OPSEC for Investigators: Researching Safely with Sock Puppets
OPSEC (operational security) covers all the measures you use to protect your own identity and approach during an investigation. Anyone analysing open sources leaves traces too – and those can jeopardise a covert investigation or warn the target.
Why OPSEC matters
Even a single click from your private account, a viewed profile or a request from the office network can allow conclusions to be drawn. The goal is to decouple the investigation from your own person.
Setting up sock puppets properly
A „sock puppet" is a credible research account that does not trace back to you. Key points:
- Strict separation of private and professional identities – never mix them.
- Consistent but inconspicuous profile data with no real personal references.
- Separate browser profiles or environments per persona.
- No cross-links via phone numbers, email addresses or reused passwords.
Common mistakes
- Taking „just a quick look" with your own account.
- Interacting with the target (likes, follows, requests) instead of pure observation.
- Overlooking metadata in uploaded files.
- Always using the same environment for every persona.
The best investigation is useless if it warns the target in advance.
Documentation despite anonymity
OPSEC does not mean giving up traceability. Anonymous on the outside, cleanly documented on the inside – screenshots, sources and timestamps belong in the case file without gaps, so the results stay sound.