Compartmentalization
Compartmentalization is based around the idea that you have various public facing personas, and you are unable to keep all of them private. You will never manage to completely erase your public, legal name persona from public record, and while you can attempt to keep it off the internet, it's a losing battle. Taken to an extreme, if you have separate personas for every website you use, with the appropriate technical protections we already went over, you could have a distributed profile that means that the discovery or unmasking of any specific account having no effect on the others.
Like everything we are talking about in this course, it's all about risk mitigation, at the cost of convenience. Keep working on the mentality of this, understanding risks, their mitigations, and how it fits into individual and group risk tolerances.
Tasks:
- Listen to the 10 Crack Commandments (mostly because it is a great song): https://www.youtube.com/watch?v=ZYb_8MM1tGQ
- Read this: https://medium.com/@thegrugq/operational-security-and-the-real-world-3c07e7eeb2e8
Think about the reasoning behind compartmentalization. You've already determined your risk model, so compartmentalization only matters as much as your risk model requires. Which of your accounts require compartmentalization? If you followed the directions earlier in the course, if you have a reset available for your password manager it is controlled by a gmail account that you don't use on any other sites.
- Read Grugq's Commandments: https://grugq.tumblr.com/post/60463307186/rules-of-clandestine-operation
If you are taking this course, you likely do not require any advanced tradecraft knowledge, but it's still useful to wrap your head around the concepts. They are generally applicable to a lot of common scenarios, and knowing them can only help.
- Listen to the 10 Hack Commandments: https://www.youtube.com/watch?v=Sr8ILq1a_yw
It's by a guy called Dual Core, makes some pretty dope stuff . His number one song is 'Drink All the Booze, Hack All the Things'.
https://www.youtube.com/watch?v=FoUWHfh733Y
Let's put it this way, hackers don't take themselves all that seriously. If you listen to the lyrics to 'Hack All the Things' you will probably understand about one third of the references, at best. If you don't like it or are too cool for nerdcore rap, that's fine. If you stick around eventually you'll understand most of it and you'll go nuts when someone throws it on during a late night hack sesh after you've been passing around a bottle of whiskey.
If you have the time, these are all highly recommended, if not, add them to your 'Read At Some Point' tab in your Learning Sheet:
- Hacker OPSEC talk: https://www.youtube.com/watch?v=9XaYdCdwiWU
- Dulles' 73 Rules: https://web.archive.org/web/20171009145459/http://www.oss.net/dynamaster/file_archive/100102/0a947a77d762061cc87ec541c2d2dcc7/2010-01-02%20Dulles%20on%20Tradecraft%20via%20Srodes.pdf
- Moscow Rules: https://en.wikipedia.org/wiki/The_Moscow_rules