OSINT Exposure Control

Security through obscurity is theater, less than half a plan. Obscurity plus segmentation plus monitoring is a plan.

        OSINT, or Open-Source Intelligence, is the collection and analysis of information from publicly available sources (websites, social media, news, any media, and databases) to produce actionable insights. Intelligence agencies, law enforcement, hostile actors, and private analysts use it to map patterns, verify data, and assess profiles / threats without breaching systems.

Its potential strength lies in aggregation and correlation. Turning scattered public data into a coherent picture of intent, capability, or exposure.

    The purpose of exposure control is to make yourself as difficult as possible to assemble with OSINT. That’s the standard. You’ll treat every post, photo, and account as a potential targeting vector. Standardize identity compartments, strip metadata, neutralize data brokers, and control your social graph and timing tells. The objective isn’t to vanish. It’s to force any collector to work hard for scraps and come away with fragments that don’t assemble.

        Carry a Faraday pouch or run true radio-off when crossing borders. Prevent silent syncs and analytics handshakes during inspections.

        Before you touch settings, know who’s collecting and why. Assume active scraping, resale, and cross-platform correlation at scale. Automation makes weak signals matter. This model frames your priorities so you can apply tradecraft where it actually reduces exposure.

• Collectors: recruiters, journalists, private investigators, hostile services, criminals, obsessive exes.

• Pipelines: data brokers, ad-tech graphs, breached credential dumps, scraped social networks, public records, image search, LLM summarizers.

• Signals They Exploit: names, handles, photos, voice, video, writing style, time zone, devices, networks, payments, travel, social graph.

Use this model to drive controls and cadence. Map each pipeline to specific actions, then measure results. If two or more signals converge, escalate fast, rotate identifiers, and widen segmentation. Update this picture quarterly – treat it like a living intel estimate, not a slide you file and forget.

        Host redacted documents on your own neutral domain with expiring, single-use links. Review access logs to see who pulled what and when.

        This is your daily discipline. Treat each control as a small denial that adds up. You’re shaping what any collector can correlate, not attempting to hide. Apply these moves before you post, not after you’re burned.

Make this muscle memory. Prioritize by risk, then audit quarterly and rotate something visible – imagery, cadence, device, or network. Tradecraft is repetition control – the less you repeat, the less they can connect.

        Build household discipline – brief family on photo hygiene, tagging rules, and contact syncing bans. Your perimeter is only as strong as the least trained relative.

        Gear doesn’t grant capability, it enforces discipline. Each item should solve a specific exposure risk, not signal status. The right tool limits mistakes, shortens your response time, and keeps your process repeatable. In tradecraft, hardware serves behavior — not the other way around.

• Metadata Scrubbers: `exiftool`, `mat2`, ImageMagick `-strip`, Ghostscript for PDFs, PDF-Libre “sanitize” filters.

• Hash & Preview: `exiftool -a -G1 -s file`, `strings file`, `ffprobe` for video streams, `pdfinfo`.

• Browser Isolation: Firefox/LibreWolf multi-container, Chrome profiles, Brave ephemeral profiles.

• Tracker Controls: uBlock Origin, NoScript/uMatrix (advanced), “Facebook Container,” Privacy Badger.

• DNS/Privacy: NextDNS/ControlD with ad-tech blocklists per identity profile.

• Reverse-Image: Google, Bing, Yandex, TinEye. Run avatars, banners, and any recurring image.

• Breach Monitoring: HIBP, Firefox Monitor, passkey managers with breach alerts.

• Password/Secret Vault: 1Password/Bitwarden/KeepassXC. Use tags for identity–account mapping.

• Alias Services: domain-based email aliases, unique sub-addresses, privacy card numbers.

• Mobile Privacy: Lockdown/AdGuard (on-device), per-app network blocks, reset iOS/Android ad IDs.

• Takedown Automation: browser macros or scripts that prefill broker opt-outs.

• OS File Sanitizers: *macOS – `sips -s format jpeg in.jpg –out out.jpg` (then `exiftool -all=`), Preview “Remove Location.” *Windows – Photos “Remove location,” PowerShell `Get-ItemProperty` checks, print-to-PDF re-emit (then inspect).

• Log & Diff: spreadsheets or a local SQLite DB to track hits, dates, URLs, confirmation numbers.

Keep versions current, store configs with your identity kits, and export clean defaults for redeploy. Test tools monthly on known-bad samples to confirm they still strip and block as expected. If an update changes behavior, adjust SOPs. The tool serves the plan, the plan serves exposure control.

        Fingerprint your public images with slight crops or rotations unique to each venue. If a copy resurfaces, the variant tells you the source

        Treat these as tripwires. One by itself may be noise. Two or more mean correlation is advancing and your compartments are bleeding. Read them like surveillance cues and act on first contact.

• People-You-May-Know Bleed: Family ↔ cover, gym friend ↔ professional, recruiter ↔ hobby group.

• Ad Creep: Ads referencing private locations, recent travel, or niche purchases.

• Unfamiliar Inbox Alias Traffic: Messages to addresses you never posted.

• Face Clustering: Cloud photo apps surfacing “you” in other albums.

• App Permissions Silently Re-Enabled: Camera, mic, contacts, Bluetooth.

• Payment Leak: Receipts or shipment notices to identity-incorrect addresses.

• LLM Summaries: Search result snippets now quoting your posts in aggregate.

When a tell-tale fires, log it, confirm with a second source, then move. Freeze tags, lock discoverability, and cut third-party access. Rotate imagery and cadence, recheck brokers, and split devices or networks as needed. OPSEC here is speed and segmentation – treat tripwires as orders, not suggestions.

        Purge Office templates, custom styles, and embedded fonts before sharing docs. Those author artifacts identify you faster than metadata.

        Immediate (execute in order)

    When a tripwire fires, speed beats elegance. Use this sequence to stop the bleed, break correlation, and re-baseline. Don’t improvise. Follow the order; each step lowers the attack surface for the next.

1) Stop The Bleed: Revoke third-party app access. Kill “login with X.” Rotate passwords and session tokens.

2) Purge/Edit Posts: Start with public photos and comment threads. Replace with scrubbed versions if deletion breaks plausibility.

3) Freeze Tags: Disable tagging by others. Review and detach historical tags.

4) Kill Discoverability: Turn off phone/email lookup for every account.

5) Rotate Avatars/Banners: New, unrelated, scrubbed imagery.

6) Isolate Devices: Move cover posting to dedicated hardware/profile on a non-home network.

7) Takedowns: File host-level reports for mirrors, caches, and scraped copies. Use policy language; keep it short.

8) Brokers: Opt-out high-volume brokers first. Record confirmation numbers.

9) Reset Ad Graphs: Disable ad personalization, reset mobile ad IDs, clear site data, and recreate profiles if needed.

10) Notify Close Contacts Quietly: Ask them to remove your tags and kill contact syncing.

        Platform Toggles (check each)

    These switches are low drama, high payoff. Flip them before contact. They cut indexing, discovery, and automated tagging at the source. Treat every platform like a leak you’re throttling by valve.

• Face recognition/off-platform tracking: OFF

• Contact upload & “friends of friends” discovery: OFF

• Location history & check-ins: OFF

• Search engine indexing of profile: OFF

• Tag review & timeline review: ON

• Ad topics & audience lists: OFF

• Profile visibility for email/phone: NO ONE

• API/third-party access: NONE unless essential, review monthly

Re-verify after major app updates, vendors backslide. Screenshot settings for your ledger. If a toggle won’t stick, assume data capture is strategic – minimize usage or migrate the identity.

        Media & Documents (safe workflow)

    Media is the fastest path to correlation. Photos, PDFs, and video carry more than pixels. Your baseline is offline edits, clean exports, and independent verification before anything goes live.

1) Edit offline.

2) Export to neutral formats.

3) Strip metadata.

4) Re-encode video with fresh container.

5) Sanitize PDFs.

6) Inspect.

7) Publish only from the assigned identity device/profile.

8) Verify from a clean browser session.

Confirm from a clean browser and a separate network. If a file draws a reverse-image hit or leaks GPS, pull, replace, and rotate themes. Log the incident and tighten your scrub pipeline.

        Devices & Networks

    Devices and networks fingerprint you even when content doesn’t. Build per-identity profiles, change user agents, and keep cover traffic off home IPs. Segmentation beats luck.

• Profiles per identity. Distinct browsers, extensions, fonts, language packs, time formats.

• No cross-sign-in. Never log two identities into one profile.

• Network split. Guest SSIDs, travel MiFi/eSIMs, or workplace networks for cover identities. No home IP.

• Disable WebRTC and QUIC on cover browsers to reduce IP leaks.

• MAC randomization on Wi-Fi.

• Bluetooth, NFC, AirDrop/Nearby Share – OFF on operational devices.

• OS telemetry – minimize. Push crash-reports to “ASK.”

• System names. Non-identifying device hostnames.

If compartments cross, rebuild profiles from zero. New browser, new extensions, new time format. Move posting to a different egress and MAC. Record the shift so you can audit later.

        Mobile

    Phones betray routines. Treat mobile as its own compartment – work profile or separate handset, hardened permissions, and ad ID resets. Keep background services hungry and deaf.

• Per-identity mobile or work profile. Separate app stores and analytics.

• Reset advertising IDs. Then disable ad personalization.

• Per-app location: “NEVER” or “ASK.” No background updates.

• Photo location tagging: OFF

• Contact/Calendar access – deny by default.

• Keyboard & IMEs – one trusted keyboard per identity.

• Bluetooth beacons – disable scanning and background discovery.

• Wi-Fi auto-join – off for public SSIDs. Clear known networks quarterly.

If you see location-linked ads or contact bleed, nuke and repave – revoke, reset IDs, reinstall, and restore only mission apps. Recheck permissions after each update, they tend to re-enable.

        Payments, Shipping, and Logistics

    Money and mail bind identities faster than photos. Use unique cards, alias emails, and separate delivery endpoints for each compartment. Don’t let billing addresses cross the line.

• Distinct Payment Instruments: per identity (privacy virtual cards help).

• Mailing Addresses: P.O. Box/CMRA for purchases and returns.

• Receipts: route to the matching alias inbox.

• Loyalty Programs: avoid. They couple your travel, purchases, and name.

• Domain privacy: use registrar privacy and anonymous email. Confirm WHOIS often.

If a receipt or shipment lands in the wrong inbox or address, treat it as a leak. Close the loop – rotate instruments, update vendor profiles, and move to a new mailing channel.

        Public Records & Bureaucracy

    Paper trails outlast profiles. Where legal, exercise privacy options, mask contact fields, and keep ownership abstracted. You’re reducing linkage, not evading obligations.

• Voter roll privacy options if offered.

• DMV/driver record privacy flags if available.

• Property records – trustees/LLCs where legal.

• Phone directories – opt-out.

• People-finder removals – quarterly, persistent.

Revisit after life events – moves, renewals, filings. Each touch can republish data. If you can’t suppress a record, offset it – tighten brokers, remove surface links, and avoid re-broadcasting.

        Wearables, Vehicles, Home

    Side channels leak patterns – step counts, license plates, SSIDs, telematics. Set profiles to private, mute sharing, and keep brand badges out of frame. Your home and car shouldn’t co-star online.

• Fitness Trackers: private profiles, no public segments, disable “flyby” and leaderboard.

• Smart Home: avoid public cloud integrations tied to your legal name.

• Vehicle Telematics: opt-out where possible. Don’t register the app with identity emails.

• Home View in Google Maps: blur.

• License Plates in Photos: blur.

• Home Wi-Fi SSID: non-unique name. Don’t reveal address in screenshots.

If a segment or plate shows up in search or social, scrub posts, blur assets, and lock accounts. Opt out of public leaderboards and disable “flybys.” Verify that cloud tie-ins are off.

        Travel & Events

    Travel magnifies metadata. Delay posts, ditch badge photos, and keep venue signage out of shots. Use tethering or a travel router, hotel portals pair names to devices.

• Avoid live posting. Delay by hours/days.

• Conference precautions – no badge photos, no venue selfies with signage.

• Hotel networks – captive portals can pair name+room+MAC. Use tethering or a travel router.

• Flight trackers – don’t share boarding passes; strip barcodes; don’t post seat maps.

If an itinerary leaks, stop live posting, rotate avatars, and shift cadence. Pull any boarding-pass images and invalidate barcodes. Assume someone logged times and places – change them next trip.

        Decoys & Deconfliction

    Decoys can buy time, but only if you sustain them. New images, new interests, and clean separation. Never let a decoy “know” your real circles.

• Decoy seeds only if you can maintain them. New imagery, new cadence, and distinct interests.

• Never reference real circles from decoys.

• Set tripwires (unique email aliases) to detect who scraped what.

If a decoy drifts toward truth, retire it. Archive, seed a fresh build with different style and rhythm, and widen segmentation. Track decoy interactions so you can see who’s collecting.

        Map each identity to a fixed VPN egress in a plausible geography. Consistency blocks “IP hop” flags without tying you to home infrastructure.

        Tempo is protection. This schedule turns exposure control into routine, not a scramble. Treat it like PT – short, regular, relentless. Set calendar tasks, use a ledger, and verify from clean browsers on separate networks. Tradecraft lives in repetition you control, not the collector.

• Weekly: name/handle search, avatar reverse-image, broker spot-check, confirm privacy toggles.

• Monthly: breach checks, third-party app audit, DNS query audit, cloud album face clustering review.

• Quarterly: full broker opt-outs, rebuild browser profiles, reset ad IDs, Wi-Fi known-network purge.

• Annual: cull dormant accounts, rotate banners/avatars/style, refresh hardware where feasible.

Close each cycle with a short AAR – what fired, what you changed, and what moved the needle. If metrics stall or degrade, escalate one level – new imagery, new cadence, new egress, or new devices. Keep the log tight. What you can’t measure, you can’t control.

        Use text-only paste via “paste and match style” when posting statements. You’ll strip hidden IDs, track changes, and embedded authorship artifacts.

        Speed and order matter. Confirm the signal, then act from a clean browser and a separate network. Prioritize containment, then removal, then rotation. Don’t touch the contaminated identity until the plan’s set. Log every step. Process is simple: detect, isolate, neutralize, and only then resume routine.

Close with an AAR the same day. Note what fired, what you changed, and what moved. If any signal persists after 24–48 hours, escalate a tier – new device or browser profile, fresh egress, avatar/theme rotation, and widened takedowns to mirrors and caches. Notify only need-to-know contacts. Update the ledger and adjust the monitoring cadence so this doesn’t repeat.

        Convert sensitive PDFs to raster images, then rebuild as a new PDF. You’ll strip embedded objects and invisible layers that survive normal sanitizers.

        This is administrative tradecraft. The point here is to remove artifacts, not argue ideas. Move methodically, cite policy, and keep emotion out. The goal is speed, repeatability, and a paper trail you can show to anyone.

1) Collect Evidence: URLs, timestamps, screenshots, and the exact policy being violated.

2) File on The Original Host First: Then chase mirrors and caches.

3) Use platform language: PII exposure, harassment, copyright, impersonation.

4) Escalate Rhythm: Form → abuse/legal email → registrar/host → search engine removal where applicable.

5) One Concise Follow-up Per Week: No debates. Parallelize.

Close clean. Confirm removal from a clean browser and different network. If a host ignores you, escalate one level and file with search engines to cut traffic. Where lawful, send a short demand letter and include proofs. Rotate imagery and cadence to blunt rediscovery. Add a tripwire to spot reuploads early.

        Keep separate passkey sets on distinct hardware for each persona. Device binding stops silent crossover during autofill.

        Measurement keeps you honest. It shows whether controls work or just feel good. Track the same signals on a schedule, from clean browsers, and log deltas. Treat this like range data – cold, comparable, repeatable.

Close each review with a decision. If numbers improve, maintain and tighten. If they stall or rise, escalate one step – new imagery, new cadence, fresh egress, or device rebuild. Record what you changed and why. That trail lets you repeat what works and kill what doesn’t.

        Capture screenshots of documents via a sandbox VM rather than exporting originals. Screenshots inherit none of the authoring history.

        Speed wins. Paste these into a shell. Test on dummy files first. Verify every output. Treat each step as a repeatable, verifiable procedure you can defend under scrutiny.

        Strip All Metadata in a Folder (lossless where possible):

        Verify Nothing Remains:

        Sanitize a PDF and Remove Annotations:

        Re-Encode Video Without Metadata:

        Mass Clear Browser State (per profile):

        Mobile Ad Graph Reset:

        Broker Pass Reminder:

        Find Stray Metadata:

Package these into scripts with comments and checks. Version them. Re-run after major OS or app updates. If outputs change, update SOPs. The standard is repeatable, verifiable, and fast under pressure.

        Plant canary details in résumés and bios—unique phone or alias – so any reuse reveals the reseller. Track which outlet burns it and adjust tradecraft accordingly.

        These aren’t suggestions. Break one and you hand the collector a shortcut. Treat them as non-negotiable checks before every post, login, or upload. Personal OPSEC lives or dies on discipline.

• Don’t reuse images, banners, taglines, or bios.

• Don’t post from mixed devices or home IP for cover.

• Don’t allow contact syncing.

• Don’t store identity mappings in cloud storage.

• Don’t run decoys you can’t maintain.

If pressure pushes you toward a breach, stop and redesign. Write SOPs to catch slips, then audit. If a red line is crossed, document it, remediate fast, and rotate identifiers, devices, or networks. No exceptions.

        Assign a unique misspacing pattern in dates or phone formats to each persona. If that pattern reappears elsewhere, you’ve found a bridge.

        OSINT control may start with a one-time sweep, but it needs to be an ongoing routine. Build the schedule, enforce compartments, and document the results. When you see a leak, move fast, then change something meaningful – device, network, imagery, cadence, or handle. Tradecraft here is critical – remove repetition, break continuity, and make the collector work for scraps.

//   A device is loyal to whoever maintains it. If you don’t, the adversary will.