This checklist summarizes key OPSEC concerns for the lab environment.
- Keep domain and hosting metadata minimal.
- Avoid third-party analytics or tracking pixels.
- Separate operator identity from public contact channels.
- Disable uploads by default and treat any future uploads as high risk.
- Maintain minimal logs and rotate them quickly.
For the full threat model, see the repository file at /docs/opsec.md.