Sentinel Check / Ghost Protocol
MODULE 17

Physical OPSEC

Digital privacy breaks down the moment someone can physically access your device or see your screen.

0/16 done

Disk Encryption: Your Last Line of Defence

If someone steals your laptop or phone and can read your files without your password, every other privacy measure you've taken is irrelevant. Full disk encryption is non-negotiable.

WINDOWS
BitLocker

Built into Windows 10/11 Pro. Home edition: search "Device Encryption" in settings.

Settings → Update & Security → Device Encryption → Turn On
MACOS
FileVault

Built into all Macs. Encrypts the entire drive. Enabled by default on Apple Silicon Macs.

System Preferences → Security & Privacy → FileVault → Turn On
IPHONE
Automatic

iPhones with a passcode are automatically encrypted. Ensure you have a strong PIN (6+ digits or alphanumeric).

Settings → Face ID & Passcode → set strong passcode
ANDROID
Automatic (Android 6+)

Android 6.0+ encrypts by default when a PIN is set. Verify it's on in settings.

Settings → Security → Encryption & credentials → verify encrypted

Physical OPSEC Checklist

Selling or Disposing of Devices

Deleting files is not enough. "Deleted" files are recoverable with free tools. Proper wipe procedures are essential before selling, donating, or recycling any device.

WINDOWS LAPTOP
  1. Enable BitLocker first (if not already on)
  2. Settings → Recovery → Reset this PC
  3. Choose "Remove everything"
  4. Choose "Remove files and clean the drive" (slow but thorough)
  5. For maximum security: boot DBAN from USB before selling
MAC
  1. Sign out of iCloud: Apple menu → System Settings → Apple ID → Sign Out
  2. Restart in Recovery Mode (hold Cmd+R on Intel, hold power on M1+)
  3. Disk Utility → Erase the drive
  4. Reinstall macOS from Recovery
  5. Don't set it up: leave it at the setup screen for the new owner
IPHONE / IPAD
  1. Settings → General → Transfer or Reset iPhone
  2. Erase All Content and Settings
  3. This also removes Activation Lock: new owner can set up fresh
  4. Because of encryption, erasing is cryptographically complete
ANDROID
  1. Ensure encryption is on (Settings → Security)
  2. Remove SD card if present: wipe or keep separately
  3. Settings → General Management → Reset → Factory Data Reset
  4. Sign out of Google account first
  5. Encrypted + factory reset = data is unrecoverable