Operational Security (OPSEC)/Internet Behavior Recommendations:
Considering its whole purpose is to take advantage of people who don't do these things (and even those who do), you'd think this section would be the most important in the NSA's network-of-fear brochure.
Like the rest, most of the recommendations are the things most people already know, but don't follow:
- Hotspots and kiosks – "Susceptible to adversarial activity," which makes digital espionage sound much more exciting than some creepy guy with a sniffer vacuuming up your passwords while you sit in Starbucks browsing English Translation sites trying to figure out what Venti means.
- Exchanging Home and Work Content – Don't leave anything on the bus; don't forward secret stuff through email. Email isn't encrypted, so anyone with access to a router between you and your correspondent can read yours as it flies by.
- Storage of personal information on the Internet – There's no problem with this. Really. Sony's data-breach debacle notwithstanding. And Epsilon's. And TJMaxx. And Epsilon. And TJMaxx. Texas. Verizon. OmniCare. Sony, again. And a third time.
- Basically: Don't put secret stuff on social networking sites; use secure or encrypted (HTTPS, SSL) Internet links when you do your online banking; use different usernames for home and work emails so it's harder for Adversaries to find you, and use encrypted connections for those, too. Use passwords complex enough that you can't remember them, but don't write them down. Change them frequently.
- Smartphone pictures are dangerous? – GPS metadata attached to your smartphone photos can give away where you were at any given time, so be careful of that when you post or mail photos. I would assume the photo itself would also give away where you were when you took it, but who's the security expert, here. That's right, the NSA.
Way down at the bottom, the NSA guidelines actually give some unusual recommendations that are pretty useful, but far more complex than most people are willing to look into: