Emails: An Easy Pitfall One of the most common pieces of data used in surveillance is the email address. Email addresses are almost always used multiple times for multiple account sign-ups and communications with various people. They are easy to create, easy to establish correlation with between activities, and it's generally annoying to maintain more than a few email accounts at once which makes us want to use only a few at most at a single time. Not to mention that no legitimate email service is safe from government overreach and mass data harvesting, or even from email service providers themselves, as email is not inherently E2EE or metadata-resistant. Every single email provider hands data over to the government of the nation they reside in, even "private" ones like Proton, often without any resistance at all. So they will find every single service you signed up for and every person your contacted with that email account. And when governments come knocking on the doors of any corporation, that corporation happily will give them your account info, including your email address, which will then be used to correlate your other activities. Corporations also will sell your email address to other corporations, further creating an even larger web of online footprints. All this makes for the perfect piece of information for corporations and governments to target in surveillance. In short, email addresses are like a virus, infecting everything it touches, but useful when contained. You SHOULD: - Create it and use it inside the context (Laptop, Virtual Machine, IP Address) of the identity you use it for. - Only use it for accounts and communications where you speak about things pertaining to the identity for which you created it - For extra paranoia, use different email services for different identities. Using the same service could possibly help with pattern correlation, such as displaying a preference for Proton email. You SHOULD NOT: - Log into your email outside of your identity's context - Speak about or do things pertaining to your Public Identity while using an online account designated for Private Identity. - Contact a single person using multiple emails from multiple identities The ideal setup. Alice is not using her public email to contact any person or sign up for any account pertaining to her private ID, and vice versa: Names: Why So Important? It doesn't take a genius to figure out that you should not be using the same name to create accounts for multiple different identities. However this importance goes beyond just naming yourself differently. One must also take care to not provide indirect correlation through topic matter. Let's take a guy named Bob Smith. Bob Smith has a public identity with a LinkedIn, Twitter, and Youtube presence. His interests are clear: He likes cowboys and rock music. Everyone also knows his age and birthday. Now say Bob Smith wants to create a private identity to perform some grey-area activities. What should Bob call his new identity? Certainly not his real name. So Bob makes a name that feels close to himself and familiar, "RockinCowboy1991", alluding to his interests and birth year. Bob may think he is safe because he is not openly exposing his real name. But Bob does not realize he has just created correlation between his public and private identities. In this instance it would be trivial for surveillance agency to do a metadata search on anyone born in 1991 who likes cowboys. Naming correlation can also extend to conventions. For example, are you always using names of superheros? Are you always using a single word followed by 3 numbers? These kinds of conventions can create plausibility between your various identities especially if an adversary is already suspecting linkage. The best thing you can use is randomly generate your names, through random online generation tools searched for and accessed in the TOR Browser, or to use a password manager that has password and diceware generations. Some like BitWarden even have basic username generators too. Passwords Although there are little to no major OpSec failure examples of using correlation techniques against passwords or hashed passwords, it is important to take care of your password management Bad password management can lead to all accounts in a single identity getting hacked. This Whonix wiki article is also a wonderful resource about password strength, increasing threats of brute-force cracking, and how to plan ahead accordingly. So use very strong random passwords, and use master passwords for your managers and drives that are as strong as possible and you can remember. Real-World Failures Now we're going to show you some real-life examples of people who did not follow these considerations, and paid the price for it. Example 1: Yossi Sariel, Israeli Spy Chief of Unit 8200 (April 2024) Sariel made MANY mistakes here. In this example, he was supposed to have 2 identities. One for his public life and one for his secret like an intelligence chief of a special unit. In the news articles you can likely point out many errors, but let's focus on just a couple here. Firstly, is that he wrote a book about his activities as an intelligence officer and the leader of a particular unit. Then, in the book, he gave an email that was connected to his real name: Although allegedly this email was created specifically for the matters of the book, he did not even practice basic OpSec as to exclude his real name. This violates the most basic rule: do not use matching names between identities. Then, his sloppiness of linking his secret work to his public social accounts essentially erased any doubt of his position: Secondly, I want to point out one more key detail: The pseudonym he chose, "Brigadier General YS". You can see how wrong this is. He gave out 2 pieces of information in his "private" name. That he is an officer of this specific rank, and that his initials are YS. This of course is a huge violation of naming conventions. Example 2: Spanish Activist de-anonymized by linking emails across identities In this example, what happened is pretty simple: An activist created a ProtonMail account, then used an Apple email address as a recovery email for his Proton account. So let's designate 2 identities that the activist has: a Public identity and an Anonymous identity. But rather than keep them both separated, he cross-contaminated by giving a piece of information from his Public identity over to an account that is only supposed to be for his Anonymous identity. Then once he caught the attention of government by using his Proton email, the Spanish government went through the Swiss government and requested all available information on this account, which then gave them the recovery Apple email address, which they then went to Apple with and got his real-life name and information. The lesson here is that, whether or not they do, Proton COULD give this info, and that in itself is more than enough reason to never cross-contaminate. You should never trust a corporation to safeguard your identity segmentation, the only proper segmentation is the kind you create for yourself. Conclusion Through these examples you can see how important these concepts are and be sure to practice them in your daily OpSec.