pull down to refresh

I Spent 2 Weeks Auditing My Digital Privacy. Here's The Checklist I Wish....
37 sats \ 0 comments \ @milad 10h bitcoin -100 sats

https://www.privacyguides.org/

Look, I'll be honest. I used to think I was safe. I had a hardware wallet, I was using Tor for my node, and I never posted my full name online. I felt pretty good about my OpSec.

Then, last month, I got a phishing email that was scary accurate. It had my real name, my phone carrier, and even referenced a small BTC purchase I made years ago on a KYC exchange. It wasn't a generic scam. It was targeted.

That woke me up. I realized holding BTC makes you a target, and convenience is the enemy of security.

So I took two weeks off from "stacking" and focused entirely on "protecting." I went down the rabbit hole of digital hygiene. It was exhausting, but worth it. I wanted to share the checklist I built for myself, in case anyone else wants to audit their own setup without getting overwhelmed.

1. The Password Manager Reset
I was reusing passwords. I know, I know. But I switched to a self-hosted vault (Bitwarden). The key wasn't just installing it, it was rotating every single login associated with my email. Took 3 days. Painful. Necessary.

2. Killing Google Auth
This was a big one. SMS 2FA is a no-go. Even Google Authenticator is tied to a phone number sometimes. I moved everything to YubiKey where possible, and for the rest, I'm using Entropy-based seeds stored offline. If my phone gets sim-swapped, I don't want my accounts gone.

3. Email Aliases Everywhere
I stopped giving out my real email. Started using aliases (SimpleLogin). Now, if one service gets breached, I know exactly which one, and I can kill that alias without touching my main inbox. It also reduces spam significantly.

4. The KYC Data Cleanup
This is the tricky part. You can't undo KYC, but you can minimize its footprint. I requested data deletion from old exchanges I don't use anymore. Some said no, some said yes. Either way, I updated the password on those accounts to a random 64-character string and enabled hardware 2FA. They can keep my ID, but they won't get into my account.

5. Node Privacy Tweaks
Since I run a node, I checked my clearnet exposure. Made sure my Tor hidden service was the primary way I connected. Disabled UPnP. Checked my firewall rules. It's easy to think "it's just a node," but it's a fingerprint of your interest in Bitcoin. Better to keep it quiet.

The Result?
I'm not paranoid, but I'm prepared. The peace of mind is worth more than any yield I could earn in those two weeks.

I know OpSec is a journey, not a destination. I'm sure I missed things. For the veterans here who've been doing this for years: What's the one privacy upgrade you made that gave you the most peace of mind?

Always looking to tighten the screws. Stay safe out there. 🫡

write
preview
related posts