OPSEC (Operational Security) is the discipline of identifying and protecting information that could be used against you, your sources, or people you care about.
Originally a military concept, OPSEC applies to anyone whose actions, location, communications, or associations create risk if exposed — journalists, lawyers, NGO workers, people in legal disputes, military families.
OPSEC is not about tools. It is about decisions. The right tool used carelessly provides no protection. Start with a threat model before choosing tools.
What it means in practice
OPSEC failures are almost always behavioural, not technical. A journalist who uses Signal but discusses a source’s identity on an unencrypted call has failed OPSEC. An activist with a strong device passphrase who logs into their real-name email on a monitored network has failed OPSEC. The principle: identify what information an adversary would find useful, then work backwards to where that information exists and how it could be accessed.
Related articles
Build your threat model in 20 minutes. — Communicate with confidential sources safely. — Security checklist before high-risk travel.