What doesn’t actually constitute an OPSEC violation
We live in a world more connected than ever before. Within many of our pockets is a device that can instantly share words, voice, photos, and videos with anyone else connected to the internet. That unprecedented ease of access to information has led many to accidentally share restricted, sensitive information. This is a breach of what's known within in the military as "operations security" (OPSEC). We all know that loose lips sink ships, but despite that, it seems like lectures have been given on a near-weekly basis in the military to keep information from leaking.
As long as thought is put into what's posted, no sensitive information is released, and what is posted won't be used as key puzzle piece for the enemy, no one gives a sh*t.
Here's what you can share without violating OPSEC. Of course, take all of this with a grain of salt. Take all commands from your superiors and unit's intelligence analysts. They will always have the final say.
1. Group photos (as long as nothing sensitive is shown)
If you're deployed to Afghanistan and you want to get a picture to remember the good times, go for it! Post it on Facebook and tag all of your bros so you can reminisce down the road.
Make sure it isn't taken in a classified location, inside the Ops center, or anywhere else with sensitive information around. Make sure that nothing is shown that hasn't yet been made public knowledge.
2. General information about yourself
Chances are high that you're not doing Maverick-level work, so there's no need to use the "If I told you, I'd have to kill you" line at the bar. If you're a regular Joe in the formation, it's not a secret that you're just rearranging connexes in between the occasional patrol mission.
For the large majority of Uncle Sam's warfighters, the only real bit of sensitive information about an individual is a social security number — but letting that slip is more of a personal security risk than a national one.
3. General locations (if it's public knowledge troops are there)
Obviously, you should never post GPS coordinates along with times of your movements. But if someone asks where you are, you can totally reply with, "I don't know, some sh*thole in the middle of nowhere." People don't really need to know, care, or sometimes understand where you're at.
Plus, we've had troops in Afghanistan for almost seventeen years, so they can probably find the country on a globe, and that's about it.
4. Mailing address (after a certain time)
If you're out on deployment and someone back home is worried sick about you, it's completely fine to say where you're at after the unit allows you to post it.
Deployed mailing addresses are very distinct. The street code is usually the unit, the city and state is "APO, AE," and the ZIP code starts with a zero. This format is the same for troops in-country, stationed overseas, and at sea. There isn't much personal information that can be deciphered from a mailing address that can't be found in hundreds of other ways. "Private Smith is with this unit and isn't in America" isn't a shocking discovery.
5. Anything already published
"I don't know how to break this to you guys — and it's super serious — troops have supplies somewhere in the Middle East!" See how dumb that sounds? Everyone already knows that.
Posting stuff on social media that's already published doesn't breach OPSEC. Why would a terrorist go through the effort to find something on your profile they can get from a quick Google search?