A Wired Guide to Digital Opsec for Teens

Think Big Man Opsec is really about time travel – take small, protective actions now before you face a disaster later. If you’re not on auto-delete, an explosive, emotional text exchange with someone you’re currently dating — or, the photos you sent each other — will stick around forever. It’s natural for things to change and all kinds of relationships to come and go. You may trust someone and become close to them now but break up within a year or two.

If you imagine a more extreme scenario where you are questioned by the police, they can get a warrant to search your digital accounts or devices. If they want to hide their activities from law enforcement, people should do everything they can to keep themselves safe. To be clear, this guide is definitely not encouraging you to commit crimes. Do not commit crimes! The point is just to understand the value of maintaining the basics of opsec, because if some of your digital information is exposed accidentally or out of context, it could theoretically look criminal.

You probably understand a lot of this intuitively. (Don’t give your password to friends, right.) So this guide largely ignores the obvious and emphasizes the more subtle and unintended consequences of not practicing Opsec well.

Memorable Opsec Fails

“Signal Gate”, 2025: US officials discuss war plans in a group chat on the secure messaging app Signal. Then they randomly added a reporter to the chat. Subsequently, US Secretary of Defense Pete Hegsett famously (embarrassingly) tweeted, “We are now clear on OPSEC.” At least some members of the chat were also potentially using a modified and insecure version of Signal. Not everyone is very clean in opsec.

Gmail drafts exposed, 2012: Then-CIA Director David Petraeus and his agents shared a Gmail account to hide their communications by leaving them to each other as draft messages. Given that this was very innovative before most messaging or messaging apps offered disappearing/ephemeral messages, the FBI discovered this strategy.

Identities

Opsec is all about segmentation, and that’s the hardest part. Failure to compartmentalize is often how criminals are caught or how information that was supposed to be kept secret is revealed. Think of your online life like rooms in a house. Each room has a separate key. If someone breaks into a room, they can take everything in there, but you don’t want them to be able to escape across the room.

You can have multiple identities online and compartmentalize the activities of each, but maintaining this separation requires forethought. You’re real, using your original Gmail or Apple ID for personal and family stuff and social accounts where you use your real name, plus school and maybe work. Another compartment is your school email and school file storage. Then there are your more consistent online personas who might have semi-anonymous handles, like jnd03 for Jane Doe. Friends know that these accounts are yours, and classmates can probably guess them. Finally, there might be a nickname for you: alt accounts without an obvious link to you – like Jane Doe using the handles “_aksdi0_0” or “peter_mayfield01”.

Separation rules

You have accounts with your real name, but you probably need aliases as well. Strong segmentation prevents people from dexing your alias accounts. But that’s easier said than done.

Obviously, don’t recycle usernames across platforms. If JaneD03 is your Instagram handle, don’t use that or a similar name for your anonymous Reddit account. Don’t even reuse passwords – especially between real and fake accounts. Don’t use your original email address to avoid exposing a compromised alias. Instead, use a unique nickname. Gmail “spot tricks” (@jane.doe, @j.ane.doe) don’t count because they all show your original account equally.