B3RN3D

Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.

Camgirl OPSEC

If you read this interesting post from the nice people over at Vice, it covers a few items about good OPSEC when you have the threat of stalkers as part of your threat model.

Low Tech But High Investment

You don’t expect that an overzealous camgirl fan to be able to do facial recognition, but we know that services like Google and Facebook can offer this service for free! Doing a reverse image lookup or trying to look at a photo’s metadata are really simple things that just about any low life can figure out.

The more serious weapon that they have is not technology, but commitment and drive. They will do anything in their power to try and find out information about you.

Recommendations

Buy Burner Everything: We’ve heard about burner phones but don’t forget about a dedicated cam girl laptop, and more importantly camgirl camera used only for your online business.

Your camera can tell a lot about you. The optics, resolution, capabilities are all fingerprintable metrics. If a perv is able to find another photo series using the same expensive equipment, it may be be possible for them to find that you’re cross-posting dirty pictures on other sites like Facebook.

Do Your Homework On The Service: The article mentions using a VPN of course. This is important as a fall back but it’s important that the camgirl service being used does everything it can to protect your IP from being leaked. Ask questions to the service about whether IPs are logged and who has access to that information. How do you create accounts and how do you recover your password if it’s lost? Which brings us to a reminder about account security.

Secure Your Accounts: Does the cam service let you reset your password by answering a few personal questions? Are these questions that someone that is a super-fan would know by chatting with you? Find a cam service that provides two-factor security so that you enter in a user name, a password, and then you have to enter in a One-Time-Password. This will help ensure that no one is able to get in even if they guess what your password is. In my “research” I have found only once service that provides this type of security. And of course, choose a strong password.

Build a List Of Lies: There is no good defense against someone that is going to do everything they can to try and get you to leak information about yourself. As I’ve discussed before, don’t tell them what you don’t want them to know. Lie to them.

If someone asks you about your coffee table and you realize it was made two streets down from your current location, don’t say “Sorry I can’t tell you.” You’ve confirmed to the adversary a piece of sensitive information that they will likely target at another time. Lie to them. Tell them it’s a popular brand purchased from a popular store that is popular in your entire country.

Come up with a list of lies so that you can remember to maintain them. This could include:

  • Name
  • Country of origin
  • Age of your house
  • Brothers, sisters, family members and their names
  • Previous relationships
  • Favorite band, music, politician, TV show, movie, book, etc.
  • University and expertise
  • Professional employment

Hide In The Darkness: If you live cam at 17:00 every day, and you do it by a window, they not only will be able to deduce what timezone you’re in, but also how far North you live. Those camgirls that live in the Scottish Highlands will have a lot less daylight towards Winter, something that an attacker would notice.

Tell Your Friends About Your Policy: You might be embarrassed about being a cam'er and telling your friends about it is the worst idea. But consider this, if someone finds out that you are a cam girl, are you sure that friend won’t leak your information.

When someone finds out that you are friends with someone else, their gears will automatically shift to finding out about them. Do they have the same OPSEC policy as you? Do they have an open Facebook account? Do they have any other pictures of you that they’re willing to sell?

It seems bad opsec to disclose a secret but it is counterintuitive. It’s always better to confide in someone a secret, than risk they find out on their own. By letting them in on the secret, and showing them how serious the secret is to you, you are asking them to join in to protect that secret. Without doing so ahead of time, there is no social contract that would imply this.