Operator Protocol (Format)

Operator Protocol is Predaxia’s editorial framework for translating threat models into reproducible field procedures. Each protocol is a one-page document covering the operation’s threat model, the device and identity stack, the communication channels, the do-not-do list, and the abort conditions. Built from intelligence-community SOPs, journalist source-protection playbooks, and the lessons of 200+ documented operational failures across the public surveillance literature.

What it means in practice

The protocol is the artifact that turns “be careful” into a checklist someone else could execute. Tactical Tech’s Holistic Security manual calls them “security plans.” CPJ calls them “risk assessments.” The intelligence community calls them SOPs. The format Predaxia uses borrows from all three. The protocol covers: who the adversary is (named, not “hackers”), what data the adversary wants, what countermeasures cut the most leverage, what the operator will not do regardless of convenience pressure, and the trigger conditions for aborting the operation. The discipline is to write it down before the operation starts and to revisit it every 90 days because the threat moves and the operator drifts.

Where it shows up

Used in Predaxia case studies (the Investigative Reporter scenario, the Domestic-Violence Survivor scenario, the NGO Field Worker scenario, the High-Conflict Divorce scenario, and others). The structure is consistent: section 1 names the operator, section 2 names the adversary specifically, section 3 inventories the assets, section 4 lists the countermeasures with cost and trade-off, section 5 sets the abort conditions. The Predaxia editorial position: most operational failures are not “we used the wrong tool,” they are “we never wrote down what we would do, and on the bad day we improvised.” The protocol exists to remove the improvisation.

What you can change today

Build a one-page protocol for the most sensitive thing you are currently doing. Sheet of paper, five sections, 30 minutes. Section 1: who you are in this context (your operational role, not your full life). Section 2: who the adversary is, named specifically (not “hackers” or “the government” but the actual party most likely to engage). Section 3: the three pieces of information whose disclosure would cost you the most. Section 4: the countermeasures protecting each, with the cost in convenience honestly logged. Section 5: the trigger conditions where you stop the operation rather than push through. The page is not for sharing; the page is for you. Revisit every 90 days.

Related articles