Operational Security
====================

Bitmessage has many features that are designed to protect your anonymity during normal use. There are other things that you must or should do if you value your anonymity.

Castles in the sand
-------------------

You cannot build a strong castle on unstable foundations. If your operating system is not wholly owned by you then it is impossible to make guarantees about an application.

 * Carefully choose your operating system
 * Ensure your operating system is up to date
 * Ensure any dependencies and requirements are up to date

Extrordinary claims require extrordinary evidence
-------------------------------------------------

If we are to make bold claims about protecting your privacy we should demonstrate this by strong actions.

- PGP signed commits
- looking to audit
- warrant canary

Digital foootprint
------------------

Your internet use can reveal metadata you wouldn't expect. This can be connected with other information about you if you're not careful.

 * Use separate addresses for different puprose
 * Don't make the same mistakes all the time
 * Your language use is unique. The more you type, the more you fingerprint yourself. The words you know and use often vs the words you don't know or use often.

Cleaning history
----------------

 * Tell your browser not to store BitMessage addresses
 * Microsoft Office seems to offer the ability to define sensitive informations types. If browsers don't already they may in the future. Consider adding `BM-\w{x..y}`.