OPSEC. Operattional Security

[CuriousVaMan]

I use ProtonMail for my burner email address. With a ProtonMail email address, you also get storage space on ProtonDrive, which is where I keep my SB files. I actually have a folder on ProtonDrive for each SB. My login credentials to ProtonMail and ProtonDrive (same login and password) are known only to me. Nothing is written down, anywhere. With this method, I don't have a USB drive to lose or which can be hacked with enough effort. Also, after a period of inactivity (1 year IIRC), the ProtonDrive data is deleted.

I keep a jump drive that has all of the info I can possibly glean from web searching, I am pretty skillful at it. There is very little upside to revealing to her you know something about her other than what she has given up. You only do that when the relationship part has already broken down, and you are merely aiming for self-preservation.

[FarFarAway]

We all need to periodically check any photos we are supplying to candidate women we are trying to see to be certain they don't hit on our IRL identities. I check two sites, facecheck. I'd and pimeyes.com. Are there any new ones that have popped up that we need to add to the list to check?

On the topic of getting intel about women we are seeing, I also feel this is something we must do only as insurance for ourselves. We keep the info in our back pocket in case things go south w / the lady, we can pull it out as a counterbalance to any threats she might make toward ourselves. If she knows you have gotten info about her that she herself has not provided, I think the most common reaction would be for her to freak out and think you were some sort of stalker.

I keep a jump drive that has all of the info I can possibly glean from web searching, I am pretty skillful at it. There is very little upside to revealing to her you know something about her other than what she has given up. You only do that when the relationship part has already broken down, and you are merely aiming for self-preservation.

[FakeName3]

Is to fucking trust no-one.

A while back I was DM'ing with another board member about a provider I was seeing. This board member had a long and varied posting history and did not appear to be a shill, but they were the one that introduced this provider to USASG. The board member was very careless with DM'ing and, at one point, even disclosed their real name. One day we shared graphic details about the provider and the very next day I was blocked and ghosted by that provider.

I later learned that the board member and the provider were long time BFF's. I can only conclude the board member was feeding the provider this information.

During this time frame there were many other instances where, on a return visit, a provider confronted me with direct quotes from my posts. These were all indy's with direct contact numbers and not agencies or ACS's. Hell in one instance, a AMP provider was fired the day after I posted about her. I found out the following day when I returned for a repeat visit. Another provider there told me a customer had written that she did bad things during a massage and the owner fired her. It's not a great leap to infer that someone with access to the board was clueing in these providers. I used to believe that most all providers read the board but now I am not so sure.

Now I assume that anything I say here will be publicly distributed to interested parties. Since then I have not posted any graphic details about the providers I care about or care to repeat. I went to the Spy Museum years ago and I one thing I remember is "Trust No-one".

[FakeName3]

My thoughts on OPSEC have evolved since participating in the bowl. I believe you should be primarily concerned with your OPSEC, not necessarily the OPSEC of your provider / SB.

While it's normal that you performed some intel on your provider, the question remains why did you do so? If you did so to protect yourself, that is, to ensure she's not a druggie / serial killer etc, then OK. If you did so to stalk her, that's no bueno. I've fallen into that trap found FB pages, LinkedIn profiles of SBs. It's easy to want to find everything about her, but it's not healthy for the SB type of relationship. It may border on limerence. It's worth looking up the definition of limerence.

While you may want to help her improve her OPSEC, it may redefine your relationship in a very negative way. Case in point I had a SB that I'd been seeing for 9 months. During one of our meetings, she blurted out her full name. I of course, did an internet search and found her FB page. She lived a totally normal life, but I noticed she appeared to the mother of 2 small children, not the 1 child she told me about. At our meeting just prior to Christmas, I added a bit to her sugar to cover some gifts for her declared child. Then, I asked her if she had 1 kid or 2 kids, citing what I saw on her FB page. My intention was to increase her sugar to cover gifts for both kids, if she indeed had 2 kids. After that meeting, she ghosted me. While my intentions were good, to her they were creepy. After reflection, I totally understand her perspective. I should have kept all intel I had her to myself once I verified she was not a threat to me.

Read my post in the Craigslist Providers thread to see that I definitely have no feelings for her.

Was only trying to point out how stupid she is being for working out or her primary residence and having open social media.

I still cannot fathom how a woman who's only contribution to society are a pretty face and big tits could be married to a multimillionaire, rent a million dollar townhouse, spend Valentines Day in London, but yet still jerk my dick while I squeeze her tits and rub her ass for $60.

[SonChi]

My thoughts on OPSEC have evolved since participating in the bowl. I believe you should be primarily concerned with your OPSEC, not necessarily the OPSEC of your provider / SB.

While it's normal that you performed some intel on your provider, the question remains why did you do so? If you did so to protect yourself, that is, to ensure she's not a druggie / serial killer etc, then OK. If you did so to stalk her, that's no bueno. I've fallen into that trap found FB pages, LinkedIn profiles of SBs. It's easy to want to find everything about her, but it's not healthy for the SB type of relationship. It may border on limerence. It's worth looking up the definition of limerence.

While you may want to help her improve her OPSEC, it may redefine your relationship in a very negative way. Case in point I had a SB that I'd been seeing for 9 months. During one of our meetings, she blurted out her full name. I of course, did an internet search and found her FB page. She lived a totally normal life, but I noticed she appeared to the mother of 2 small children, not the 1 child she told me about. At our meeting just prior to Christmas, I added a bit to her sugar to cover some gifts for her declared child. Then, I asked her if she had 1 kid or 2 kids, citing what I saw on her FB page. My intention was to increase her sugar to cover gifts for both kids, if she indeed had 2 kids. After that meeting, she ghosted me. While my intentions were good, to her they were creepy. After reflection, I totally understand her perspective. I should have kept all intel I had her to myself once I verified she was not a threat to me.

You are right. We should NOT help our ladies out, while well meaning, it would probably freak them out. I will change my advice and keep all intel to myself, you have convinced me.

[CuriousVaMan]

My thoughts on OPSEC have evolved since participating in the bowl. I believe you should be primarily concerned with your OPSEC, not necessarily the OPSEC of your provider / SB.

While it's normal that you performed some intel on your provider, the question remains why did you do so? If you did so to protect yourself, that is, to ensure she's not a druggie / serial killer etc, then OK. If you did so to stalk her, that's no bueno. I've fallen into that trap – found FB pages, LinkedIn profiles of SBs. It's easy to want to find everything about her, but it's not healthy for the SB type of relationship. It may border on limerence. It's worth looking up the definition of limerence.

While you may want to help her improve her OPSEC, it may redefine your relationship in a very negative way. Case in point – I had a SB that I'd been seeing for 9 months. During one of our meetings, she blurted out her full name. I of course, did an internet search and found her FB page. She lived a totally normal life, but I noticed she appeared to the mother of 2 small children, not the 1 child she told me about. At our meeting just prior to Christmas, I added a bit to her sugar to cover some gifts for her declared child. Then, I asked her if she had 1 kid or 2 kids, citing what I saw on her FB page. My intention was to increase her sugar to cover gifts for both kids, if she indeed had 2 kids. After that meeting, she ghosted me. While my intentions were good, to her they were creepy. After reflection, I totally understand her perspective. I should have kept all intel I had her to myself once I verified she was not a threat to me.

This thread had provided many tips and methods for customers to practice OPSEC. For their sake local providers should practice a bit too.

This week I reached out to a Craigslist ad that was reported on here to provide extra services. We set up an appointment and she provided a street address so I Googled it before visiting. The address turns up as a $1 million townhome in Vienna (Tysons) and the resident is listed as a woman with a Vietnamese / American name. Figuring it's safe I go to the appointment but the visit was not all I had hoped for. Mind you a HJ and boob play was provided and a very senior board member says 15 years ago she was giving massages with BLS HJ's but I was not impressed.

After the visit, and seeing her face body and dog, I googled her name and a trove of personal info came up; like 6 Facebook accounts, Insta, wedding photos, friends and more. She has a work history in Vietnamese nail salons going back to 2006, and wedding photos from 2018 to a very rich international electronics company CEO who also breeds, trains, and races thoroughbred horses. I guess that marriage ended (nice looks and big tits can only take you so far when you are over 60) and now she is doing what she knows best (jerking dicks while they play with her tits and ass for $60).

The point is her careless Social Media access could cause a lot of embarrassment with her Hi So Vietnamese friends she posts about on Facebook if they found out how she earns her money now.

On a side note this is the third provider I have seen in NOVA who started out as a sex worker and ended up marring a very successful multimillionaire (I guess everyone needs good sex just look at the Philly Eagles owner sitting in the owners' box) only to leave the marriage and return to cheap sex work.

[SonChi]

This thread had provided many tips and methods for customers to practice OPSEC. For their sake local providers should practice a bit too.

This week I reached out to a Craigslist ad that was reported on here to provide extra services. We set up an appointment and she provided a street address so I Googled it before visiting. The address turns up as a $1 million townhome in Vienna (Tysons) and the resident is listed as a woman with a Vietnamese / American name. Figuring it's safe I go to the appointment but the visit was not all I had hoped for. Mind you a HJ and boob play was provided and a very senior board member says 15 years ago she was giving massages with BLS HJ's but I was not impressed.

After the visit, and seeing her face body and dog, I googled her name and a trove of personal info came up; like 6 Facebook accounts, Insta, wedding photos, friends and more. She has a work history in Vietnamese nail salons going back to 2006, and wedding photos from 2018 to a very rich international electronics company CEO who also breeds, trains, and races thoroughbred horses. I guess that marriage ended (nice looks and big tits can only take you so far when you are over 60) and now she is doing what she knows best (jerking dicks while they play with her tits and ass for $60)..

Everyone needs good sex. Ladies, especially sex workers who marry rich (typically older) dudes, they trade the sex for security and eventually wish for more. They may still be married, the husband may be in on it, or they divorced and she got the house and the tax bill, thus the return to old ways.

We all need intimacy. As a 60 year old, she has not idea how to protect herself digitally. Consider showing her how to protect herself, you may make a new friend and a "deeper" relationship.

[FakeName3]

This thread had provided many tips and methods for customers to practice OPSEC. For their sake local providers should practice a bit too.

This week I reached out to a Craigslist ad that was reported on here to provide extra services. We set up an appointment and she provided a street address so I Googled it before visiting. The address turns up as a $1 million townhome in Vienna (Tysons) and the resident is listed as a woman with a Vietnamese / American name. Figuring it's safe I go to the appointment but the visit was not all I had hoped for. Mind you a HJ and boob play was provided and a very senior board member says 15 years ago she was giving massages with BLS HJ's but I was not impressed.

After the visit, and seeing her face body and dog, I googled her name and a trove of personal info came up; like 6 Facebook accounts, Insta, wedding photos, friends and more. She has a work history in Vietnamese nail salons going back to 2006, and wedding photos from 2018 to a very rich international electronics company CEO who also breeds, trains, and races thoroughbred horses. I guess that marriage ended (nice looks and big tits can only take you so far when you are over 60) and now she is doing what she knows best (jerking dicks while they play with her tits and ass for $60).

The point is her careless Social Media access could cause a lot of embarrassment with her Hi So Vietnamese friends she posts about on Facebook if they found out how she earns her money now.

On a side note this is the third provider I have seen in NOVA who started out as a sex worker and ended up marring a very successful multimillionaire (I guess everyone needs good sex just look at the Philly Eagles owner sitting in the owners' box) only to leave the marriage and return to cheap sex work.

[JmSuttr]

I didn't have to 'activate' anything. I bought a TracFone. It came working once I fired it up. To set up the phone, I am not 100%, this was many years ago, and I've done it the same way all this time. You can go to the TracFone website on a browser and do a lot of the account functions. I didn't do anything out of the ordinary that I recall, including disable location service. I don't see why it would matter anyway. I probably set up the account while on the phone, not while on a web page. It wasn't until much later in my use of the phone and Google Voice that I realized I could access messages on the web. The burner does not have VPN, so no I did not use a VPN when creating the account. There was no 2 FA then, and there isn't now. Not on the phone, not on the google page I use.

I work with a group that has over 20000 employees. If you work for a big corporation, I am sure they have more. If you VPN into their server, that sea of people provides a modicum of anonymity I'd guess. I am no techie however. If you don't work for a big company, SOL. Figure it out yourself.

I will switch the MAC I'd periodically on the laptop I use to access websites, including google's. I never do anything different w / the phone. I downloaded an app to switch the MAC I'd on my Apple laptop. It is called WiFiSpoof. Anyone can use it.

There is no warranty on anything I have said. This is what I did, to the best of my recollection. Some of it was done years ago. Since then, I also got a new phone and had a mom and pop cell phone shop xfer the sim card to a new phone w / more memory. I recommend at least 12 MB. If that ain't good enough for you, good luck.

Namely, access to the anonymizing process of using a 20,000 person organization to lose oneself in the crowd, aided by a VPN and MAC address changer.

Thanks for clearing that up.

So I guess I'll repeat the question I addressed to the OP (KidFarian) since his post specifically said that he set up his Gmail account recently, rather than years ago. Hopefully his recollection will be clear and it's also to be hoped that his methodology will be applicable to a wider cross-section of mongers.

[FarFarAway]

Here's my understanding of what you posted:

1. You bought a burner for cash. That's clear enough. Where and how did you activate the phone? Did you need to use a laptop or desktop in the process, or was it completely on the phone itself?

2. You created an email account (Gmail, I assume). And I'm also assuming the TracPhone was the device used to create the account. Questions: Did you disable location services? We're you at a location, while creating the account, that isn't associated with other devices Google recognizes as you? Did you use a VPN while creating the account? Did you sign up on the website or using an app? Specifics are key, and there may be others that are relevant that I didn't think to ask about.

I didn't have to 'activate' anything. I bought a TracFone. It came working once I fired it up. To set up the phone, I am not 100%, this was many years ago, and I've done it the same way all this time. You can go to the TracFone website on a browser and do a lot of the account functions. I didn't do anything out of the ordinary that I recall, including disable location service. I don't see why it would matter anyway. I probably set up the account while on the phone, not while on a web page. It wasn't until much later in my use of the phone and Google Voice that I realized I could access messages on the web. The burner does not have VPN, so no I did not use a VPN when creating the account. There was no 2 FA then, and there isn't now. Not on the phone, not on the google page I use.

I work with a group that has over 20000 employees. If you work for a big corporation, I am sure they have more. If you VPN into their server, that sea of people provides a modicum of anonymity I'd guess. I am no techie however. If you don't work for a big company, SOL. Figure it out yourself.

I will switch the MAC I'd periodically on the laptop I use to access websites, including google's. I never do anything different w / the phone. I downloaded an app to switch the MAC I'd on my Apple laptop. It is called WiFiSpoof. Anyone can use it.

There is no warranty on anything I have said. This is what I did, to the best of my recollection. Some of it was done years ago. Since then, I also got a new phone and had a mom and pop cell phone shop xfer the sim card to a new phone w / more memory. I recommend at least 12 MB. If that ain't good enough for you, good luck.

[JmSuttr]

That is exactly what I have. I bought a TracFone smartphone in Walmart w / cash. I made up an email, or perhaps I allowed Android to make it up based on what I entered. The only things I have ever fed TracFone and Android / Google is that sugar name. There is no way to trace that back to me. When I need to buy minutes or GBs, I use cash to buy a TracFone card and enter that PIN on their website. I have also on some occasions used prepaid debit cards to add in a GB of web access through the TracFone website. I enter into that website, or the Google voice page, through a VPN into a large organization's server. And I spoof my machine I'd.

Google may be able to use my behaviors and other places and devices I have repeatedly been around to figure out who I am, but I don't think they have any motivation to do so, and I don't see how that info could get me into trouble.

Here's my understanding of what you posted:

1. You bought a burner for cash. That's clear enough. Where and how did you activate the phone? Did you need to use a laptop or desktop in the process, or was it completely on the phone itself?

2. You created an email account (Gmail, I assume). And I'm also assuming the TracPhone was the device used to create the account. Questions: Did you disable location services? We're you at a location, while creating the account, that isn't associated with other devices Google recognizes as you? Did you use a VPN while creating the account? Did you sign up on the website or using an app? Specifics are key, and there may be others that are relevant that I didn't think to ask about.

3. What kind of two-factor authentication did you use to set up the account? A text to the burner, or something else? Have you needed to use the 2-FA since you created the account?

4. You mentioned a "large organization server" + VPN. Is that something that can be easily replicated by others, or is it unique to your situation? If a regular monger (who doesn't have access to such an organization) wanted to replicate your process, how would they do it?

5. You said that you spoof the identification of your machine. Are you talking about your TracPhone, or something else? Please explain because, at first reading, it's unclear if that's something that can be easily replicated.

Apologies for all the questions. But it's often the case that someone who has done something can leave gaps when explaining it to others. That's because, once you've done something, some of the steps seem obvious or self-evident. But to others those steps might not be so clear.

[FarFarAway]

That was the question I addressed to the OP. If anyone has been able to do so, I'd love to hear about the steps they took.

That is exactly what I have. I bought a TracFone smartphone in Walmart w / cash. I made up an email, or perhaps I allowed Android to make it up based on what I entered. The only things I have ever fed TracFone and Android / Google is that sugar name. There is no way to trace that back to me. When I need to buy minutes or GBs, I use cash to buy a TracFone card and enter that PIN on their website. I have also on some occasions used prepaid debit cards to add in a GB of web access through the TracFone website. I enter into that website, or the Google voice page, through a VPN into a large organization's server. And I spoof my machine I'd.

Google may be able to use my behaviors and other places and devices I have repeatedly been around to figure out who I am, but I don't think they have any motivation to do so, and I don't see how that info could get me into trouble.

[FarFarAway]

Your browser in stealth mode on a vpn will still not anonymize you.

On top of that, if you are being surveilled, your activity as seen as bits and bytes moving in and out of your ISP, (which any LE / TLA can obtain access to) can be used to correlate activity. That is not a problem for the everyday monger unless you are an agency / pimp / chomo, but should be in your nexus of consideration if you really want to anonymize your activity.

Also don't forget the abundance of GPS-enabled devices in your life. Even if you turn off your phone completely there is supposedly an ability to reverse-engineer the gyroscopic activity of a phone.

Most scammers and spouses will not have the resources or training to I'd you based on what you have laid out so far, but a Private Investigator could definitely pull some of this off.

Sorry to raise the schizo-paranoia levels here, TMYKTB.

I never said that I believed my measures maintained perfect anonymity. And I don't have any reason to believe I am under surveillance. Not by Google, not by LE, not by my SO. The latter is key for us. Never give the SO any reason for suspicion is a key element of OPSEC. I do have a WiFi spoof app I use periodically to change my machine I'd. I keep location services off on my IRL cell phone as much as possible, unless I am traveling and must use ride share. I keep Wifi off when I am out of my house also. Same on my burner.

[JmSuttr]

I don't really use google on the web in my personal life. However, they are the vendor to my large organization for work servers, etc. I have never had any suspicion that google figured out who I am.

I have an Android personal cell phone as well as an Android burner that I use GV on. I have no doubt that google could figure out some key info about me, based on the proximity of my phones at times, but I make sure never never to have my burner on at my home (and luckily, my house is a cell dead zone, so I can only get service on my personal cell by using Wi-Fi.

I am pretty picky about the browsers I use to access Google in my sugar life. I am preferring the Brave browser at the moment, I run it only in stealth mode, and I periodically make sure that I clear out the history if there is one (there isn't supposed to be if I have been perfect at running in stealth). I also access a server at my work through a VPN most of the time I use that Browser at home.

That was the question I addressed to the OP. If anyone has been able to do so, I'd love to hear about the steps they took.

[ChrisCarr]

I don't really use google on the web in my personal life. However, they are the vendor to my large organization for work servers, etc. I have never had any suspicion that google figured out who I am.

I have an Android personal cell phone as well as an Android burner that I use GV on. I have no doubt that google could figure out some key info about me, based on the proximity of my phones at times, but I make sure never never to have my burner on at my home (and luckily, my house is a cell dead zone, so I can only get service on my personal cell by using Wi-Fi.

I am pretty picky about the browsers I use to access Google in my sugar life. I am preferring the Brave browser at the moment, I run it only in stealth mode, and I periodically make sure that I clear out the history if there is one (there isn't supposed to be if I have been perfect at running in stealth). I also access a server at my work through a VPN most of the time I use that Browser at home.

Your browser in stealth mode on a vpn will still not anonymize you. Big players with vested interest in security profiling (Alphabet, Meta, Apple) will use your browser's Javascript fingerprint to be able to identify the host generating the traffic. You will have to create a new VirtualMachine (not from a Clone!) on your desktop to instantiate a new JS fingerprint and use that for specific activities. A new VM and a different IP preferably from a different VPN provider for every 'personality' or 'activity' that you want segregated.

On top of that, if you are being surveilled, your activity as seen as bits and bytes moving in and out of your ISP, (which any LE / TLA can obtain access to) can be used to correlate activity. That is not a problem for the everyday monger unless you are an agency / pimp / chomo, but should be in your nexus of consideration if you really want to anonymize your activity.

Also don't forget the abundance of GPS-enabled devices in your life. Even if you turn off your phone completely there is supposedly an ability to reverse-engineer the gyroscopic activity of a phone.

Most scammers and spouses will not have the resources or training to I'd you based on what you have laid out so far, but a Private Investigator could definitely pull some of this off.

Sorry to raise the schizo-paranoia levels here, TMYKTB.