The Field Manual is organized into six operational domains. Each domain contains specific TTPs (Tactics, Techniques, and Procedures) — the most granular and most frequently updated layer of guidance. These are the things you actually do.
The OODA Loop — Your Decision Cycle
ObserveNotice the new development, threat, or change in your environment
OrientPlace it in context — what does it mean for your specific threat model?
DecideChoose a response proportional to the actual risk
ActImplement the change, then return to Observe
Domain 01 · Physical
Physical Security
Your physical environment generates data constantly — from the cameras you pass to the WiFi networks your devices probe for. Physical security tradecraft reduces the data trail you leave in the material world.
P.01
Location Awareness
Understand which environments are surveilled and how. Cameras, license plate readers, WiFi access points, and Bluetooth beacons all generate location data. Know what is watching before you decide what to reveal.
P.02
Device Discipline in Physical Spaces
Your phone broadcasts its presence to every WiFi network and Bluetooth device nearby. Airplane mode, Faraday pouches, and conscious device management in sensitive locations are baseline physical OPSEC.
Domain 02 · Behavioral
Behavioral Patterns
Predictability is vulnerability. Behavioral tradecraft introduces deliberate variation into your routines, purchases, and digital habits to reduce the accuracy of behavioral profiles built from your patterns.
B.01
Pattern Discipline
Deliberately vary routes, schedules, purchase methods, and communication habits. The goal is not randomness — it is the conscious management of routine to prevent accurate behavioral modeling.
B.02
Purchase Compartmentalization
Separate categories of purchases across different payment methods and accounts. A single loyalty program that tracks groceries, prescriptions, and travel builds a comprehensive behavioral profile.
Domain 03 · Digital
Digital Operations
The digital domain generates the most data and offers the most control. Digital tradecraft covers device configuration, communication security, metadata management, and the reduction of your digital fingerprint.
D.01
Browser Compartmentalization
Use different browsers or browser profiles for different activities. Separate personal, professional, financial, and research browsing to prevent cross-domain tracking and fingerprinting.
D.02
Encrypted Communications
Use end-to-end encrypted messaging for all sensitive communications. Understand the difference between encryption of content and exposure of metadata — who you talk to, when, and how often is often as revealing as what you say.
D.03
Metadata Hygiene
Strip metadata from photos, documents, and files before sharing. GPS coordinates, device identifiers, timestamps, and editing history are embedded in most digital files by default.
D.04
Device Fingerprint Reduction
Reduce the uniqueness of your browser and device configuration. Screen resolution, installed fonts, browser plugins, and timezone settings combine into a unique signature that tracks you without cookies.
D.05
Account Audit
Regularly audit the accounts, services, and platforms that hold your data. Delete accounts you no longer use. Revoke permissions you no longer need. Every dormant account is an unmonitored attack surface.
D.06
Data Broker Opt-Out
Systematically opt out of data broker services that aggregate and sell your personal information. This is an ongoing process, not a one-time action — brokers continuously re-acquire your data from new sources.
Domain 04 · Financial
Financial Privacy
Financial transactions are among the most revealing data points in your behavioral profile. Financial tradecraft reduces the legibility of your economic life without requiring you to live off-grid.
F.01
Payment Method Diversity
Use cash for privacy-sensitive purchases. Use privacy-respecting payment methods where cash is impractical. Understand that every digital transaction creates a permanent, searchable, sellable record.
F.02
Loyalty Program Assessment
Evaluate the cost-benefit of every loyalty program, rewards card, and discount membership. The discount is the price they pay for your behavioral data. Decide consciously whether the trade is worth it.
Domain 05 · Social
Social Engineering Defense
The social domain is where most data is voluntarily surrendered. Social tradecraft builds the habits of information triage, conscious disclosure, and trusted circle management.
S.01
Information Triage
Pause before sharing personal information in any context. Assess whether sharing is necessary, who the information will reach, and what the realistic downstream pathways are. This is not secrecy — it is conscious disclosure.
S.02
Trusted Circle Architecture
Explicitly map who holds which categories of your sensitive information. Build and maintain agreements — explicit or implicit — about how that information is handled within your network.
Domain 06 · Psychological
Psychological Resilience
The psychological domain addresses the internal barriers to consistent practice. Without cognitive integrity, technical tradecraft degrades. This domain ensures you can sustain your practice over time.
P.01
Bias Recognition
Regularly audit your own thinking for the cognitive biases that undermine privacy practice: normalcy bias, optimism bias, confirmation bias, anchoring, sunk cost fallacy, and availability heuristic. The Mirror Card is your tool for this.
P.02
Sustainable Practice Design
Design your privacy practice to be maintainable over years, not weeks. Perfectionism is the enemy of consistency. A practice you actually follow every day is infinitely more valuable than a comprehensive system you abandon after a month.
P.03
Community Accountability
Privacy practice is easier and more sustainable when practiced in community. Share your practice with trusted people. Teach what you learn. The mutual aid radius strengthens when privacy knowledge is distributed.