OpSec, or Operational Security, is the risk management plan used by agencies and companies in order to assess how much danger an action is in relation to providing knowledge about oneself to your enemies. Unfortunately as zoos we have many of those, people who wrongfully see us as abusers who need to be found and exposed by any means necessary. We should try to view ourselves on the same levels spies view themselves when conducting covert missions, since even if our lives aren't at danger to the same extent as theirs our freedom, happiness and the safety of our partners are risk if we don't properly protect against those trying to find us.
Risk Reward Structure and C.I.A. >
OpSec isn't about right or wrong decisions but about understanding the risk associated with the things we do on a day to day basis, and what reward that would have, if any, if we do so. If we choose to do something, we should educate ourselves on the likely consequences of taking that action in order to navigate a world which is often hostile to us. The only time you truly fail at OpSec is when we aren't aware of the facts required to properly predict an outcome we were not ready for and regret the decisions we made after the fact. Think of a Pro and Con chart, as someone practicing OpSec you should challenge yourself to extrapolate the hypothetical scenario beyond what is obvious into many different possibilities regardless of how minor they may be so you can categorize risk factors on that figurative chart. What potential threats are you willing to expose yourself to in order to participate in a community and activism?
There is a concept that is popular in the realm of security known as C.I.A (not the one you are thinking of). It stands for Confidentiality, Integrity and Availability. This acronym is used to assess the security of a piece of data or service, helping security experts to contextualize and prioritize what matters most to them. Confidentiality refers to how secret or secure the subject matter is which often refers to encryption methods and lines of communication. You want to make sure the only people who have access to something are only the people who are supposed to. Integrity refers to making sure that data that is being received has not been altered and is truly from a trusted source. Availability refers to making sure the data or service is accessible to the people who need to get to it. You'd think all those things sound great and would obviously be priorities when trying to communicate online but in practice they don't always play nice with eachother. A high Confidentiality "score" would likely mean Availability would be lower, since the controls used to help keep people who aren't supposed to get to data away will also negatively affect the users who ARE supposed to get to the data. Much like the Risk Reward Structure, C.I.A. is a balancing act to try to get the best mix of all three and accepting the risk associated with lowering the "score" of one of the letters to make another one better. We can apply this concept to how we practice OpSec to understand that hyper-secure OpSec can often come with issues when trying to connect with others online safely.
7 levels of OpSec >
We'd like to provide you a seven point scale that helps you have an idea of where you stand in your OpSec positioning. The higher the number, the high sensitivity to sharing data you have with others.
(1) I don't practice OPSEC at all. I want the entire world to know my address, name, and employer so that I can be mailed threats regularly!
(2) I've got the same online accounts for everything, I share photos and things that could easily be used to identify me in public places. I'm not exactly advertising where I live, but anyone who can read or look at a picture could probably figure it out.
(3) The bare minimum is good enough for me, I don't share anything that could place my real identity or location, but I don't bother with multiple identities or anything, that's way too much work!
(4) I'm very moderate in my OPSEC practices. Maybe I use a seperate identity, but my hygiene between my identities isn't perfect, and I don't obsessively cover my tracks. If someone had a lot of time they might be able to draw some conclusions about my other dealings.
(5) My OPSEC practices are a bit above average. Images I share are sanitized of metadata, and I share extremely little about my personal life. I keep a very, very close eye on my paper trail.
(6) My separate online identities are tidy, or there is basically nothing that exists about my personal life online. I intentionally mislead, and I adopt different writing styles between identities; I'd like to see someone try to figure out who I am!
(7) I'm a ghost; a government spy agency couldn't figure out who I am. I'm not on the internet, don't ask how I'm even answering these right now.
As you can see, the far ends of the scale tend to be unreasonable to aim for and come with negative consquences. One should NEVER be a (1) in OpSec but a (7) will make you a hermit. Figure out what number you are and think about what number fits best for you with your current goals of privacy in mind.
Personally identifiable information (PII) >
Now that we understand the idea of the pros and cons of different styles of community engagement, we can move onto the consequences of having a lower OpSec in practice. Every piece of data we put out into the world is another piece of the puzzle others can use to profile us and identify us. The more open you are, the more the internet knows about you; and the internet never forgets. It's best to internalize the idea that any information you share with anyone else no longer belongs to you once that occurs, you no longer have exclusive control over who knows that fact. That picture of a mushroom you shared while on a hike might end up in the hands of someone who wishes you harm and also happens to be a biologist who specializes in mushrooms, and can identify what specific region of the world that picture was taken.
Personally identifiable information, or PII, is a term used for any sort of information which might be able to distinguish you from others, in the most general sense. The definition of this can vary, but this can take the form of anything from a particular favorite food to when you make your daily commute, or even what your legal name is. Learning to identify potential PII that you share is critical to being able to enact any sort of OpSec in practice, as it will be hard to assess and mitigate risk if you don't know what you might be at risk of in the first place. Not all PII is inherently a direct risk to share, but the more that you share with others, the more pieces of information that others have to associate with your identity, or to potentially suss out other identities of yours.
The process of identifying PII is less of an exact science as it is a skill to practice. It's a process of trying to stand in the shoes of another looking at something you share, like a post on Twitter, and asking "What pieces of information does this post contain? Are those bits of info things that other people have in common? How many people have that in common?" This information may not be something directly about you, but may tell something about your career, your commuting habits, your location/region, your friends, when you come online every day, or even your identity that might be something that can add up toward uniquely identifying you. Assess the risk associated with sharing information when you plan to and try to limit the exposure to the public when doing it. If you want someone to see a picture and you trust them, direct message it instead of putting it on Twitter or a chat room.
Attack Surface and Correlating Data >
Each piece of information that has been shared about us is part of our "Attack Surface", which refers to how wide the knowledge profile about our online personas are. Any specific fact in our array of information could be the vector which allows someone to identify us. Beyond that, our array often works together as information grows, facts combining and working in tandem to paint a clearer picture as more detail comes in. This is called "Correlating Data", as small information you might not think is important compounds into inferring more about you than you thought possible. If you were lost in a forest, one would only need small bits of data from three different locations to be able to triangulate your position and know exactly where you are, whereas only getting that data from one of those locations would be mostly useless. As we make friends publicly and live our lives, we tend to let these little bits of data slip through passively. It's important to try not to volunteer as much as possible since you are already passively leaking data the more you participate.
Let's use some real world examples. One of our writers, Fawnly, is going to volunteer some information about themselves. Fawnly works within the IT job sector. Saying that alone makes Fawnly's attack surface much wider and narrows the scope on who they could be since it implies a lot about Fawnly beyond simply what they do for work. Out of the billions of people Fawnly could have been, Fawnlyis likely down to double digit millions if not lower. Fawnly am willing to accept this risk since Fawnly already known for helping the community with tech related things and it helps our readers trust the information they are sharing more. Further more, Fawnly lives in Central America and their current hair color is red. BAM, the attack surface just grew even more and now the game of 'Guess who Fawnly is' just got a lot easier. The fact 'Fawnly' and the person behind the persona of Fawnly both are now known to have the same job type, lives in a Central American country and has red colored hair are facts known by the public at large they can never take back. This out loud thought process weareexplaining now is OpSec in practice.
Threat Modeling Like a Pro >
A common mistake that people make with OpSec is to unintentionally overestimate who their adversaries are, and what methods those adversaries will utilize, while simultaneously overlooking their actual adversaries. An example of this might be mixing up security with anonymity. You may be concerned with keeping your identity a secret, and overestimate your primary adversary to be worried about as someone who might be trying to intercept your private messages in transit to their destination. So to mitigate that, you use extremely strong encryption, so that a nation-state actor will have trouble brute-forcing the content of your messages into plaintext with a supercomputer. The mistake made here is that the nation-state actor you're worried about isn't really worried about you, but the person who is interested is the one you just private messaged your PII to.
It's for this reason that everyone should do themselves the service of working out their own threat model. Threat modelling is a process by which you determine what risks you might encounter in a given context, who or where are those risks from, how those risks might impact you, and by what means you can reduce the consequences of those risks were they to happen. This might be a process you do subconsciously already. For example, if you go to a room party at a convention, you may have assessed the potential risk in accepting drinks from strangers, and chose to mitigate that by getting your own drinks, and letting trusted friends know what time you'll check in with them so that if you don't respond there's someone who knows where you were looking out for you. This same process can be applied in many different contexts, including in your online engagements and identities.
Who, What, Where? >
Threat modeling is personal and contextual, and the details will change depending on who you are, and what sort of threats you're concerned about. A good first step of establishing a threat model is to define a few things about the variables in that model, so you know what you're protecting, and how. Figuring out all the places that you engage online is a good place to start here, since these will be the places where you're most likely to share information about yourself (intentionally or not) with the world. Everyone who has a presence online will make that presence known somewhere online, either through visiting and lurking, posting, or some other means of engagement.
After you've taken at least mental note of where you engage online, next up is to think about HOW you engage in those spaces, and WHO you engage as. This comes back to what was discussed about PII. The actual content of what you're sharing is going to determine what sort of face that identity presents to the world, and kind of information, personal or not, you share in each context. These "Whos" might be your real world self where people know your name and address, a furry identity that you use as your primary socialization where people are familiar with your fursona, roughly where you live, and what conventions you attend, and your zoo alt identity where you only share PII on a need-to-know basis, but often wax poetic about your non-human partners you've known and loved throughout the years.
The important distinction to make between "Where", and "Who", is that "Where" may constitute multiple different places (platforms online, chats, physical locations), and your "Whos" are the identities themselves located in those "Wheres". One identity you make note of in your "Who" might actually be in 2 or 3 different "Wheres". Separation of these "Whos" is typically a primary goal to strive for in good OpSec, and the primary aim most people have in pursuing better OpSec.
If someone you chat with is aware of two or more of your "Whos", that is now a potential weak link in someone being able to collapse those "Whos" back into one single identity, which at best can mean that your other identity becomes compromised, and at worst might mean that you can be doxxed. This is the third piece of the puzzle, that this person is one of the potential "adversaries" to consider.
Adversaries can be a random anti who has too much time on their hands to stalk you, a friend you chat with often, a company skimming data about you, or even a government agency targeting you. The second two are less of a concern for most in this case, and most zoos should be focused primarily on adversaries like the first two. Adversaries can vary, and aren't necessarily malicious, as a trusted friend might still slip up and share something you trusted them with.
Now that you've got a good idea of your online activity, next up is to assess your worst fears!
Risk Assessment and Mitigation with Charts! >
Risk assessment and mitigation is where you face your fears, and send your paranoia to rest. Now that you have a threat model, you can start to assess what potential risks your actions might have, and we've adapted a useful chart to help you weigh your risks!
To use this, we'll first need an example scenario. Let's say that you're concerned about your physical whereabouts becoming public while using your zoo alt account. Let's also assume that you are very well connected on a furry main account that is under a lot of scrutiny. You haven't left many other breadcrumbs around, so were you to accidentally leak this information, the Consequence might actually be "Negligible" on the horizontal axis here. They only know this bit about you, so it might just be a compromise of your alt identity and you can restart. The Likelihood on the vertical axis, given that you are pretty good about keeping an eye on photos and details you share (good hygiene is good mitigation!) is "Unlikely" to "Possible", which gives you a 4-5/10 on this chart.
Given that 2 is inconsequential, and 10 is the most severe risk, 4-5/10 is pretty good! Not a ton to worry about given you keep your trail otherwise clean. Even if your location is known, you're a nobody zoo alt, and that info might not be super dangerous on its own.
But lets make this more realistic, and say that your trail is not completely clear, and there are multiple pieces of PII you've shared in public that can link your zoo alt back to your furry main. If you're in fairly busy spaces, this might mean your risk of your zoo alt being linked to your furry main has its own risk assessment as a "Likely" likelihood, and while normally it might be of "Negligible" consequence, because your physical whereabouts are known on your zoo alt, both of these are now bumped up to a "Moderate" risk since this could have some significant consequence to major relationships through being linked to your main identity, weighing in at a 7/10.
A 7/10 is something to take seriously, but fear is in the unknown, and if you understand this risk, you can better reduce both your anxiety, and the danger you face. There are a variety of ways to go about mitigating risks like this, but your goal in doing so is to reduce one of these chart axes; either you lower the likelihood (obfuscating by lying and seeding fake information, reducing your public presence, moving to a fresh alt), or you reduce the consequence (building a strong support network, making friends with people on your main who support and accept your sexuality), but the particulars come down to the specific scenario.
One of the most powerful tools for risk mitigation can be to build a robust support network; having friends who can vouch for you, and support you in times of need is invaluable. Many of the negative consequences of a lapse in your OpSec can take the form of a risk to relationships or reputation in your life. If what information that gets out about you is already known to the major relationships that might be impacted, the actual damage that can do is minimized. What this can mean for zoos is that being out and accepted by important people in your life can be extremely beneficial in case your OpSec fails. Of course, sharing this can be a risk to your OpSec in and of itself, so be cautious about doing so if you ever decide to.
How to be doxed? >
So you want to know how to be doxed? No? Well you should. Knowing the process of how to find your PII works will enable you to guard against people who would aim to dox you. Let's play out the scenario of what would be the best way to dox you or other zoos:
To start, its important to know that surveillance and understanding a target is an essential part of effectively doxing someone. It rarely occurs out of nowhere, instead doxxers will join public spaces zoos participate in and lurk or pretend to be friendly in order to learn more about everyone there until they find someone they believe is an easy target. Information gathering is much easier than it used to be, too, and with the power of open source AI and bots one can scrape public chatlogs to create profiles based on correlating data. All those PII crumbs that were divided up by long months come together in a curated sheet for review, even inferring more about you than you directly said by probability and demographic guessing. This practice will become more and more common for doxers so be prepared to maybe see an AI generated profile about you one day.
If you become the target of a doxer they may start using different throw away accounts outside of their mole account to probe you with phishing attempts, which are fake messages which try to trick you into engaging with them to gain information or control over your accounts. Some of these attempts may utilize social engineering, where the doxxer simply shares information they already collected with the target to gain trust and creditability they didn't earn. If they know information about someone you trust, maybe that means they can be trusted, right? Not at all, always check back withthe person being referred to directly when someone is implying they know that person, and never trust anyone you aren't sure you know.
Another tactic doxers might utilize is malicious internet links, either links that utilize Single Sign On (SSO) protocols to try to see what Google/Amazon/Microsoft/Apple, or many other accounts you may have that might readily reveal your real information. If you open up a Google document on the same browser or device you are logged onto as your regular non zoo account, for example, the doxer would see what the name on that account is. The link might also have an IP tracker hidden in it, broadcasting your geoIP location which can circumvent VPN protections and show which town you live in. The worst thing a bad link someone sends you can do is steal your account passwords or an access token the browser is using, which would allow the doxxer to gain control of your account by simply logging into it. This can be done with a fake login page, but in some situations, just clicking the link would be enough to steal passwords if the doxer is using advanced techniques. If they get control of one important enough account, or your passwords are shared between services, you'll quickly find yourself locked out of your zoo identity.
With an account takeover in place, any pretence of privacy about your real life identity should be considered nearly gone. The worst case scenario is if a doxxer got a hold or knowledge of accounts that have nothing to do with your zoo community presence you use for online communication, maybe an email account you use to register. With a solid connection between those accounts, trying to deactivate and destroy your zoo presence won't save you from further doxing as they go deeper into your private life. Once they get your phone number, they can use that to look up where you work and live and start harassing those in your life or informing the police about you. If that all wasn't bad enough, what is probably worse is that with those accounts hacked and under their control, they can go into all your private messages and find information about every zoo friend who has ever trusted you. The doxxer may even try to pretend to be you to spread their phishing attempts from an account of even more creditability.
A doxer might not even need to take over a zoo account to get deep into the community in do harm. A harsh reality is that a very talented anti-zoo or even your fellow zoos with malicious motivations will collect information over a long period of time and build trust through acts of friendship. As a community we wish to support eachother and rely on eachother to build up our activism, but as we do so we can give great privilege to those people and allow them the power to do alot of damage. Most people can't keep up an act long enough to do that much damage, but some people don't need to be acting like a friend to later become an threat.
If a doxer is able to get enough evidence for police to look into your activities, any data related to your zoo lifestyle, such as media or messages to other zoos you know will most likely be found and reviewed by the authorities to collect their own evidence on you. The doxer will happily collaberate their evidence as the authorities build a case against you in which you have nothing you can hide from them any longer.
Lastly, after all is said and done, a doxer doesn't need to know everything about you to do damage. A common tactic a doxer will employ is pretending they know more than they actually do when they choose to release their finding on their target. They may reveal what town the target lives in and say they are going to report them to the police, despite missing their address and name still. Many end up falling for this, over reacting to the threat and admitting they are a zoo or destroying their account without confirming the doxer really had all the information they claimed. A half painted picture can be enough to set most of us into a panic, wondering how much more information about us is out there ready to be revealed.
Mitigation Strategies >
There are a few basic strategies we can use to prevent against some of these issues, but what strategy would be best in a given situation depends on the situation. Here are a few tactics that are low-hanging fruit to help tighten your general OpSec and fight against the worries many of us have of being outed.
Recording Media -
Do NOT record any zoo activities that could identity you or your partners as associated with the accounts you use online. Even keeping such material for yourself on a harddrive/flash media can be dangerous if someone or authorities comes across it. Crimes are generally a very bad idea to record so for the safety of you and your animals, avoid doing so whenever possible.
MFA -
MFA or Multi Factor Authentication is a VERY important tool to protect the services and accounts you use. Please check all applications you are using for the ability to register MFA so that if someone gets a hold of your account, you will need to grant access through your text, email or app for them to get it.
Password Vault -
Password Vaults like Bitwarden, LastPass, and KeyPass are recommended to help you remember more complex passwords, rate your password strength, and move you away from using the default browser password vaults, which are not secure. With one of these, you can make a single, very strong password for your vault, and then automatically generate, save, and autofill complex passwords that you wouldn't normally be able to remember.
Be wary of links -
Links people post can be hidden traps, be aware of some of the things that can be done to a link to make it not safe:
The link could be misspelled and lead somewhere not safe.
Example: http://www.twltter.com.
A link could have a redirection attached to the end of the link.
A link could try to sign you into one of your accounts that isn't (), such asGoogle accounts and Microsoft accounts.
Example: https://accounts.org/auth/azureadv2.
If you are already logged into a Google account, visiting a shared Google Docs file can display your account publicly.You can also use Virustotal.com to check links and programs to see if they get flagged as possibly malicious. We'd say any file with over an 8 in score should be not trusted, and any site with even 1 positive virus scan should be treated with a good degree of caution.
Use a different System/Browser for activities -
You shouldn't use the same browser for zoo activities as you use for non-zoo activities. Browser are an ecosystem where pages you have visited talk to eachother to try to farm metadata for advertising and stream line the experience for you for convivence. That ease of use comes with a cost of privacy, using a different web browser helps mitigate that connectivity and segment your activities you wish to keep private safe.
If you wish to truly make sure there is no cross-pollination between your non-zoo self and zoo activities, have dedicated operating system installs or computers/devices for exclusively zoo things. This can get a bit technical though, so using a different browser is a great step towards that.
No services linked to subject, subject exclusive services -
Don't sign up for any services or accounts with information that could be linked back to you. This includes email accounts, phone numbers, names, birthdays, IDs. If you have to provide this information, accept the risk that this will forever link you to your zoo identity if the information came out. We have had multiple zoos come to us who were worried about having registered their accounts with real information, and its just easier to avoid that to start with specific accounts.
False Information -
False information is very useful for trying to help you stay safe. All the correlating data techniques we talked about earlier start to fall apart when lies are put into the equation to poison people's natural ability to connect the dots. If one of us chose to tell you something about ourselves that you believe, but isn't true, you will use that as evidence to find us and end up having a much harder time doing so. It can be sad to have to lie, and many of us hate to do so, but it's so effective at keeping you safe it is something we recommend everyone do to some extent.
Subject Exclusive Online Presence -
Sonas are very important for security, you shouldn't be using your zoosona for anything by zoo communication. Just like with no shared services, no shared identities is important. Pick a name and profile picture unique from your other sonas, including furry accounts. Try to exaggerate how you act and do small quirks that are unique to your zoosona. Try to never post similar stories on two accounts at similar times.
Reduced Scoping -
When you do share something, consider the scope of where that information is most likely to end up. Sharing something in a public space is going to guarantee that information will be publicly available. If you were to share something in a private message to one person, the scope to which that information is shared may be reduced to a smaller audience. This can reduce your risk and relative attack surface, but the degree to which it does so is dependent on how reliable the person(s) you share the information with is, and also how secure the platform is. That person can make that information public by accidentally or intentionally sharing, or a data breach or some means of man-in-the-middle attack might compromise a message sent without reliable end-to-end encryption (and most platforms used for chat are not encrypted in this manner). As stated earlier, once you share something, you no longer have exclusive control over it, so don't assume this is any guarantee of safety, but tightening the scope you share within can help reduce the exposure that information does receive.
Escape Plan >
Sometimes after all we have done to keep ourselves safe, a hole in our defenses or a streak of bad luck completely exposes us to a doxing event. The best way to deal with this is to have a plan in place for how you would go about trying to limit the fall out of being found. Walk through the steps of what it will look like to have to hide this from your friends, family, job and maybe even authorities. Have you properly segmented your zoo identity from your life so that you can end it all with a kill switch, or will it be messy to understand what sort of leaks are occurring because you are too integrated to properly disconnect? If you have properly made sure your zoosona is mostly separate from you, destroy any evidence you feel you need to in order to stop the doxing, making sure the doxxing doesnt escalate and shutting down the event is key. Any avenues you leave open between the doxed identity and you are very dangerous but you may have friends you want to keep despite this occurring, having a backup plan to stay in contact but not risk association with the compromised identity is important to think about.
All this planning will help you keep a level head as accusations come at you. Once you have finished cleaning up what you need to in order to keep yourself safe, you must decide what direction you want to go. Are you going to isolate and disappear from the internet? This is effective for making people forget about you if chosen, drama tends to be attention driven and if the target of the drama is no longer around it is hard to keep that going. Would you wish to remain but unassociated with zoo activities? In which case you must deny everything, regardless of what evidence they have. Hardline uncompromising denial is super effective at making people question whether they actually have the right person, the worst thing you can do is show weakness or admit any wrong doing in a public relations nightmare event. Are you going to embrace the zoosexual label on yourself? This is very risky and we would never imply anyone needed to do this, but if you do choose to be an open zoo the community will back you, and this will help take the ammo away from bad actors. They can't threaten you with being outed if you do it yourself first. Make sure if you choose to do this that you drive the narrative; you don't want the story to be what they are saying about you regardless of what you choose.
Closing Words >
Keeping ourselves safe as a marginalized group is a hard and scary task, so many zoos are terrified to be open about themselves even online behind personas because they are scared of being discovered through their mask. We will never say what we wrote here will guarantee your protection but we hope it gets you in the mindset about being aware of how to make changes in your life to better guard yourself online when participating in a targeted community like that of zoosexuals. Coming to peace with the fact you can't control all of what is known about you but taking it upon yourself to understand the risks and mitigation tactics you can use to make it less likely for you to be a target of harassment is an important part of living a healthy life within the zoo community. Find the balance that works best for you and continue to always think outside the box about what others might already know about you. You are your own best Cyber Security Expert because you know what PII is out there, you just need to learn how to protect it.
Article written by Fawnly and Lav from the Zooey Dot Pub team 🦌💜 (October 2024)