MIGHTY CULTURE

3 ways to maintain OPSEC while deployed

(Steve Kotecki, 21st Space Wing Public Affairs)

The United States has numerous enemies abroad who are itching to steal state secrets or decipher troop movements. We live in an age where your phone, computer, or a friendly software update can betray you within seconds — without you knowing it. While the average serviceman may not be the target of a Russian honeypot, we are susceptible to human error.

Using these 3 tips, service members and their families can reduce the risk of OPSEC (Operational Security) violations. The consequences of violating OPSEC can range from being non-rec'd (not recommended for promotion) to court-martial under the Uniformed Code of Military Justice.

This list is by no means a way to inspire fear, but rather to orient you in the technical use of geotags, metadata, and VPNs.


It should go without saying, but here's a quick reminder of the basics: don't post troop movement information, don't upload pictures inside operationally sensitive areas, and don't post when, exactly, your husband is coming home.

Outside of those basics, keep these in mind:

1. Turn off Geotags

Most people don't mind using geotags to let their social network know where they are. Plus, how are you going to brag to all of your friends if you don't tag yourself at the Eiffel Tower? As a service member, you already know you can't 'check-in' on Facebook or 'pin' the cool things you're doing — but your apps do not. Sometimes, apps on iOS and Android products will automatically. This is how you can turn it off:

iOS:

  • Navigate to 'Settings'
  • Click on 'Privacy'
  • Click on 'Location Services'
  • Tap 'Camera'
  • Under "Allow Location Access" choose 'Never.'

Android:

  • Open the Camera app on your Android smartphone or tablet
  • Tap on three horizontal lines to open the menu
  • Now, tap on the gear icon
  • There, you'll see the camera settings
  • Tap on GPS tag (This option may have a slightly different title, depending on the device) and turn it off.

Ah, yes. My apologies.

2. Remove metadata

You may have photos you've sent as an attachment or uploaded onto social media already.

Metadata is data is information about and contained within files on your computer. It can be used by hackers to reverse engineer a way into your PC because they may reveal the file paths in your directory. If what I said sounded like a foreign language, that's ok — you don't have to understand it all, but you should know how to protect yourself. You can remove (most) metadata by following these steps.

PC/Windows:

  • Right-click the image file.
  • Select "Properties" from the right-click menu.
  • Click the "Details" tab at the top of the "Properties" dialog box.
  • Open the folder containing your image files.
  • Select all the files you want to delete EXIF metadata from.
  • Right-click anywhere within the selected fields and choose "Properties."
  • Click the "Details" tab.
  • At the bottom of the "Details" tab, you'll see a link titled "Remove Properties and Personal Information." Click this link.
  • Windows will ask whether you want to make a copy of the photo with this information removed, or if you want to remove the information from the original. Choose the option you prefer and click "OK."

Mac users:

There no way to do it and the sky is falling.

Just kidding.

For mac users, the process is a little more complicated and requires either the use of a third-party program or the command prompt. This link here will point you in the right the direction.

3. Use a VPN

A Virtual Private Network masks your IP address from the rest of the world by rerouting your internet packets through a series of servers. It makes the ISP (Internet Service Provider) not able to see what you're doing and the rest of the world thinks you're in a different country. Your internet speed will be reduced but your security will increase. It's like a digital condom for your computer.

Using a paid VPN is highly recommended over using a free VPN because the public VPNs store your data and can be easily compromised, which defeats the purpose. A paid VPN will not store logs of what you are doing or who you are — there's nothing to compromise if it doesn't exist. I personally use PIA (Private Internet Access) and it's the only VPN I can personally vouch for. A quick google search can help you judge which service and pricing option is right for you.

VPNs should not be used on government computers, or you risk violating other OPSEC protocols that you're not aware of. If in doubt, ask someone from the Comm shop for clarity.

Don't send nudes.

You're welcome. From a "crayon-eating," 0311 grunt.