// Identity Protection

OPSEC FIELD GUIDE

How to keep your two lives from colliding. Identity separation, digital anonymity, doxxing defence, and physical tradecraft for RLSH.

You have two lives. One pays rent. The other wears a mask and walks dark streets looking for people who need help. The wall between those two lives is the most important thing you will ever build, because once it falls, it does not go back up.

This guide is adapted from military OPSEC doctrine that dates back to 1966, when a U.S. investigation codenamed Purple Dragon discovered that the enemy in Vietnam was not breaking codes or running agents. They were collecting small, seemingly harmless scraps of unclassified information and assembling them into a complete picture. A supply delivery schedule here. A radio pattern there. A troop movement log. None of it classified. All of it devastating when combined.

That is exactly how RLSH get unmasked. A geotagged photo. A patrol schedule. A reused username. A voice clip. A tattoo visible below a glove. None of it damning alone. Together, it ends careers.

CONTENTS

Foundation: How OPSEC Works 1. Identity and Persona Separation 2. Digital Footprint and Online Anonymity 3. Doxxing Prevention and Response 4. Physical OPSEC in the Field Quarterly Threat Assessment Checklist

00 Foundation: How OPSEC Works

The Purple Dragon methodology was eventually codified into a five-step process that remains standard across U.S. military and intelligence agencies. It translates directly to RLSH work.

The Five Steps

1. Identify what matters. What data would damage you if an adversary obtained it? For RLSH, the list is long: real name, home address, vehicle, patrol routes, schedule, team members, communication methods, gear storage location, employer, family.

2. Know your threats. Who wants this information, and what can they actually do? A street criminal seeking revenge operates very differently from an internet troll with OSINT skills. A journalist is different again. Each requires different defences.

3. Find your vulnerabilities. How could critical information leak through normal activities? Social media posts, consistent routes, visible licence plates, traceable gear purchases, phone location data, distinctive features, your voice. These are all attack surfaces.

4. Assess the risk. How likely is each vulnerability to be exploited, and how bad would it be? Your personal car parked at your regular patrol start point every Saturday night is high-probability and high-impact. That gets fixed first.

5. Apply countermeasures. Everything that follows in this guide is Step 5.

Who Is Actually After You

Before you implement anything, you need an honest assessment of your specific threat landscape. An RLSH doing homeless outreach faces a fundamentally different set of risks than one running confrontational crime patrols. A high-profile RLSH with media coverage is a bigger target than someone operating quietly. Assess honestly.

Threat	Capability	Why	How They Work
Street criminals	Low-Med	Retaliation	Following you home, photographing your car, vandalism, physical confrontation
Organised crime	Med-High	Eliminate interference	Professional surveillance, doxxing, threats against family
Online trolls	Medium	Entertainment, grudges	OSINT tools, social media analysis, username correlation across platforms
Ideological opponents	Low-Med	Opposition to RLSH	Social media tracking, coordinated harassment campaigns
Journalists	Medium	Story, expose	Public records research, long-lens photography, interview manipulation
Law enforcement	High	Investigation	Licence plate readers, electronic surveillance, informants, subpoenas
Stalkers	Low-Med	Obsession	Physical following, online monitoring, showing up at patrol locations

01 Identity and Persona Separation

The RLSH community has operated for over two decades with wildly varying levels of identity discipline. On one end, Hong Kong's Bauhinia Heroine has never been publicly identified despite intense paparazzi interest. She avoids all press, communicates only through anonymous channels, and has stated she would quit entirely if unmasked. On the other end, RLSH who were forced to unmask in court had every subsequent action permanently linked to both identities, including events years later. Build your separation practices assuming they must hold indefinitely.

There is also a psychological dimension worth being honest about. The hero identity becomes deeply meaningful, and that creates a powerful temptation toward recognition that directly conflicts with OPSEC. The desire to be known for what you do is natural. It is also the single biggest reason people slip up. Recognise the tension early and build habits that default toward anonymity.

Choosing a Name That Cannot Be Traced Back

Your hero name is your brand, your shield, and potentially your downfall if chosen carelessly. Investigators routinely check personal connections when trying to unmask someone.

Never derive your name from your real name, initials, birthday, hometown, street, pet, or any personal fact.

Search exhaustively before committing. Google it, run it through social media, check trademark registrations. Make sure it is not already linked to anything traceable to you.

Avoid names that reference niche interests your civilian identity is publicly associated with. If your personal social media is full of Norse mythology and your hero name is "Odinsson," that is a correlation point an investigator will find in minutes.

Never use a name from a character you have played in games, written in fan fiction, or used in any online community under your real identity.

Consider trademarking your hero name. Several RLSH have done this for both identity protection and brand control.

Voice Alteration and Speech Discipline

Voice is one of the most underestimated identification vectors. Your voice encodes pitch, tone, rhythm, accent, and habitual word choices. All potentially unique.

Natural techniques: Shift your pitch consistently by two or more semitones. Alter your speech rhythm and rate. Change your articulation. The critical word is consistently. An alteration you only remember half the time is worse than none, because it gives listeners two data points to compare.

Technical options: Real-time voice changers and hardware modulators that alter pitch and formant structure electronically. Combining consistent pitch shift with formant modification is the most effective approach.

Vocabulary: This is the one people miss. Habitual phrases, regional slang, and professional jargon identify you. If you are a nurse in civilian life, medical terminology while in costume is a direct correlation. If you have a distinctive phrase you use with friends, never use it masked. Your word choices are a fingerprint.

Social Engineering and Unmasking Attempts

Social engineering is the most common way RLSH identities get compromised. It works because the most effective attacks feel like friendly conversation. Know the playbook:

The slow build: Someone befriends you over weeks or months, building genuine rapport, then casually asks where you work or what neighbourhood you live in. Each question feels natural because trust has been established. That is the point.

The bluff: "I heard you work at [specific place]." This is a trap. If it is wrong and you correct them, you have confirmed you care about that detail. If it is right and you react, you have confirmed it. The only winning response is no response.

The trade: They volunteer personal information about themselves, creating social pressure for you to reciprocate. "I'm a teacher at Lincoln High. What do you do?" The expectation of reciprocity is deeply wired. Resist it.

The emergency: "Your teammate is hurt. I need your real name to get them help." Manufactured urgency bypasses judgment. If it were real, your teammate's emergency contact would handle it, not a stranger on the street.

The ego play: "You are incredible at this. You deserve real recognition. Let me do a profile piece." Flattery exploits the tension between wanting credit and needing anonymity.

Your defence: Never confirm or deny anything about your civilian life. Build a set of rehearsed deflections and use them every time: "I keep my personal life completely separate. Tell me about what you have seen in the neighbourhood." Redirect, do not engage.

Team Trust Compartmentalisation

At least one teammate must know your real identity for safety purposes. If you are injured or go missing, someone needs to be able to find you. But that does not mean everyone on the team gets the full picture. Intelligence agencies call this need-to-know compartmentalisation.

Tier 1 - Full Knowledge: One or two people who know your complete civilian identity, home address, emergency contacts. These are people you have known long enough to trust with your life. Because that is what you are doing.

Tier 2 - Operational Knowledge: Team members who know your hero identity, communication channels, general patrol area, and skill set. They do not know your civilian name or where you live.

Tier 3 - Public Knowledge: The broader RLSH community knows only your hero persona and whatever you have made publicly available.

The RLSH community is decentralised with no central vetting authority. This has been exploited in documented cases where individuals positioned themselves as trusted community members while concealing harmful intent. Trust is earned slowly and verified continuously. Never share identity information casually.

Mask and Disguise Laws by Jurisdiction

The legality of wearing a mask in public varies dramatically and understanding your local laws is not optional.

United States: 23 states plus D.C. have anti-mask statutes in some form. Eight states (including Virginia, Georgia, and North Carolina) have general bans with limited exceptions. Virginia's is the harshest: a felony carrying 1-5 years for concealing your identity with a mask. Ten states (including California, Florida, and Ohio) only criminalise mask-wearing when combined with criminal intent, which gives more room for costumed patrol. Ten states plus D.C. treat masking purely as a sentence enhancement when committing other crimes. Post-COVID, 2024-2025 saw new restrictions in New York, D.C., and Philadelphia driven by crime concerns rather than the original anti-Klan motivations.

Canada: Criminal Code Section 351(2) makes it an offence to wear a disguise "with intent to commit an indictable offence," punishable by up to 10 years. The critical element is intent. Simply wearing a mask without criminal intent is not an offence. Courts have consistently required the Crown to prove criminal intent beyond reasonable doubt. Bill C-309 (2013) added specific offences for masks during riots and unlawful assemblies.

United Kingdom: Section 60AA of the Criminal Justice and Public Order Act 1994 lets police require face covering removal in designated areas. Non-compliance carries up to one month imprisonment and a 1,000 pound fine. The Crime and Policing Bill 2025 would expand these powers with "no-mask zones" at protests. Religious face coverings are generally exempt.

Practical note: In states with felony-level bans, consider whether your costume can obscure identity through means other than a full-face mask. Sunglasses, hoods, face paint, goggles, and helmets may be treated differently depending on how courts interpret "mask" in your jurisdiction. Research this before your first patrol, not after your first police stop.

Handling Media Without Getting Burned

The RLSH community has a complicated history with media. Early coverage was overwhelmingly mocking. Later coverage was more respectful but often led directly to increased police scrutiny and, in some cases, arrest and forced unmasking. Media is a tool with sharp edges on both sides.

Never do spontaneous interviews. If a journalist approaches during patrol, give a prepared response: "I would be happy to talk. Contact me through [your hero persona's public channel]." This buys you time to research who they are and prepare.

Control the setting. If you agree to an interview, choose a location that reveals nothing about your staging area, changing location, vehicle, or personal territory. A public park works. Your gear room does not.

Assume everything is recording. From the moment media approach until they are completely out of sight, treat every word and action as on the record.

Never unmask for media. Ever. Regardless of how trustworthy they seem, regardless of what they promise. There are professional RLSH photographers who have produced high-quality portraits while fully respecting costume protocols. Anyone who says they need your face is not looking out for you.

Watch backgrounds. Street signs, building numbers, distinctive architecture, and licence plates visible in media images have unmasked people. Review every photo and video frame before it goes public.

Bystander cameras: In public spaces, anyone can film you and you cannot stop them. This is a constitutional right. Your only defence is making sure your costume does its job.

02 Digital Footprint and Online Anonymity

The fundamental rule of digital OPSEC: no device, account, network, email, phone number, username, IP address, or behavioural pattern should bridge your two identities. If any single thread connects your civilian digital life to your hero digital life, everything attached to that thread is compromised.

Scrubbing Yourself From Data Brokers

This is the single highest-impact privacy action you can take. Data brokers like Spokeo, Whitepages, BeenVerified, and Radaris build dossiers containing your address, phone, relatives, and employment, all available for a few dollars. These are the backbone of most doxxing campaigns.

Before starting, create a disposable email (ProtonMail, signed up through VPN or Tor) exclusively for opt-out requests. Keep a spreadsheet tracking site name, date submitted, confirmation number, and status. Budget 40-60 hours for the initial round and plan quarterly re-checks, because brokers routinely re-add information from original sources.

Priority opt-outs: Spokeo (spokeo.com/optout), Whitepages (whitepages.com/suppression-requests), BeenVerified (also owns NumberGuru, Ownerly, PeopleLooker, PeopleSmart; opt out of each separately), PeopleFinders, Radaris (requires account creation, which is frustrating by design), FastPeopleSearch, TruePeopleSearch, and MyLife (the most difficult; persist via email to [email protected]).

After removal: Submit cached results for deletion through Google's personal information removal tool and Bing's content removal request. Set Google Alerts for your name, address, and phone number to catch reappearances. This is an ongoing commitment, not a one-time task.

Automated services: Incogni (~$7/month, covers 420+ brokers) and DeleteMe (~$10/month, combines automated and human removal). Useful supplements, but no single service covers every broker. Do the top-priority sites manually.

Building an Isolated Hero Persona Online

Email: ProtonMail (accessible via Tor onion site) or Tuta. Sign up with username and password only. Never add a recovery email or phone linked to your real identity. Note that encrypted email providers have been legally compelled to log IP addresses in specific cases. Always access through VPN or Tor.

Social media: Register using your hero email. VPN or Tor during account creation. For phone verification, use a virtual number purchased with cryptocurrency or a cash-bought prepaid SIM. AI-generated profile image. Never follow, interact with, or search for your civilian contacts.

Devices: Ideally, a physically separate device for all hero activities, purchased with cash. Consider GrapheneOS on a Pixel phone. The most critical rule: never carry both your personal phone and your hero device at the same time. Cell tower data trivially shows two phones moving in tandem, linking the "anonymous" device to your real identity.

Networks: Access hero accounts from different physical networks than your civilian accounts. Home Wi-Fi for personal life. Public Wi-Fi through VPN or mobile data for hero life. Different VPN endpoints for each identity.

Behaviour: Do not post at times that reveal your actual time zone if your persona claims a different location. Vary your writing style between identities. Linguistic analysis can link accounts through vocabulary, sentence structure, and punctuation habits. Never reuse passwords, usernames, profile pictures, or biographical details across the divide.

Secure Team Communications

Signal (recommended primary): End-to-end encrypted messages and calls. Used by U.S. military units for operational coordination. Since 2024, Signal supports usernames so you can share your username instead of your phone number. Enable disappearing messages by default and set Registration Lock to prevent account takeover.

Email: ProtonMail for encrypted correspondence between Proton users; password-protected messages to external addresses. Tuta encrypts subject lines and contacts as well and strips sender IP automatically.

No phone number required: Session (decentralised, uses onion routing) or Briar (peer-to-peer, works via Bluetooth or Wi-Fi without internet, which is useful if cell networks are down or compromised).

Patrol radio: Standard walkie-talkies transmit unencrypted and can be monitored by anyone with a scanner. Meshtastic on LoRa hardware creates encrypted text-messaging mesh networks without cell towers, with range extendable through relay nodes. Encrypted two-way radios with AES exist but cost $200+.

Photo Metadata and Geotagging

Every photograph contains invisible data that can betray you. EXIF metadata can include GPS coordinates accurate to a few metres, the exact date and time, camera make and model (sometimes serial number), and editing software used. Fugitives have been located by law enforcement after someone published a photo with geolocation intact. This is not theoretical.

Strip metadata before every share: Windows: Right-click, Properties, Details, "Remove Properties and Personal Information." Mac/Linux: ExifTool command: exiftool -all= filename.jpg. Android: Scrambled Exif app. iOS: Metapho or ViewExif.

Rename files. Android filenames include dates (IMG_20250723_103045.jpg). WhatsApp filenames contain timestamps. Both reveal when photos were taken.

Disable geotagging at the device level. iPhone: Settings, Privacy and Security, Location Services, Camera, "Never." Android: Camera app settings, turn off "Location tags."

Even when platforms strip public-facing EXIF data (Facebook, Instagram, Twitter/X, and TikTok all do this), they store the original files with full metadata internally and make this data available to law enforcement on request. WhatsApp strips metadata for regular photo sends but preserves all metadata when photos are sent as "documents." Know the difference.

VPN, Tor, and Username Hygiene

VPN for everyday use: Hides activity from your ISP and masks your IP from websites, but requires trusting the provider. Choose one with an audited no-logs policy, RAM-only servers, a kill switch, and jurisdiction outside the Five/Nine/Fourteen Eyes surveillance alliances. Mullvad (~5 EUR/month, accepts cash by mail, no email required) is the gold standard. ProtonVPN has a free tier and Swiss jurisdiction.

Tor for maximum anonymity: Three-relay architecture means no single node sees both who you are and what you are doing. Download only from torproject.org. Do not change default settings, maximise the window (screen size is a fingerprint), install extensions, or open downloads while online. Combining Tor over VPN (connect VPN first, then open Tor) prevents your ISP from seeing that you use Tor.

Username reuse will burn you. Tools like Sherlock, Maigret, and WhatsMyName search a username across hundreds of platforms in seconds. If your hero persona uses "NightWatcher2024" and you used "NightWatcher" in a gaming forum five years ago under your real email, you are already compromised. Use unique, randomly generated usernames for each platform and identity. Periodically run your own usernames through these same tools as a self-audit.

Search discipline: On personal devices, never search for your hero persona name, RLSH communities or events, counter-surveillance techniques, or locations associated with patrol. All of that goes on the hero device only, through VPN or Tor.

03 Doxxing Prevention and Response

Doxxing in the RLSH context almost never happens through a single dramatic breach. It follows a chain of correlation: data broker lookup leads to a username match, which leads to a social media account, which has a photo with metadata, which pins down a neighbourhood. Each link is individually minor. Together they are a complete dossier. The people who target RLSH include criminals encountered on patrol seeking retaliation, internet trolls, ideological opponents, other RLSH members during community disputes, and increasingly, commercial doxxing-as-a-service operators.

Hardening Everything Before It Matters

The time to lock things down is before you need to, not after someone starts pulling threads.

Two-factor authentication on everything. Hardware security keys (YubiKey, ~$25-75) are the gold standard because they cryptographically verify you are on the real website, making phishing impossible. Buy two: one primary, one backup stored separately. Authenticator apps (Aegis for Android, Ente Auth cross-platform) are the strong middle tier. Avoid Google Authenticator (not end-to-end encrypted). SMS-based 2FA is vulnerable to SIM-swapping attacks. Use it only when nothing else is available.

Password manager, no exceptions. Bitwarden (open-source), 1Password (includes breach monitoring), or KeePassXC (fully offline). Generate unique 20+ character passwords for every account. Your master password should be a passphrase of 4+ random words. Never reuse passwords. Credential-stuffing attacks test stolen credentials across services at massive scale.

Lock down civilian social media. Facebook to "Friends Only" with "Limit Past Posts" applied retroactively. Instagram to private. Protected tweets. Disable discoverability by email and phone on every platform. Remove location data from all posts. Disable face recognition.

Freeze your credit. All three bureaus (Equifax, Experian, TransUnion) plus NCTUE. Free, does not affect your score, prevents anyone opening accounts in your name. Also get an IRS Identity Protection PIN.

Voter registration: Public records. They include your name, address, and party affiliation. Most states have Address Confidentiality Programs that substitute a P.O. Box for your home address in public records.

Property records: Publicly accessible through county assessor databases and a primary doxxing vector. For serious protection, hold property through a land trust with an anonymous LLC as trustee. Delaware, Nevada, New Mexico, and Wyoming allow LLC formation without disclosing owners' names.

Monitoring for Doxxing Attempts

Google Alerts for your real name (and all variations), hero persona name, phone number, home address, and email addresses. Set to "All results" and "As-it-happens" delivery.

Google "Results About You" tool (used by over 10 million people). Add your personal information. It flags results containing government IDs and sends notifications when new results appear. You can request removal directly from the tool.

Breach monitoring: Subscribe at haveibeenpwned.com/NotifyMe for every email address you have ever used. Password managers like 1Password and Bitwarden have integrated breach alerts.

Self-OSINT audits: Run your hero persona username through Sherlock, Maigret, and WhatsMyName. Reverse-image-search your hero photos. Google your real name in quotes combined with your city. Search data broker sites quarterly. Think like your adversary. Purple Dragon's core insight was examining your own activities from an opponent's perspective.

The First 24 Hours After Being Doxxed

If your information has been published, you need to move quickly and in the right order.

Hour 0 - Physical safety. If threats of violence exist, call 911. If your home address is exposed, call local police non-emergency to alert them to the possibility of swatting. Explain what swatting is and request extra precautions. If threats are credible and specific, consider temporary relocation.

Hour 0-1 - Document everything. Screenshot all posts, comments, and messages containing your information. Content gets deleted, and that destroys your evidence. Record date, time, platform, URL, poster username, and exactly what was exposed. If re-reading the content is too distressing, ask a trusted person to handle documentation.

Hour 1-2 - Secure all accounts. Change passwords starting with your primary email (the gateway to every password reset). Enable 2FA everywhere it is not already active. Review active sessions and log out unknown devices. Check for unauthorised email forwarding rules.

Hours 2-6 - Platform reports. Every major platform prohibits publishing personal information. Report through each platform's abuse and harassment pathways. For minimal-moderation sites like 4chan, focus on law enforcement reporting instead.

Hours 6-24 - Contain damage. Freeze credit if financial information is exposed. File an identity theft report at IdentityTheft.gov. Alert your RLSH team, trusted family members, and employer. Submit Google removal requests through "Results About You" or the Personal Content Removal Form.

Weeks 2-8 - Long recovery. Submit data broker removal requests across all brokers. Follow up with platforms. Continue self-doxxing audits. For extreme cases, legal name change and relocation are options.

Legal Remedies and Family Protection

No single U.S. federal statute criminalises doxxing by name, but 18 U.S.C. 2261A (cyberstalking) criminalises using computer services to harass or intimidate, carrying up to 5 years. Seventeen-plus states now have doxxing-specific statutes, with California, Alabama, and Illinois having standalone doxxing crimes. In Canada, Criminal Code 264 covers criminal harassment, and provincial privacy torts provide civil remedies. In the UK, the Protection from Harassment Act 1997, Data Protection Act 2018, and Online Safety Act 2023 all apply.

DMCA trap: If someone shares photos you took, you can file a DMCA takedown. However, filing requires providing your legal name and contact information, which gets forwarded to the other party under the counter-notice process. Always use an attorney for DMCA notices. Otherwise you are unmasking yourself through the very process meant to protect you.

Protecting family: Include family in data broker opt-outs (DeleteMe and Optery offer family plans). Ensure family social media is private with no location data. Ask family never to post house exteriors, street signs, or licence plates, and never to tag or mention your RLSH connection. Freeze children's credit proactively. If your address is exposed, brief schools, babysitters, and caregivers about swatting and establish verification procedures.

04 Physical OPSEC in the Field

Digital security means nothing if someone follows you home from patrol. Physical OPSEC is where theory meets pavement.

Costume as Counter-Identification

Your costume is simultaneously your brand and your primary physical defence against identification. Modern machine learning can do facial recognition, gait analysis, and voice matching, but these are primarily state-level capabilities. For most RLSH, covering the face and concealing identifying marks handles the realistic threat range.

Tattoos and scars: Full-coverage garments are the most reliable method. For exposed skin, theatrical-grade concealers like Dermablend with sealing spray prevent transfer to costume fabric.

Hair: Always fully concealed. Loose strands are forensic evidence. Consider wigs in a different colour and style as deliberate misdirection.

Body shape: Padding alters perceived build. Platform boots add 2-4 inches and also change your gait. Capes, armour plates, and shoulder structures alter your silhouette recognition profile.

Gait: Forensic gait analysis has been admitted as court evidence and some systems claim 94% accuracy at 50 metres. Conscious attempts to fake a limp are usually detectable. What works: a small pebble in your shoe (a technique attributed to former CIA Chief of Disguise Jonna Mendez) forces genuine biomechanical changes. Different footwear, a knee brace, or carrying weight asymmetrically all produce natural gait alterations.

Face: A full-face mask or helmet is the most reliable countermeasure against facial recognition. Combine with sunglasses covering the eye area, where the key measurement landmarks sit.

Route Planning and Anti-Pattern Discipline

Consistency creates patterns, and patterns create vulnerability. If you patrol the same route at the same time every week, anyone who wants to find you or set a trap knows exactly where you will be.

Maintain a library of 4-6+ routes through your patrol area and rotate unpredictably. Never patrol the same route on the same day and time two weeks running.

Randomise start times, directions, and entry/exit points. Vary team composition when working with others.

Document routes privately in encrypted storage so you can track what you have done and avoid falling into unconscious patterns. The patterns you do not notice are the ones that get you caught.

If specific locations need consistent coverage, approach from different directions each time. Consider breaking coverage across different days rather than one predictable circuit.

Counter-Surveillance: Detecting Followers and Trackers

The core counter-surveillance principle from intelligence tradecraft: look for the presence of the abnormal and the absence of the normal.

The "Four Sames": Same person appearing in different locations. Same time patterns. Same direction of travel. Same behaviour (loitering, watching, photographing). Any one of these could be coincidence. Two is suspicious. Three is confirmation.

Behavioural tells: Someone window-shopping who looks past the display. A person who adjusts pace to match yours. Individuals communicating via earpiece while watching you. Vehicles that stop when you stop.

Surveillance Detection Routes (SDRs): Pre-planned routes designed to force followers to expose themselves. Include 3+ stops of 15 minutes each, choke points like one-way streets or narrow passages, elevation changes for observation (bridges, parking garages), and natural pause points where stopping looks normal.

GPS trackers: Small magnetic devices, typically 3-4 inches. Check wheel wells, under bumpers, the OBD-II port under your dashboard, and the trunk area. RF detectors scanning 1 MHz-6.5 GHz can detect active transmissions. Rock the vehicle to trigger motion-sensor-based trackers before scanning.

If you detect surveillance: Do not confront. Enter a populated public space. Use public transport and board at the last possible moment. Contact law enforcement if you feel threatened. Abort the patrol. Getting home safely is always the priority.

Vehicle OPSEC

Your licence plate is one of your biggest vulnerabilities. Automated Licence Plate Readers (ALPRs) deployed by law enforcement and private companies create databases with billions of records tracking vehicle locations. Private companies sell this data broadly. A plate spotted near your patrol area repeatedly creates a direct link between your civilian identity and your RLSH activities.

Park several blocks away from your patrol zone and walk in. Use covered parking garages to limit ALPR exposure.

Vary parking locations every time. Never the same spot twice in a row. Back into spaces so the plate faces walls or fences.

Consider ride-sharing or public transit to and from patrol areas. This eliminates the vehicle link entirely.

Keep the vehicle nondescript. Common make and colour. No distinctive bumper stickers, custom modifications, or anything memorable.

Patrol Communications Protocol

Callsigns only. Never use real names on any operational channel, ever.

Keep transmissions brief, factual, and on-topic. Establish primary, secondary, and emergency communication channels before the patrol starts.

VPN on all devices during operations. Do not discuss operational details on personal phones or social media.

Timed check-ins: Designate an off-site contact. Check in at predetermined intervals (every 30 minutes works well). If a check-in is missed, the contact initiates an escalation: call, then text, then emergency services after a defined period. This protocol means someone always knows you are safe and where you should be.

Duress codes: Pre-arranged phrases that sound normal but signal distress. An innocuous sentence that means "call 911 to my location" could save your life in a situation where you cannot speak freely.

Post-Patrol Discipline

Never suit up or change back at home. Establish a designated changing location: a rented storage unit, a trusted associate's place, a secluded area with no cameras, a commercial parking garage restroom. Arrive in civilian clothes. Change. Patrol. Return. Change back. Depart as a civilian. Rotate changing locations to avoid establishing patterns.

Gear storage: Secure location, not immediately accessible to visitors or visible to anyone entering your home. Locked container at minimum. Ideally, store gear outside your home entirely. Never leave costume components in your vehicle.

Digital hygiene: Delete operational photos and videos from devices or move them to encrypted storage. Never post about patrols in real-time. Wait at least 24-48 hours and strip all metadata before sharing anything. Debrief with team members only on encrypted channels.

Physical traces: Destroy or securely store written notes, route plans, and temporary communications. A discarded patrol map in your household rubbish is a direct link between your civilian address and your RLSH activities. Leave no trace.

05 Quarterly Threat Assessment Checklist

Run through this every three months. Click items to mark them done. Every unchecked box is a thread someone can pull. Start with the high-impact, low-effort items. Build from there.

Identity Separation

Hero name has zero connection to real name, interests, or personal details

Voice alteration technique practised and used consistently

No civilian contacts know hero identity beyond Tier 1

Pre-rehearsed deflection responses ready for social engineering

Local mask and disguise laws researched and compliance confirmed

Media interaction protocol established (no spontaneous interviews)

Digital Anonymity

Opted out of all major data brokers (with 90-day re-check schedule)

Hero persona uses entirely separate email, accounts, and ideally device

No username reuse between civilian and hero identities (verified with OSINT tools)

All hero-related browsing conducted through VPN or Tor

Photo and video metadata stripped before every share

Geotagging disabled on all devices

Signal configured with username visibility and disappearing messages

Doxxing Defence

2FA enabled on all accounts (hardware keys for the critical ones)

Unique 20+ character passwords via manager for every account

Credit frozen with all three bureaus plus NCTUE

Google Alerts active for real name, address, phone, and hero name

Have I Been Pwned notifications active for all email addresses

Voter registration and property records addressed for privacy

Doxxing incident response plan documented and shared with Tier 1 contacts

Family members' social media locked down and broker listings removed

Physical OPSEC

Costume conceals all identifying features (tattoos, scars, hair, build)

Gait alteration practised (different footwear, physical techniques)

4-6+ patrol routes maintained with randomised rotation

Vehicle parked away from patrol zones with varied locations

GPS tracker inspection performed on vehicle monthly

Check-in protocol established with off-site contact

Duress codes established with team

Changing location(s) identified, rotated, and leave-no-trace protocol followed

Gear stored securely, separate from civilian possessions

Post-patrol digital hygiene performed (metadata, notes, comms)

The goal is not paranoia. It is disciplined consistency. The RLSH mission is too important to abandon, and your civilian life is too precious to risk through carelessness. Adapt as threats evolve. Review every quarter. Stay masked. Stay safe. Stay operational.