especially if you're not behind a VPN. Tracking links, IP loggers, malicious redirects, shortened URLs — all of these can reveal your real IP, location, or even deliver malware. | ||
| Line 109: | Line 123: | ||
'''Never click unknown links''' from strangers, Discord servers, sketchy forums, or unverified emails without precautions. | '''Never click unknown links''' from strangers, Discord servers, sketchy forums, or unverified emails without precautions. | ||
| − | == Why Use a VPN == | + | === Why Use a VPN === |
Your real IP address is a direct line to your rough location and ISP. Every site you visit logs it. Without a VPN, you're exposing yourself — even if you're using Tor, even if you're using incognito. | Your real IP address is a direct line to your rough location and ISP. Every site you visit logs it. Without a VPN, you're exposing yourself — even if you're using Tor, even if you're using incognito. | ||
| Line 125: | Line 139: | ||
Most VPNs are trash. They lie about "no logs", they sell your traffic, and they're based in countries that will fold the moment they're pressured. | Most VPNs are trash. They lie about "no logs", they sell your traffic, and they're based in countries that will fold the moment they're pressured. | ||
| − | + | === Use One of These: === | |
| + | |||
* [https://mullvad.net/ Mullvad] – No email required. Pay with Monero, Bitcoin, or cash. Doesn't log. Based in Sweden. Deletes payment history after a short window. | * [https://mullvad.net/ Mullvad] – No email required. Pay with Monero, Bitcoin, or cash. Doesn't log. Based in Sweden. Deletes payment history after a short window. | ||
* [https://protonvpn.com/ ProtonVPN] – Swiss-based. Transparent. Tied to the same people who made ProtonMail. Also supports anonymous payments. | * [https://protonvpn.com/ ProtonVPN] – Swiss-based. Transparent. Tied to the same people who made ProtonMail. Also supports anonymous payments. | ||
| − | + | === Avoid These: === | |
| + | |||
* NordVPN, Surfshark, ExpressVPN – They're owned by sketchy parent companies, based in 5-eyes jurisdictions, and likely to log or hand over data under pressure. | * NordVPN, Surfshark, ExpressVPN – They're owned by sketchy parent companies, based in 5-eyes jurisdictions, and likely to log or hand over data under pressure. | ||
| Line 135: | Line 151: | ||
You can (and should) pay anonymously where possible: | You can (and should) pay anonymously where possible: | ||
| + | |||
* Use Monero or Bitcoin via a mixing service. | * Use Monero or Bitcoin via a mixing service. | ||
* Mullvad allows literal cash in an envelope with just your account number. | * Mullvad allows literal cash in an envelope with just your account number. | ||
| Line 150: | Line 167: | ||
== Final Tips == | == Final Tips == | ||
| + | |||
* Turn your VPN on before opening your browser, Discord, or any apps. | * Turn your VPN on before opening your browser, Discord, or any apps. | ||
* Never log into a personal account from the same IP you use for an anonymous identity. | * Never log into a personal account from the same IP you use for an anonymous identity. | ||
Revision as of 10:29, 21 April 2025
Digital Discipline
Introduction
Digital discipline means forming smart, cautious habits when navigating the internet. This isn’t just about being "tech-savvy" — it’s about self-defense. Bad OPSEC gets people doxed, stalked, hacked, and profiled.
If you post online, engage in activism, participate in drama-heavy communities, or even just want basic privacy — you need to get this stuff right. What you reveal online builds a profile, and once it's out, you can't pull it back in.
⚠️ Common OPSEC Mistakes That Get People Doxed
- Reusing the same username on multiple sites.
- Signing up for anonymous accounts with your main email or phone number.
- Using weak or reused passwords across platforms.
- Posting real photos or personal details (pets, tattoos, car plates, etc.).
- Forgetting that your friends or followers might leak your info.
- Logging into private accounts while connected to your real IP address.
- Keeping metadata in photos (EXIF can reveal GPS location).
- Talking too much — your habits, timezone, slang, and grammar can all identify you.
Digital discipline isn't just tools — it's behavior. Practice silence and separation.
Why This Matters
Your name, IP address, emails, reused usernames, even slight password reuse — all of it becomes breadcrumbs. Doxing doesn't require "hacking", it just takes sloppy digital hygiene.
Governments, companies, trolls, stalkers, and bots all rely on people giving too much away without realizing it. Digital discipline keeps your personal identity disconnected from your online presence.
Email Hygiene
Trusted Providers
Not all email providers are created equal. Most free services (Gmail, Outlook, Yahoo, etc.) scan your messages, sell metadata, and are integrated with surveillance-heavy ecosystems.
There are a few privacy-first providers worth trusting:
- ProtonMail – Swiss-based, open-source, encrypted, supports aliasing, and has a good mobile app.
- Tuta Mail – German-based, zero ads, open-source, and doesn't rely on third-party trackers.
Tips
- Don’t use your real name when signing up.
- Use different email addresses for different tasks (banking, forums, backups).
- Don’t add a recovery phone number tied to your real identity.
- Turn on 2FA (two-factor authentication) using a TOTP app like Aegis or andOTP.
Example Email Compartmentalization
Personally, I split my emails like this:
- 1 for professional/work – used with real name, tied to employment and banking.
- 1 for named social media – like Instagram or LinkedIn, with some identity attached.
- 1 for named gaming accounts – Steam, Xbox, etc.
- 1 for each anonymous persona – each alias gets a separate inbox (no cross-contamination).
- Several throwaways – for random signups, one-time use, or shady services.
This compartmentalization means a breach or dox of one address doesn’t expose the rest of your digital life.
Usernames
One of the easiest ways to get doxed is by using the same username on every platform. Even a variation of your handle can be enough to link accounts.
Do:
- Use random, unique usernames for each platform.
- Avoid anything tied to your real name, nickname, or birth year.
- Use tools like Namecheckr to check if a handle is used elsewhere.
Don’t:
- Use the same handle on Discord, Twitter, Telegram, Reddit, and forums.
- Leave breadcrumbs by linking accounts together via bio links, reposts, or shared avatars.
Passwords
Bad passwords will get you owned. Reused passwords will get you cross-compromised. Even "unique" ones can sometimes be used to fingerprint you if they’ve been seen in a breach.
Bad Examples
123456james2002hunter2
Better Examples
ScorpionEgg!2951$whiteToad
Best Practice
- Use a password manager to generate long, random, and unique passwords for every site.
Recommended Password Managers
- Bitwarden – Cloud-synced, open-source, works across devices, and allows encrypted sharing.
- KeePassXC – Fully offline, stores data locally, ideal for air-gapped or privacy-heavy setups.
Bitwarden Strengths
- Syncs between devices.
- Browser extension and autofill.
- Easier for beginners.
KeePassXC Strengths
- Fully offline, no cloud syncing.
- You control where your vault lives.
- Supports YubiKey, TOTP, and custom field types.
Use what suits your risk model — Bitwarden is more convenient, KeePassXC gives you full control.
Bonus Tip: Generate passwords with 20–40 characters. Include symbols, numbers, uppercase, and lowercase. Store recovery codes securely. Back up your vault encrypted.
VPNs and Clicking Links
Link Safety
Clicking random links online is one of the fastest ways to get yourself compromised — especially if you're not behind a VPN. Tracking links, IP loggers, malicious redirects, shortened URLs — all of these can reveal your real IP, location, or even deliver malware.
Never click unknown links from strangers, Discord servers, sketchy forums, or unverified emails without precautions.
Why Use a VPN
Your real IP address is a direct line to your rough location and ISP. Every site you visit logs it. Without a VPN, you're exposing yourself — even if you're using Tor, even if you're using incognito.
Use a VPN at all times. Turn it on when your computer starts. Treat it like pants: if you're online without it, you're basically naked.
VPNs:
- Mask your real IP address.
- Encrypt your traffic from your ISP.
- Help bypass geo-blocks and censorship.
- Make tracking and fingerprinting harder.
Recommended VPNs
Most VPNs are trash. They lie about "no logs", they sell your traffic, and they're based in countries that will fold the moment they're pressured.
Use One of These:
- Mullvad – No email required. Pay with Monero, Bitcoin, or cash. Doesn't log. Based in Sweden. Deletes payment history after a short window.
- ProtonVPN – Swiss-based. Transparent. Tied to the same people who made ProtonMail. Also supports anonymous payments.
Avoid These:
- NordVPN, Surfshark, ExpressVPN – They're owned by sketchy parent companies, based in 5-eyes jurisdictions, and likely to log or hand over data under pressure.
Payment & Privacy
You can (and should) pay anonymously where possible:
- Use Monero or Bitcoin via a mixing service.
- Mullvad allows literal cash in an envelope with just your account number.
- ProtonVPN supports crypto and doesn’t require real details.
Server Location Strategy
Where you connect to matters.
- Chile, Iceland, Switzerland – Countries with strong privacy laws and no real alliances with 5-Eyes. Great for keeping your identity safe.
- US, UK, Australia – 5-Eyes countries. Data from these servers can and will be handed over to intelligence agencies if requested.
- Close-by servers – If your only option is a server in your own country, it's still better than no VPN at all. At least it hides your ISP and stops most trackers.
Best practice? Choose a server in a neutral or privacy-friendly country — but close enough to not ruin your speed.
Final Tips
- Turn your VPN on before opening your browser, Discord, or any apps.
- Never log into a personal account from the same IP you use for an anonymous identity.
- Don’t click suspicious links without first checking them via tools like: