Definition
Operational security, almost always shortened to OPSEC, is a systematic process for denying an adversary the information they would need to act against you. NIST defines it as the process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of sensitive activity. The discipline was formalized by a US military team during the Vietnam War, which discovered that enemy forces were anticipating operations not from leaked secrets but from patterns assembled out of seemingly harmless details — supply movements, radio habits, routine schedules. That founding insight still defines the field: the dangerous leaks are rarely the obvious ones.
The five-step loop
Classic OPSEC follows five steps: identify your critical information, analyze the threats against it, analyze your vulnerabilities, assess the risk those vulnerabilities create, and apply countermeasures. What makes the process powerful is its aggregation lens — individually trivial data points combine into an actionable picture. Your routines, purchases, online handles, package deliveries, and offhand comments are each harmless alone; assembled, they can answer an adversary's three questions: what do you have, where is it, and when are you vulnerable. OPSEC is threat-model-driven by design: you cannot defend everything against everyone, so the loop forces you to name what you are protecting and from whom before choosing countermeasures.
OPSEC for the sovereign Bitcoiner
For someone holding Bitcoin in self-custody, the critical information is easy to enumerate: the fact that you hold significant value, where your keys and backups live, how your custody is structured, and your physical whereabouts and routines. Threats range from remote attackers scraping data leaks to targeted phishing to physical coercion — the so-called five-dollar-wrench attack, against which every cryptographic protection is worthless if an attacker knows you are worth wrenching. Countermeasures follow directly: never broadcast holdings, online or in person; keep your financial identity separated from your social identity; take deliveries of mining or wallet hardware in ways that do not tag your home address as a target; and be conscious of the metadata your devices and transactions leak. On-chain privacy is part of the same picture — address reuse and careless consolidation can link your cold storage to your public identity, and tools like CoinJoin exist precisely to break those linkages.
OPSEC for miners and node runners
Running hardware adds its own signature. A garage full of ASICs has a heat plume, a noise profile, and a power draw a utility can see; a node or Nostr relay advertises your IP address unless routed through Tor or a VPN. None of this means hiding everything — it means knowing what each activity reveals and deciding deliberately. The craftsman's version of OPSEC is not paranoia; it is inventory control over information.
A habit, not a configuration
OPSEC is the umbrella over more specific practices such as compartmentalization — keeping identities, devices, and funds in separate non-communicating compartments — and pseudonymity, participating publicly without linking activity to your legal identity. Two closing principles keep the practice sane. First, consistency beats intensity: one drunken photo of your seed phrase storage undoes years of discipline, so sustainable habits outperform heroic ones. Second, revisit the loop as circumstances change — a stack that grew tenfold, a move, a new public profile all change your threat model. Done well, OPSEC makes you a smaller, harder, less interesting target, which is the quiet foundation everything else in digital sovereignty stands on. The goal is not invisibility — that is exhausting and usually unnecessary — but deliberate control over what you reveal, to whom, and when. Pick countermeasures you can actually sustain for years, because the pattern an adversary exploits is the one you fall back into when discipline fades.
In Simple Terms
Operational security, almost always shortened to OPSEC, is a systematic process for denying an adversary the information they would need to act against you. NIST…
