Operational security basics
Anonomi is designed to reduce technical exposure.
Operational security (OPSEC) is about reducing human mistakes.
No app can make unsafe behavior safe. This page explains how to use Anonomi in ways that don’t undermine its design.
What OPSEC means here
Section titled “What OPSEC means here”Operational security is not about paranoia or perfection.
It’s about:
- choosing when to communicate
- choosing how to connect
- understanding what the app does not protect
Anonomi gives you options. OPSEC is how you use them.
Your device is the weakest link
Section titled “Your device is the weakest link”If your device is compromised, Anonomi cannot protect you.
Assume risk if:
- Your phone is rooted, jailbroken, or running unknown software
- Someone else has had unsupervised access to it
- The operating system is outdated or modified
- The device can be seized or inspected
Basic discipline
- Use a device lock (PIN, password, or biometric)
- Keep physical control of your device
- Treat lost or seized devices as compromised
Identity separation matters
Section titled “Identity separation matters”Contacts are not permanent trust relationships.
Even without real names:
- Writing style
- Time patterns
- Voice characteristics
- Profile images
…can link identities over time.
Good practice
- Avoid reusing names, photos, or phrases across platforms
- Don’t assume contacts remain safe forever
- Remove contacts that no longer need access
Connectivity is a decision, not a default
Section titled “Connectivity is a decision, not a default”Anonomi supports multiple connection modes because no single mode is always safe.
Before communicating, decide:
- Is the internet usable but risky?
- Or is the internet itself the threat?
Rule of thumb
- Internet usable → Tor
- Internet dangerous → Offline modes
Don’t “just try online” out of habit.
See:
Say less, not more
Section titled “Say less, not more”Messages can outlive context.
Even encrypted messages can:
- be shown under coercion
- be misinterpreted later
- resurface when devices are compromised
Safer habits
- Keep messages short and specific
- Avoid unnecessary context
- Don’t send anything you wouldn’t carry physically
Silence is often safer than clarification.
Features reduce risk — they don’t remove it
Section titled “Features reduce risk — they don’t remove it”Security features are risk reduction tools, not guarantees.
- Panic button helps under pressure, but may not erase everything instantly
- Stealth mode hides the app, not its existence
- Voice distortion reduces recognition risk, not identity certainty
- Offline modes reduce network exposure, not device exposure
Use features intentionally, not as a safety net.
Assume pressure, not ideal conditions
Section titled “Assume pressure, not ideal conditions”Design your behavior for:
- stress
- fatigue
- time pressure
- mistakes
Avoid plans that only work when everything goes right.
Good defaults
- Prepare settings in advance
- Keep fallback options
- Know when not to communicate
When in doubt
Section titled “When in doubt”If something feels unsafe:
- Pause
- Go offline
- Say less
- Delay sending
You don’t need perfect certainty to choose caution.
Related documentation
Section titled “Related documentation”- Threat model
- Scenarios and transport tradeoffs
- Connections settings
- Panic button + panic contacts
- Stealth mode
OPSEC is not about doing everything — it’s about avoiding the most common mistakes.