What is OPSEC Mistakes?

Even sophisticated security can be undone by a single OPSEC mistake. Most anonymity failures come from human error, not technical failure.

Common Mistakes

• Cross-contamination: Using the same username, email, or password across anonymous and real identities
• Metadata leaks: Forgetting to strip EXIF data from photos, or using a document with embedded author info
• Timing correlation: Always posting under a pseudonym at times that match your timezone/schedule
• Writing style: Linguistic patterns can be analyzed to match anonymous and known writing (stylometry)
• Browser leaks: Using Tor but logging into a personal account
• Physical patterns: Buying crypto at the same ATM, or always using the same cafe's WiFi

Famous OPSEC Failures

• Silk Road: Ross Ulbricht posted his real email on a forum promoting Silk Road years earlier
• Hector Monsegur (Sabu): Connected to an IRC channel without Tor once
• Ross Ulbricht again: Used a public WiFi network at a cafe where he was arrested with his laptop open

Prevention

1. Define your threat model before acting
2. Compartmentalize identities completely
3. Assume every action leaves a trace
4. Regular OPSEC reviews — what have you leaked?