diff --git a/.cz.toml b/.cz.toml index 379036d4..e7fb7345 100644 --- a/.cz.toml +++ b/.cz.toml @@ -1,7 +1,11 @@ [tool.commitizen] bump_message = "release $current_version → $new_version []" +annotated_tag = true update_changelog_on_bump = true changelog_incremental = true changelog_start_rev = "v0.4.7" gpg_sign = true allow_abort = true +version_files = [ + "_layouts/default.html:Version" +] diff --git a/.gitignore b/.gitignore index b60fd6bb..25234058 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Author.: Anonymous Planet +# License.: CC BY-NC 4.0 + # Minimize global Ruby .gitignore _site/ .sass-cache/ @@ -7,3 +10,12 @@ _site/ .cache/ vendor/ Gemfile* + +# Artifact from PDF tests +*.log + +# Linters +megalinter-reports/ + +# CZ +.cz.toml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d18cbae5..d227f012 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,4 +13,4 @@ repos: stages: - push repo: https://github.com/commitizen-tools/commitizen - rev: v3.27.0 + rev: v3.28.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index f8625e27..32d017c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,901 +1,902 @@ -v1.2.0 - -- Rotate GPG/PGP keys (See [Open Collective key rotation](https://opencollective.com/anonymousplanetorg/updates/key-rotation-update)) -- Switch to Megalinter to diagnose repeatable PDF failures - -v1.1.9 - -- Add dependency check action -- Fixup Brave config settings -- Add silent.link to Online Phone Number section -- Fix Appendix K reference to itself -- Rename "TAILS" to "Tails" - -v1.1.8 - -- Add AnarSec to links -- CI/CD: fix automatic VT scans -- Appendix D: remove trailing period in title -- CI/CD: lock old issues & pull requests -- Tor onion offline -- CI/CD: update issues template -- Revert "Quantum resistance and good crypto algos" - -v1.1.7 - -- Add A.P. Open Collective link -- Remove in memoriam for Lena per her wishes -- Add Lucas as NTH mod -- Fix missing inline image leftover from previous PRs -- "Checking if your Tor Exit Node is terrible": reduce to one section and remove subsections - -v1.1.6 **"It's alive...again."** - -The thing works now. - -- Fixed the errors in pandoc (Tex2PDF) build -- Updated Tor .onion links -- Drank a lulz amount of espresso -- Cleaned up garbage -- Removed unused links -- Note regarding Alex's absence (they will return) - -v1.1.6-pre2 -- I know, I know. Pre-release? Again??! v1.1.6 coming **very** soon. -- Update to $OXEN staking prices in Session section -- Small grammar/spelling fixes -- Fix image inline linking issue (stop using dual linking) -- Re-order hardlinks to make it easy to manage - -v1.1.6-pre1 -- Update on Tor Browser route due to major changes - - Tor Project has condensed their settings and it is no longer - necessary to manually configure bridges. -- Fix out of date options/settings for Tor on Android -- Small grammar/spelling fixes -- Removal and fix of some bad links -- Removal of AnonArchive (down) -- "How to spot if someone has been searching your stuff" fixed -- PDF and ODT builds disabled temporarily -- Update to social links for SEO plugin -- Link to Qubes tutorial for installing Windows VMs -- Added link to Arkenfox/user.js -- Remove unnecessary addons - -v1.1.5 -- Various spelling and grammar fixes -- Fixed several numbering errors in references -- Updated and fixed many broken URLs and saved them in the Wayback Machine -- Noted that https://mastodon.social/@anonypla is gone? added strike-through -- Adapted Qubes OS hardware requirements that were too low for a decent experience (RAM) according to their recommendation -- Put more incentive to use Tor Browser Safest mode as long as it does not break anything and switch to Safer if necessary and with precautions linked in an appendix -- Precision that Anti-Evil Maid on Qubes OS is only available on Intel CPUs -- Removed dead link of Centry Fork project -- Added Windows 11 support to the guide -- Partial additions of partial Qubes 4.1.X support but needs completion and testing (coming soon) -- Added link to official guide to upgrade from Qubes 4.0.X to 4.1.X (fresh or in-place) -- Fixed issue in Qubes OS Tor over VPN and VPN over Tor Networking cases that were just plain wrong -- Added guidance to run Windows 11 within Virtualbox + link to official guide from Oracle -- Added recommendation to install/use Safing PortMaster and added a link for some compatibility issues between Portmaster and some VPNs -- Removed Windows AME completely from the guide -- Replaced the "I would" by a "We would" since it is now a group effort and project -- Added a safest recommendation for more paranoid people in security level choices in Tor - -v1.1.4-pre2 -- Fixed some spelling/grammar -- Update to contributing guidelines -- Update of modern-crypto room rules -- Addition of chatroom-rules for the PSA community -- Update of verification guide (removed outdated content, fixed links, updates) -- Removal of CTemplar references since it was shutdown -- Fixed links to Proton services, references, onion URL, and archives -- Removal of BTC Wasabi recommedation in favor of Coinjoin alternative and wallet recommendations -- Re-phrasing of some confusing sentences -- LibRedirect extension is recommended again -- Fixed many links formatting -- Removal of removed content (dark pdf) -- Fixed links to ODT file -- Added recommendation to and -- Removed links to non-existant mirrors -- Updated some outdated references(old project) - -v1.1.4-pre1 -- Addition of a legacy resources page for the old archives -- Changes in the about page to reflect the current situation -- Changes in the donation page to reflect the current situation -- Fix link to video "How to Hack a Turned-Off Computer, [..]" -- Misspelling and grammar mistakes fixed -- Fix formatting -- Garbage removal -- Inline linking fixes -- Privacyguides changed their URL scheme -- Almost all archive.org links fixed -- Annotated some links to make them more descriptive -- Got rid of dupes and empty refs -- Renew links for researchgate articles that were removed -- Removed mobile wikipedia links -- Fix a couple patent links & Rubber-hose cryptanalysis wiki -- Update PDF archivals so they are direct links but not downloaded -- Some scientific articles were removed or replaced - - IEEExplore, Spread-spectrum watermarking of audio signals - - ScienceDirect, Robust audio watermarking using perceptual masking - - SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight - - Property of the People, Lawful Access to Secure Messaging Apps Data -- Arxiv url fixes -- s/grayshirt/grayshift/gi -- Trailing parentheses and commas removed -- Fixed all broken links -- Removed uMatrix from the guide (use uBlock Origin) -- Removal of https://xchange.me/ (abandoned) -- Removal of https://swap.lightning-network.ro/ (abandoned) -- Removal of https://privacyguides.org/providers/hosting/ (category removed from website) -- Added a warning about the privacy redirect extension stating it might be abandoned/unmaintained -- Added Anonymouth for linguistic antiforensics & related links - -v1.1.3 -- Added dedicated section about gait recognition and other long-range biometric techniques -- Updated PDF toolchain to allow embedding images in the PDF guide - -v1.1.3-pre1 -- Updating info to reflect the new identity being used to publich the guide -- Attempted to reconstruct toolchain to generate PDF and ODT guides - -v1.1.2 -- Removed SIM/Virtual Numbers providers not accepting at least XMR from the guide as there are sufficient providers accepting XMR -- Added some more free SMS providers in the guide -- Added links to Scribe.rip front-end to Medium.com for Medium.com links -- Considerable work was done in relation to the community aspects of this project and other related projects with the creation of a Matrix space (PSA) regrouping several efforts. -- Added link to containing the community rules for our chatrooms on Matrix and Discord -- Added reference to to the attacks against anonymized Tor traffic section -- Added reference to in the attacks against anonymized Tor traffic section -- Added reference to for running Android Apps within the Whonix Workstation -- Added reference to to the macOS VM section -- Added reference to to the biometrics section -- Added reference to -- Added reference to in the introduction section -- Added reference to to the SSD wiping conclusions -- Added reference to to the advanced targeted techniques section -- Small grammar/spelling fixes -- **Special thanks to the anonymous donator of 1 XMR** - -v1.1.1 -- Added reference to as an intro video to Monero in the Monero Disclaimer section -- Added reference to in the Guest VM Browser section about Brave -- Added reference to in the metadata/geo-location section -- Added reference to in several sections about JavaScript -- Added reference to in the sections about Ungoogled-Chromium -- Re-Added Privacytools.io in the Links section -- Added a general disclaimer on the Links page about websites possibly using sponsorships, affiliate links, paid services, premium offers, and merchandising... -- Re-Added a Discord server to provide easier access to the community through with all the rooms bridged to Matrix rooms -- Changed the Matrix/Discord communities from being room focused (#anonymity) to a broader "Privacy Security Anonymity" space with a new #security focused room and an off-topic room. -- Creation of a Matrix space at [#privacy-security-anonymity:matrix.org](https://matrix.to/#/#privacy-security-anonymity:matrix.org) -- Added an RSS bot to those rooms relaying some relevant security and anonymity news within those rooms. -- Started the test hosting of a small Synapse server with the domain anonymousplanet.org - -v1.1.0 -- Removed SHA-3 from recommended methods for password storage -- Added reference to in the section about communicating sensitive information to various organizations -- **Pending review** removal of privacytools.io from the guide after discovering sponsored recommendations within the lists on their website. Disclaimer added on the links page. -- Added reference to in the Stylometry section -- Added reference to in the Stylometry section -- Added reference to in the appendix checklist of things to check before sharing information -- Added reference to in the section about countering stylometry using translators -- Changed the fonts of the website to improve readability (now using "Helvetica", "Calibri",and "Times New Roman") -- Removed some unnecessary information from the main page and the donations page to reduce their size -- Added a new Tor Exit node (Tor-Exit-05) -- Various spelling/grammar fixes - -v1.0.9 -- Re-Added Privacytools.io (along Privacyguides.org) as a good source of information and recommendations for various services/products/platforms within the guide. -- Added a Links page to the website with a small collection of recommended projects to visit. -- Changed the layout of the website to make the buttons a bit smaller -- Added reference to in the OPSEC section. -- Added reference to which lists non-KYC cryptocurrencies exchange services -- Fixed some mistakes in the cryptocurrency swapping section - -v1.0.8-hotfix -- Added a reference to in the section about picking a browser in a guest VM -- Fixed not-working Nitter links by changing the Nitter instance to Nitter.net -- Added Minisign signatures for the PDFs and the ODT file -- **Hotfix** Added a reference to and now strongly recommends **against** using Ungoogled-Chromium due to them lagging behind in security patches - -v1.0.8 -- Added a reference to in the Smart Devices section -- Added several academic references to the Tor Correlation Fingerprinting attack: , , and -- Added a reference to in the same section -- Added an important precision/correction that Tor Correlation Fingerprinting attacks references papers were done in a limited closed-world testing environment and their efficiency in a real open-world situation has not been demonstrated other than theoretically -- Added two VPS hosting providers to the list of possible providers: and -- Added reference to announcing e2ee backups on WhatsApp - -v1.0.7 -- Added reference to in the targeted techniques section -- Added reference to in the targeted techniques section -- Added reference to in the targeted techniques section -- Switched various links from PrivacyTools.io to PrivacyGuides.org that were forgotten in a previous update -- Added guidance to share information and files publicly including IPFS -- Added an appendix containing a checklist of things to verify before sharing any information or file (metadata...) -- Complete reworking of the Introduction and Prologue for better readability (there was way too much text in there) -- Added references to , , and the YouTube Techlore channel as bonus introduction reads on privacy and security -- Various grammar/spelling fixes - -v1.0.6 -- Added reference to in the digital fingerprint section -- Added the fourth Tor Exit node in the donation page listing -- Added recommendation for considering Minisign () as an alternative to PGP/GPG for file signing -- Added new archive of the guide on anonarchive.org -- Added Content-Security-Policy and X-XSS-Protection metatags to the HTML headers of the website -- Added reference to to justify the recommendation to use Minisign over PGP/GPG for signing -- Added to the list of online phone number providers -- Added an "extra paranoid" route using Zcash in addition to Monero if you want even more safety than just relying on Monero alone for anonymous crypto transactions -- Added instructions to install a Zcash wallet on various OSes including the Whonix Workstation -- Refined the VPN over Tor sections with more information about using a self-hosted VPN/Proxy instead of a VPN provider -- Added guidance to upgrade Whonix from version 15 to version 16 on Qubes OS -- Added disclaimer about Windows 11 not being supported (yet) by the guide -- Some grammar/spelling fixes -- Various broken links fixes - -v1.0.5 -- Added reference to in the smartphone warnings section -- Made main website available through IPv6 -- Endnotes are now also supported on the repository MD file through thanks to markdown update from GitHub. Previously, those were only working on the rendered Jekyll HTML -- Added link to as an option if you cannot afford a dedicated number. More will be added soon. -- Added reference to as an argument to recommend adding uBlock to Tor Browser -- Added reference to in the in-depth Linux hardening resources -- Added reference to and in the section about hostile environments -- Added reference to in the creating new identities section -- Added reference to and into the Windows Host OS section of the Whonix route -- Added reference to in the biometrics section -- Added reference to in the Cryptocurrencies Transaction section -- Added Cwtch to the messaging apps lists and recommendations -- Added a new fourth Tor Exit node using donations funds -- Some grammar/spelling fixes - -v1.0.4 -- Added reference to in the burner phone section -- Added reference to in the Veracrypt settings sections -- Changed Privacytools.io to Privacyguides.org after name change -- Added reference to in the Face recognition section -- Added reference to within the Wi-Fi around you section -- Matrix room change from #online-anonymity:matrix.org to #anonymity:matrix.org (old alias remains valid) -- Renewed hosting of Tor-Exit-01 for 1 year using funding from donations - -v1.0.3 -- Added reference to ProtonMail IP logging case -- Added more information regarding Firefox hardening settings -- Added reference to -- Fixed several broken links -- Some grammar fixes - -v1.0.2 -- Minor layout fixes -- Added BLAKE2 hash to the list of hashes and clarified the hashes recommendations -- Added Twofish and Serpent to the recommended section in the File Encryption section -- Added reference to and in the Removing traces section -- Added references to and about the expanding trend of Geofencing warrants -- Added reference to in reference to Apple Privacy -- Added various references and information about setting up plausible deniability on Linux -- Added reference and information about setting up plausible deniability on Qubes OS -- Improved the section about countering linguistic forensics -- Updated Archive.today onion v2 address to v3 -- Full (self) proofreading resulting in a large amount of spelling/grammar fixes and some shame about those - -v1.0.1 -- Added information about Monero Atomic Swap for converting from BTC to Monero instead of a swapping service (Monero Rules!) -- Added link to in the password/passphrase guidelines appendix -- Added an appendix about Crypto Swapping services with some recommendations -- Added OnlyFans, Binance and Kraken to the list of tested online services -- Added Information on how to check if your Tor Exit node is in few or many blocklists to avoid issues when signing-up to various services -- Various spelling/grammar fixes - -v1.0.0 Codename "Deal With It" (because it's not perfect, so deal with it) -- Various spelling/grammar fixes to the Countering Forensic Linguistics section -- Added guidance on how to compare older PDFs with newer releases using some online tools -- Added guidance on how to compare older ODTs with newer releases using LibreWriter -- Removed the attribution to Mark Twain from the quote in the final editorial notes -- Added some references in the list of threats to anonymity to the proposed mitigations in the guide -- Various grammar/spelling fixes -- Slightly changed the Light theme header color - -v1.0.0-rc3-hotfix (unpublished release) -- Modified the Countering Forensic Linguistics section to remove the AutoCorrect usage recommendation in favor of "Search and Replace" to avoid unintended mistakes. -- Removed hybrid-analysis checks from the files as I think VirusTotal is enough - -v1.0.0-rc3 -- Added recommendation to use the Privacy Redirect extension on the Guest VMs browsers: -- Added a section to emphasize some precautions when using a Browser with JavaScript enabled (including Tor Browser up to the "Safer Level") in every route -- Added more information and recommendations related to using Tor Browser at the "Safer" level. -- Added some more crypto disclaimers to avoid some services such as Mixers/Tumblers -- Re-ordered and re-linked many sections in a more logical way -- Removed some duplicate information in some sections -- Fixed some bad hyperlinks -- Added a release of the guide in the ODT format in addition to PDFs - -v1.0.0-rc2 -- Many grammar/spelling changes after some proofreading - -v1.0.0-rc1 (Release Candidate 1) -- Small grammar/spelling fixes -- Small layout fixes -- Added some information about Safari in the Guest VM Browser selection/hardening sections -- Removed DREAD in the threat modeling references as it is deprecated -- Added link to in the No Logging but Logging anyway section of VPN providers -- Added Session Messenger as a possible "last resort" recommendation for iOS users because well there is no better option it seems despite their lack of PFS and Deniability -- Corrected the Session Messenger information as not using Tor Natively but using LokiNet Onion Routing natively -- Added a new Tor Browser route for the simplest, easiest way to access the web anonymously with appropriate security warnings -- Added additional information on attack mitigations on Bitlocker encrypted drives and reference to -- Changed the recommendations about the state of your real phone while using a burner phone. You should never bring it with you and leave it on at home. -- Changed the route picking UML to only show options depending on your skills/resources/availability without considering threats/adversaries -- Expanded the threat modeling section (after the previous UML) with adversaries/threats and picking the adequate route in consequence -- Added reference to to the Bad Cryptography section -- Added reference to to the Face Recognition section -- Lowered recommendation for RiseUP as a free mail service as they now require invitation for registration -- Added reference to as a possible mitigation to gait recognition systems as well as 2 more journalistic references to gait recognition -- Changed information about China/Russia "will block" ECH/eSNI to "might block" as it hasn't been verified/confirmed -- Added a whole appendix on Counteracting Forensic Linguistics (Writeprint) with your anonymous identities -- Added IPFS mirror of the whole website at - -v0.9.9h -- Fixed bad and missing linking about browser selection and install in guest VMs setup sections -- Added ShutUp10 to the list of tools to improve Privacy on Windows 10 -- Removed Windows AME from the recommendations/possibilities within guest VMs and advising against it instead - -v0.9.9g -- Added Safing.io to the recommended VPN providers list (provisional) -- Many links fixed/updated/replaced/removed (dead links check on the whole document) -- Updated most of the .onion v2 addresses to .onion v3 addresses (except for Archive.today which is still on v2) -- Added .onion addresses to some publication links having a Tor mirror such as The Intercept -- Decided to switch the licensing of the project to add NonCommercial (cc-by-nc-4.0), prior releases are not affected - -v0.9.9f -- Added section on search engines -- Added some more information on Brave source of adblocking -- Added separator between the text and the references to the online HTML version -- Added a ToC entry of the references to the online HTML version -- Added a bit more information on eventual physical destruction of HDDs and SSDs - -v0.9.9e -- Added more information on why I recommend Brave within guests VMs and more information about other choices (mainly Firefox) -- Added Browser Hardening guidelines for Brave, Ungoogled-Chromium, Edge, and Firefox - -v0.9.9d -- Changed wording from all incorrect "TAILS" instances to the correct "Tails" -- Changed wording from some incorrect "Qube OS" instances to the correct "Qubes OS" -- Added header to the PDFs with the title -- Added footer to the PDFs with the page numbers -- Changed the PDFs from having all references in the endnotes to having them in the footnotes of each page for better readability - -v0.9.9c -- Improved the password/passphrase recommendation section -- Added a new Tor Exit node to the project -- Added ChaCha20 to the recommended file/disk encryption algorithms -- Various fixes in the README/Index - -v0.9.9b -- Changed recommendation from Veracrypt to Bitlocker for Windows simple encryption route to prevent rubber-hose cryptanalysis -- Started running a Tor exit-node using project funds . I was only able to buy 3 months with the remaining funds. Please donate if you want this to continue. -- Changed slightly the donations requests so that they appear sooner including in the README/index.html and earlier in the guide in a lighter way -- Small grammar/spelling fixes - -v0.9.9a -- Added Wikiless links to all Wikipedia articles for enhanced privacy (see ) -- Added message to inform users with JavaScript disabled that JavaScript is needed to toggle the themes on the website -- Removed underline of every hyperlink in the PDF format guide for better readability -- Added small section about helping others staying anonymous by running a Tor entry/relay node -- Shortened the Index/README to make it more readable and creating a sub-page with the safety/integrity/authentication information -- Added new hosting provider to the list () and created a small appendix dedicated to recommended hosting providers -- Small grammar/spelling fixes -- Small fixes on the website layout (thanks to LiJu09 again) - -v0.9.9 -- Added toggle switch from dark to light theme for the website (requires Javascript) to improve general UX (very special thanks to LiJu09 for the great help) -- Fixed layout issues in the OSX section about Gatekeeper and XProtect -- Small fix in the malware section "higher level" changed to "lower level" -- Added reference to as an OSINT resource -- Added reference to in the Qubes Route section -- Various spelling/grammar fixes - -v0.9.8 -- Added reference to in the Monero Disclaimer section -- Added cars in the Smart Devices section because obviously cars are also issues -- Added reference to in the Smart Devices section -- Added more OSINT links: , , and -- Added more information about crafting your legend for your anonymous identities in a consistent manner in the creating new identities section -- Added more OPSEC information and a reference to -- Added more references to Hardening Linux: and -- Added references to AppArmor usage on Whonix VMs: -- Added AppArmor/SELinux references within the Qubes OS section for Hardening VMs -- Added light introduction video references for hardening Linux/Windows/MacOS by the nice people at Techlore. -- Switched from Mastodon.online to Mastodon.social -- Fixed duplicate notations on GPG key -- Added Nitter links to Twitter links -- Various spelling/grammar fixes - -v0.9.7b -- Added disclaimer about Monero usage and its long-term security relative to KYC regulations -- Added a bonus step within the BTC anonymizing section to reference Wasabi Wallet as an added efficient obfuscation measure -- Fixed layout issue at the very end of the guide (wrong tabulation) -- Added reference to RiseUp, Disroot, and Autistici for e-mail creation if you need an e-mail verification for creating for instance a ProtonMail or a MailFence account -- Removed from README because it's dead it seems - -v0.9.7a -- Fixed wrong information about Session messenger and presence of Forward Secrecy and removed from recommendations due to that and the absence of deniability -- Added information about how to get/use BTC anonymously using Monero swapping -- Removed the THGTOA subreddit and the discord server (due to being mostly unused) to leave only the Matrix room and GitHub for discussions -- Made the README slightly more user-friendly -- Various spelling/grammar fixes - -v0.9.7 -- Fixed DNS section stating that ECH/eSNI leaks DNS when in fact it leaks only DN (Domain Name) -- Fixed DNS section stating that Firefox enforces OCSP stapling when it does not -- Added information in DNS section that Chromium based browsers do not rely on OCSP but CRLSets -- Fixed DNS illustration according to above fixes -- Renamed DNS section into DNS and IP and added information about IP correlation with various websites despite having encrypted DNS -- Added reference to in the anonymize Tor/VPN traffic section -- Added section about rootkits and backdoors in the malware in the malware, exploits and viruses section -- Added information about rootkits and firmware malware/backdoors -- Added Session in the messengers table and recommendations -- Added disclaimer to be extra cautious when using Tails (always use the last version and be extremely careful with bundled apps) -- Various spelling/grammar fixes - -v0.9.6b -- Added emphasis and disclaimer on the threat model of this guide to clarify strongly that this guide is a DRAFT and may contain inaccuracies. This guide should not be considered a definitive truth. -- Added reference to the new Tutanota incident forcing them to monitor users -- Added reference to the RSA Conference 2020, When Cybercriminals with Good OpSec Attack video in the OPSEC section - -v0.9.6a -- Added the USB Wi-Fi dongle option within the section to block Host OS network access while allowing VM network access -- Small spelling/grammar fixes - -v0.9.6 -- Added references to AnonAddy and Simplelogin e-mail aliasing services in the e-mail verification section of creating new online identities. Could be useful. -- Fixed the word SSD that was somehow spelled SDD all over the place (/shame) -- Added section to explain how to disable/prevent Internet Access on the Host OS while allowing VMs (specifically the Whonix Gateway) to access the internet in the Whonix Route -- Added further password recommendation based on Bruce Schneier recommendations -- Removed telegram channel because is was unused and empty in favor of keeping only the Matrix channel (Primary) and the Discord channel (Secondary) but linked -- Added information about AMD PSP not having remote management capabilities unlike IME -- Various spelling/grammar fixes - -v0.9.5 -- Added some small disclaimer for Coreboot containing some proprietary software -- Added reference to Tempora surveillance program -- Small correction to the text relating to the Tutanota court order to avoid misunderstandings -- Added and in addition to Shodan as IoT search engines options -- Removed SHA3 from the "avoid" list because it was incorrect -- Added more information in the Online Backups section -- Added more references to people caught due to their fingerprints appearing on shared pictures online in the biometrics section -- Added link to in the Hidden communications in plain sight section -- Various small spelling/grammar fixing - -v0.9.4 -- Added reference to in the Smart Devices around you section -- Added reference to TypingDNA () in the Online Behavior section -- Various small spelling fixes -- Added reference to SORM (Russia) along PRISM,XKEYSCORE... -- Added reference to smarttags (Apple AirTags, Samsung Smarttags, Tile...) in the smart devices section -- Added reference to Michael Bazzell's interesting OSINT Techniques book in the bonus resources section -- Added reference to LibGen in the Introduction section in addition to Sci-Hub -- Fixed some ordering issues in the various sections that were re-ordered in previous updates - -v0.9.3 -- Added reference to and how to disable MacOS Gatekeeper on Big Sur -- Various grammar/spelling/layout fixes -- Transifex translations are now possible and open for any volunteer. Currently some are working on Russian/Ukrainian -- Added https://crypton.sh/ to the list of Monero accepting phone number providers -- Added reference to e-mail tracking in the Malware section -- Updated DNS section to reflect change from eSNI to ECH -- Added more OSINT video tutorials references from Bellingcat -- Added information about OCSP stapling in the DNS section -- Added illustration for comparing simple OCSP vs OCSP stapling -- Added illustration for comparing DNS encryption with and without ECH - -v0.9.2a -- Multiple small punctuation fixes for better readability/translation of markdown format -- Small reference fix from BBC to The Guardian - -v0.9.2 -- Added reference to for Video geolocation (YouTube) -- Added reference to for various OSINT tools to try on yourself -- Fixed some bad links between a bunch of cross-references -- Some font color fixing in the dark themed PDF -- Added various attribution references for some external illustrations -- Various spelling/grammar fixes -- Re-organized some of the de-anonymization methods into grouped sub-sections for readability - -v0.9.1 -- Fixed Messaging table inaccuracies regarding metadata leaks and e2e for Element/Matrix and Zoom -- Added reference/guidance to Windows AME ()for use in guest VMs in place of Standard Windows 10 Pro -- Added Tor Mirror into the HTML header for discoverability -- Added reference to in the crypto transactions section -- Added references to NEC NeoFace and Clearview AI face recognition systems in the Face/Biometrics section -- Added FLoC opt-out and no-referrer policies into the HTML header -- Added reference to in the Smart Devices warning section -- Added reference to in the digital fingerprint section -- Added reference to in the Bonus section -- Fixed the Qubes OS section implying that Qubes OS is a Linux distribution when it is not -- Fixed LICENSE file missing on the website -- Various spelling/grammar fixes - -v0.9.0 -- Various layout, spelling, and grammar fixes -- Added new discussion channel on matrix -- Fixed connectivity methods table recommendations (VPN over Tor over VPN) -- Removed the shark meme because it was a bit much -- Added reference to the recent Spotify AI voice recognition patent -- Added more information and illustration about Tor Bridges and especially Meek bridges for users in hostile environments -- Added some more information about hash collisions -- Moved Requirements section up before Introduction -- Fixed DNS privacy illustration DoHoT that was spelled wrong -- Fixed Appendixes names that were out of order -- Added guidance to create a Proxy VPS in addition to a VPN VPS in the case of the now VPN/Proxy over Tor route -- Added more guidance to the "No Tor/VPN" option in a hostile environment - -v0.8.9a -- Moved the donations section to the bottom of the guide - -v0.8.9 -- Added reference to in the bonus resources section -- Many small fixes in the README -- Various small layout and grammar fixes -- Removed some parts about unblockable telemetry on MacOS Big Sur since this issue is no longer relevant it seems (and the telemetry can be blocked) -- Erratum: removed a quote from a user on his request - -v0.8.8 -- Fixed QR codes pointing to old addresses (but still valid) -- Added Keyoxide proofs to the README -- Various small fixes -- Huge thanks to the generous donator of 1 XMR -- Added proper native Tor mirror on - -v0.8.7 -- Added reference to in the Smart Devices section and the OS Telemetry section. -- Moved/rephrased small introduction paragraph about Apple being among the best choices for Privacy in the OS and Telemetry section. -- Changed recommendation for Android VM to Androix-x86 CyanogenMod releases (14.1 r5 at the time of this writing) -- Several small spelling/grammar/layout fixes -- Added more explanation and illustration to the basic concept of Virtualization through a new Appendix -- Fixed illustration to mention Tor Stream Isolation possibilities -- Added a couple easter eggs because why not - -v0.8.6 -- Small layout fixes due to regex errors in pandoc conversion -- Small re-write of the instant messaging section that should make more sense now -- Changed the Briar information to reflect that they do now provide a Desktop option (with limited features) in addition to the Android client (emulator no longer strictly required) -- Updated the messaging table to include qTox (Tox) and Gajim (XMPP) -- Added reference to IDF famous tweet -- Added some references to Zero-Trust security models -- Added some references to Bad Opsec resources ( and ) -- Added several tools to check an IP or your own IP for various things in the "Your IP Address" section -- Added references to Hybrid Analysis for PDFs in addition to VirusTotal -- Added small additional illustration about threat models in the Introduction -- Added small additional illustration about Privacy vs Anonymity in the Introduction -- Removed the password protected PDF file from the project because it was never used and creaitng more compatibilities issues than necessary on my side -- Replaced donations QR codes with better ones - -v0.8.5 -- Changed donations QR codes with better ones with logos -- Many small fixes in grammar/spelling/layout -- Fixed many unnecessary escaping backslashes in front of special characters because pandoc does that -- Changed all lines containing code lines into inline code for better readability on the online version -- Migrated my Mastodon account to (old one redirected automatically) -- Fixed Tor over VPN section that was clearly missing emphasis on it being a viable option with good use cases -- Added more information in the Pick your Connectivity conclusions for a better overview -- Added section about Online file Syncing in the Online Backup section -- Added more information about messaging apps and a rather detailed table comparing their privacy/security/anonymity features -- Added disclaimer on reddit/discord to not discuss sensitive topics on those platforms - -v0.8.4 -- Added more information regarding Tor stream isolation and VPNs -- Added reference to in the Behavior analysis section -- Added project website mirror at (hosted at GitLab) -- Added PDFs mirror at CryptPad.from -- Added reference to recently released list of data collected by Google Chrome -- Added reference to about Facial recognition defeating Face Masks in the biometrics section -- Added reference to Microsoft Azure Facial Cognitive Services Demo in the biometrics section -- Added reference to in the biometrics section - -v0.8.3 -- Added reference to glasses to interfere with CCTV surveillance. -- Added "enhance" example to the deblurring section -- Thanks to the anonymous donators. Their donations were spent to renew the domain for 3 more years (4 years total). -- Added information about risks/drawbacks related to Tor Stream Isolation when using VPN over Tor and for which use cases this method is recommended -- Added QR code for BTC legacy address in the donations section - -v0.8.2 -- Brighter fonts on some headers for better readability in dark mode -- Added reference to Sci-Hub in the introduction -- Added reference to deniable encryption on Linux and why it is not (yet) in the current routes -- Added reference to EncroChat and Sky ECC and warning against using such commercial devices/services for anonymity -- Small fixes in some URLs that were not properly changed after domain switch to anonymousplanet.org -- Added Bitcoin legacy address in addition to Segwit for donations -- Various spelling/grammar issues - -v0.8.1 -- Fixed many various small layout/spelling/grammar issues -- Fixed 2 shortened URLs (t.me and bit.ly) from the guide with correct destination URLs -- Added some references to "roll your own crypto" cases (Telegram, Zoom) -- Added reference to in the Metadata/Geolocation section -- Removed archive.today PDF links to replace them with Archive.org links (because archive.today doesn't actually save PDFs) -- Added reference to a MAC tracking device in the MAC address section -- Added disclaimer about not endorsing Cloudflare in the DNS section by mentioning them several times for technical reasons. -- Added references to Ungoogled-Chromium as an alternative to Tor Browser, Firefox and Brave. -- Added some results of Browser fingerprinting testing by the EFF coveryourtracks project. -- Added reference to Tor Browser security levels which I realized are not known by most people. -- Added Archive.org links to all documents/pages hyperlinks for people willing to avoid direct links to various websites -- Added Invidious (through yewtu.be invidious instance hosted in the NL) links to all YouTube videos hyperlinks for people wanting more privacy on Youtube videos -- Added reference to AMD PSP security analysis (and how it is not as bad as IME) in the "Your CPU" section and the laptop recommendation section. -- Moved the Safe Browser part of Guest OSes into an Appendix to avoid duplication -- Added domain for project with donation funds - -v0.8.0 -- Changed mat2 VM appendix to debian testing (instead of stable) to get latest version of mat2 -- Fixed mat2 VM appendix as the network was not working properly with the previous guidance -- Added reference to -- Added references to various threat modeling methodologies (LUNDDUN, STRIFE, DREAD, PASTA) and some more in-depth resources for those willing to go further -- Added reference to in the introduction -- Added reference to in the creating identities section -- Multiple spelling/grammar fixes (including email into e-mail, and wifi into wi-fi) -- Added reference to as bonus resources in de-anonymization methods -- Added reference to in the OPSEC section because it should be there -- Added reference to in the Printing Watermarking section -- Added reference to MIT project SeeingYellow in the Printing Watermarking section -- Re-Wrote the malware section in the de-anonymization methods for better readability -- Added a specific Anti-Virus section in the Malware checks section with various references and arguments for some selective/limited use. -- Added reference to EFF security scenarios () in the Introduction as examples of threat models for various people. -- Added new section with guidance for safe document publishing including various tool recommendations. -- Added a bit more guidance on malware removal for Pictures and Documents (PDFs, Office Documents...) -- Added Bad Cryptography in the de-anonymization threats with some examples -- Added several Behavior Analysis references in the renamed "Your Digital Fingerprint, Footprint, and Online Behavior" section - -v0.7.9 -- Updated GitHub Transparency report -- Added information to make animated online identities pictures for increased plausibility -- Added references to the list of services blocking Tor () -- Added reference to in the Identities maintenance section -- Added automatic archival and links of the project to Archive.today (through Archive.fo) - -v0.7.8 -- Various small layout/spelling/grammar fixes -- Added reference to Financial transactions and KYC in the real-name system section -- Added guidance to bypass some local restrictions on supervised computers safely (Appendix Q) -- Added guidance to run Tails without using Tor in a hostile environment -- Updated UML diagram of various routes to include a non-dedicated laptop -- Changed the whole document to a more formal/cleared grammar for better readability and compatibility with translation engines -- Changed table colors for better readability in dark modes (PDF and Online) - -v0.7.7 -- Added some acknowledgements to various added Projects -- Changed and improved the "Picking your route" section with the new option (Tails+Whonix) -- Added basic threat model illustration in the Introduction -- Added basic UML diagram to pick your route -- Added basic UML diagrams for picking your connectivity methods -- Added illustration of the Tails with HiddenVM option -- Rescaled some images that were way too big -- Added a whole bunch of platforms to the Online Identities section -- Added more references to German law in the Online Identities section -- Added a legend to the Online Identities overview table - -v0.7.6 -- Added reference to video visually explaining DNS -- Added some information related to the anonymous use of Bitcoin (vs Monero). -- Added reference to risks of using Crypto Tumblers and Mixers. -- Added reference to the Go Incognito project () and their informative YouTube videos for optional introduction before reading this guide. -- Added reference to ExifTool and ExifCleaner to Metadata removal sections for documents (because they also work on those formats) -- Added reference to picture recognition cloaking tools (Fawkes, Adverserial.io, LowKey) for preventing picture recognition algorithms from various platforms. -- Added detailed guidance to create Android guest VMs in the Whonix Route -- Added detailed guidance to create Android Qubes in the Qubes Route -- Added detailed guidance to use Persistent Plausible Deniability with Whonix within Tails (using HiddenVM project) -- Added Briar, GitLab to the online identities sections -- Added recommended Apps for sharing and communicating anonymously -- Added some acknowledgements to various added Projects - -v0.7.5 -- Added reference to in the Malware analysis appendix -- Many small fixes in layout/spelling/grammar -- Added quotes around VirusTotal "privacy policy" -- Changed "Exploits in your Apps" to "Malware and Exploits in your Apps" -- Added references to State surveillance using "mandatory" apps such as WeChat. -- Added Wikipedia reference to -- Added guidance and references to check files for integrity and authenticity in the "Checking files for malware" section. -- Added emphasis on recommendation of using Tor Browser on the Host OS if Tor is available. -- Removed GPG signatures from markdown and text files to instead sign the whole release for convenience in Contribution workflow. -- Adapted the README to the new signatures -- Added Bitcoin donation option - -v0.7.4 -- Added reference to Whonix Live mode if you don't want persistence when shutting down the VMs as an added possible safety measure -- Added reference to harden Linux from -- Added reference to Linux security issues from -- Added reference to PDF listing malware analysis tools -- Added reference to SANS Malware Analysis cheat sheet -- Added reference to the DoHoT project in the DNS section and updated the DNS illustration with this possibility -- Various spelling/grammar fixes -- Started adding some proper code blocks in the online Markdown version and will slowly adopt this in the whole guide in the future -- Fixed the Title missing a T -- Fixed a an hyperlink issue causing PDFID to detect an Automatic Action on guide.pdf -- Added warning in README concerning VirusTotal "privacy policy" -- Changed the PDFID warnings in the README to better explain their meaning for checking the PDFs published here -- Started fixing some accessibility issues in the guide (bad indents, empty spaces...) -- Fixed some bad links in cross-references -- Changed link from to - -v0.7.3 -- Added extra-security measures and references for sending cash to a VPN provider safely -- Added reference to sim-swapping in TOTP recommendation (and why SMS 2FA is bad) -- Added VirusTotal scans to all PDFs in the repository (while not endorsing/recommending VirusTotal at all for anything sensitive) -- Added Disclaimer about VirusTotal and their privacy policy in the guide and README -- Added QR code for Monero donations within the guide itself -- Added references in the Phishing section -- Added reference to in the Safe Access without Tor/VPN appendix -- Added guidance to communicate sensitive information safely to various organization (such as the press) -- Various grammar/spelling/layout fixes - -v0.7.2 -- Small layout/spelling/grammar fixes -- Added methods to check your surveillance and censorship levels on your Network using various resources. -- Changed site font to Helvetica -- Changed paragraph spacing on PDFs for better readability - -v0.7.1 -- Switched Github Pages Jekyll theme to Hacker because I prefer dark themes and this one doesn't rely on external fonts (Google). -- Added some references to voice deepfake tech in the Biometrics section -- Slightly changed the styles/colors of the PDFs - -v0.7.0 -- Added recommendations to consider leaving your smartphone at home online instead of just leaving it powered off or within a faraday bag. -- Added disclaimer stating that this guide is not sponsored by any commercial entity such as VPN providers -- Added specific sections and guidance about the various connectivity schemes (Tor, VPN over Tor, Tor Over VPN, VPN only, VPN over VPN and No Tor/VPN) with various references. -- Added guidance for using Tor Bridges with Tor Browser, Tails, Whonix and Qubes OS. -- Added last resort guidance for situations where Tor and/or VPN might not be possible options. -- Added guidance to use Long Range Antennas (Yagi type) for connecting to Public Wi-Fis from a safe distance -- Added new face recognition reference and gait recognition reference -- Added dark themed PDF -- Fixed error in Windows VM installation behind Whonix (missing Network setting) -- Various grammar/spelling fixes - -v0.6.9 -- Fixes/Adds to the online phone numbers sections. Recommendations based on identification requirements. -- Grammar/Spelling fixes. - -v0.6.8 -- Added security disclaimer concerning online phone providers using Monero. - -v0.6.7 -- Added guidance to possibly get online phone numbers using Monero (less recommended than a Physical Burner Phone with a Pre-paid SIM paid by cash). -- Adapted the various sections of the guide to reflect the above change. - -v0.6.6 -- Added reference to PornHub biometrics identification statement -- Small various spelling/layout fixes -- Added reference to Project Snowflake from Tor at the end of the guide if you wish you help others evade censorship -- Removed bad link to (no archive available) -- Fixed bad inline reference -- As from now on, all new references in this guide will also be saved to the Internet Archive in case of article removal -- Added privacy vs anonymity in the Introduction -- Added more references to legitimate use of Anonymity from the Whonix and Tor projects - -v0.6.5 -- Passive automated mirror setup at GitLab -- Added Donation Monero address within the guide -- Added README/Guide mention to the GitLab mirror -- Changed CHANGELOG/LICENSE to CHANGELOG.md/LICENSE.md for GitHub Pages integration -- Updated GPG key with GitLab noreply e-mail for commit verification -- Added sitemap on GitHub Pages for SEO -- Added latest version, changelog and alternative pdf download links on Github Pages -- Verified site on Keybase - -v0.6.4 -- Improved HTML layouts for better readability and SEO -- Added redirect from to the guide page -- Fixed README to to include hyperlinks - -v0.6.3 -- Added Table of Contents to PDF formats for better readability -- Fixed Appendixes/Sections references in the Markdown/HTML format -- Moved target-audience disclaimer from introduction to start of document -- Small layout fixes - -v0.6.2 -- Various little kramdown glitches fixed in HTML format -- Small fixes in spelling/grammar -- Added a small disclaimer in the introduction to let people know they can just read the first 26 pages to learn about the various threats without the need for practical applications - -v0.6.1 -- Various endnotes layout fixes -- Added OSINT YouTube Playlist reference -- Added reference to Whonix Live Host OS documentation (Similar to HiddenVM project) -- Added Twitter account (If it lasts, it was already suspended three times) . I'd be grateful if you share/like my tweet about this guide. - -v0.6.0 -- Various small spelling/grammar/layout fixes -- Added various references to Whonix Documentation (Hardening, Anti-Forensics, Anti-Evil Maid...) -- Added one Bellingcat reference to a recent case -- Added some Qubes OS references (Anti-Evil Maid and Hardening) -- Added new sub-route to the Tails route using the HiddenVM project for providing Plausible Deniability within Tails - -v0.5.9 -- Added Monero accepting VPS providers as options for self-hosting cloud services and self-hosting VPN services - -v0.5.8 -- Added various references to Whonix documentation (anti-forensics, cold boot attack defenses, full disk encryption) -- Small various fixes -- Added reasoning for not supporting M1 Macs -- Added Acknowledgements at the end of the guide -- Added some resources to cold-boot, evil-maid defenses - -v0.5.7 -- Added methods to check Trim/ATA/NVMe operations on external SSDs -- Added methods to securely delete data on Qubes OS - -v0.5.6 -- Added donations/sponsorship support to this project using Monero -- Added reference to Law Enforcement surveillance capabilities (CCC video) -- Added guidance to remove some forensic traces from MacOS -- Added guidance to remove some forensic traces from Linux (log deletion and trim) -- Added variants for securely erasing SSD drives (only ATA drives were mentioned, added specific info for NVMe drives). -- Added lists of laptop brands supporting Secure Erase (SSD) from BIOS/UEFI. -- Changed recommendation from GParted to System Rescue instead due to GParted not providing nvme-cli by default. -- Fix: Multiple fixes in SDD/HDD sections (layout, duplicate data...) -- Fix: Multiple fixes in SDD secure erasing section and added various warnings for various methods -- Fix: Removed blkdiscard from wrong section and from MacOS as it's not supported on MacOS by Homebrew -- Various spelling/grammar fixes - -v0.5.5 -- Added passphrase recommendations (xkcd.com) in the OPSEC section and other sections. - -v0.5.4 -- Added more information and mitigation possibilities for CPU exploits on Virtual Machines (Spectre, Meltdown...) - -v0.5.3 -- Added guidance to hidden containers with plausible deniability in the backup section -- Added guidance for online backups -- Added information for VPN kill switches for Whonix, MacOS and Linux - -v0.5.2 -- Update of GPG key (added no-reply e-mail) to get verified commits - -v0.5.1 -- Small various fixes - -v0.5.0 -- Added Watermarking section in threats with pictures/videos/audios watermarks and printer watermarks within - -v0.4.9 -- Various small spelling/grammar/layout fixes -- Added some Laptop recommendations and more info about Libreboot and Coreboot -- Added various references to key disclosure laws -- Added guidance to create a mat2-web guest Debian VM for removing metadata from files conveniently -- Changed CHANGELOG to markdown for integrating into GitHub Pages - -v0.4.8 -- Various fixes on spelling/grammar and layout -- Various fixes on KeepassXC sections for Linux/MacOS -- Added hardening recommendations for Virtualbox -- Added VPN installation tutorials for Linux/MacOS - -v0.4.7 -- added Virtualbox workaround for Spectre/Meltdown issue mitigation -- added section and guidance to remove metadata from various files and tools -- added reference to Haven app for physical security in OPSEC section -- added recommendation to use systematic TOTP 2FA for online identities when possible -- added references to Deepfakes, facial recognition and fingerprint recognition in biometric threats - -v0.4.6 Added link to Shodan to Smart Devices Section, Full rewrite of data wipe sections (especially SSDs) - -v0.4.5 Improved SSD/HDD erasure section and some spelling fixes. - -v0.4.x Added Backup methods, OPSec tricks, Malicious USB, Printers and various fixes - -v0.3.x Added MacOS information and various fixes - -v0.2.x Added Qubes OS information and various fixes - -v0.1.x Initial Release (missing Qubes OS details and MacOS support) - -## Unreleased - -## v1.1.9 (2023-08-23) - -## v1.1.8 (2023-08-23) - -## v1.1.7 (2023-08-23) - -## v1.1.6 (2023-08-23) +v1.2.0 + +- Rotate GPG/PGP keys (See [Open Collective key rotation](https://opencollective.com/anonymousplanetorg/updates/key-rotation-update)) +- Rename keys to email-key, master-signing-key, and release-signing-key respectively +- Switch to Megalinter to diagnose repeatable PDF failures + +v1.1.9 + +- Add dependency check action +- Fixup Brave config settings +- Add silent.link to Online Phone Number section +- Fix Appendix K reference to itself +- Rename "TAILS" to "Tails" + +v1.1.8 + +- Add AnarSec to links +- CI/CD: fix automatic VT scans +- Appendix D: remove trailing period in title +- CI/CD: lock old issues & pull requests +- Tor onion offline +- CI/CD: update issues template +- Revert "Quantum resistance and good crypto algos" + +v1.1.7 + +- Add A.P. Open Collective link +- Remove in memoriam for Lena per her wishes +- Add Lucas as NTH mod +- Fix missing inline image leftover from previous PRs +- "Checking if your Tor Exit Node is terrible": reduce to one section and remove subsections + +v1.1.6 **"It's alive...again."** + +The thing works now. + +- Fixed the errors in pandoc (Tex2PDF) build +- Updated Tor .onion links +- Drank a lulz amount of espresso +- Cleaned up garbage +- Removed unused links +- Note regarding Alex's absence (they will return) + +v1.1.6-pre2 +- I know, I know. Pre-release? Again??! v1.1.6 coming **very** soon. +- Update to $OXEN staking prices in Session section +- Small grammar/spelling fixes +- Fix image inline linking issue (stop using dual linking) +- Re-order hardlinks to make it easy to manage + +v1.1.6-pre1 +- Update on Tor Browser route due to major changes + - Tor Project has condensed their settings and it is no longer + necessary to manually configure bridges. +- Fix out of date options/settings for Tor on Android +- Small grammar/spelling fixes +- Removal and fix of some bad links +- Removal of AnonArchive (down) +- "How to spot if someone has been searching your stuff" fixed +- PDF and ODT builds disabled temporarily +- Update to social links for SEO plugin +- Link to Qubes tutorial for installing Windows VMs +- Added link to Arkenfox/user.js +- Remove unnecessary addons + +v1.1.5 +- Various spelling and grammar fixes +- Fixed several numbering errors in references +- Updated and fixed many broken URLs and saved them in the Wayback Machine +- Noted that https://mastodon.social/@anonypla is gone? added strike-through +- Adapted Qubes OS hardware requirements that were too low for a decent experience (RAM) according to their recommendation +- Put more incentive to use Tor Browser Safest mode as long as it does not break anything and switch to Safer if necessary and with precautions linked in an appendix +- Precision that Anti-Evil Maid on Qubes OS is only available on Intel CPUs +- Removed dead link of Centry Fork project +- Added Windows 11 support to the guide +- Partial additions of partial Qubes 4.1.X support but needs completion and testing (coming soon) +- Added link to official guide to upgrade from Qubes 4.0.X to 4.1.X (fresh or in-place) +- Fixed issue in Qubes OS Tor over VPN and VPN over Tor Networking cases that were just plain wrong +- Added guidance to run Windows 11 within Virtualbox + link to official guide from Oracle +- Added recommendation to install/use Safing PortMaster and added a link for some compatibility issues between Portmaster and some VPNs +- Removed Windows AME completely from the guide +- Replaced the "I would" by a "We would" since it is now a group effort and project +- Added a safest recommendation for more paranoid people in security level choices in Tor + +v1.1.4-pre2 +- Fixed some spelling/grammar +- Update to contributing guidelines +- Update of modern-crypto room rules +- Addition of chatroom-rules for the PSA community +- Update of verification guide (removed outdated content, fixed links, updates) +- Removal of CTemplar references since it was shutdown +- Fixed links to Proton services, references, onion URL, and archives +- Removal of BTC Wasabi recommedation in favor of Coinjoin alternative and wallet recommendations +- Re-phrasing of some confusing sentences +- LibRedirect extension is recommended again +- Fixed many links formatting +- Removal of removed content (dark pdf) +- Fixed links to ODT file +- Added recommendation to and +- Removed links to non-existant mirrors +- Updated some outdated references(old project) + +v1.1.4-pre1 +- Addition of a legacy resources page for the old archives +- Changes in the about page to reflect the current situation +- Changes in the donation page to reflect the current situation +- Fix link to video "How to Hack a Turned-Off Computer, [..]" +- Misspelling and grammar mistakes fixed +- Fix formatting +- Garbage removal +- Inline linking fixes +- Privacyguides changed their URL scheme +- Almost all archive.org links fixed +- Annotated some links to make them more descriptive +- Got rid of dupes and empty refs +- Renew links for researchgate articles that were removed +- Removed mobile wikipedia links +- Fix a couple patent links & Rubber-hose cryptanalysis wiki +- Update PDF archivals so they are direct links but not downloaded +- Some scientific articles were removed or replaced + - IEEExplore, Spread-spectrum watermarking of audio signals + - ScienceDirect, Robust audio watermarking using perceptual masking + - SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight + - Property of the People, Lawful Access to Secure Messaging Apps Data +- Arxiv url fixes +- s/grayshirt/grayshift/gi +- Trailing parentheses and commas removed +- Fixed all broken links +- Removed uMatrix from the guide (use uBlock Origin) +- Removal of https://xchange.me/ (abandoned) +- Removal of https://swap.lightning-network.ro/ (abandoned) +- Removal of https://privacyguides.org/providers/hosting/ (category removed from website) +- Added a warning about the privacy redirect extension stating it might be abandoned/unmaintained +- Added Anonymouth for linguistic antiforensics & related links + +v1.1.3 +- Added dedicated section about gait recognition and other long-range biometric techniques +- Updated PDF toolchain to allow embedding images in the PDF guide + +v1.1.3-pre1 +- Updating info to reflect the new identity being used to publich the guide +- Attempted to reconstruct toolchain to generate PDF and ODT guides + +v1.1.2 +- Removed SIM/Virtual Numbers providers not accepting at least XMR from the guide as there are sufficient providers accepting XMR +- Added some more free SMS providers in the guide +- Added links to Scribe.rip front-end to Medium.com for Medium.com links +- Considerable work was done in relation to the community aspects of this project and other related projects with the creation of a Matrix space (PSA) regrouping several efforts. +- Added link to containing the community rules for our chatrooms on Matrix and Discord +- Added reference to to the attacks against anonymized Tor traffic section +- Added reference to in the attacks against anonymized Tor traffic section +- Added reference to for running Android Apps within the Whonix Workstation +- Added reference to to the macOS VM section +- Added reference to to the biometrics section +- Added reference to +- Added reference to in the introduction section +- Added reference to to the SSD wiping conclusions +- Added reference to to the advanced targeted techniques section +- Small grammar/spelling fixes +- **Special thanks to the anonymous donator of 1 XMR** + +v1.1.1 +- Added reference to as an intro video to Monero in the Monero Disclaimer section +- Added reference to in the Guest VM Browser section about Brave +- Added reference to in the metadata/geo-location section +- Added reference to in several sections about JavaScript +- Added reference to in the sections about Ungoogled-Chromium +- Re-Added Privacytools.io in the Links section +- Added a general disclaimer on the Links page about websites possibly using sponsorships, affiliate links, paid services, premium offers, and merchandising... +- Re-Added a Discord server to provide easier access to the community through with all the rooms bridged to Matrix rooms +- Changed the Matrix/Discord communities from being room focused (#anonymity) to a broader "Privacy Security Anonymity" space with a new #security focused room and an off-topic room. +- Creation of a Matrix space at [#privacy-security-anonymity:matrix.org](https://matrix.to/#/#privacy-security-anonymity:matrix.org) +- Added an RSS bot to those rooms relaying some relevant security and anonymity news within those rooms. +- Started the test hosting of a small Synapse server with the domain anonymousplanet.org + +v1.1.0 +- Removed SHA-3 from recommended methods for password storage +- Added reference to in the section about communicating sensitive information to various organizations +- **Pending review** removal of privacytools.io from the guide after discovering sponsored recommendations within the lists on their website. Disclaimer added on the links page. +- Added reference to in the Stylometry section +- Added reference to in the Stylometry section +- Added reference to in the appendix checklist of things to check before sharing information +- Added reference to in the section about countering stylometry using translators +- Changed the fonts of the website to improve readability (now using "Helvetica", "Calibri",and "Times New Roman") +- Removed some unnecessary information from the main page and the donations page to reduce their size +- Added a new Tor Exit node (Tor-Exit-05) +- Various spelling/grammar fixes + +v1.0.9 +- Re-Added Privacytools.io (along Privacyguides.org) as a good source of information and recommendations for various services/products/platforms within the guide. +- Added a Links page to the website with a small collection of recommended projects to visit. +- Changed the layout of the website to make the buttons a bit smaller +- Added reference to in the OPSEC section. +- Added reference to which lists non-KYC cryptocurrencies exchange services +- Fixed some mistakes in the cryptocurrency swapping section + +v1.0.8-hotfix +- Added a reference to in the section about picking a browser in a guest VM +- Fixed not-working Nitter links by changing the Nitter instance to Nitter.net +- Added Minisign signatures for the PDFs and the ODT file +- **Hotfix** Added a reference to and now strongly recommends **against** using Ungoogled-Chromium due to them lagging behind in security patches + +v1.0.8 +- Added a reference to in the Smart Devices section +- Added several academic references to the Tor Correlation Fingerprinting attack: , , and +- Added a reference to in the same section +- Added an important precision/correction that Tor Correlation Fingerprinting attacks references papers were done in a limited closed-world testing environment and their efficiency in a real open-world situation has not been demonstrated other than theoretically +- Added two VPS hosting providers to the list of possible providers: and +- Added reference to announcing e2ee backups on WhatsApp + +v1.0.7 +- Added reference to in the targeted techniques section +- Added reference to in the targeted techniques section +- Added reference to in the targeted techniques section +- Switched various links from PrivacyTools.io to PrivacyGuides.org that were forgotten in a previous update +- Added guidance to share information and files publicly including IPFS +- Added an appendix containing a checklist of things to verify before sharing any information or file (metadata...) +- Complete reworking of the Introduction and Prologue for better readability (there was way too much text in there) +- Added references to , , and the YouTube Techlore channel as bonus introduction reads on privacy and security +- Various grammar/spelling fixes + +v1.0.6 +- Added reference to in the digital fingerprint section +- Added the fourth Tor Exit node in the donation page listing +- Added recommendation for considering Minisign () as an alternative to PGP/GPG for file signing +- Added new archive of the guide on anonarchive.org +- Added Content-Security-Policy and X-XSS-Protection metatags to the HTML headers of the website +- Added reference to to justify the recommendation to use Minisign over PGP/GPG for signing +- Added to the list of online phone number providers +- Added an "extra paranoid" route using Zcash in addition to Monero if you want even more safety than just relying on Monero alone for anonymous crypto transactions +- Added instructions to install a Zcash wallet on various OSes including the Whonix Workstation +- Refined the VPN over Tor sections with more information about using a self-hosted VPN/Proxy instead of a VPN provider +- Added guidance to upgrade Whonix from version 15 to version 16 on Qubes OS +- Added disclaimer about Windows 11 not being supported (yet) by the guide +- Some grammar/spelling fixes +- Various broken links fixes + +v1.0.5 +- Added reference to in the smartphone warnings section +- Made main website available through IPv6 +- Endnotes are now also supported on the repository MD file through thanks to markdown update from GitHub. Previously, those were only working on the rendered Jekyll HTML +- Added link to as an option if you cannot afford a dedicated number. More will be added soon. +- Added reference to as an argument to recommend adding uBlock to Tor Browser +- Added reference to in the in-depth Linux hardening resources +- Added reference to and in the section about hostile environments +- Added reference to in the creating new identities section +- Added reference to and into the Windows Host OS section of the Whonix route +- Added reference to in the biometrics section +- Added reference to in the Cryptocurrencies Transaction section +- Added Cwtch to the messaging apps lists and recommendations +- Added a new fourth Tor Exit node using donations funds +- Some grammar/spelling fixes + +v1.0.4 +- Added reference to in the burner phone section +- Added reference to in the Veracrypt settings sections +- Changed Privacytools.io to Privacyguides.org after name change +- Added reference to in the Face recognition section +- Added reference to within the Wi-Fi around you section +- Matrix room change from #online-anonymity:matrix.org to #anonymity:matrix.org (old alias remains valid) +- Renewed hosting of Tor-Exit-01 for 1 year using funding from donations + +v1.0.3 +- Added reference to ProtonMail IP logging case +- Added more information regarding Firefox hardening settings +- Added reference to +- Fixed several broken links +- Some grammar fixes + +v1.0.2 +- Minor layout fixes +- Added BLAKE2 hash to the list of hashes and clarified the hashes recommendations +- Added Twofish and Serpent to the recommended section in the File Encryption section +- Added reference to and in the Removing traces section +- Added references to and about the expanding trend of Geofencing warrants +- Added reference to in reference to Apple Privacy +- Added various references and information about setting up plausible deniability on Linux +- Added reference and information about setting up plausible deniability on Qubes OS +- Improved the section about countering linguistic forensics +- Updated Archive.today onion v2 address to v3 +- Full (self) proofreading resulting in a large amount of spelling/grammar fixes and some shame about those + +v1.0.1 +- Added information about Monero Atomic Swap for converting from BTC to Monero instead of a swapping service (Monero Rules!) +- Added link to in the password/passphrase guidelines appendix +- Added an appendix about Crypto Swapping services with some recommendations +- Added OnlyFans, Binance and Kraken to the list of tested online services +- Added Information on how to check if your Tor Exit node is in few or many blocklists to avoid issues when signing-up to various services +- Various spelling/grammar fixes + +v1.0.0 Codename "Deal With It" (because it's not perfect, so deal with it) +- Various spelling/grammar fixes to the Countering Forensic Linguistics section +- Added guidance on how to compare older PDFs with newer releases using some online tools +- Added guidance on how to compare older ODTs with newer releases using LibreWriter +- Removed the attribution to Mark Twain from the quote in the final editorial notes +- Added some references in the list of threats to anonymity to the proposed mitigations in the guide +- Various grammar/spelling fixes +- Slightly changed the Light theme header color + +v1.0.0-rc3-hotfix (unpublished release) +- Modified the Countering Forensic Linguistics section to remove the AutoCorrect usage recommendation in favor of "Search and Replace" to avoid unintended mistakes. +- Removed hybrid-analysis checks from the files as I think VirusTotal is enough + +v1.0.0-rc3 +- Added recommendation to use the Privacy Redirect extension on the Guest VMs browsers: +- Added a section to emphasize some precautions when using a Browser with JavaScript enabled (including Tor Browser up to the "Safer Level") in every route +- Added more information and recommendations related to using Tor Browser at the "Safer" level. +- Added some more crypto disclaimers to avoid some services such as Mixers/Tumblers +- Re-ordered and re-linked many sections in a more logical way +- Removed some duplicate information in some sections +- Fixed some bad hyperlinks +- Added a release of the guide in the ODT format in addition to PDFs + +v1.0.0-rc2 +- Many grammar/spelling changes after some proofreading + +v1.0.0-rc1 (Release Candidate 1) +- Small grammar/spelling fixes +- Small layout fixes +- Added some information about Safari in the Guest VM Browser selection/hardening sections +- Removed DREAD in the threat modeling references as it is deprecated +- Added link to in the No Logging but Logging anyway section of VPN providers +- Added Session Messenger as a possible "last resort" recommendation for iOS users because well there is no better option it seems despite their lack of PFS and Deniability +- Corrected the Session Messenger information as not using Tor Natively but using LokiNet Onion Routing natively +- Added a new Tor Browser route for the simplest, easiest way to access the web anonymously with appropriate security warnings +- Added additional information on attack mitigations on Bitlocker encrypted drives and reference to +- Changed the recommendations about the state of your real phone while using a burner phone. You should never bring it with you and leave it on at home. +- Changed the route picking UML to only show options depending on your skills/resources/availability without considering threats/adversaries +- Expanded the threat modeling section (after the previous UML) with adversaries/threats and picking the adequate route in consequence +- Added reference to to the Bad Cryptography section +- Added reference to to the Face Recognition section +- Lowered recommendation for RiseUP as a free mail service as they now require invitation for registration +- Added reference to as a possible mitigation to gait recognition systems as well as 2 more journalistic references to gait recognition +- Changed information about China/Russia "will block" ECH/eSNI to "might block" as it hasn't been verified/confirmed +- Added a whole appendix on Counteracting Forensic Linguistics (Writeprint) with your anonymous identities +- Added IPFS mirror of the whole website at + +v0.9.9h +- Fixed bad and missing linking about browser selection and install in guest VMs setup sections +- Added ShutUp10 to the list of tools to improve Privacy on Windows 10 +- Removed Windows AME from the recommendations/possibilities within guest VMs and advising against it instead + +v0.9.9g +- Added Safing.io to the recommended VPN providers list (provisional) +- Many links fixed/updated/replaced/removed (dead links check on the whole document) +- Updated most of the .onion v2 addresses to .onion v3 addresses (except for Archive.today which is still on v2) +- Added .onion addresses to some publication links having a Tor mirror such as The Intercept +- Decided to switch the licensing of the project to add NonCommercial (cc-by-nc-4.0), prior releases are not affected + +v0.9.9f +- Added section on search engines +- Added some more information on Brave source of adblocking +- Added separator between the text and the references to the online HTML version +- Added a ToC entry of the references to the online HTML version +- Added a bit more information on eventual physical destruction of HDDs and SSDs + +v0.9.9e +- Added more information on why I recommend Brave within guests VMs and more information about other choices (mainly Firefox) +- Added Browser Hardening guidelines for Brave, Ungoogled-Chromium, Edge, and Firefox + +v0.9.9d +- Changed wording from all incorrect "TAILS" instances to the correct "Tails" +- Changed wording from some incorrect "Qube OS" instances to the correct "Qubes OS" +- Added header to the PDFs with the title +- Added footer to the PDFs with the page numbers +- Changed the PDFs from having all references in the endnotes to having them in the footnotes of each page for better readability + +v0.9.9c +- Improved the password/passphrase recommendation section +- Added a new Tor Exit node to the project +- Added ChaCha20 to the recommended file/disk encryption algorithms +- Various fixes in the README/Index + +v0.9.9b +- Changed recommendation from Veracrypt to Bitlocker for Windows simple encryption route to prevent rubber-hose cryptanalysis +- Started running a Tor exit-node using project funds . I was only able to buy 3 months with the remaining funds. Please donate if you want this to continue. +- Changed slightly the donations requests so that they appear sooner including in the README/index.html and earlier in the guide in a lighter way +- Small grammar/spelling fixes + +v0.9.9a +- Added Wikiless links to all Wikipedia articles for enhanced privacy (see ) +- Added message to inform users with JavaScript disabled that JavaScript is needed to toggle the themes on the website +- Removed underline of every hyperlink in the PDF format guide for better readability +- Added small section about helping others staying anonymous by running a Tor entry/relay node +- Shortened the Index/README to make it more readable and creating a sub-page with the safety/integrity/authentication information +- Added new hosting provider to the list () and created a small appendix dedicated to recommended hosting providers +- Small grammar/spelling fixes +- Small fixes on the website layout (thanks to LiJu09 again) + +v0.9.9 +- Added toggle switch from dark to light theme for the website (requires Javascript) to improve general UX (very special thanks to LiJu09 for the great help) +- Fixed layout issues in the OSX section about Gatekeeper and XProtect +- Small fix in the malware section "higher level" changed to "lower level" +- Added reference to as an OSINT resource +- Added reference to in the Qubes Route section +- Various spelling/grammar fixes + +v0.9.8 +- Added reference to in the Monero Disclaimer section +- Added cars in the Smart Devices section because obviously cars are also issues +- Added reference to in the Smart Devices section +- Added more OSINT links: , , and +- Added more information about crafting your legend for your anonymous identities in a consistent manner in the creating new identities section +- Added more OPSEC information and a reference to +- Added more references to Hardening Linux: and +- Added references to AppArmor usage on Whonix VMs: +- Added AppArmor/SELinux references within the Qubes OS section for Hardening VMs +- Added light introduction video references for hardening Linux/Windows/MacOS by the nice people at Techlore. +- Switched from Mastodon.online to Mastodon.social +- Fixed duplicate notations on GPG key +- Added Nitter links to Twitter links +- Various spelling/grammar fixes + +v0.9.7b +- Added disclaimer about Monero usage and its long-term security relative to KYC regulations +- Added a bonus step within the BTC anonymizing section to reference Wasabi Wallet as an added efficient obfuscation measure +- Fixed layout issue at the very end of the guide (wrong tabulation) +- Added reference to RiseUp, Disroot, and Autistici for e-mail creation if you need an e-mail verification for creating for instance a ProtonMail or a MailFence account +- Removed from README because it's dead it seems + +v0.9.7a +- Fixed wrong information about Session messenger and presence of Forward Secrecy and removed from recommendations due to that and the absence of deniability +- Added information about how to get/use BTC anonymously using Monero swapping +- Removed the THGTOA subreddit and the discord server (due to being mostly unused) to leave only the Matrix room and GitHub for discussions +- Made the README slightly more user-friendly +- Various spelling/grammar fixes + +v0.9.7 +- Fixed DNS section stating that ECH/eSNI leaks DNS when in fact it leaks only DN (Domain Name) +- Fixed DNS section stating that Firefox enforces OCSP stapling when it does not +- Added information in DNS section that Chromium based browsers do not rely on OCSP but CRLSets +- Fixed DNS illustration according to above fixes +- Renamed DNS section into DNS and IP and added information about IP correlation with various websites despite having encrypted DNS +- Added reference to in the anonymize Tor/VPN traffic section +- Added section about rootkits and backdoors in the malware in the malware, exploits and viruses section +- Added information about rootkits and firmware malware/backdoors +- Added Session in the messengers table and recommendations +- Added disclaimer to be extra cautious when using Tails (always use the last version and be extremely careful with bundled apps) +- Various spelling/grammar fixes + +v0.9.6b +- Added emphasis and disclaimer on the threat model of this guide to clarify strongly that this guide is a DRAFT and may contain inaccuracies. This guide should not be considered a definitive truth. +- Added reference to the new Tutanota incident forcing them to monitor users +- Added reference to the RSA Conference 2020, When Cybercriminals with Good OpSec Attack video in the OPSEC section + +v0.9.6a +- Added the USB Wi-Fi dongle option within the section to block Host OS network access while allowing VM network access +- Small spelling/grammar fixes + +v0.9.6 +- Added references to AnonAddy and Simplelogin e-mail aliasing services in the e-mail verification section of creating new online identities. Could be useful. +- Fixed the word SSD that was somehow spelled SDD all over the place (/shame) +- Added section to explain how to disable/prevent Internet Access on the Host OS while allowing VMs (specifically the Whonix Gateway) to access the internet in the Whonix Route +- Added further password recommendation based on Bruce Schneier recommendations +- Removed telegram channel because is was unused and empty in favor of keeping only the Matrix channel (Primary) and the Discord channel (Secondary) but linked +- Added information about AMD PSP not having remote management capabilities unlike IME +- Various spelling/grammar fixes + +v0.9.5 +- Added some small disclaimer for Coreboot containing some proprietary software +- Added reference to Tempora surveillance program +- Small correction to the text relating to the Tutanota court order to avoid misunderstandings +- Added and in addition to Shodan as IoT search engines options +- Removed SHA3 from the "avoid" list because it was incorrect +- Added more information in the Online Backups section +- Added more references to people caught due to their fingerprints appearing on shared pictures online in the biometrics section +- Added link to in the Hidden communications in plain sight section +- Various small spelling/grammar fixing + +v0.9.4 +- Added reference to in the Smart Devices around you section +- Added reference to TypingDNA () in the Online Behavior section +- Various small spelling fixes +- Added reference to SORM (Russia) along PRISM,XKEYSCORE... +- Added reference to smarttags (Apple AirTags, Samsung Smarttags, Tile...) in the smart devices section +- Added reference to Michael Bazzell's interesting OSINT Techniques book in the bonus resources section +- Added reference to LibGen in the Introduction section in addition to Sci-Hub +- Fixed some ordering issues in the various sections that were re-ordered in previous updates + +v0.9.3 +- Added reference to and how to disable MacOS Gatekeeper on Big Sur +- Various grammar/spelling/layout fixes +- Transifex translations are now possible and open for any volunteer. Currently some are working on Russian/Ukrainian +- Added https://crypton.sh/ to the list of Monero accepting phone number providers +- Added reference to e-mail tracking in the Malware section +- Updated DNS section to reflect change from eSNI to ECH +- Added more OSINT video tutorials references from Bellingcat +- Added information about OCSP stapling in the DNS section +- Added illustration for comparing simple OCSP vs OCSP stapling +- Added illustration for comparing DNS encryption with and without ECH + +v0.9.2a +- Multiple small punctuation fixes for better readability/translation of markdown format +- Small reference fix from BBC to The Guardian + +v0.9.2 +- Added reference to for Video geolocation (YouTube) +- Added reference to for various OSINT tools to try on yourself +- Fixed some bad links between a bunch of cross-references +- Some font color fixing in the dark themed PDF +- Added various attribution references for some external illustrations +- Various spelling/grammar fixes +- Re-organized some of the de-anonymization methods into grouped sub-sections for readability + +v0.9.1 +- Fixed Messaging table inaccuracies regarding metadata leaks and e2e for Element/Matrix and Zoom +- Added reference/guidance to Windows AME ()for use in guest VMs in place of Standard Windows 10 Pro +- Added Tor Mirror into the HTML header for discoverability +- Added reference to in the crypto transactions section +- Added references to NEC NeoFace and Clearview AI face recognition systems in the Face/Biometrics section +- Added FLoC opt-out and no-referrer policies into the HTML header +- Added reference to in the Smart Devices warning section +- Added reference to in the digital fingerprint section +- Added reference to in the Bonus section +- Fixed the Qubes OS section implying that Qubes OS is a Linux distribution when it is not +- Fixed LICENSE file missing on the website +- Various spelling/grammar fixes + +v0.9.0 +- Various layout, spelling, and grammar fixes +- Added new discussion channel on matrix +- Fixed connectivity methods table recommendations (VPN over Tor over VPN) +- Removed the shark meme because it was a bit much +- Added reference to the recent Spotify AI voice recognition patent +- Added more information and illustration about Tor Bridges and especially Meek bridges for users in hostile environments +- Added some more information about hash collisions +- Moved Requirements section up before Introduction +- Fixed DNS privacy illustration DoHoT that was spelled wrong +- Fixed Appendixes names that were out of order +- Added guidance to create a Proxy VPS in addition to a VPN VPS in the case of the now VPN/Proxy over Tor route +- Added more guidance to the "No Tor/VPN" option in a hostile environment + +v0.8.9a +- Moved the donations section to the bottom of the guide + +v0.8.9 +- Added reference to in the bonus resources section +- Many small fixes in the README +- Various small layout and grammar fixes +- Removed some parts about unblockable telemetry on MacOS Big Sur since this issue is no longer relevant it seems (and the telemetry can be blocked) +- Erratum: removed a quote from a user on his request + +v0.8.8 +- Fixed QR codes pointing to old addresses (but still valid) +- Added Keyoxide proofs to the README +- Various small fixes +- Huge thanks to the generous donator of 1 XMR +- Added proper native Tor mirror on + +v0.8.7 +- Added reference to in the Smart Devices section and the OS Telemetry section. +- Moved/rephrased small introduction paragraph about Apple being among the best choices for Privacy in the OS and Telemetry section. +- Changed recommendation for Android VM to Androix-x86 CyanogenMod releases (14.1 r5 at the time of this writing) +- Several small spelling/grammar/layout fixes +- Added more explanation and illustration to the basic concept of Virtualization through a new Appendix +- Fixed illustration to mention Tor Stream Isolation possibilities +- Added a couple easter eggs because why not + +v0.8.6 +- Small layout fixes due to regex errors in pandoc conversion +- Small re-write of the instant messaging section that should make more sense now +- Changed the Briar information to reflect that they do now provide a Desktop option (with limited features) in addition to the Android client (emulator no longer strictly required) +- Updated the messaging table to include qTox (Tox) and Gajim (XMPP) +- Added reference to IDF famous tweet +- Added some references to Zero-Trust security models +- Added some references to Bad Opsec resources ( and ) +- Added several tools to check an IP or your own IP for various things in the "Your IP Address" section +- Added references to Hybrid Analysis for PDFs in addition to VirusTotal +- Added small additional illustration about threat models in the Introduction +- Added small additional illustration about Privacy vs Anonymity in the Introduction +- Removed the password protected PDF file from the project because it was never used and creaitng more compatibilities issues than necessary on my side +- Replaced donations QR codes with better ones + +v0.8.5 +- Changed donations QR codes with better ones with logos +- Many small fixes in grammar/spelling/layout +- Fixed many unnecessary escaping backslashes in front of special characters because pandoc does that +- Changed all lines containing code lines into inline code for better readability on the online version +- Migrated my Mastodon account to (old one redirected automatically) +- Fixed Tor over VPN section that was clearly missing emphasis on it being a viable option with good use cases +- Added more information in the Pick your Connectivity conclusions for a better overview +- Added section about Online file Syncing in the Online Backup section +- Added more information about messaging apps and a rather detailed table comparing their privacy/security/anonymity features +- Added disclaimer on reddit/discord to not discuss sensitive topics on those platforms + +v0.8.4 +- Added more information regarding Tor stream isolation and VPNs +- Added reference to in the Behavior analysis section +- Added project website mirror at (hosted at GitLab) +- Added PDFs mirror at CryptPad.from +- Added reference to recently released list of data collected by Google Chrome +- Added reference to about Facial recognition defeating Face Masks in the biometrics section +- Added reference to Microsoft Azure Facial Cognitive Services Demo in the biometrics section +- Added reference to in the biometrics section + +v0.8.3 +- Added reference to glasses to interfere with CCTV surveillance. +- Added "enhance" example to the deblurring section +- Thanks to the anonymous donators. Their donations were spent to renew the domain for 3 more years (4 years total). +- Added information about risks/drawbacks related to Tor Stream Isolation when using VPN over Tor and for which use cases this method is recommended +- Added QR code for BTC legacy address in the donations section + +v0.8.2 +- Brighter fonts on some headers for better readability in dark mode +- Added reference to Sci-Hub in the introduction +- Added reference to deniable encryption on Linux and why it is not (yet) in the current routes +- Added reference to EncroChat and Sky ECC and warning against using such commercial devices/services for anonymity +- Small fixes in some URLs that were not properly changed after domain switch to anonymousplanet.org +- Added Bitcoin legacy address in addition to Segwit for donations +- Various spelling/grammar issues + +v0.8.1 +- Fixed many various small layout/spelling/grammar issues +- Fixed 2 shortened URLs (t.me and bit.ly) from the guide with correct destination URLs +- Added some references to "roll your own crypto" cases (Telegram, Zoom) +- Added reference to in the Metadata/Geolocation section +- Removed archive.today PDF links to replace them with Archive.org links (because archive.today doesn't actually save PDFs) +- Added reference to a MAC tracking device in the MAC address section +- Added disclaimer about not endorsing Cloudflare in the DNS section by mentioning them several times for technical reasons. +- Added references to Ungoogled-Chromium as an alternative to Tor Browser, Firefox and Brave. +- Added some results of Browser fingerprinting testing by the EFF coveryourtracks project. +- Added reference to Tor Browser security levels which I realized are not known by most people. +- Added Archive.org links to all documents/pages hyperlinks for people willing to avoid direct links to various websites +- Added Invidious (through yewtu.be invidious instance hosted in the NL) links to all YouTube videos hyperlinks for people wanting more privacy on Youtube videos +- Added reference to AMD PSP security analysis (and how it is not as bad as IME) in the "Your CPU" section and the laptop recommendation section. +- Moved the Safe Browser part of Guest OSes into an Appendix to avoid duplication +- Added domain for project with donation funds + +v0.8.0 +- Changed mat2 VM appendix to debian testing (instead of stable) to get latest version of mat2 +- Fixed mat2 VM appendix as the network was not working properly with the previous guidance +- Added reference to +- Added references to various threat modeling methodologies (LUNDDUN, STRIFE, DREAD, PASTA) and some more in-depth resources for those willing to go further +- Added reference to in the introduction +- Added reference to in the creating identities section +- Multiple spelling/grammar fixes (including email into e-mail, and wifi into wi-fi) +- Added reference to as bonus resources in de-anonymization methods +- Added reference to in the OPSEC section because it should be there +- Added reference to in the Printing Watermarking section +- Added reference to MIT project SeeingYellow in the Printing Watermarking section +- Re-Wrote the malware section in the de-anonymization methods for better readability +- Added a specific Anti-Virus section in the Malware checks section with various references and arguments for some selective/limited use. +- Added reference to EFF security scenarios () in the Introduction as examples of threat models for various people. +- Added new section with guidance for safe document publishing including various tool recommendations. +- Added a bit more guidance on malware removal for Pictures and Documents (PDFs, Office Documents...) +- Added Bad Cryptography in the de-anonymization threats with some examples +- Added several Behavior Analysis references in the renamed "Your Digital Fingerprint, Footprint, and Online Behavior" section + +v0.7.9 +- Updated GitHub Transparency report +- Added information to make animated online identities pictures for increased plausibility +- Added references to the list of services blocking Tor () +- Added reference to in the Identities maintenance section +- Added automatic archival and links of the project to Archive.today (through Archive.fo) + +v0.7.8 +- Various small layout/spelling/grammar fixes +- Added reference to Financial transactions and KYC in the real-name system section +- Added guidance to bypass some local restrictions on supervised computers safely (Appendix Q) +- Added guidance to run Tails without using Tor in a hostile environment +- Updated UML diagram of various routes to include a non-dedicated laptop +- Changed the whole document to a more formal/cleared grammar for better readability and compatibility with translation engines +- Changed table colors for better readability in dark modes (PDF and Online) + +v0.7.7 +- Added some acknowledgements to various added Projects +- Changed and improved the "Picking your route" section with the new option (Tails+Whonix) +- Added basic threat model illustration in the Introduction +- Added basic UML diagram to pick your route +- Added basic UML diagrams for picking your connectivity methods +- Added illustration of the Tails with HiddenVM option +- Rescaled some images that were way too big +- Added a whole bunch of platforms to the Online Identities section +- Added more references to German law in the Online Identities section +- Added a legend to the Online Identities overview table + +v0.7.6 +- Added reference to video visually explaining DNS +- Added some information related to the anonymous use of Bitcoin (vs Monero). +- Added reference to risks of using Crypto Tumblers and Mixers. +- Added reference to the Go Incognito project () and their informative YouTube videos for optional introduction before reading this guide. +- Added reference to ExifTool and ExifCleaner to Metadata removal sections for documents (because they also work on those formats) +- Added reference to picture recognition cloaking tools (Fawkes, Adverserial.io, LowKey) for preventing picture recognition algorithms from various platforms. +- Added detailed guidance to create Android guest VMs in the Whonix Route +- Added detailed guidance to create Android Qubes in the Qubes Route +- Added detailed guidance to use Persistent Plausible Deniability with Whonix within Tails (using HiddenVM project) +- Added Briar, GitLab to the online identities sections +- Added recommended Apps for sharing and communicating anonymously +- Added some acknowledgements to various added Projects + +v0.7.5 +- Added reference to in the Malware analysis appendix +- Many small fixes in layout/spelling/grammar +- Added quotes around VirusTotal "privacy policy" +- Changed "Exploits in your Apps" to "Malware and Exploits in your Apps" +- Added references to State surveillance using "mandatory" apps such as WeChat. +- Added Wikipedia reference to +- Added guidance and references to check files for integrity and authenticity in the "Checking files for malware" section. +- Added emphasis on recommendation of using Tor Browser on the Host OS if Tor is available. +- Removed GPG signatures from markdown and text files to instead sign the whole release for convenience in Contribution workflow. +- Adapted the README to the new signatures +- Added Bitcoin donation option + +v0.7.4 +- Added reference to Whonix Live mode if you don't want persistence when shutting down the VMs as an added possible safety measure +- Added reference to harden Linux from +- Added reference to Linux security issues from +- Added reference to PDF listing malware analysis tools +- Added reference to SANS Malware Analysis cheat sheet +- Added reference to the DoHoT project in the DNS section and updated the DNS illustration with this possibility +- Various spelling/grammar fixes +- Started adding some proper code blocks in the online Markdown version and will slowly adopt this in the whole guide in the future +- Fixed the Title missing a T +- Fixed a an hyperlink issue causing PDFID to detect an Automatic Action on guide.pdf +- Added warning in README concerning VirusTotal "privacy policy" +- Changed the PDFID warnings in the README to better explain their meaning for checking the PDFs published here +- Started fixing some accessibility issues in the guide (bad indents, empty spaces...) +- Fixed some bad links in cross-references +- Changed link from to + +v0.7.3 +- Added extra-security measures and references for sending cash to a VPN provider safely +- Added reference to sim-swapping in TOTP recommendation (and why SMS 2FA is bad) +- Added VirusTotal scans to all PDFs in the repository (while not endorsing/recommending VirusTotal at all for anything sensitive) +- Added Disclaimer about VirusTotal and their privacy policy in the guide and README +- Added QR code for Monero donations within the guide itself +- Added references in the Phishing section +- Added reference to in the Safe Access without Tor/VPN appendix +- Added guidance to communicate sensitive information safely to various organization (such as the press) +- Various grammar/spelling/layout fixes + +v0.7.2 +- Small layout/spelling/grammar fixes +- Added methods to check your surveillance and censorship levels on your Network using various resources. +- Changed site font to Helvetica +- Changed paragraph spacing on PDFs for better readability + +v0.7.1 +- Switched Github Pages Jekyll theme to Hacker because I prefer dark themes and this one doesn't rely on external fonts (Google). +- Added some references to voice deepfake tech in the Biometrics section +- Slightly changed the styles/colors of the PDFs + +v0.7.0 +- Added recommendations to consider leaving your smartphone at home online instead of just leaving it powered off or within a faraday bag. +- Added disclaimer stating that this guide is not sponsored by any commercial entity such as VPN providers +- Added specific sections and guidance about the various connectivity schemes (Tor, VPN over Tor, Tor Over VPN, VPN only, VPN over VPN and No Tor/VPN) with various references. +- Added guidance for using Tor Bridges with Tor Browser, Tails, Whonix and Qubes OS. +- Added last resort guidance for situations where Tor and/or VPN might not be possible options. +- Added guidance to use Long Range Antennas (Yagi type) for connecting to Public Wi-Fis from a safe distance +- Added new face recognition reference and gait recognition reference +- Added dark themed PDF +- Fixed error in Windows VM installation behind Whonix (missing Network setting) +- Various grammar/spelling fixes + +v0.6.9 +- Fixes/Adds to the online phone numbers sections. Recommendations based on identification requirements. +- Grammar/Spelling fixes. + +v0.6.8 +- Added security disclaimer concerning online phone providers using Monero. + +v0.6.7 +- Added guidance to possibly get online phone numbers using Monero (less recommended than a Physical Burner Phone with a Pre-paid SIM paid by cash). +- Adapted the various sections of the guide to reflect the above change. + +v0.6.6 +- Added reference to PornHub biometrics identification statement +- Small various spelling/layout fixes +- Added reference to Project Snowflake from Tor at the end of the guide if you wish you help others evade censorship +- Removed bad link to (no archive available) +- Fixed bad inline reference +- As from now on, all new references in this guide will also be saved to the Internet Archive in case of article removal +- Added privacy vs anonymity in the Introduction +- Added more references to legitimate use of Anonymity from the Whonix and Tor projects + +v0.6.5 +- Passive automated mirror setup at GitLab +- Added Donation Monero address within the guide +- Added README/Guide mention to the GitLab mirror +- Changed CHANGELOG/LICENSE to CHANGELOG.md/LICENSE.md for GitHub Pages integration +- Updated GPG key with GitLab noreply e-mail for commit verification +- Added sitemap on GitHub Pages for SEO +- Added latest version, changelog and alternative pdf download links on Github Pages +- Verified site on Keybase + +v0.6.4 +- Improved HTML layouts for better readability and SEO +- Added redirect from to the guide page +- Fixed README to to include hyperlinks + +v0.6.3 +- Added Table of Contents to PDF formats for better readability +- Fixed Appendixes/Sections references in the Markdown/HTML format +- Moved target-audience disclaimer from introduction to start of document +- Small layout fixes + +v0.6.2 +- Various little kramdown glitches fixed in HTML format +- Small fixes in spelling/grammar +- Added a small disclaimer in the introduction to let people know they can just read the first 26 pages to learn about the various threats without the need for practical applications + +v0.6.1 +- Various endnotes layout fixes +- Added OSINT YouTube Playlist reference +- Added reference to Whonix Live Host OS documentation (Similar to HiddenVM project) +- Added Twitter account (If it lasts, it was already suspended three times) . I'd be grateful if you share/like my tweet about this guide. + +v0.6.0 +- Various small spelling/grammar/layout fixes +- Added various references to Whonix Documentation (Hardening, Anti-Forensics, Anti-Evil Maid...) +- Added one Bellingcat reference to a recent case +- Added some Qubes OS references (Anti-Evil Maid and Hardening) +- Added new sub-route to the Tails route using the HiddenVM project for providing Plausible Deniability within Tails + +v0.5.9 +- Added Monero accepting VPS providers as options for self-hosting cloud services and self-hosting VPN services + +v0.5.8 +- Added various references to Whonix documentation (anti-forensics, cold boot attack defenses, full disk encryption) +- Small various fixes +- Added reasoning for not supporting M1 Macs +- Added Acknowledgements at the end of the guide +- Added some resources to cold-boot, evil-maid defenses + +v0.5.7 +- Added methods to check Trim/ATA/NVMe operations on external SSDs +- Added methods to securely delete data on Qubes OS + +v0.5.6 +- Added donations/sponsorship support to this project using Monero +- Added reference to Law Enforcement surveillance capabilities (CCC video) +- Added guidance to remove some forensic traces from MacOS +- Added guidance to remove some forensic traces from Linux (log deletion and trim) +- Added variants for securely erasing SSD drives (only ATA drives were mentioned, added specific info for NVMe drives). +- Added lists of laptop brands supporting Secure Erase (SSD) from BIOS/UEFI. +- Changed recommendation from GParted to System Rescue instead due to GParted not providing nvme-cli by default. +- Fix: Multiple fixes in SDD/HDD sections (layout, duplicate data...) +- Fix: Multiple fixes in SDD secure erasing section and added various warnings for various methods +- Fix: Removed blkdiscard from wrong section and from MacOS as it's not supported on MacOS by Homebrew +- Various spelling/grammar fixes + +v0.5.5 +- Added passphrase recommendations (xkcd.com) in the OPSEC section and other sections. + +v0.5.4 +- Added more information and mitigation possibilities for CPU exploits on Virtual Machines (Spectre, Meltdown...) + +v0.5.3 +- Added guidance to hidden containers with plausible deniability in the backup section +- Added guidance for online backups +- Added information for VPN kill switches for Whonix, MacOS and Linux + +v0.5.2 +- Update of GPG key (added no-reply e-mail) to get verified commits + +v0.5.1 +- Small various fixes + +v0.5.0 +- Added Watermarking section in threats with pictures/videos/audios watermarks and printer watermarks within + +v0.4.9 +- Various small spelling/grammar/layout fixes +- Added some Laptop recommendations and more info about Libreboot and Coreboot +- Added various references to key disclosure laws +- Added guidance to create a mat2-web guest Debian VM for removing metadata from files conveniently +- Changed CHANGELOG to markdown for integrating into GitHub Pages + +v0.4.8 +- Various fixes on spelling/grammar and layout +- Various fixes on KeepassXC sections for Linux/MacOS +- Added hardening recommendations for Virtualbox +- Added VPN installation tutorials for Linux/MacOS + +v0.4.7 +- added Virtualbox workaround for Spectre/Meltdown issue mitigation +- added section and guidance to remove metadata from various files and tools +- added reference to Haven app for physical security in OPSEC section +- added recommendation to use systematic TOTP 2FA for online identities when possible +- added references to Deepfakes, facial recognition and fingerprint recognition in biometric threats + +v0.4.6 Added link to Shodan to Smart Devices Section, Full rewrite of data wipe sections (especially SSDs) + +v0.4.5 Improved SSD/HDD erasure section and some spelling fixes. + +v0.4.x Added Backup methods, OPSec tricks, Malicious USB, Printers and various fixes + +v0.3.x Added MacOS information and various fixes + +v0.2.x Added Qubes OS information and various fixes + +v0.1.x Initial Release (missing Qubes OS details and MacOS support) + +## Unreleased + +## v1.1.9 (2023-08-23) + +## v1.1.8 (2023-08-23) + +## v1.1.7 (2023-08-23) + +## v1.1.6 (2023-08-23) diff --git a/CHANGELOG.md.asc b/CHANGELOG.md.asc deleted file mode 100644 index 88e08a61..00000000 --- a/CHANGELOG.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQMwAKCRAhq2tqbLLD -Nwb3AP9fcLr3NHLxlmVd6luMr8WR+x73iAbJ42n7Vef7I2d1RgEA5B+OAJuM5V+E -Ud7Nnk6zSMshe1+eE1fBvwupHWlUhQg= -=nE1m ------END PGP SIGNATURE----- diff --git a/CHANGELOG.md.minisig b/CHANGELOG.md.minisig deleted file mode 100644 index 52cfb974..00000000 --- a/CHANGELOG.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/rVyPDOf+fU8hkJ9BcV7YEcghg86a3Fls5mchZSmI4X4LKT44jez8cNV8ueGXPKxqCS0Cgk+1xjo/6xr8xyTXgc= -trusted comment: timestamp:1691602996 file:CHANGELOG.md hashed -j8xvFvbuuGFccbQ5vg6p/M9cua/AgZjlnmCczBkaUN5NTS/Bts668qrS9Q1INQWBKzsAxUU7xsju8F8/MC07BA== diff --git a/CODE_OF_CONDUCT.md.asc b/CODE_OF_CONDUCT.md.asc deleted file mode 100644 index b3bcc09e..00000000 --- a/CODE_OF_CONDUCT.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQNAAKCRAhq2tqbLLD -N/z3AQD7rzLfjAtOWSRg9EOcjuSFrD03C6R7O3crzo4t7PJWfwD+LyiDRFsoyzAu -ODy5U5CA7TlQDqQfJNQ3lllVgRexygo= -=1WAF ------END PGP SIGNATURE----- diff --git a/CODE_OF_CONDUCT.md.minisig b/CODE_OF_CONDUCT.md.minisig deleted file mode 100644 index 49ee51bb..00000000 --- a/CODE_OF_CONDUCT.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/gD5vCC8/YFdUVxQVvGfr4Far0rKgyq8NvpyWOyv7OniMR0H1cROxjbaNwDGKi40AIpnb4DxlLhGLB9vXxAk4Qo= -trusted comment: timestamp:1691602998 file:CODE_OF_CONDUCT.md hashed -fT/+dBTTkv0JTsphaBgSgQ4WC5ntDZdtWK9EeXr5Gg+xf6JkwMeEJS7X+tduzKjmQhTGWgkFKcADGhbMOotzBQ== diff --git a/CONTRIBUTING.md.asc b/CONTRIBUTING.md.asc deleted file mode 100644 index 6858c338..00000000 --- a/CONTRIBUTING.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHQEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQNgAKCRAhq2tqbLLD -N7WIAPjQO3I+uiXoAdVOY3ANOaka7GNGbS1AHry3lxVOfP0rAQD5GC1+nqLiahaN -QErV4xb+q+gkK+wKU5xxXYDC7ViBCA== -=/9mz ------END PGP SIGNATURE----- diff --git a/CONTRIBUTING.md.minisig b/CONTRIBUTING.md.minisig deleted file mode 100644 index cbdc6fb5..00000000 --- a/CONTRIBUTING.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vRJZwBd8Uqg6cVFb05e5h9JEGoN952+kQf618xMf+tr6E/5vCs7CZp+Myak5h9JacGZxFAbRixaOX7UYy7bjA8= -trusted comment: timestamp:1691603000 file:CONTRIBUTING.md hashed -T1Ikxhedu6jSxOdFBc2UwIfye+/09vUvyCpzCUvXGZrHa2W0wuinYEdCIGAIFSOJN++WlGPyAumSxZXwEGZfCA== diff --git a/KEY_ROTATION.md b/KEY_ROTATION.md index 0a966206..52961924 100644 --- a/KEY_ROTATION.md +++ b/KEY_ROTATION.md @@ -1,31 +1,32 @@ -PGP/GPG key ID `7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A` is no longer active -PGP/GPG key ID `42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920` is no longer active - -This project now uses separate master, release signing, and email keys. - -Current master key fingerprint: `9EA98278639F1CD853E096CBFF94507587A6A9B9` -Current release key fingerprint: `83A6CF9EF57AC25B5C7F5D29285E6048A12321B2` -Current email key fingerprint: `B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C` - -The email and release keys should be signed by the master key. -The master key takes precedence over all other project keys. ------------------------------------------------------------------------------------- -Minisign key -``` -untrusted comment: minisign public key 902835EC74825934 -RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM -``` -is no longer active - -Use -``` -untrusted comment: minisign public key FE6A09A3AF18F7A7 -RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv -``` -instead - -Files signed using this key pair can be verified with the following command: - -``` -minisign -Vm -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv -``` +PGP/GPG key ID `7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A` is no longer active +PGP/GPG key ID `42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920` is no longer active +PGP/GPG key ID `9EA98278639F1CD853E096CBFF94507587A6A9B9` is no longer active + +This project now uses separate master, release signing, and email keys. + +Current master key fingerprint: `9FA5436D0EE360985157382517ECA05F768DEDF6` +Current release key fingerprint: `C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2` +Current email key fingerprint: `FCBD2CABDEFD1FBA2E9E7591A1A82CD2DD2CF890` + +The email and release keys should be signed by the master key. +The master key takes precedence over all other project keys. +------------------------------------------------------------------------------------ +Minisign key +``` +untrusted comment: minisign public key 902835EC74825934 +RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM +``` +is no longer active + +Use +``` +untrusted comment: minisign public key FE6A09A3AF18F7A7 +RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv +``` +instead + +Files signed using this key pair can be verified with the following command: + +``` +minisign -Vm -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv +``` diff --git a/KEY_ROTATION.md.asc b/KEY_ROTATION.md.asc deleted file mode 100644 index e07c1502..00000000 --- a/KEY_ROTATION.md.asc +++ /dev/null @@ -1,31 +0,0 @@ -PGP/GPG key ID `7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A` is no longer active -PGP/GPG key ID `42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920` is no longer active - -This project now uses separate master, release signing, and email keys. - -Current master key fingerprint: `9EA98278639F1CD853E096CBFF94507587A6A9B9` -Current release key fingerprint: `83A6CF9EF57AC25B5C7F5D29285E6048A12321B2` -Current email key fingerprint: `B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C` - -The email and release keys should be signed by the master key. -The master key takes precedence over all other project keys. ------------------------------------------------------------------------------------- -Minisign key -``` -untrusted comment: minisign public key 902835EC74825934 -RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM -``` -is no longer active - -Use -``` -untrusted comment: minisign public key FE6A09A3AF18F7A7 -RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv -``` -instead - -Files signed using this key pair can be verified with the following command: - -``` -minisign -Vm -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv -``` diff --git a/KEY_ROTATION.md.minisig b/KEY_ROTATION.md.minisig deleted file mode 100644 index 71b4857f..00000000 --- a/KEY_ROTATION.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/gEdIFDRsGwF2xuLoX64+PcxRZHg0mT+M3d5ZBNe4iv6jUdYpoFpY6Ba2Ny2jTxhLq8lbu4IsvRsBxMSvCdipQE= -trusted comment: timestamp:1691603002 file:KEY_ROTATION.md hashed -V69IW+V2afrciuLYlJTTU7S2909Is8dxGvwp1RDZHBVq1dsdUFWv2ezW4Sh8u5YAyngFOrPqEcJJ9PEl2t0uCw== diff --git a/LICENSE.md.asc b/LICENSE.md.asc deleted file mode 100644 index 71acd951..00000000 --- a/LICENSE.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQOgAKCRAhq2tqbLLD -NwEzAQDzME+M3jy6hGXcGfvbfE7ezVTSB1EbFup5EkZAnoyWfwD/SGh9StOoyCpz -UQgpH7cwbmeuAaEvgSISq6uNM8ScgAk= -=OyfK ------END PGP SIGNATURE----- diff --git a/LICENSE.md.minisig b/LICENSE.md.minisig deleted file mode 100644 index 217abcf8..00000000 --- a/LICENSE.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/gAzBQtyzCamju84eebs9pmkibZyZu3dRxd3LrTgZgknkRyjTMx8clMYRpHl1l7XCqCROtQU8r+zSXd79xFgFQc= -trusted comment: timestamp:1691603004 file:LICENSE.md hashed -onFwGEWf5jpCTX2Su/j7qb1whaGvgxgYymBWPIy7DkG4qb20zmUArZYE64hsBc00ewkVqwtspjOXrq4dkT6FCQ== diff --git a/Makefile b/Makefile index 88f56441..505b988a 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,89 @@ -guide: clean - ./make.sh +#! /bin/bash -m + +# Author.: Anonymous Planet +# License.: CC BY-NC 4.0 + +# Setup shell +# https://github.com/QubesOS/qubes-issues/issues/8343 +# if the default shell ($SHELL) is zsh, else use bash + +ifneq ($(shell echo $$SHELL | grep -q 'zsh' && echo zsh), zsh) + SHELL := /bin/bash # using standard shell +else + SHELL := /bin/zsh # else use zsh (Whonix) +endif + +ifneq ($(shell which safe-rm), /usr/bin/safe-rm) + RM := /usr/bin/rm # using standard rm +else + RM := /usr/share/safe-rm/bin/rm # else use safe rm +endif + +# Paths + +BUILD_DIR := ./export +PANDOC=/usr/bin/pandoc +PANDOC_OPTIONS=--smart --standalone + +SOURCE_DOCS := $(wildcard *.md) + +EXPORTED_DOCS=\ + $(SOURCE_DOCS:.md=.html) \ + $(SOURCE_DOCS:.md=.pdf) \ + $(SOURCE_DOCS:.md=.docx) \ + $(SOURCE_DOCS:.md=.rtf) \ + $(SOURCE_DOCS:.md=.odt) \ + $(SOURCE_DOCS:.md=.epub) + +PANDOC=/usr/bin/pandoc + +PANDOC_OPTIONS=--standalone --metadata title="The Hitchhiker's Guide to Online Anonymity" -t context + +PANDOC_HTML_OPTIONS=--to html5 +PANDOC_PDF_OPTIONS= +PANDOC_DOCX_OPTIONS= +PANDOC_RTF_OPTIONS= +PANDOC_ODT_OPTIONS= +PANDOC_EPUB_OPTIONS=--to epub3 + +# TODO: Makefile flags + +.PHONY: clean sigs docs + +# target: cleanup + clean: - ./clean.sh + -$(RM) -drf $(BUILD_DIR)/* + -$(RM) -rf *sum* + -$(RM) -rf *.md.asc + -$(RM) -rf *.txt.asc + -$(RM) -rf *.md.minisig + -$(RM) -rf *.txt.minisig + -$(RM) -f $(EXPORTED_DOCS) + +# target: signatures + +sigs: + mkdir -p export + ./make.sh + +# target: documentation + +docs: + %.html : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_HTML_OPTIONS) -o $@ $< + + %.pdf : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_PDF_OPTIONS) -o $@ $< + + %.docx : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_DOCX_OPTIONS) -o $@ $< + + %.rtf : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_RTF_OPTIONS) -o $@ $< + + %.odt : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_ODT_OPTIONS) -o $@ $< + + %.epub : %.md + $(PANDOC) $(PANDOC_OPTIONS) $(PANDOC_EPUB_OPTIONS) -o $@ $< diff --git a/README.md b/README.md index 2907f9f0..181d8a9f 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ This guide is an open-source non-profit initiative, [licensed](LICENSE.html) und - Raw [Markdown](https://github.com/Anon-Planet/thgtoa/raw/master/guide.md) text. Mirrors: -- Tor Onion Mirror: +- Tor Onion Mirror: The guide and all the files are also readily available on Archive.org and Archive.today: @@ -40,9 +40,9 @@ Feel free to submit issues using Github Issues with the repository link above. C Follow or contact us on: Discussion Channels: -- Matrix room: ```#anonymity:matrix.org``` -- Matrix space: ```#privacy-security-anonymity:matrix.org``` -- Twitter at https://twitter.com/AnonyPla +- Matrix room: `#anonymity:matrix.org` +- Matrix space: `#privacy-security-anonymity:matrix.org` +- Twitter at https://twitter.com/AnonyPla - Mastodon at https://mastodon.social/@anonymousplanet Have a good read and feel free to share and/or recommend it! diff --git a/README.md.asc b/README.md.asc deleted file mode 100644 index 98a7464c..00000000 --- a/README.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQPAAKCRAhq2tqbLLD -N39XAP9+5qHFw0xWWJS3hRqJ3wl1neyJQo6xreqCoX0gA8zarAD+Kc7bKW41IQiQ -ZU5k0epfrqb4Mz+4SmrgrxhG6Tto4As= -=UheN ------END PGP SIGNATURE----- diff --git a/README.md.minisig b/README.md.minisig deleted file mode 100644 index 1e4221f2..00000000 --- a/README.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pgNN3JobRKk9yc7YsFmiU8HGK3ODVuzNh4pPtbNj+u0hu3lLC6FJJV1f8o2iiMrmBKnMmeQL/lpTIOHtwXTtwc= -trusted comment: timestamp:1691603005 file:README.md hashed -VoUFgAfBujWNl+TDVd0/9spzEH0V1QKn1j4WdalqoQX4LygaTVazbAuL7GSIY0gSLraN7g5kD95vkuPaVJ1LAw== diff --git a/_config.yml b/_config.yml index 41318ba1..18eab2ce 100644 --- a/_config.yml +++ b/_config.yml @@ -22,12 +22,13 @@ github: changelog_url: CHANGELOG.html license_url: LICENSE.html about_url: about.html + version: v1.2.0 minisign_url: minisign.pub links_url: links.html - twitter_url: https://anonymousplanet.org/twitter.html + twitter_url: twitter.html mastodon_url: https://mastodon.social/@anonymousplanet constitution_url: constitution.html - # tor_mirror_url: http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion + tor_mirror_url: http://thgtoa3jzy3doku7hkna32htpghjijefscwvh4dyjgfydbbjkeiohgid.onion defaults: - scope: diff --git a/_layouts/default.html b/_layouts/default.html index b3a3fe40..e085decd 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -3,8 +3,7 @@ - - + @@ -155,7 +154,7 @@

The Hitchhiker’s Guide to Online Anonymity

How I learned to start worrying and love privacy anonymity

-

The latest Version is v1.1.9. See the changelog.

+

The latest Version: v1.2.0. See the changelog.

{% if page.url != "/" %} Home @@ -184,7 +183,7 @@

The latest Version is v1.1.9. See the About {% endif %}

-
GPG Key Fingerprint: 9EA9 8278 639F 1CD8 53E0 96CB FF94 5075 87A6 A9B9 / Minisign public key: minisign.pub
+
GPG Key Fingerprint: 9FA5 436D 0EE3 6098 5157 3825 17EC A05F 768D EDF6 / Minisign public key: minisign.pub
diff --git a/about.md b/about.md index 105ecc24..76b571ae 100644 --- a/about.md +++ b/about.md @@ -1,26 +1,22 @@ -The current maintainers of this project are Alex (they/them) and The Hidden (aka No). - -After unfortunate events, we have picked up maintenance of this guide in order to continue the project the original founder, Lena, started. Lena faked her death, then returned later. Before her death, she gave me access to her accounts to maintain the guide. I will be maintaining her guide, as well as running her Matrix space, from this point. As we've said before, we cannot guarantee we'll do everything right, or how she would have done it, but we're trying our best. - -**Update: Alex is taking an extended leave to acquire a more secure operating system and will not be actively involved for some time. They promise to return ASAP. Until then, No is spearheading the operation, including translations and research.** - ---- - -Please share this project if you enjoy it and think it might be useful to others. - -Follow or contact us on: -- Twitter: -- Mastodon: -- E-Mail: (You may use our [PGP public key](https://anonymousplanet.org/pgp/AnonymousPlanet-Email-Key_B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer) - -Discussion Channels: -- Matrix room: ```#anonymity:matrix.org``` -- Matrix space: ```#privacy-security-anonymity:matrix.org``` -- Github Discussions: - -Git mirrors: -- Github: -- Darktea: -- Gitlab: -- 0xacab: -- Codeberg: +The current maintainers of this project are Alex (they/them) and The Hidden (aka No). + +--- + +Please share this project if you enjoy it and think it might be useful to others. + +Follow or contact us on: +- Twitter: +- Mastodon: +- E-Mail: (You may use our [PGP public key](/keys/email-key.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer) + +Discussion Channels: +- Matrix room: `#anonymity:matrix.org` +- Matrix space: `#privacy-security-anonymity:matrix.org` +- Github Discussions: + +Git mirrors: +- Github: +- Darktea: +- Gitlab: +- 0xacab: +- Codeberg: diff --git a/about.md.asc b/about.md.asc deleted file mode 100644 index ebfbcf34..00000000 --- a/about.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQPQAKCRAhq2tqbLLD -NzPHAP4r35ecXqP/3gXeVj//g4F41HJNo5DL2H1XvRYcCmR3agD+LOiDTHXK1ESq -Y55XAJEMEcaCONCFQcco+OlgDDZ4zQs= -=oyEq ------END PGP SIGNATURE----- diff --git a/about.md.minisig b/about.md.minisig deleted file mode 100644 index 9a9de762..00000000 --- a/about.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jMbV8YC4jebQgZWBwmP0XZ0QEfXmIO2c1YQ30zXoZm2QxZjfybCNrVIaPgL72LiqBBTtDQPNrN9JjTSZkuvVAw= -trusted comment: timestamp:1691603007 file:about.md hashed -P5bJLM4MuoVKRhoX0X2qlypmUkPcqN2fDNirAr6zXC1T/xGhEo8KZFEfcQmvUpQ6g6hPwPN1u1TNgQrjm+PCBg== diff --git a/b2sum.txt b/b2sum.txt deleted file mode 100644 index a0db3df2..00000000 --- a/b2sum.txt +++ /dev/null @@ -1,17 +0,0 @@ -122be4810d1f44f952f98957cc07ea2271e16fdb75008b1d208e5050c31c67bf93e4dd1c5b27d2e8f05bf5a61b246c0dbab394e347a3c622064275817361a19d CHANGELOG.md -13a500b51aaaab394f40d459c722f25c94fdb92c0488a45caa67b5ef5c4d8ea1d5a9e303879cb04fbe61fb756a0b0e713533178cac66310d1f6d227c7a1b9bc7 CODE_OF_CONDUCT.md -406434dea78db82283517b7f3bb6289ae6cfbc28abb2c932100815e8f73620efb2b790efd5d87b2b6005e136ae259c9f844286dd2a7d21def2a9049ea3135644 CONTRIBUTING.md -51b88600d8c32dc6189bace5786e7dc4c4c9e6b40a106b12e349307757e4d8aa4df6cf5cac1e06200664dd385cb35e4db84d7e7992fd9c3c9cea05fca28a27bb KEY_ROTATION.md -be4c0b66dbdca9446079753dc3fcf2fb3eec55e8061c23ebcb20242458319a44120397d825b621fe6a59940204a05689bbb1a23bdd69120f775913f5c08d40dc LICENSE.md -ae55dafb58b68494ac627911e7ca19878c515bdd712e3328775065b2066e212ed4c62d24abe5267442560eb0ffe89a46ed20c66bbb169e5dd61ac451c55575ac README.md -2bcc51fa507b38a06187c8692a0233fc5b91f568b8e9397de110bdf892e3c4b5da23f1a3fd24422e3cf2c35d83543c1ba7e728397c86cc1f15f783a5b2f74739 about.md -26196d7b81bb79c8dc290a98204e3d416e887552ec68b0de4bbe2f17bcc11fe8e3dfccc7f210a72ddecba2eecfa2e33ceaf57f4b0c3061230d62b805e8228f79 briar.md -81352084f4e0d2104f71be16779ca788a97da03df7b6307b14867ad097be329ff37f039a4aed1b0309391c4af10187ee32822736bc3c797b3af5b19f4da0cc73 chatrooms-rules.md -0f1ade686710eae78be9d2ac09f8249399994b4e73d37e8d0893cff9d58ba93dc38eb5ffb912744aa1318508449ed7a11661af99e778f0d800f5b11ced4fbd2c constitution.md -5a0a6f7e1df8e6965606d12e6763c86c96adb023df120c0a71e631f2ad44fcd9057c84f793411f71e6b5366a84fe583def86729f0863d0e3a0f083d228f37850 donations.md -f100a391e014b4c7444edcf143f535b07b9a2f1d9213bd9fdd4c13eff5bf7754f5c66d639e8a847549e696271adee2e043228cfef273c2c694c79ff2d0243aad guide.md -046a52e53005963dd38343505aa43e51b5d750f0891c0a20a675c80ef9a254077db98b15165641a5f7ea33cc19f035e2aa7dbec4504a95c32b63911e3c7a8046 legacy.md -354a7a6f910c5a6508cf13b406c542ae3f0ad739fa3732936ccaa282fd486a475c39ab0862525dd4555f06e0164b90a99dac400b729bc9feab91b637eb896589 links.md -32b57ea09d576ce73f74352e9fe1baef19ed6c3808a9e3fa4716ec881f57a579861fa22b95e56dc729048c27e242fbbc15866cb2c36411c9e49173c00c126647 moderncrypto-rules.md -28ee0d22dd1f3ad583eeae49d459b8bafcafbb094912342afa628f015c89f1c296769a66bdd5d1c98b5c56a2351ffb9eb15f38ad34fae9f765bfa584d31003bc twitter.md -19ad65d5ccb881dff15a98200d9c768a0e59239524b922df125b82c506f5200ac4f9b72e21173cff9bb626ee9bf78703584981ee8fb8c3f6417c6817c92c34ea verify.md diff --git a/b2sum.txt.asc b/b2sum.txt.asc deleted file mode 100644 index 24e9d12a..00000000 --- a/b2sum.txt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQVQAKCRAhq2tqbLLD -N+tOAP9yU9PejCEiH5+9EdBT4OI/kRtuwSOtHcL3bq9AYL5TVQD/dm8ZvXHRRuwd -hY3O4CI18kqer0fToEmUbzQEhE1I2Q4= -=dcUa ------END PGP SIGNATURE----- diff --git a/b2sum.txt.minisig b/b2sum.txt.minisig deleted file mode 100644 index 796acb4e..00000000 --- a/b2sum.txt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vymvcOJI/oYrlxmzkc9cH/XsNg7dMSvdC71yvF94LU4oJiwaQ390LSXXzFH+SpHKgvrbD2isGzKSb2RvKpTtAU= -trusted comment: timestamp:1691603030 file:b2sum.txt hashed -3DH4JnGFU4jTeRDYkPldm/wa0N36j05v0d3iAQk70KtABEhll9nswevmFG1rENg77xQhvYjGcrYYzuOYy5t4Cw== diff --git a/briar.md.asc b/briar.md.asc deleted file mode 100644 index 5e708ba9..00000000 --- a/briar.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQPwAKCRAhq2tqbLLD -N5rTAQCXXnWU+eYNF4gU80e5KektaWLIsqzVwCoQymwyxbRtiAEAr+po9rklF/10 -tLsF2yYpqyHkZqPGIgtayrGtIurUkQk= -=556r ------END PGP SIGNATURE----- diff --git a/briar.md.minisig b/briar.md.minisig deleted file mode 100644 index c7297697..00000000 --- a/briar.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/mjhwPVty4ZNYfjn4Gx8rNfbI0b+wd4o32ZIPOV/tWquVnu0QA3tLFvn+UODOdV+MYvFsknKZ37H9BAgqPt0CQc= -trusted comment: timestamp:1691603009 file:briar.md hashed -bfoZZb229PvHg2bJn8xQnY/5ngpquR+dzeEhr/Uy3ISd1mF65N2S7Xz1Ib0Nl0j/gp/dp3G7j8UccgBGjJQ2BQ== diff --git a/chatrooms-rules.md.asc b/chatrooms-rules.md.asc deleted file mode 100644 index 9c521ff7..00000000 --- a/chatrooms-rules.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQQQAKCRAhq2tqbLLD -N13GAP9yjQhkFEOmcC5ADbZh8htXGZr6CCCPvHcmZTKZyiN3pQEAyAuSrzt200hT -13J8c8i6M2s/mugpgyspZmlREQvYcgs= -=mkb+ ------END PGP SIGNATURE----- diff --git a/chatrooms-rules.md.minisig b/chatrooms-rules.md.minisig deleted file mode 100644 index d409891e..00000000 --- a/chatrooms-rules.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/rLXR8idyufcZFnYdYipqM3lvINPxKGr6KNEZoNq0UHDG5PThx+JfeIT2RKQoU3Qd6McVV45YgF8FMdmbCXo/QA= -trusted comment: timestamp:1691603011 file:chatrooms-rules.md hashed -b+2BG8KZlXQzummpqlrHRvEQK5d0uJwwE0uA7TxTi+xHVZvlQP+2RIHbaNGghKclCFMgvS2Cqwt81OtHD8HKDg== diff --git a/constitution.md.asc b/constitution.md.asc deleted file mode 100644 index cf70d31e..00000000 --- a/constitution.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQQwAKCRAhq2tqbLLD -N9IbAP4mkf6ZQtRpLbDsNIfU75u5bJpu8eH9/cdXNAmVtT6LiAEA5/zVrZ0SEI4z -IVvR3YivnMRACa868HA56gvzG4SRMQY= -=1tsp ------END PGP SIGNATURE----- diff --git a/constitution.md.minisig b/constitution.md.minisig deleted file mode 100644 index 7113e3cc..00000000 --- a/constitution.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pTBVjkP4uv5unHZNWMoXS1e0g8frI16Z7Oo13E5kkaSDRQfNY5ljVzaYTS87i+qGp2f/rajz3CFZ+hZK4XmEAs= -trusted comment: timestamp:1691603013 file:constitution.md hashed -5M8L5Dbc4RajLuj/GpDmBJcgxk2noLNzlxZkH6bnrUfG1ML8VG5o7Mwm3FPQFt5aT93oKVelm3FaXsMP9RBcAA== diff --git a/donations.md.asc b/donations.md.asc deleted file mode 100644 index 247a88ca..00000000 --- a/donations.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQRQAKCRAhq2tqbLLD -N0ubAP9xgZuTmgwMZUShQsl57qxN8Uf0xD11RysBDWTv5B6heQD6A7+YmC4OR0Sb -LUvPLSZZH42d+bO1oJgJwbaXFp2K0gU= -=lTPS ------END PGP SIGNATURE----- diff --git a/donations.md.minisig b/donations.md.minisig deleted file mode 100644 index 0bea0abd..00000000 --- a/donations.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/sQFyVW9JQLYtu+Uzm+8g8sA/n2nmKhCq1qD2dDWRBu2sgf52CUpImu5sAOsEITef7OL1YlZgM5i7/spdOrQvQE= -trusted comment: timestamp:1691603015 file:donations.md hashed -CmT37BLRMQ954IR2EsFYHa/myH5kgeoebP0QMIWilQ7JQCf+yj+o/p2aHqy7VqOBlGiOQgDVYjIv5YA8Zj0xBw== diff --git a/export/CHANGELOG.html b/export/CHANGELOG.html deleted file mode 100644 index 823ca4b1..00000000 --- a/export/CHANGELOG.html +++ /dev/null @@ -1,1025 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

v1.1.9

-
    -
  • Add dependency check action
  • -
  • Fixup Brave config settings
  • -
  • Add silent.link to Online Phone Number section
  • -
  • Fix Appendix K reference to itself
  • -
  • Rename “TAILS” to “Tails”
  • -
-

v1.1.8

-
    -
  • Add AnarSec to links
  • -
  • CICD: fix automatic VT scans
  • -
  • Appendix D: remove trailing period in title
  • -
  • CICD: lock old issues & pull requests
  • -
  • Tor onion offline
  • -
  • CICD: update issues template
  • -
  • Revert “Quantum resistance and good crypto algos”
  • -
-

v1.1.7

-
    -
  • Add A.P. Open Collective link
  • -
  • Remove in memoriam for Lena per her wishes
  • -
  • Add Lucas as NTH mod
  • -
  • Fix missing inline image leftover from previous PRs
  • -
  • “Checking if your Tor Exit Node is terrible”: reduce to one section -and remove subsections
  • -
-

v1.1.6 “It’s alive…again.”

-

The thing works now.

-
    -
  • Fixed the errors in pandoc (Tex2PDF) build
  • -
  • Updated Tor .onion links
  • -
  • Drank a lulz amount of espresso
  • -
  • Cleaned up garbage
  • -
  • Removed unused links
  • -
  • Note regarding Alex’s absence (they will return)
  • -
-

v1.1.6-pre2 - I know, I know. Pre-release? Again??! v1.1.6 coming -very soon. - Update to $OXEN staking prices in Session -section - Small grammar/spelling fixes - Fix image inline linking issue -(stop using dual linking) - Re-order hardlinks to make it easy to -manage

-

v1.1.6-pre1 - Update on Tor Browser route due to major changes - Tor -Project has condensed their settings and it is no longer necessary to -manually configure bridges. - Fix out of date options/settings for Tor -on Android - Small grammar/spelling fixes - Removal and fix of some bad -links - Removal of AnonArchive (down) - “How to spot if someone has been -searching your stuff” fixed - PDF and ODT builds disabled temporarily - -Update to social links for SEO plugin - Link to Qubes tutorial for -installing Windows VMs - Added link to Arkenfox/user.js - Remove -unnecessary addons

-

v1.1.5 - Various spelling and grammar fixes - Fixed several numbering -errors in references - Updated and fixed many broken URLs and saved them -in the Wayback Machine - Noted that https://mastodon.social/@anonypla is gone? added -strike-through - Adapted Qubes OS hardware requirements that were too -low for a decent experience (RAM) according to their recommendation - -Put more incentive to use Tor Browser Safest mode as long as it does not -break anything and switch to Safer if necessary and with precautions -linked in an appendix - Precision that Anti-Evil Maid on Qubes OS is -only available on Intel CPUs - Removed dead link of Centry Fork project -- Added Windows 11 support to the guide - Partial additions of partial -Qubes 4.1.X support but needs completion and testing (coming soon) - -Added link to official guide to upgrade from Qubes 4.0.X to 4.1.X (fresh -or in-place) - Fixed issue in Qubes OS Tor over VPN and VPN over Tor -Networking cases that were just plain wrong - Added guidance to run -Windows 11 within Virtualbox + link to official guide from Oracle - -Added recommendation to install/use Safing PortMaster and added a link -for some compatibility issues between Portmaster and some VPNs - Removed -Windows AME completely from the guide - Replaced the “I would” by a “We -would” since it is now a group effort and project - Added a safest -recommendation for more paranoid people in security level choices in -Tor

-

v1.1.4-pre2 - Fixed some spelling/grammar - Update to contributing -guidelines - Update of modern-crypto room rules - Addition of -chatroom-rules for the PSA community - Update of verification guide -(removed outdated content, fixed links, updates) - Removal of CTemplar -references since it was shutdown - Fixed links to Proton services, -references, onion URL, and archives - Removal of BTC Wasabi -recommedation in favor of Coinjoin alternative and wallet -recommendations - Re-phrasing of some confusing sentences - LibRedirect -extension is recommended again - Fixed many links formatting - Removal -of removed content (dark pdf) - Fixed links to ODT file - Added -recommendation to https://z0ccc.github.io/extension-fingerprints/# and https://www.deviceinfo.me/ - Removed links to -non-existant mirrors - Updated some outdated references(old project)

-

v1.1.4-pre1 - Addition of a legacy resources page for the old -archives - Changes in the about page to reflect the current situation - -Changes in the donation page to reflect the current situation - Fix link -to video “How to Hack a Turned-Off Computer, [..]” - Misspelling and -grammar mistakes fixed - Fix formatting - Garbage removal - Inline -linking fixes - Privacyguides changed their URL scheme - Almost all -archive.org links fixed - Annotated some links to make them more -descriptive - Got rid of dupes and empty refs - Renew links for -researchgate articles that were removed - Removed mobile wikipedia links -- Fix a couple patent links & Rubber-hose cryptanalysis wiki - -Update PDF archivals so they are direct links but not downloaded - Some -scientific articles were removed or replaced - IEEExplore, -Spread-spectrum watermarking of audio signals - ScienceDirect, Robust -audio watermarking using perceptual masking - SSRN, The Cryptocurrency -Tumblers: Risks, Legality and Oversight - Property of the People, Lawful -Access to Secure Messaging Apps Data - Arxiv url fixes - -s/grayshirt/grayshift/gi - Trailing parentheses and commas removed - -Fixed all broken links - Removed uMatrix from the guide (use uBlock -Origin) - Removal of https://xchange.me/ (abandoned) - Removal of -https://swap.lightning-network.ro/ (abandoned) - Removal of -https://privacyguides.org/providers/hosting/ (category removed from -website) - Added a warning about the privacy redirect extension stating -it might be abandoned/unmaintained - Added Anonymouth for linguistic -antiforensics & related links

-

v1.1.3 - Added dedicated section about gait recognition and other -long-range biometric techniques - Updated PDF toolchain to allow -embedding images in the PDF guide

-

v1.1.3-pre1 - Updating info to reflect the new identity being used to -publich the guide - Attempted to reconstruct toolchain to generate PDF -and ODT guides

-

v1.1.2 - Removed SIM/Virtual Numbers providers not accepting at least -XMR from the guide as there are sufficient providers accepting XMR - -Added some more free SMS providers in the guide - Added links to -Scribe.rip front-end to Medium.com for Medium.com links - Considerable -work was done in relation to the community aspects of this project and -other related projects with the creation of a Matrix space (PSA) -regrouping several efforts. - Added link to https://psa.anonymousplanet.org/ containing the -community rules for our chatrooms on Matrix and Discord - Added -reference to https://en.wikipedia.org/wiki/Sybil_attack to the -attacks against anonymized Tor traffic section - Added reference to https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/ -in the attacks against anonymized Tor traffic section - Added reference -to https://www.whonix.org/wiki/Anbox for running Android -Apps within the Whonix Workstation - Added reference to https://www.wikigain.com/install-macos-monterey-on-virtualbox/ -to the macOS VM section - Added reference to https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/ -to the biometrics section - Added reference to https://propertyofthepeople.org/document-detail/?doc-id=21114562 -- Added reference to https://12ft.io/ in the introduction section - Added -reference to https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/ -to the SSD wiping conclusions - Added reference to https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf -to the advanced targeted techniques section - Small grammar/spelling -fixes - Special thanks to the anonymous donator of 1 -XMR

-

v1.1.1 - Added reference to https://www.youtube.com/watch?v=H33ggs7bh8M as an intro -video to Monero in the Monero Disclaimer section - Added reference to https://www.youtube.com/watch?v=qkJGF3syQy4 in the Guest -VM Browser section about Brave - Added reference to https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon -in the metadata/geo-location section - Added reference to https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ -in several sections about JavaScript - Added reference to https://qua3k.github.io/ungoogled/ in the sections about -Ungoogled-Chromium - Re-Added Privacytools.io in the Links section - -Added a general disclaimer on the Links page about websites possibly -using sponsorships, affiliate links, paid services, premium offers, and -merchandising… - Re-Added a Discord server to provide easier access to -the community through https://discord.gg/V8dmd9y7mt with all the rooms bridged -to Matrix rooms - Changed the Matrix/Discord communities from being room -focused (#anonymity) to a broader “Privacy Security Anonymity” space -with a new #security focused room and an off-topic room. - Creation of a -Matrix space at #privacy-security-anonymity:matrix.org https://matrix.to/#/#privacy-security-anonymity:matrix.org -- Added an RSS bot to those rooms relaying some relevant security and -anonymity news within those rooms. - Started the test hosting of a small -Synapse server with the domain anonymousplanet.org

-

v1.1.0 - Removed SHA-3 from recommended methods for password storage -- Added reference to https://docs.securedrop.org/en/stable/source.html in the -section about communicating sensitive information to various -organizations - Pending review removal of -privacytools.io from the guide after discovering sponsored -recommendations within the lists on their website. Disclaimer added on -the links page. - Added reference to https://web.archive.org/web/20181125133942/https://www.cs.drexel.edu/~sa499/papers/adversarial_stylometry.pdf -in the Stylometry section - Added reference to https://www.whonix.org/wiki/Surfing_Posting_Blogging#Stylometry -in the Stylometry section - Added reference to https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing -in the appendix checklist of things to check before sharing information -- Added reference to https://web.archive.org/web/20181125133942/https://www.cs.drexel.edu/~sa499/papers/adversarial_stylometry.pdf -in the section about countering stylometry using translators - Changed -the fonts of the website to improve readability (now using “Helvetica”, -“Calibri”,and “Times New Roman”) - Removed some unnecessary information -from the main page and the donations page to reduce their size - Added a -new Tor Exit node (Tor-Exit-05) - Various spelling/grammar fixes

-

v1.0.9 - Re-Added Privacytools.io (along Privacyguides.org) as a good -source of information and recommendations for various -services/products/platforms within the guide. - Added a Links page to -the website with a small collection of recommended projects to visit. - -Changed the layout of the website to make the buttons a bit smaller - -Added reference to https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c -in the OPSEC section. - Added reference to https://kycnot.me/ which lists non-KYC cryptocurrencies -exchange services - Fixed some mistakes in the cryptocurrency swapping -section

-

v1.0.8-hotfix - Added a reference to https://privacytests.org/ in the section about picking a -browser in a guest VM - Fixed not-working Nitter links by changing the -Nitter instance to Nitter.net - Added Minisign signatures for the PDFs -and the ODT file - Hotfix Added a reference to https://qua3k.github.io/ungoogled/ and now strongly -recommends against using Ungoogled-Chromium due to them -lagging behind in security patches

-

v1.0.8 - Added a reference to https://www.websiteplanet.com/blog/gethealth-leak-report/ -in the Smart Devices section - Added several academic references to the -Tor Correlation Fingerprinting attack: https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf, -https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf, -and https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf -- Added a reference to https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations -in the same section - Added an important precision/correction that Tor -Correlation Fingerprinting attacks references papers were done in a -limited closed-world testing environment and their efficiency in a real -open-world situation has not been demonstrated other than theoretically -- Added two VPS hosting providers to the list of possible providers: https://cryptoho.st/ and https://www.privex.io/ - -Added reference to https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/ -announcing e2ee backups on WhatsApp

-

v1.0.7 - Added reference to https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/ -in the targeted techniques section - Added reference to https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/ -in the targeted techniques section - Added reference to https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/ -in the targeted techniques section - Switched various links from -PrivacyTools.io to PrivacyGuides.org that were forgotten in a previous -update - Added guidance to share information and files publicly -including IPFS - Added an appendix containing a checklist of things to -verify before sharing any information or file (metadata…) - Complete -reworking of the Introduction and Prologue for better readability (there -was way too much text in there) - Added references to https://thenewoil.org, https://privacyguides.org, and the YouTube Techlore -channel https://www.youtube.com/c/Techlore as bonus introduction -reads on privacy and security - Various grammar/spelling fixes

-

v1.0.6 - Added reference to https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users -in the digital fingerprint section - Added the fourth Tor Exit node in -the donation page listing - Added recommendation for considering -Minisign (https://jedisct1.github.io/minisign/) as an alternative -to PGP/GPG for file signing - Added new archive of the guide on -anonarchive.org - Added Content-Security-Policy and X-XSS-Protection -metatags to the HTML headers of the website - Added reference to https://latacora.singles/2019/07/16/the-pgp-problem.html -to justify the recommendation to use Minisign over PGP/GPG for signing - -Added https://mobilesms.io to the list of online phone number -providers - Added an “extra paranoid” route using Zcash in addition to -Monero if you want even more safety than just relying on Monero alone -for anonymous crypto transactions - Added instructions to install a -Zcash wallet on various OSes including the Whonix Workstation - Refined -the VPN over Tor sections with more information about using a -self-hosted VPN/Proxy instead of a VPN provider - Added guidance to -upgrade Whonix from version 15 to version 16 on Qubes OS - Added -disclaimer about Windows 11 not being supported (yet) by the guide - -Some grammar/spelling fixes - Various broken links fixes

-

v1.0.5 - Added reference to https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history -in the smartphone warnings section - Made main website available through -IPv6 - Endnotes are now also supported on the repository MD file through -https://github.com/AnonymousPlanet/thgtoa/blob/main/guide.md -thanks to markdown update from GitHub. Previously, those were only -working on the rendered Jekyll HTML - Added link to https://oksms.org as an option -if you cannot afford a dedicated number. More will be added soon. - -Added reference to https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous -as an argument to recommend adding uBlock to Tor Browser - Added -reference to http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html -in the in-depth Linux hardening resources - Added reference to https://www.usenix.org/system/files/sec21-hoang.pdf and -https://gfwatch.org/ in -the section about hostile environments - Added reference to https://www.d-id.com/talkingheads/ in the creating new -identities section - Added reference to https://twitter.com/SecurityJon/status/1445020885472235524 -and https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/ -into the Windows Host OS section of the Whonix route - Added reference -to https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/ -in the biometrics section - Added reference to https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/ -in the Cryptocurrencies Transaction section - Added Cwtch https://cwtch.im to the -messaging apps lists and recommendations - Added a new fourth Tor Exit -node using donations funds - Some grammar/spelling fixes

-

v1.0.4 - Added reference to https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/ -in the burner phone section - Added reference to https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ -in the Veracrypt settings sections - Changed Privacytools.io to -Privacyguides.org after name change - Added reference to https://github.com/iperov/DeepFaceLive in the Face -recognition section - Added reference to https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you -within the Wi-Fi around you section - Matrix room change from -#online-anonymity:matrix.org to #anonymity:matrix.org (old alias remains -valid) - Renewed hosting of Tor-Exit-01 for 1 year using funding from -donations

-

v1.0.3 - Added reference to ProtonMail IP logging case https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ -- Added more information regarding Firefox hardening settings - Added -reference to https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/ -- Fixed several broken links - Some grammar fixes

-

v1.0.2 - Minor layout fixes - Added BLAKE2 hash to the list of hashes -and clarified the hashes recommendations - Added Twofish and Serpent to -the recommended section in the File Encryption section - Added reference -to https://justdeleteme.xyz/ and https://inteltechniques.com/workbook.html in the -Removing traces section - Added references to https://techcrunch.com/2021/08/19/google-geofence-warrants/ -and https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml -about the expanding trend of Geofencing warrants - Added reference to https://edwardsnowden.substack.com/p/all-seeing-i in -reference to Apple Privacy - Added various references and information -about setting up plausible deniability on Linux - Added reference and -information about setting up plausible deniability on Qubes OS - -Improved the section about countering linguistic forensics - Updated -Archive.today onion v2 address to v3 - Full (self) proofreading -resulting in a large amount of spelling/grammar fixes and some shame -about those

-

v1.0.1 - Added information about Monero Atomic Swap for converting -from BTC to Monero instead of a swapping service (Monero Rules!) - Added -link to https://www.useapassphrase.com/ in the -password/passphrase guidelines appendix - Added an appendix about Crypto -Swapping services with some recommendations - Added OnlyFans, Binance -and Kraken to the list of tested online services - Added Information on -how to check if your Tor Exit node is in few or many blocklists to avoid -issues when signing-up to various services - Various spelling/grammar -fixes

-

v1.0.0 Codename “Deal With It” (because it’s not perfect, so deal -with it) - Various spelling/grammar fixes to the Countering Forensic -Linguistics section - Added guidance on how to compare older PDFs with -newer releases using some online tools - Added guidance on how to -compare older ODTs with newer releases using LibreWriter - Removed the -attribution to Mark Twain from the quote in the final editorial notes - -Added some references in the list of threats to anonymity to the -proposed mitigations in the guide - Various grammar/spelling fixes - -Slightly changed the Light theme header color

-

v1.0.0-rc3-hotfix (unpublished release) - Modified the Countering -Forensic Linguistics section to remove the AutoCorrect usage -recommendation in favor of “Search and Replace” to avoid unintended -mistakes. - Removed hybrid-analysis checks from the files as I think -VirusTotal is enough

-

v1.0.0-rc3 - Added recommendation to use the Privacy Redirect -extension on the Guest VMs browsers: https://github.com/SimonBrazell/privacy-redirect - Added -a section to emphasize some precautions when using a Browser with -JavaScript enabled (including Tor Browser up to the “Safer Level”) in -every route - Added more information and recommendations related to -using Tor Browser at the “Safer” level. - Added some more crypto -disclaimers to avoid some services such as Mixers/Tumblers - Re-ordered -and re-linked many sections in a more logical way - Removed some -duplicate information in some sections - Fixed some bad hyperlinks - -Added a release of the guide in the ODT format in addition to PDFs

-

v1.0.0-rc2 - Many grammar/spelling changes after some -proofreading

-

v1.0.0-rc1 (Release Candidate 1) - Small grammar/spelling fixes - -Small layout fixes - Added some information about Safari in the Guest VM -Browser selection/hardening sections - Removed DREAD in the threat -modeling references as it is deprecated - Added link to https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/ -in the No Logging but Logging anyway section of VPN providers - Added -Session Messenger as a possible “last resort” recommendation for iOS -users because well there is no better option it seems despite their lack -of PFS and Deniability - Corrected the Session Messenger information as -not using Tor Natively but using LokiNet Onion Routing natively - Added -a new Tor Browser route for the simplest, easiest way to access the web -anonymously with appropriate security warnings - Added additional -information on attack mitigations on Bitlocker encrypted drives and -reference to https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network -- Changed the recommendations about the state of your real phone while -using a burner phone. You should never bring it with you and leave it on -at home. - Changed the route picking UML to only show options depending -on your skills/resources/availability without considering -threats/adversaries - Expanded the threat modeling section (after the -previous UML) with adversaries/threats and picking the adequate route in -consequence - Added reference to https://arxiv.org/pdf/2107.04940.pdf to the Bad -Cryptography section - Added reference to https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html -to the Face Recognition section - Lowered recommendation for RiseUP as a -free mail service as they now require invitation for registration - -Added reference to https://gitlab.com/FG-01/fg-01 as a possible mitigation -to gait recognition systems as well as 2 more journalistic references to -gait recognition - Changed information about China/Russia “will block” -ECH/eSNI to “might block” as it hasn’t been verified/confirmed - Added a -whole appendix on Counteracting Forensic Linguistics (Writeprint) with -your anonymous identities - Added IPFS mirror of the whole website at https://ipfs.anonymousplanet.org

-

v0.9.9h - Fixed bad and missing linking about browser selection and -install in guest VMs setup sections - Added ShutUp10 to the list of -tools to improve Privacy on Windows 10 - Removed Windows AME from the -recommendations/possibilities within guest VMs and advising against it -instead

-

v0.9.9g - Added Safing.io to the recommended VPN providers list -(provisional) - Many links fixed/updated/replaced/removed (dead links -check on the whole document) - Updated most of the .onion v2 addresses -to .onion v3 addresses (except for Archive.today which is still on v2) - -Added .onion addresses to some publication links having a Tor mirror -such as The Intercept - Decided to switch the licensing of the project -to add NonCommercial (cc-by-nc-4.0), prior releases are not affected

-

v0.9.9f - Added section on search engines - Added some more -information on Brave source of adblocking - Added separator between the -text and the references to the online HTML version - Added a ToC entry -of the references to the online HTML version - Added a bit more -information on eventual physical destruction of HDDs and SSDs

-

v0.9.9e - Added more information on why I recommend Brave within -guests VMs and more information about other choices (mainly Firefox) - -Added Browser Hardening guidelines for Brave, Ungoogled-Chromium, Edge, -and Firefox

-

v0.9.9d - Changed wording from all incorrect “TAILS” instances to the -correct “Tails” - Changed wording from some incorrect “Qube OS” -instances to the correct “Qubes OS” - Added header to the PDFs with the -title - Added footer to the PDFs with the page numbers - Changed the -PDFs from having all references in the endnotes to having them in the -footnotes of each page for better readability

-

v0.9.9c - Improved the password/passphrase recommendation section - -Added a new Tor Exit node to the project https://metrics.torproject.org/rs.html#details/F535BA067A776457083141688C7FE781B6DFB24E -- Added ChaCha20 to the recommended file/disk encryption algorithms - -Various fixes in the README/Index

-

v0.9.9b - Changed recommendation from Veracrypt to Bitlocker for -Windows simple encryption route to prevent rubber-hose cryptanalysis - -Started running a Tor exit-node using project funds https://metrics.torproject.org/rs.html#details/970814F267BF3DE9DFF2A0F8D4019F80C68AEE26. -I was only able to buy 3 months with the remaining funds. Please donate -if you want this to continue. - Changed slightly the donations requests -so that they appear sooner including in the README/index.html and -earlier in the guide in a lighter way - Small grammar/spelling fixes

-

v0.9.9a - Added Wikiless links to all Wikipedia articles for enhanced -privacy (see https://codeberg.org/orenom/wikiless) - Added message to -inform users with JavaScript disabled that JavaScript is needed to -toggle the themes on the website - Removed underline of every hyperlink -in the PDF format guide for better readability - Added small section -about helping others staying anonymous by running a Tor entry/relay node -- Shortened the Index/README to make it more readable and creating a -sub-page with the safety/integrity/authentication information - Added -new hosting provider to the list (https://1984.is) and created a small appendix dedicated -to recommended hosting providers - Small grammar/spelling fixes - Small -fixes on the website layout (thanks to LiJu09 again)

-

v0.9.9 - Added toggle switch from dark to light theme for the website -(requires Javascript) to improve general UX (very special thanks to -LiJu09 for the great help) - Fixed layout issues in the OSX section -about Gatekeeper and XProtect - Small fix in the malware section “higher -level” changed to “lower level” - Added reference to https://www.inteltechniques.com/podcast.html as an OSINT -resource - Added reference to https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md -in the Qubes Route section - Various spelling/grammar fixes

-

v0.9.8 - Added reference to https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf -in the Monero Disclaimer section - Added cars in the Smart Devices -section because obviously cars are also issues - Added reference to https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/ -in the Smart Devices section - Added more OSINT links: https://osintframework.com/, https://recontool.org, and -https://github.com/jivoi/awesome-osint - Added more -information about crafting your legend for your anonymous identities in -a consistent manner in the creating new identities section - Added more -OPSEC information and a reference to https://www.youtube.com/watch?v=IqZZU9lFlF4 - Added more -references to Hardening Linux: https://wiki.archlinux.org/title/Security and https://codeberg.org/SalamanderSecurity/PARSEC - Added -references to AppArmor usage on Whonix VMs: https://www.whonix.org/wiki/AppArmor - Added -AppArmor/SELinux references within the Qubes OS section for Hardening -VMs - Added light introduction video references for hardening -Linux/Windows/MacOS by the nice people at Techlore. - Switched from -Mastodon.online to Mastodon.social https://mastodon.social/@anonypla - Fixed duplicate -notations on GPG key - Added Nitter links to Twitter links - Various -spelling/grammar fixes

-

v0.9.7b - Added disclaimer about Monero usage and its long-term -security relative to KYC regulations - Added a bonus step within the BTC -anonymizing section to reference Wasabi Wallet https://wasabiwallet.io/ -as an added efficient obfuscation measure - Fixed layout issue at the -very end of the guide (wrong tabulation) - Added reference to RiseUp, -Disroot, and Autistici for e-mail creation if you need an e-mail -verification for creating for instance a ProtonMail or a MailFence -account - Removed http://keys.gnupg.net/ from README because it’s dead it -seems

-

v0.9.7a - Fixed wrong information about Session messenger and -presence of Forward Secrecy and removed from recommendations due to that -and the absence of deniability - Added information about how to get/use -BTC anonymously using Monero swapping - Removed the THGTOA subreddit and -the discord server (due to being mostly unused) to leave only the Matrix -room and GitHub for discussions - Made the README slightly more -user-friendly - Various spelling/grammar fixes

-

v0.9.7 - Fixed DNS section stating that ECH/eSNI leaks DNS when in -fact it leaks only DN (Domain Name) - Fixed DNS section stating that -Firefox enforces OCSP stapling when it does not - Added information in -DNS section that Chromium based browsers do not rely on OCSP but CRLSets -- Fixed DNS illustration according to above fixes - Renamed DNS section -into DNS and IP and added information about IP correlation with various -websites despite having encrypted DNS - Added reference to https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html -in the anonymize Tor/VPN traffic section - Added section about rootkits -and backdoors in the malware in the malware, exploits and viruses -section - Added information about rootkits and firmware -malware/backdoors - Added Session in the messengers table and -recommendations - Added disclaimer to be extra cautious when using Tails -(always use the last version and be extremely careful with bundled apps) -- Various spelling/grammar fixes

-

v0.9.6b - Added emphasis and disclaimer on the threat model of this -guide to clarify strongly that this guide is a DRAFT and may contain -inaccuracies. This guide should not be considered a definitive truth. - -Added reference to the new Tutanota incident forcing them to monitor -users - Added reference to the RSA Conference 2020, When Cybercriminals -with Good OpSec Attack https://www.youtube.com/watch?v=zXmZnU2GdVk video in the -OPSEC section

-

v0.9.6a - Added the USB Wi-Fi dongle option within the section to -block Host OS network access while allowing VM network access - Small -spelling/grammar fixes

-

v0.9.6 - Added references to AnonAddy and Simplelogin e-mail aliasing -services in the e-mail verification section of creating new online -identities. Could be useful. - Fixed the word SSD that was somehow -spelled SDD all over the place (/shame) - Added section to explain how -to disable/prevent Internet Access on the Host OS while allowing VMs -(specifically the Whonix Gateway) to access the internet in the Whonix -Route - Added further password recommendation based on Bruce Schneier -recommendations https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html -- Removed telegram channel because is was unused and empty in favor of -keeping only the Matrix channel (Primary) and the Discord channel -(Secondary) but linked - Added information about AMD PSP not having -remote management capabilities unlike IME - Various spelling/grammar -fixes

-

v0.9.5 - Added some small disclaimer for Coreboot containing some -proprietary software - Added reference to Tempora surveillance program - -Small correction to the text relating to the Tutanota court order to -avoid misunderstandings - Added https://censys.io/ and https://www.zoomeye.org/ -in addition to Shodan as IoT search engines options - Removed SHA3 from -the “avoid” list because it was incorrect - Added more information in -the Online Backups section - Added more references to people caught due -to their fingerprints appearing on shared pictures online in the -biometrics section - Added link to https://stegcloak.surge.sh/ in the Hidden communications -in plain sight section - Various small spelling/grammar fixing

-

v0.9.4 - Added reference to https://www.youtube.com/watch?v=FDZ39h-kCS8 in the Smart -Devices around you section - Added reference to TypingDNA (https://www.typingdna.com/) in the Online Behavior -section - Various small spelling fixes - Added reference to SORM -(Russia) along PRISM,XKEYSCORE… - Added reference to smarttags (Apple -AirTags, Samsung Smarttags, Tile…) in the smart devices section - Added -reference to Michael Bazzell’s interesting OSINT Techniques book https://inteltechniques.com/book1.html in the bonus -resources section - Added reference to LibGen in the Introduction -section in addition to Sci-Hub - Fixed some ordering issues in the -various sections that were re-ordered in previous updates

-

v0.9.3 - Added reference to https://disable-gatekeeper.github.io/ and how to disable -MacOS Gatekeeper on Big Sur - Various grammar/spelling/layout fixes - -Transifex translations are now possible and open for any volunteer. -Currently some are working on Russian/Ukrainian - Added -https://crypton.sh/ to the list of Monero accepting phone number -providers - Added reference to e-mail tracking in the Malware section - -Updated DNS section to reflect change from eSNI to ECH - Added more -OSINT video tutorials references from Bellingcat - Added information -about OCSP stapling in the DNS section - Added illustration for -comparing simple OCSP vs OCSP stapling - Added illustration for -comparing DNS encryption with and without ECH

-

v0.9.2a - Multiple small punctuation fixes for better -readability/translation of markdown format - Small reference fix from -BBC to The Guardian

-

v0.9.2 - Added reference to https://mattw.io/youtube-geofind/location for Video -geolocation (YouTube) - Added reference to https://jakecreps.com/tag/osint-tools/ for various OSINT -tools to try on yourself - Fixed some bad links between a bunch of -cross-references - Some font color fixing in the dark themed PDF - Added -various attribution references for some external illustrations - Various -spelling/grammar fixes - Re-organized some of the de-anonymization -methods into grouped sub-sections for readability

-

v0.9.1 - Fixed Messaging table inaccuracies regarding metadata leaks -and e2e for Element/Matrix and Zoom - Added reference/guidance to -Windows AME (https://ameliorated.info/)for use in guest VMs in place -of Standard Windows 10 Pro - Added Tor Mirror into the HTML header for -discoverability - Added reference to https://arxiv.org/pdf/1906.05754.pdf in the crypto -transactions section - Added references to NEC NeoFace and Clearview AI -face recognition systems in the Face/Biometrics section - Added FLoC -opt-out and no-referrer policies into the HTML header - Added reference -to https://arxiv.org/abs/1512.05616 in the Smart Devices -warning section - Added reference to https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf -in the digital fingerprint section - Added reference to https://www.gwern.net/Death-Note-Anonymity in the Bonus -section - Fixed the Qubes OS section implying that Qubes OS is a Linux -distribution when it is not - Fixed LICENSE file missing on the website -- Various spelling/grammar fixes

-

v0.9.0 - Various layout, spelling, and grammar fixes - Added new -discussion channel on matrix #online-anonymity:matrix.org - -Fixed connectivity methods table recommendations (VPN over Tor over VPN) -- Removed the shark meme because it was a bit much - Added reference to -the recent Spotify AI voice recognition patent https://patents.justia.com/patent/10891948 - Added more -information and illustration about Tor Bridges and especially Meek -bridges for users in hostile environments - Added some more information -about hash collisions - Moved Requirements section up before -Introduction - Fixed DNS privacy illustration DoHoT that was spelled -wrong - Fixed Appendixes names that were out of order - Added guidance -to create a Proxy VPS in addition to a VPN VPS in the case of the now -VPN/Proxy over Tor route - Added more guidance to the “No Tor/VPN” -option in a hostile environment

-

v0.8.9a - Moved the donations section to the bottom of the guide

-

v0.8.9 - Added reference to https://www.freehaven.net/anonbib/date.html in the bonus -resources section - Many small fixes in the README - Various small -layout and grammar fixes - Removed some parts about unblockable -telemetry on MacOS Big Sur since this issue is no longer relevant it -seems (and the telemetry can be blocked) - Erratum: removed a quote from -a user on his request

-

v0.8.8 - Fixed QR codes pointing to old addresses (but still valid) - -Added Keyoxide proofs to the README - Various small fixes - Huge thanks -to the generous donator of 1 XMR - Added proper native Tor mirror on http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion

-

v0.8.7 - Added reference to https://www.scss.tcd.ie/doug.leith/apple_google.pdf in -the Smart Devices section and the OS Telemetry section. - -Moved/rephrased small introduction paragraph about Apple being among the -best choices for Privacy in the OS and Telemetry section. - Changed -recommendation for Android VM to Androix-x86 CyanogenMod releases (14.1 -r5 at the time of this writing) - Several small spelling/grammar/layout -fixes - Added more explanation and illustration to the basic concept of -Virtualization through a new Appendix - Fixed illustration to mention -Tor Stream Isolation possibilities - Added a couple easter eggs because -why not

-

v0.8.6 - Small layout fixes due to regex errors in pandoc conversion -- Small re-write of the instant messaging section that should make more -sense now - Changed the Briar information to reflect that they do now -provide a Desktop option (with limited features) in addition to the -Android client (emulator no longer strictly required) - Updated the -messaging table to include qTox (Tox) and Gajim (XMPP) - Added reference -to IDF famous tweet https://twitter.com/idf/status/1125066395010699264 - -Added some references to Zero-Trust security models - Added some -references to Bad Opsec resources (https://www.youtube.com/watch?v=eQ2OZKitRwc and https://www.youtube.com/watch?v=eQ2OZKitRwc) - Added -several tools to check an IP or your own IP for various things in the -“Your IP Address” section - Added references to Hybrid Analysis for PDFs -in addition to VirusTotal - Added small additional illustration about -threat models in the Introduction - Added small additional illustration -about Privacy vs Anonymity in the Introduction - Removed the password -protected PDF file from the project because it was never used and -creaitng more compatibilities issues than necessary on my side - -Replaced donations QR codes with better ones

-

v0.8.5 - Changed donations QR codes with better ones with logos - -Many small fixes in grammar/spelling/layout - Fixed many unnecessary -escaping backslashes in front of special characters because pandoc does -that - Changed all lines containing code lines into inline code for -better readability on the online version - Migrated my Mastodon account -to https://mastodon.online/@anonypla (old one redirected -automatically) - Fixed Tor over VPN section that was clearly missing -emphasis on it being a viable option with good use cases - Added more -information in the Pick your Connectivity conclusions for a better -overview - Added section about Online file Syncing in the Online Backup -section - Added more information about messaging apps and a rather -detailed table comparing their privacy/security/anonymity features - -Added disclaimer on reddit/discord to not discuss sensitive topics on -those platforms

-

v0.8.4 - Added more information regarding Tor stream isolation and -VPNs - Added reference to https://clickclickclick.click in the Behavior analysis -section - Added project website mirror at https://mirror.anonymousplanet.org (hosted at GitLab) - -Added PDFs mirror at CryptPad.from - Added reference to recently -released list of data collected by Google Chrome - Added reference to https://www.bbc.com/news/technology-55573802 about -Facial recognition defeating Face Masks in the biometrics section - -Added reference to Microsoft Azure Facial Cognitive Services Demo https://azure.microsoft.com/en-us/services/cognitive-services/face/#demo -in the biometrics section - Added reference to https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/ -in the biometrics section

-

v0.8.3 - Added reference to https://www.reflectacles.com/ glasses to interfere with -CCTV surveillance. - Added “enhance” example to the deblurring section - -Thanks to the anonymous donators. Their donations were spent to renew -the domain for 3 more years (4 years total). - Added information about -risks/drawbacks related to Tor Stream Isolation when using VPN over Tor -and for which use cases this method is recommended - Added QR code for -BTC legacy address in the donations section

-

v0.8.2 - Brighter fonts on some headers for better readability in -dark mode - Added reference to Sci-Hub in the introduction - Added -reference to deniable encryption on Linux and why it is not (yet) in the -current routes - Added reference to EncroChat and Sky ECC and warning -against using such commercial devices/services for anonymity - Small -fixes in some URLs that were not properly changed after domain switch to -anonymousplanet.org - Added Bitcoin legacy address in addition to Segwit -for donations - Various spelling/grammar issues

-

v0.8.1 - Fixed many various small layout/spelling/grammar issues - -Fixed 2 shortened URLs (t.me and bit.ly) from the guide with correct -destination URLs - Added some references to “roll your own crypto” cases -(Telegram, Zoom) - Added reference to https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard -in the Metadata/Geolocation section - Removed archive.today PDF links to -replace them with Archive.org links (because archive.today doesn’t -actually save PDFs) - Added reference to a MAC tracking device https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf -in the MAC address section - Added disclaimer about not endorsing -Cloudflare in the DNS section by mentioning them several times for -technical reasons. - Added references to Ungoogled-Chromium as an -alternative to Tor Browser, Firefox and Brave. - Added some results of -Browser fingerprinting testing by the EFF coveryourtracks project. - -Added reference to Tor Browser security levels which I realized are not -known by most people. - Added Archive.org links to all documents/pages -hyperlinks for people willing to avoid direct links to various websites -- Added Invidious (through yewtu.be invidious instance hosted in the NL) -links to all YouTube videos hyperlinks for people wanting more privacy -on Youtube videos - Added reference to AMD PSP security analysis (and -how it is not as bad as IME) in the “Your CPU” section https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s -and the laptop recommendation section. - Moved the Safe Browser part of -Guest OSes into an Appendix to avoid duplication - Added domain for -project https://anonymousplanet.org/ with donation funds

-

v0.8.0 - Changed mat2 VM appendix to debian testing (instead of -stable) to get latest version of mat2 - Fixed mat2 VM appendix as the -network was not working properly with the previous guidance - Added -reference to https://en.wikipedia.org/wiki/Stylometry - Added -references to various threat modeling methodologies (LUNDDUN, STRIFE, -DREAD, PASTA) and some more in-depth resources for those willing to go -further - Added reference to https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F -in the introduction - Added reference to https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#.22Real.22_names -in the creating identities section - Multiple spelling/grammar fixes -(including email into e-mail, and wifi into wi-fi) - Added reference to -https://www.whonix.org/wiki/Data_Collection_Techniques -as bonus resources in de-anonymization methods - Added reference to https://www.whonix.org/wiki/DoNot in the OPSEC section -because it should be there - Added reference to https://www.whonix.org/wiki/Printing_and_Scanning in the -Printing Watermarking section - Added reference to MIT project -SeeingYellow http://seeingyellow.com/ in the Printing Watermarking -section - Re-Wrote the malware section in the de-anonymization methods -for better readability - Added a specific Anti-Virus section in the -Malware checks section with various references and arguments for some -selective/limited use. - Added reference to EFF security scenarios (https://ssd.eff.org/en/module-categories/security-scenarios) -in the Introduction as examples of threat models for various people. - -Added new section with guidance for safe document publishing including -various tool recommendations. - Added a bit more guidance on malware -removal for Pictures and Documents (PDFs, Office Documents…) - Added Bad -Cryptography in the de-anonymization threats with some examples - Added -several Behavior Analysis references in the renamed “Your Digital -Fingerprint, Footprint, and Online Behavior” section

-

v0.7.9 - Updated GitHub Transparency report - Added information to -make animated online identities pictures for increased plausibility - -Added references to the list of services blocking Tor (https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor) -- Added reference to https://haveibeenpwned.com/ in the Identities -maintenance section - Added automatic archival and links of the project -to Archive.today (through Archive.fo)

-

v0.7.8 - Various small layout/spelling/grammar fixes - Added -reference to Financial transactions and KYC in the real-name system -section - Added guidance to bypass some local restrictions on supervised -computers safely (Appendix Q) - Added guidance to run Tails without -using Tor in a hostile environment - Updated UML diagram of various -routes to include a non-dedicated laptop - Changed the whole document to -a more formal/cleared grammar for better readability and compatibility -with translation engines - Changed table colors for better readability -in dark modes (PDF and Online)

-

v0.7.7 - Added some acknowledgements to various added Projects - -Changed and improved the “Picking your route” section with the new -option (Tails+Whonix) - Added basic threat model illustration in the -Introduction - Added basic UML diagram to pick your route - Added basic -UML diagrams for picking your connectivity methods - Added illustration -of the Tails with HiddenVM option - Rescaled some images that were way -too big - Added a whole bunch of platforms to the Online Identities -section - Added more references to German law in the Online Identities -section - Added a legend to the Online Identities overview table

-

v0.7.6 - Added reference to video visually explaining DNS - Added -some information related to the anonymous use of Bitcoin (vs Monero). - -Added reference to risks of using Crypto Tumblers and Mixers. - Added -reference to the Go Incognito project (https://github.com/techlore-official/go-incognito) and -their informative YouTube videos for optional introduction before -reading this guide. - Added reference to ExifTool and ExifCleaner to -Metadata removal sections for documents (because they also work on those -formats) - Added reference to picture recognition cloaking tools -(Fawkes, Adverserial.io, LowKey) for preventing picture recognition -algorithms from various platforms. - Added detailed guidance to create -Android guest VMs in the Whonix Route - Added detailed guidance to -create Android Qubes in the Qubes Route - Added detailed guidance to use -Persistent Plausible Deniability with Whonix within Tails (using -HiddenVM project) - Added Briar, GitLab to the online identities -sections - Added recommended Apps for sharing and communicating -anonymously - Added some acknowledgements to various added Projects

-

v0.7.5 - Added reference to https://github.com/rshipp/awesome-malware-analysis in -the Malware analysis appendix - Many small fixes in -layout/spelling/grammar - Added quotes around VirusTotal “privacy -policy” - Changed “Exploits in your Apps” to “Malware and Exploits in -your Apps” - Added references to State surveillance using “mandatory” -apps such as WeChat. - Added Wikipedia reference to https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects -- Added guidance and references to check files for integrity and -authenticity in the “Checking files for malware” section. - Added -emphasis on recommendation of using Tor Browser on the Host OS if Tor is -available. - Removed GPG signatures from markdown and text files to -instead sign the whole release for convenience in Contribution workflow. -- Adapted the README to the new signatures - Added Bitcoin donation -option

-

v0.7.4 - Added reference to Whonix Live mode if you don’t want -persistence when shutting down the VMs as an added possible safety -measure - Added reference to harden Linux from https://madaidans-insecurities.github.io/guides/linux-hardening.html -- Added reference to Linux security issues from https://madaidans-insecurities.github.io/linux.html - -Added reference to PDF listing malware analysis tools https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf -- Added reference to SANS Malware Analysis cheat sheet https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf -- Added reference to the DoHoT project in the DNS section https://github.com/alecmuffett/dohot and updated the DNS -illustration with this possibility - Various spelling/grammar fixes - -Started adding some proper code blocks in the online Markdown version -and will slowly adopt this in the whole guide in the future - Fixed the -Title missing a T - Fixed a an hyperlink issue causing PDFID to detect -an Automatic Action on guide.pdf - Added warning in README concerning -VirusTotal “privacy policy” - Changed the PDFID warnings in the README -to better explain their meaning for checking the PDFs published here - -Started fixing some accessibility issues in the guide (bad indents, -empty spaces…) - Fixed some bad links in cross-references - Changed link -from https://panopticlick.eff.org/ to https://coveryourtracks.eff.org/

-

v0.7.3 - Added extra-security measures and references for sending -cash to a VPN provider safely - Added reference to sim-swapping in TOTP -recommendation (and why SMS 2FA is bad) - Added VirusTotal scans to all -PDFs in the repository (while not endorsing/recommending VirusTotal at -all for anything sensitive) - Added Disclaimer about VirusTotal and -their privacy policy in the guide and README - Added QR code for Monero -donations within the guide itself - Added references in the Phishing -section - Added reference to https://archive.flossmanuals.net/bypassing-censorship/index.html -in the Safe Access without Tor/VPN appendix - Added guidance to -communicate sensitive information safely to various organization (such -as the press) - Various grammar/spelling/layout fixes

-

v0.7.2 - Small layout/spelling/grammar fixes - Added methods to check -your surveillance and censorship levels on your Network using various -resources. - Changed site font to Helvetica - Changed paragraph spacing -on PDFs for better readability

-

v0.7.1 - Switched Github Pages Jekyll theme to Hacker because I -prefer dark themes and this one doesn’t rely on external fonts (Google). -- Added some references to voice deepfake tech in the Biometrics section -- Slightly changed the styles/colors of the PDFs

-

v0.7.0 - Added recommendations to consider leaving your smartphone at -home online instead of just leaving it powered off or within a faraday -bag. - Added disclaimer stating that this guide is not sponsored by any -commercial entity such as VPN providers - Added specific sections and -guidance about the various connectivity schemes (Tor, VPN over Tor, Tor -Over VPN, VPN only, VPN over VPN and No Tor/VPN) with various -references. - Added guidance for using Tor Bridges with Tor Browser, -Tails, Whonix and Qubes OS. - Added last resort guidance for situations -where Tor and/or VPN might not be possible options. - Added guidance to -use Long Range Antennas (Yagi type) for connecting to Public Wi-Fis from -a safe distance - Added new face recognition reference and gait -recognition reference - Added dark themed PDF - Fixed error in Windows -VM installation behind Whonix (missing Network setting) - Various -grammar/spelling fixes

-

v0.6.9 - Fixes/Adds to the online phone numbers sections. -Recommendations based on identification requirements. - Grammar/Spelling -fixes.

-

v0.6.8 - Added security disclaimer concerning online phone providers -using Monero.

-

v0.6.7 - Added guidance to possibly get online phone numbers using -Monero (less recommended than a Physical Burner Phone with a Pre-paid -SIM paid by cash). - Adapted the various sections of the guide to -reflect the above change.

-

v0.6.6 - Added reference to PornHub biometrics identification -statement - Small various spelling/layout fixes - Added reference to -Project Snowflake from Tor at the end of the guide if you wish you help -others evade censorship - Removed bad link to https://www.blackbagtech.com/blog/2017/01/13/windows-10-jump-list-forensics/ -(no archive available) - Fixed bad inline reference - As from now on, -all new references in this guide will also be saved to the Internet -Archive in case of article removal - Added privacy vs anonymity in the -Introduction - Added more references to legitimate use of Anonymity from -the Whonix and Tor projects

-

v0.6.5 - Passive automated mirror setup at GitLab https://gitlab.com/AnonymousPlanet/thgtoa - Added -Donation Monero address within the guide - Added README/Guide mention to -the GitLab mirror - Changed CHANGELOG/LICENSE to CHANGELOG.md/LICENSE.md -for GitHub Pages integration - Updated GPG key with GitLab noreply -e-mail for commit verification - Added sitemap on GitHub Pages for SEO - -Added latest version, changelog and alternative pdf download links on -Github Pages - Verified site on Keybase

-

v0.6.4 - Improved HTML layouts for better readability and SEO - Added -redirect from https://anonymousplanet.github.io to the guide page - -Fixed README to to include hyperlinks

-

v0.6.3 - Added Table of Contents to PDF formats for better -readability - Fixed Appendixes/Sections references in the Markdown/HTML -format - Moved target-audience disclaimer from introduction to start of -document - Small layout fixes

-

v0.6.2 - Various little kramdown glitches fixed in HTML format - -Small fixes in spelling/grammar - Added a small disclaimer in the -introduction to let people know they can just read the first 26 pages to -learn about the various threats without the need for practical -applications

-

v0.6.1 - Various endnotes layout fixes - Added OSINT YouTube Playlist -reference - Added reference to Whonix Live Host OS documentation -(Similar to HiddenVM project) - Added Twitter account (If it lasts, it -was already suspended three times) https://twitter.com/AnonyPla. I’d be grateful if you -share/like my tweet about this guide.

-

v0.6.0 - Various small spelling/grammar/layout fixes - Added various -references to Whonix Documentation (Hardening, Anti-Forensics, Anti-Evil -Maid…) - Added one Bellingcat reference to a recent case - Added some -Qubes OS references (Anti-Evil Maid and Hardening) - Added new sub-route -to the Tails route using the HiddenVM project https://github.com/aforensics/HiddenVM for providing -Plausible Deniability within Tails

-

v0.5.9 - Added Monero accepting VPS providers as options for -self-hosting cloud services and self-hosting VPN services

-

v0.5.8 - Added various references to Whonix documentation -(anti-forensics, cold boot attack defenses, full disk encryption) - -Small various fixes - Added reasoning for not supporting M1 Macs - Added -Acknowledgements at the end of the guide - Added some resources to -cold-boot, evil-maid defenses

-

v0.5.7 - Added methods to check Trim/ATA/NVMe operations on external -SSDs - Added methods to securely delete data on Qubes OS

-

v0.5.6 - Added donations/sponsorship support to this project using -Monero - Added reference to Law Enforcement surveillance capabilities -(CCC video) - Added guidance to remove some forensic traces from MacOS - -Added guidance to remove some forensic traces from Linux (log deletion -and trim) - Added variants for securely erasing SSD drives (only ATA -drives were mentioned, added specific info for NVMe drives). - Added -lists of laptop brands supporting Secure Erase (SSD) from BIOS/UEFI. - -Changed recommendation from GParted to System Rescue instead due to -GParted not providing nvme-cli by default. - Fix: Multiple fixes in -SDD/HDD sections (layout, duplicate data…) - Fix: Multiple fixes in SDD -secure erasing section and added various warnings for various methods - -Fix: Removed blkdiscard from wrong section and from MacOS as it’s not -supported on MacOS by Homebrew - Various spelling/grammar fixes

-

v0.5.5 - Added passphrase recommendations (xkcd.com) in the OPSEC -section and other sections.

-

v0.5.4 - Added more information and mitigation possibilities for CPU -exploits on Virtual Machines (Spectre, Meltdown…)

-

v0.5.3 - Added guidance to hidden containers with plausible -deniability in the backup section - Added guidance for online backups - -Added information for VPN kill switches for Whonix, MacOS and Linux

-

v0.5.2 - Update of GPG key (added no-reply e-mail) to get verified -commits

-

v0.5.1 - Small various fixes

-

v0.5.0 - Added Watermarking section in threats with -pictures/videos/audios watermarks and printer watermarks within

-

v0.4.9 - Various small spelling/grammar/layout fixes - Added some -Laptop recommendations and more info about Libreboot and Coreboot - -Added various references to key disclosure laws - Added guidance to -create a mat2-web guest Debian VM for removing metadata from files -conveniently - Changed CHANGELOG to markdown for integrating into GitHub -Pages

-

v0.4.8 - Various fixes on spelling/grammar and layout - Various fixes -on KeepassXC sections for Linux/MacOS - Added hardening recommendations -for Virtualbox - Added VPN installation tutorials for Linux/MacOS

-

v0.4.7 - added Virtualbox workaround for Spectre/Meltdown issue -mitigation - added section and guidance to remove metadata from various -files and tools - added reference to Haven app for physical security in -OPSEC section - added recommendation to use systematic TOTP 2FA for -online identities when possible - added references to Deepfakes, facial -recognition and fingerprint recognition in biometric threats

-

v0.4.6 Added link to Shodan to Smart Devices Section, Full rewrite of -data wipe sections (especially SSDs)

-

v0.4.5 Improved SSD/HDD erasure section and some spelling fixes.

-

v0.4.x Added Backup methods, OPSec tricks, Malicious USB, Printers -and various fixes

-

v0.3.x Added MacOS information and various fixes

-

v0.2.x Added Qubes OS information and various fixes

-

v0.1.x Initial Release (missing Qubes OS details and MacOS -support)

- - diff --git a/export/CHANGELOG.html.asc b/export/CHANGELOG.html.asc deleted file mode 100644 index 04f23524..00000000 --- a/export/CHANGELOG.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPPigAKCRAhq2tqbLLD -NyZTAP91CMs5hRmcsFIpNG/KpJXLqPGbb07UbxwPIiDHmhTuPAEA04ObQgB54kmw -fx2/kzzzHBcvx/wuYvx6JOju44gKKwE= -=jAXu ------END PGP SIGNATURE----- diff --git a/export/CHANGELOG.html.minisig b/export/CHANGELOG.html.minisig deleted file mode 100644 index 4942ffd8..00000000 --- a/export/CHANGELOG.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jCmeOXzC2B5avN4SpmNj/c9uXFxVleRBvc9f8j5oBvXWMnMn1NHhRGA2z01KMFpzxSK1IPNAhxZ1TPRcNN55AA= -trusted comment: timestamp:1691602898 file:CHANGELOG.html hashed -bJHb2/JrbJIujKWfeqHcX/IPrEQIdQm/scClR7QeFD2MVQdYArBcWYgNHkyG1fCQKiJ2LAaJ9htFra1T810YCw== diff --git a/export/CHANGELOG.odt b/export/CHANGELOG.odt deleted file mode 100644 index 30f7b4c2..00000000 Binary files a/export/CHANGELOG.odt and /dev/null differ diff --git a/export/CHANGELOG.odt.asc b/export/CHANGELOG.odt.asc deleted file mode 100644 index 1c322a76..00000000 --- a/export/CHANGELOG.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP0wAKCRAhq2tqbLLD -N8S7AQCTfY4oGqiKIXG15tbxJnuKkBT3gU3OuTyq7JeY6yvYogD+NO2MR7nHFMkV -e0PbcgnX/MKhN2hF+1Ioavypi4E5YAU= -=3GTg ------END PGP SIGNATURE----- diff --git a/export/CHANGELOG.odt.minisig b/export/CHANGELOG.odt.minisig deleted file mode 100644 index cca00b4e..00000000 --- a/export/CHANGELOG.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vPMcuT9UMMddnRtV/CoCym7m5vt0Spz5WxFSbi4CkXDimcZun5CDKIhEVPVnOhlCRR2fwgnWGiHUnqB2JbhcgU= -trusted comment: timestamp:1691602900 file:CHANGELOG.odt hashed -diQQ5J18ZmcBlq7a7Wh2bg2Tk3NN56Jw7GDKk37i1aYF+HawuHk+CtckTSv8bfCY32MtPPzLyYop8rpH18oOBg== diff --git a/export/CHANGELOG.pdf b/export/CHANGELOG.pdf deleted file mode 100644 index a1210cc0..00000000 Binary files a/export/CHANGELOG.pdf and /dev/null differ diff --git a/export/CHANGELOG.pdf.asc b/export/CHANGELOG.pdf.asc deleted file mode 100644 index 19600202..00000000 --- a/export/CHANGELOG.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP1AAKCRAhq2tqbLLD -N4z/APwJP/GcALjD0TYNa+MjLKqhrOuqN1qoC1p57eYVAjp3ugD/QsISE72c53gG -jdKPF3e1BlmlLBHW4rxFRvYyhKDubAA= -=bRsa ------END PGP SIGNATURE----- diff --git a/export/CHANGELOG.pdf.minisig b/export/CHANGELOG.pdf.minisig deleted file mode 100644 index 9b233775..00000000 --- a/export/CHANGELOG.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vTSVgbyVfqmpZeJFxcMH+rn3xR8nbcnukus2Lp0AU0yVJCrt/EMCT3oHUJIxJU0tsn2F+AfR19Xg4UyWezY3AU= -trusted comment: timestamp:1691602902 file:CHANGELOG.pdf hashed -Knrc04KzSB2yUaIjlbgaam4yn4RdQExyXeNBmVQoZQAEbyf0eXRQ2PW/OLdDcL4lkBasIAWLrQ+JYMpFSt18Dg== diff --git a/export/CODE_OF_CONDUCT.html b/export/CODE_OF_CONDUCT.html deleted file mode 100644 index 2a759363..00000000 --- a/export/CODE_OF_CONDUCT.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Contributor Code of Conduct

-

This project adheres to No Code of Conduct. We are all adults. We -accept anyone’s contributions. Nothing else matters.

-

For more information please visit the No Code of Conduct -homepage.

- - diff --git a/export/CODE_OF_CONDUCT.html.asc b/export/CODE_OF_CONDUCT.html.asc deleted file mode 100644 index b61b4a32..00000000 --- a/export/CODE_OF_CONDUCT.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP1gAKCRAhq2tqbLLD -Nx/lAP409IJ+s8jVCYJB9RRz2EbvonCHzRA//Q8+s2r5cqT1vwEAo6ek0hKdwhlj -h5Px05h8LTfTlA+mfDq1Kh317fyd7w0= -=fiVP ------END PGP SIGNATURE----- diff --git a/export/CODE_OF_CONDUCT.html.minisig b/export/CODE_OF_CONDUCT.html.minisig deleted file mode 100644 index 98339c3d..00000000 --- a/export/CODE_OF_CONDUCT.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/o07knonAaxRrj51giRFC8HGhek4b3hgV8mG2N6iD9/5V1hbJ+v3nFcwK5fdHvD/CcWf0DSrmyqyXS5ROHkfTAw= -trusted comment: timestamp:1691602904 file:CODE_OF_CONDUCT.html hashed -kcHi8QFSO9eVuaS1WIPq/K9LXwpC+dNFT1XqpwofpSrYknF+dy1qxpSowTRSSy3rZzo4emNE0NFfeVofOL7wDQ== diff --git a/export/CODE_OF_CONDUCT.odt b/export/CODE_OF_CONDUCT.odt deleted file mode 100644 index 7362594a..00000000 Binary files a/export/CODE_OF_CONDUCT.odt and /dev/null differ diff --git a/export/CODE_OF_CONDUCT.odt.asc b/export/CODE_OF_CONDUCT.odt.asc deleted file mode 100644 index 3903ebc4..00000000 --- a/export/CODE_OF_CONDUCT.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP2AAKCRAhq2tqbLLD -N0GMAQCI3j3wQPzfYVmiY0r1s6JJ+rr6h4xSw3D61WDYdRa6IQD+MJUfmHdo53up -VdyzRpRcIF1WnuXzTCj+I27STpLgfw0= -=5KGE ------END PGP SIGNATURE----- diff --git a/export/CODE_OF_CONDUCT.odt.minisig b/export/CODE_OF_CONDUCT.odt.minisig deleted file mode 100644 index 15162998..00000000 --- a/export/CODE_OF_CONDUCT.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/qyjA4iB4yyhzpX1LwOLHUwwg2LblgGbsRyqUoR0LrE6wtlVo9d7LDBGpFaOvbj2eWwRGZW2xqRNzDtO6gMG0gQ= -trusted comment: timestamp:1691602906 file:CODE_OF_CONDUCT.odt hashed -lFm1UWaxifo6PeOYlnOaB/TxRn6MOxXYUNhUN/3cbTRugwLM6/yzjPnR1PYUEFlxEMx6HbjFJa0m0goLJ6R1BA== diff --git a/export/CODE_OF_CONDUCT.pdf b/export/CODE_OF_CONDUCT.pdf deleted file mode 100644 index 3754d514..00000000 Binary files a/export/CODE_OF_CONDUCT.pdf and /dev/null differ diff --git a/export/CODE_OF_CONDUCT.pdf.asc b/export/CODE_OF_CONDUCT.pdf.asc deleted file mode 100644 index 47c9afeb..00000000 --- a/export/CODE_OF_CONDUCT.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP2gAKCRAhq2tqbLLD -NydhAQDaVKBSP2k7Jy89/AuZHsqa4Q+1dufN6CorgDgFh6T6fAD9GNrwOu0KC4UG -qdX9m18kNQr3tprU46TxNsY3nWpJCAY= -=7Cvs ------END PGP SIGNATURE----- diff --git a/export/CODE_OF_CONDUCT.pdf.minisig b/export/CODE_OF_CONDUCT.pdf.minisig deleted file mode 100644 index 212f4846..00000000 --- a/export/CODE_OF_CONDUCT.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/sSDs/HqJDJaguOYuUqP0GRzrtSwq4JW/ODNEetMLnc1JYiO0GCd421dIOsLsNFoE7i6NzvNnOC3xvd6TMR43Qk= -trusted comment: timestamp:1691602907 file:CODE_OF_CONDUCT.pdf hashed -QhbROudBCplUoryUAb0/kpE77Ge9ISMfwlLXRriHdNY4N3t64p4a2rjgwKbS3eatyOSriVZm669n5tEDQaH0AQ== diff --git a/export/CONTRIBUTING.html b/export/CONTRIBUTING.html deleted file mode 100644 index ba057c84..00000000 --- a/export/CONTRIBUTING.html +++ /dev/null @@ -1,273 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-
Any opinion is welcome.
-
Feel free to -discuss in the discussions -section.
-
Feel free report -issues in the issues -section.
-

Code Free Contributions

-

There are -multiple ways you can add to the guide:

-
    -
  • You can submit bugs and -feature requests with detailed information about your issue or idea: -
      -
    • If you’d like to propose an addition, please follow the standards -outlined here.
    • -
    • If you’re reporting an issue, please be sure to include the expected -behaviour, the observed behaviour, and steps to reproduce the -problem.
    • -
  • -
  • This can require technical knowledge, but you can also get involved -in conversations about bug reports and feature requests. This is a great -way to get involved without getting too overwhelmed!
  • -
  • Help fellow -committers test recently submitted pull requests. Simply by pulling -down a pull request and testing it, you can help ensure our new code -contributions for stability and quality.
  • -
-

Content Contributions

-

For those of you who are looking to add content to the guide, include -the following:

-
Pull Requests
-
    -
  • Do create a topic -branch to work on instead of working directly on main. -This helps to: -
      -
    • Protect the process.
    • -
    • Ensures users are aware of commits on the branch being considered -for merge.
    • -
    • Allows for a location for more commits to be offered without -mingling with other contributor changes.
    • -
    • Allows contributors to make progress while a PR is still being -reviewed.
    • -
  • -
  • Do follow the 50/72 -rule for Git commit messages.
  • -
  • Do write “WIP” on your PR and/or open a draft -PR if submitting unfinished changes..
  • -
  • Do make sure the title of a draft PR makes it -immediately clear that it’s a draft
  • -
  • Do target your pull request to the main -branch.
  • -
  • Do specify a descriptive title to make searching -for your pull request easier.
  • -
  • Don’t leave your pull request description -blank.
  • -
  • Don’t abandon your pull request. Being responsive -helps us land your changes faster.
  • -
  • Don’t post questions in older closed PRs.
  • -
  • Do stick to the guide to find common style -issues.
  • -
  • Don’t make mass changes (such as replacing “I” with -“we”) using automated serach/replace functionality. -
      -
    • Search/replace doesn’t understand context, and as such, will -inevitably cause inconsistencies and make the guide harder to read.
    • -
    • If it’s part of a larger PR, it’ll also make the reviewer’s life -harder, as they’ll have to go through manually and undo everything by -hand.
    • -
    • If you’re going to make mass changes, take the time to do it -properly. Otherwise I’ll just have to undo it anyway.
    • -
    • If your change contains backslashes (\), either escape -them with another backslash (\\) or put them in a -code block.
    • -
  • -
-

When reporting guide issues:

-
    -
  • Do write a detailed description of your issue and -use a descriptive title.
  • -
  • Do make it as detailed as possible and don’t just -submit 50 line changes without explaining.
  • -
  • Don’t file duplicate reports; search for your bug -before filing a new report.
  • -
  • Don’t attempt to report issues on a closed PR.
  • -
-

Large PRs

-

Please split large sets of changes into multiple PRs. For example, a -PR that adds Windows 11 support, removes Windows AME references, and -fixes typos can be split into 3 PRs. This makes PRs easier to review -prior to merging.

-

For an example of what not to do, see: https://github.com/Anon-Planet/thgtoa/pull/51. This PR -contains enough changes to split into multiple smaller and -individually-reviewable PRs.

-

Updating PRs

-

While a PR is being reviewed, modifications may be made to it by the -reviewer prior to merging. If this is the case, a new branch will be -created for the PR’s review. If you would like to submit a change to a -PR that is in the process of being reviewed, do not update the PR -directly. This will only cause merge conflicts and delay the PR -from being merged. Instead, submit your changes to the PR’s review -branch.

-

For an example of what not to do, see: https://github.com/Anon-Planet/thgtoa/pull/51. Instead -of submitting changes to the PR directly, they should have been -submitted as changes to the PR’s -associated review branch.

-
-

Thank you for taking the few moments to read this -far! You’re already way ahead of the curve, so keep it up!

- - diff --git a/export/CONTRIBUTING.html.asc b/export/CONTRIBUTING.html.asc deleted file mode 100644 index b530a2c0..00000000 --- a/export/CONTRIBUTING.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP2wAKCRAhq2tqbLLD -N654AQCTMReGvVFuJc5BQ6e5obvJelc/ZB+cQH02GHTES813rAD9GzCH+WGxvPQi -WgR5EOPVvE76LfbPXjRPpsw5dZuHVAg= -=D2id ------END PGP SIGNATURE----- diff --git a/export/CONTRIBUTING.html.minisig b/export/CONTRIBUTING.html.minisig deleted file mode 100644 index 1f5f17a4..00000000 --- a/export/CONTRIBUTING.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vyIudI+6Uv5clWI1IM3ublaVUd8NmyfdQXSUKwRoAUQ+U7i61Fgo5mOmJ0+AWEBQ8JCtwNd46m+bqcPaUMOPQo= -trusted comment: timestamp:1691602909 file:CONTRIBUTING.html hashed -JqPLs5Ds6ZdegydOH7PyLt5CWpNkVxVVfhxh9qKbpy5Iyi+e+b5CW6OJoCymuZ9SWMrXZNJOqRD3Us3h+dO9Bw== diff --git a/export/CONTRIBUTING.odt b/export/CONTRIBUTING.odt deleted file mode 100644 index a22f2bca..00000000 Binary files a/export/CONTRIBUTING.odt and /dev/null differ diff --git a/export/CONTRIBUTING.odt.asc b/export/CONTRIBUTING.odt.asc deleted file mode 100644 index f20e0f99..00000000 --- a/export/CONTRIBUTING.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP3QAKCRAhq2tqbLLD -N5AFAP0VVVCuO7uZg6xE0Eu/mKk7+jCEKCTJAV7vahFszCyELQEAuaAebbGGZsJl -7YeRDeqIwu91d7UtVx0ioENYskdq2ws= -=LjCS ------END PGP SIGNATURE----- diff --git a/export/CONTRIBUTING.odt.minisig b/export/CONTRIBUTING.odt.minisig deleted file mode 100644 index d437341a..00000000 --- a/export/CONTRIBUTING.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/lcTmoKz5k8btrFH/phLTmPGOGLpZBf32ftxtqW9IHWIzuYVpOp0G4cEpuGKZSefJ8a46/fVEsf8IR62iQJN4wM= -trusted comment: timestamp:1691602911 file:CONTRIBUTING.odt hashed -b/6q0vbXDrY5yplhXONXR0Mm1A1pMaZ0Gdo6PM3Zeo16dOxQjJ3Hgwgsm6gpwtoaz9a+H/hiUbKW8I3BDhi0BA== diff --git a/export/CONTRIBUTING.pdf b/export/CONTRIBUTING.pdf deleted file mode 100644 index 124c312d..00000000 Binary files a/export/CONTRIBUTING.pdf and /dev/null differ diff --git a/export/CONTRIBUTING.pdf.asc b/export/CONTRIBUTING.pdf.asc deleted file mode 100644 index 8b21cf0a..00000000 --- a/export/CONTRIBUTING.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP3wAKCRAhq2tqbLLD -N7WkAP9gKxG2hUgflx+VM0yfEKqc0DLT3pTnjGbScZLr1zRiGgEAiktBezzdQM4Y -W4ltycT8cX/zBASK2ADDqJoWj4+cOQM= -=m3lb ------END PGP SIGNATURE----- diff --git a/export/CONTRIBUTING.pdf.minisig b/export/CONTRIBUTING.pdf.minisig deleted file mode 100644 index 7bf3cc0f..00000000 --- a/export/CONTRIBUTING.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jK/xP7QQ3dH3jYTp6Yw7SNOj/7H6UNm09wNQnzWTN0NCVUdRzQs6IZf7XJKwP+2wFmuC8j5h2l1f6dKywYZzw0= -trusted comment: timestamp:1691602913 file:CONTRIBUTING.pdf hashed -femFORFuHkNh3WIYxVsNc/5J3HnuIkrdeQXfMBC0/AcrQBunssDlcltAHbNfsO1BQmIkR1o31FWNC7uipOTQAA== diff --git a/export/KEY_ROTATION.html b/export/KEY_ROTATION.html deleted file mode 100644 index 697164d8..00000000 --- a/export/KEY_ROTATION.html +++ /dev/null @@ -1,187 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

PGP/GPG key ID 7DFFD7471FB76E2A8ABBBCDDD769B3749E933B8A -is no longer active PGP/GPG key ID -42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920 is no longer -active

-

This project now uses separate master, release signing, and email -keys.

-

Current master key fingerprint: -9EA98278639F1CD853E096CBFF94507587A6A9B9 Current release -key fingerprint: 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 -Current email key fingerprint: -B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C

-

The email and release keys should be signed by the master key. The -master key takes precedence over all other project keys. -———————————————————————————— Minisign key

-
untrusted comment: minisign public key 902835EC74825934
-RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM
-

is no longer active

-

Use

-
untrusted comment: minisign public key FE6A09A3AF18F7A7
-RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv
-

instead

-

Files signed using this key pair can be verified with the following -command:

-
minisign -Vm <file> -P RWSn9xivowlq/ihAzclDBxhCxbYz4bLkC8E645lHgSUlQNlDvoTxO5Fv
- - diff --git a/export/KEY_ROTATION.html.asc b/export/KEY_ROTATION.html.asc deleted file mode 100644 index 1b46e2d0..00000000 --- a/export/KEY_ROTATION.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP4QAKCRAhq2tqbLLD -N8UrAPwNF2V0iNqYDNbeGA9anYD5cDI1FaWzhmaWtYvk2EjzrAEA8ZLXO9H2Z4X5 -dEcqDt3OHGmRIogegOJnRQwmTf6Hzw4= -=sHVw ------END PGP SIGNATURE----- diff --git a/export/KEY_ROTATION.html.minisig b/export/KEY_ROTATION.html.minisig deleted file mode 100644 index ddbbfeb3..00000000 --- a/export/KEY_ROTATION.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/tfmvpmtfnwr+i0rQaY47dXhhLMADbW2HdVVeu7BefJ3m3ESFm7TiWiFYm06t/zlbSsA1omxoXTDbLEHrDJn8Q4= -trusted comment: timestamp:1691602915 file:KEY_ROTATION.html hashed -OrsigNu03f81OW3aDFAvZXapLUnIo87MqUUHO2LOIxXcZ4sbN6ggivRqb/J47LSU+E3j2W6P8ITIwZ6j+mYHDA== diff --git a/export/KEY_ROTATION.odt b/export/KEY_ROTATION.odt deleted file mode 100644 index 30fc63dd..00000000 Binary files a/export/KEY_ROTATION.odt and /dev/null differ diff --git a/export/KEY_ROTATION.odt.asc b/export/KEY_ROTATION.odt.asc deleted file mode 100644 index 41753ba2..00000000 --- a/export/KEY_ROTATION.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP4wAKCRAhq2tqbLLD -N3jIAP9X1PVsJzQt0/r04ne9tzmhP6vKLdwQSAnp7+Iy1WiyZAEA97KBicKsD6Y5 -iFSmPRQFDi/iXYA5yypBsddyUQ/GLA0= -=zn23 ------END PGP SIGNATURE----- diff --git a/export/KEY_ROTATION.odt.minisig b/export/KEY_ROTATION.odt.minisig deleted file mode 100644 index 47c45648..00000000 --- a/export/KEY_ROTATION.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/kJQ3ODZDveoL6bk9md6NvWCkDjCdUTci/isQP7+ElRuPUN0YfU69YHJzYiKzjxUdTHfJ9ym+qSIBO0CjVLu8As= -trusted comment: timestamp:1691602916 file:KEY_ROTATION.odt hashed -v50a6FdJSiIS/+vElt0Trj0r8OUA63p42lzBHhypraTI/E2AkgxDUW0ymykUNMfhJ9JZpK3jBdHrUjPCi5JpAw== diff --git a/export/KEY_ROTATION.pdf b/export/KEY_ROTATION.pdf deleted file mode 100644 index 932f5c64..00000000 Binary files a/export/KEY_ROTATION.pdf and /dev/null differ diff --git a/export/KEY_ROTATION.pdf.asc b/export/KEY_ROTATION.pdf.asc deleted file mode 100644 index d7846828..00000000 --- a/export/KEY_ROTATION.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP5AAKCRAhq2tqbLLD -N6jwAP0RW8Q0j2qf+VMaIfq/6zqfFvKL3j2S5EcOUPmV5lR0egD9G8s9DXx9P0+a -QC94p5gdZ7iqLC05HWdquxklnU3qSQs= -=Illr ------END PGP SIGNATURE----- diff --git a/export/KEY_ROTATION.pdf.minisig b/export/KEY_ROTATION.pdf.minisig deleted file mode 100644 index aec9aee7..00000000 --- a/export/KEY_ROTATION.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/qVIETx9vBO7TioVCjRvbLjmhyrHg1IZteMJGn+fFiqgZ+k1sGD6Ta370fC96veVubGn0zwZiaaJ1RJ3OXPtvwQ= -trusted comment: timestamp:1691602918 file:KEY_ROTATION.pdf hashed -QYmmu4d6Dzn888dqMjGgf5PKklrntTGBEm0xJYzfkJEqVAE0RuetRYFyCRe4eRhghE/g+d1MBQTsLrrOF+eUDw== diff --git a/export/LICENSE.html b/export/LICENSE.html deleted file mode 100644 index 4be4042e..00000000 --- a/export/LICENSE.html +++ /dev/null @@ -1,504 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Attribution-NonCommercial 4.0 International

-

=======================================================================

-

Creative Commons Corporation (“Creative Commons”) is not a law firm -and does not provide legal services or legal advice. Distribution of -Creative Commons public licenses does not create a lawyer-client or -other relationship. Creative Commons makes its licenses and related -information available on an “as-is” basis. Creative Commons gives no -warranties regarding its licenses, any material licensed under their -terms and conditions, or any related information. Creative Commons -disclaims all liability for damages resulting from their use to the -fullest extent possible.

-

Using Creative Commons Public Licenses

-

Creative Commons public licenses provide a standard set of terms and -conditions that creators and other rights holders may use to share -original works of authorship and other material subject to copyright and -certain other rights specified in the public license below. The -following considerations are for informational purposes only, are not -exhaustive, and do not form part of our licenses.

-
 Considerations for licensors: Our public licenses are
- intended for use by those authorized to give the public
- permission to use material in ways otherwise restricted by
- copyright and certain other rights. Our licenses are
- irrevocable. Licensors should read and understand the terms
- and conditions of the license they choose before applying it.
- Licensors should also secure all rights necessary before
- applying our licenses so that the public can reuse the
- material as expected. Licensors should clearly mark any
- material not subject to the license. This includes other CC-
- licensed material, or material used under an exception or
- limitation to copyright. More considerations for licensors:
-wiki.creativecommons.org/Considerations_for_licensors
-
- Considerations for the public: By using one of our public
- licenses, a licensor grants the public permission to use the
- licensed material under specified terms and conditions. If
- the licensor's permission is not necessary for any reason--for
- example, because of any applicable exception or limitation to
- copyright--then that use is not regulated by the license. Our
- licenses grant only permissions under copyright and certain
- other rights that a licensor has authority to grant. Use of
- the licensed material may still be restricted for other
- reasons, including because others have copyright or other
- rights in the material. A licensor may make special requests,
- such as asking that all changes be marked or described.
- Although not required by our licenses, you are encouraged to
- respect those requests where reasonable. More considerations
- for the public:
-wiki.creativecommons.org/Considerations_for_licensees
-

=======================================================================

-

Creative Commons Attribution-NonCommercial 4.0 International Public -License

-

By exercising the Licensed Rights (defined below), You accept and -agree to be bound by the terms and conditions of this Creative Commons -Attribution-NonCommercial 4.0 International Public License (“Public -License”). To the extent this Public License may be interpreted as a -contract, You are granted the Licensed Rights in consideration of Your -acceptance of these terms and conditions, and the Licensor grants You -such rights in consideration of benefits the Licensor receives from -making the Licensed Material available under these terms and -conditions.

-

Section 1 – Definitions.

-
    -
  1. Adapted Material means material subject to Copyright and Similar -Rights that is derived from or based upon the Licensed Material and in -which the Licensed Material is translated, altered, arranged, -transformed, or otherwise modified in a manner requiring permission -under the Copyright and Similar Rights held by the Licensor. For -purposes of this Public License, where the Licensed Material is a -musical work, performance, or sound recording, Adapted Material is -always produced where the Licensed Material is synched in timed relation -with a moving image.

  2. -
  3. Adapter’s License means the license You apply to Your Copyright -and Similar Rights in Your contributions to Adapted Material in -accordance with the terms and conditions of this Public -License.

  4. -
  5. Copyright and Similar Rights means copyright and/or similar -rights closely related to copyright including, without limitation, -performance, broadcast, sound recording, and Sui Generis Database -Rights, without regard to how the rights are labeled or categorized. For -purposes of this Public License, the rights specified in Section -2(b)(1)-(2) are not Copyright and Similar Rights.

  6. -
  7. Effective Technological Measures means those measures that, in -the absence of proper authority, may not be circumvented under laws -fulfilling obligations under Article 11 of the WIPO Copyright Treaty -adopted on December 20, 1996, and/or similar international -agreements.

  8. -
  9. Exceptions and Limitations means fair use, fair dealing, and/or -any other exception or limitation to Copyright and Similar Rights that -applies to Your use of the Licensed Material.

  10. -
  11. Licensed Material means the artistic or literary work, database, -or other material to which the Licensor applied this Public -License.

  12. -
  13. Licensed Rights means the rights granted to You subject to the -terms and conditions of this Public License, which are limited to all -Copyright and Similar Rights that apply to Your use of the Licensed -Material and that the Licensor has authority to license.

  14. -
  15. Licensor means the individual(s) or entity(ies) granting rights -under this Public License.

  16. -
  17. NonCommercial means not primarily intended for or directed -towards commercial advantage or monetary compensation. For purposes of -this Public License, the exchange of the Licensed Material for other -material subject to Copyright and Similar Rights by digital file-sharing -or similar means is NonCommercial provided there is no payment of -monetary compensation in connection with the exchange.

  18. -
  19. Share means to provide material to the public by any means or -process that requires permission under the Licensed Rights, such as -reproduction, public display, public performance, distribution, -dissemination, communication, or importation, and to make material -available to the public including in ways that members of the public may -access the material from a place and at a time individually chosen by -them.

  20. -
  21. Sui Generis Database Rights means rights other than copyright -resulting from Directive 96/9/EC of the European Parliament and of the -Council of 11 March 1996 on the legal protection of databases, as -amended and/or succeeded, as well as other essentially equivalent rights -anywhere in the world.

  22. -
  23. You means the individual or entity exercising the Licensed Rights -under this Public License. Your has a corresponding meaning.

  24. -
-

Section 2 – Scope.

-
    -
  1. License grant.

    -
      -
    1. Subject to the terms and conditions of this Public License, the -Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, -non-exclusive, irrevocable license to exercise the Licensed Rights in -the Licensed Material to:

      -
        -
      1. reproduce and Share the Licensed Material, in whole or in part, -for NonCommercial purposes only; and

      2. -
      3. produce, reproduce, and Share Adapted Material for NonCommercial -purposes only.

      4. -
    2. -
    3. Exceptions and Limitations. For the avoidance of doubt, where -Exceptions and Limitations apply to Your use, this Public License does -not apply, and You do not need to comply with its terms and -conditions.

    4. -
    5. Term. The term of this Public License is specified in Section -6(a).

    6. -
    7. Media and formats; technical modifications allowed. The Licensor -authorizes You to exercise the Licensed Rights in all media and formats -whether now known or hereafter created, and to make technical -modifications necessary to do so. The Licensor waives and/or agrees not -to assert any right or authority to forbid You from making technical -modifications necessary to exercise the Licensed Rights, including -technical modifications necessary to circumvent Effective Technological -Measures. For purposes of this Public License, simply making -modifications authorized by this Section 2(a)

      -
        -
      1. never produces Adapted Material.
      2. -
    8. -
    9. Downstream recipients.

      -
        -
      1. Offer from the Licensor – Licensed Material. Every recipient of -the Licensed Material automatically receives an offer from the Licensor -to exercise the Licensed Rights under the terms and conditions of this -Public License.

      2. -
      3. No downstream restrictions. You may not offer or impose any -additional or different terms or conditions on, or apply any Effective -Technological Measures to, the Licensed Material if doing so restricts -exercise of the Licensed Rights by any recipient of the Licensed -Material.

      4. -
    10. -
    11. No endorsement. Nothing in this Public License constitutes or may -be construed as permission to assert or imply that You are, or that Your -use of the Licensed Material is, connected with, or sponsored, endorsed, -or granted official status by, the Licensor or others designated to -receive attribution as provided in Section 3(a)(1)(A)(i).

    12. -
  2. -
  3. Other rights.

    -
      -
    1. Moral rights, such as the right of integrity, are not licensed -under this Public License, nor are publicity, privacy, and/or other -similar personality rights; however, to the extent possible, the -Licensor waives and/or agrees not to assert any such rights held by the -Licensor to the limited extent necessary to allow You to exercise the -Licensed Rights, but not otherwise.

    2. -
    3. Patent and trademark rights are not licensed under this Public -License.

    4. -
    5. To the extent possible, the Licensor waives any right to collect -royalties from You for the exercise of the Licensed Rights, whether -directly or through a collecting society under any voluntary or waivable -statutory or compulsory licensing scheme. In all other cases the -Licensor expressly reserves any right to collect such royalties, -including when the Licensed Material is used other than for -NonCommercial purposes.

    6. -
  4. -
-

Section 3 – License Conditions.

-

Your exercise of the Licensed Rights is expressly made subject to the -following conditions.

-
    -
  1. Attribution.

    -
      -
    1. If You Share the Licensed Material (including in modified form), -You must:

      -
        -
      1. retain the following if it is supplied by the Licensor with the -Licensed Material:

        -
          -
        1. identification of the creator(s) of the Licensed Material and any -others designated to receive attribution, in any reasonable manner -requested by the Licensor (including by pseudonym if -designated);

        2. -
        3. a copyright notice;

        4. -
        5. a notice that refers to this Public License;

        6. -
        7. a notice that refers to the disclaimer of warranties;

        8. -
        9. a URI or hyperlink to the Licensed Material to the extent -reasonably practicable;

        10. -
      2. -
      3. indicate if You modified the Licensed Material and retain an -indication of any previous modifications; and

      4. -
      5. indicate the Licensed Material is licensed under this Public -License, and include the text of, or the URI or hyperlink to, this -Public License.

      6. -
    2. -
    3. You may satisfy the conditions in Section 3(a)(1) in any -reasonable manner based on the medium, means, and context in which You -Share the Licensed Material. For example, it may be reasonable to -satisfy the conditions by providing a URI or hyperlink to a resource -that includes the required information.

    4. -
    5. If requested by the Licensor, You must remove any of the -information required by Section 3(a)(1)(A) to the extent reasonably -practicable.

    6. -
    7. If You Share Adapted Material You produce, the Adapter’s License -You apply must not prevent recipients of the Adapted Material from -complying with this Public License.

    8. -
  2. -
-

Section 4 – Sui Generis Database Rights.

-

Where the Licensed Rights include Sui Generis Database Rights that -apply to Your use of the Licensed Material:

-
    -
  1. for the avoidance of doubt, Section 2(a)(1) grants You the right -to extract, reuse, reproduce, and Share all or a substantial portion of -the contents of the database for NonCommercial purposes only;

  2. -
  3. if You include all or a substantial portion of the database -contents in a database in which You have Sui Generis Database Rights, -then the database in which You have Sui Generis Database Rights (but not -its individual contents) is Adapted Material; and

  4. -
  5. You must comply with the conditions in Section 3(a) if You Share -all or a substantial portion of the contents of the database.

  6. -
-

For the avoidance of doubt, this Section 4 supplements and does not -replace Your obligations under this Public License where the Licensed -Rights include other Copyright and Similar Rights.

-

Section 5 – Disclaimer of Warranties and Limitation of Liability.

-
    -
  1. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE -EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS AND -AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND -CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, IMPLIED, STATUTORY, -OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, WARRANTIES OF TITLE, -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, -ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OR ABSENCE -OF ERRORS, WHETHER OR NOT KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF -WARRANTIES ARE NOT ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT -APPLY TO YOU.

  2. -
  3. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE -TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) -OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, INCIDENTAL, -CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, COSTS, EXPENSES, OR -DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR USE OF THE LICENSED -MATERIAL, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH LOSSES, COSTS, EXPENSES, OR DAMAGES. WHERE A LIMITATION OF -LIABILITY IS NOT ALLOWED IN FULL OR IN PART, THIS LIMITATION MAY NOT -APPLY TO YOU.

  4. -
  5. The disclaimer of warranties and limitation of liability provided -above shall be interpreted in a manner that, to the extent possible, -most closely approximates an absolute disclaimer and waiver of all -liability.

  6. -
-

Section 6 – Term and Termination.

-
    -
  1. This Public License applies for the term of the Copyright and -Similar Rights licensed here. However, if You fail to comply with this -Public License, then Your rights under this Public License terminate -automatically.

  2. -
  3. Where Your right to use the Licensed Material has terminated -under Section 6(a), it reinstates:

    -
      -
    1. automatically as of the date the violation is cured, provided it -is cured within 30 days of Your discovery of the violation; or

    2. -
    3. upon express reinstatement by the Licensor.

    4. -
    -

    For the avoidance of doubt, this Section 6(b) does not affect any -right the Licensor may have to seek remedies for Your violations of this -Public License.

  4. -
  5. For the avoidance of doubt, the Licensor may also offer the -Licensed Material under separate terms or conditions or stop -distributing the Licensed Material at any time; however, doing so will -not terminate this Public License.

  6. -
  7. Sections 1, 5, 6, 7, and 8 survive termination of this Public -License.

  8. -
-

Section 7 – Other Terms and Conditions.

-
    -
  1. The Licensor shall not be bound by any additional or different -terms or conditions communicated by You unless expressly -agreed.

  2. -
  3. Any arrangements, understandings, or agreements regarding the -Licensed Material not stated herein are separate from and independent of -the terms and conditions of this Public License.

  4. -
-

Section 8 – Interpretation.

-
    -
  1. For the avoidance of doubt, this Public License does not, and -shall not be interpreted to, reduce, limit, restrict, or impose -conditions on any use of the Licensed Material that could lawfully be -made without permission under this Public License.

  2. -
  3. To the extent possible, if any provision of this Public License -is deemed unenforceable, it shall be automatically reformed to the -minimum extent necessary to make it enforceable. If the provision cannot -be reformed, it shall be severed from this Public License without -affecting the enforceability of the remaining terms and -conditions.

  4. -
  5. No term or condition of this Public License will be waived and no -failure to comply consented to unless expressly agreed to by the -Licensor.

  6. -
  7. Nothing in this Public License constitutes or may be interpreted -as a limitation upon, or waiver of, any privileges and immunities that -apply to the Licensor or You, including from the legal processes of any -jurisdiction or authority.

  8. -
-

=======================================================================

-

Creative Commons is not a party to its public licenses. -Notwithstanding, Creative Commons may elect to apply one of its public -licenses to material it publishes and in those instances will be -considered the “Licensor.” The text of the Creative Commons public -licenses is dedicated to the public domain under the CC0 Public Domain -Dedication. Except for the limited purpose of indicating that material -is shared under a Creative Commons public license or as otherwise -permitted by the Creative Commons policies published at -creativecommons.org/policies, Creative Commons does not authorize the -use of the trademark “Creative Commons” or any other trademark or logo -of Creative Commons without its prior written consent including, without -limitation, in connection with any unauthorized modifications to any of -its public licenses or any other arrangements, understandings, or -agreements concerning use of licensed material. For the avoidance of -doubt, this paragraph does not form part of the public licenses.

-

Creative Commons may be contacted at creativecommons.org.

- - diff --git a/export/LICENSE.html.asc b/export/LICENSE.html.asc deleted file mode 100644 index dbaaff84..00000000 --- a/export/LICENSE.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP5gAKCRAhq2tqbLLD -N0urAQCNtlcHCcP0B3k8SoGxuh2Rh2NrxjUSWRBdPpvytYUgqAEAgJXGiSJdQt+s -u4lczEDDM7PdLRw47/GkW6MDZXO6iAw= -=A4wc ------END PGP SIGNATURE----- diff --git a/export/LICENSE.html.minisig b/export/LICENSE.html.minisig deleted file mode 100644 index b1895d46..00000000 --- a/export/LICENSE.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/k85tgT4Nanh1IbonkOrDlk5pZ/v/ErCW7SeX4pyWeoI06iF3Ba7umGdISUa1ot+sZKqDya505SGvw1WBFUw1wY= -trusted comment: timestamp:1691602920 file:LICENSE.html hashed -UDJtphNvZ9np3KJdkQ5N2jw1BDX6OS+ZPFR0DPyBaQ/4XQUTp6NsICjgLxSRJDEM5i+IvSggDAmZmuGK0l4FAg== diff --git a/export/LICENSE.odt b/export/LICENSE.odt deleted file mode 100644 index e3afdeb7..00000000 Binary files a/export/LICENSE.odt and /dev/null differ diff --git a/export/LICENSE.odt.asc b/export/LICENSE.odt.asc deleted file mode 100644 index ba8bf2aa..00000000 --- a/export/LICENSE.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP6AAKCRAhq2tqbLLD -N7f7AQDhGPPDNAsciY6MqXL9m+ZwJEUjU/lNIRseah9B0Dz1GgEA7Sj+GEsuCwSG -JUoQOGxX5dg8Nu+tTg44iVngDchmRgs= -=ktsw ------END PGP SIGNATURE----- diff --git a/export/LICENSE.odt.minisig b/export/LICENSE.odt.minisig deleted file mode 100644 index f5d9a4d9..00000000 --- a/export/LICENSE.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/m/dF6xG+iUFJRVfrvczVyAIHhnKICtIV/Wk23RiUPfR7LQt23ATI7nQ5MGF8UQjJ3RhfDRyOTDG6DXjxWt7OwA= -trusted comment: timestamp:1691602922 file:LICENSE.odt hashed -Tesv7yX7OUSvI1K3YQKhsi7Qg07w5Hl2bG0AxZtYisoQbfkGas73QBiqHNc/XPzvFfK1Ln0eobOVthjOD4zhCw== diff --git a/export/LICENSE.pdf b/export/LICENSE.pdf deleted file mode 100644 index dd939538..00000000 Binary files a/export/LICENSE.pdf and /dev/null differ diff --git a/export/LICENSE.pdf.asc b/export/LICENSE.pdf.asc deleted file mode 100644 index ce0264de..00000000 --- a/export/LICENSE.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHQEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP6gAKCRAhq2tqbLLD -N2m/AQDEf2i3M8FrQXdisCNbHFAAJAuU3wTLKgJ5s3w4zH+2XwD3Siocpg1Vv/4Z -lAINew6B38oSJlDPTcihbiP/KaHhAA== -=QTic ------END PGP SIGNATURE----- diff --git a/export/LICENSE.pdf.minisig b/export/LICENSE.pdf.minisig deleted file mode 100644 index a65dec71..00000000 --- a/export/LICENSE.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jMYkvOHPPY8PNg0fJjIk/SaT47znpVdA0w6IjEJEgOcBbstaTMf9QCcLAk1tYA4GMNtlbWVCYgb2avDvl04bwA= -trusted comment: timestamp:1691602924 file:LICENSE.pdf hashed -Phx1t6fMQaqDPuNyjGvMF6fE8zogbqrKtiwQekKu71Ly/hUSShyeDKu/084ujn0vadgFaskCOa+5X9EW8mGnBw== diff --git a/export/README.html b/export/README.html deleted file mode 100644 index 63dafeb5..00000000 --- a/export/README.html +++ /dev/null @@ -1,223 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Welcome.

-

IMPORTANT RECOMMENDATION FOR UKRAINIANS. -ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ УКРАЇНЦІВ

-

This is a maintained guide with the aim of providing an introduction -to various online tracking techniques, online ID verification -techniques, and detailed guidance to creating and maintaining (truly) -anonymous online identities. It is -written with hope for activists, journalists, scientists, lawyers, -whistle-blowers, and good people being oppressed, censored, harassed -anywhere! This guide has no affiliation with the Anonymous -[Wikiless] -[Archive.org] -collective/movement.

-

This guide is an open-source non-profit initiative, licensed under Creative Commons -Attribution-NonCommercial 4.0 International (cc-by-nc-4.0 -[Archive.org]) -and is not sponsored/endorsed by any commercial/governmental -entity. This means that you are free to use our guide for -pretty much any purpose excluding commercially as long -as you do attribute it. There are no ads or any affiliate links.

-

If you would like to make a donation to help this project, -you can do so from here where you will also -find the project goals. All the donations will be strictly used within -the context of this project. All donations and spendings are logged on -the donations page.

-

View the guide: - In your -browser - PDF - OpenDocument (ODT) - Raw Markdown -text.

-

Mirrors: - Tor Onion Mirror: http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/

-

The guide and all the files are also readily available on Archive.org -and Archive.today:

- -

If you want to access/see the original/legacy project, please see the -legacy resources page.

-

If you want to see the changes between your PDF and the latest PDF, -you could use one of these tools (we do not endorse those):

- -

If you want to compare an older ODT file with a newer one, use the -LibreWriter compare features as explained here: https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html -[Archive.org])

-

If you want to check the files for integrity, safety, -authenticity, please refer to this “How -To”.

-

Feel free to submit issues using Github Issues with the repository -link above. Criticism, opinions, and ideas are welcome!

-

Follow or contact us on:

-

Discussion Channels: - Matrix room: -#anonymity:matrix.org https://matrix.to/#/#anonymity:matrix.org - Matrix -space: #privacy-security-anonymity:matrix.org https://matrix.to/#/#privacy-security-anonymity:matrix.org -- Twitter at https://twitter.com/AnonyPla - Mastodon at -https://mastodon.social/@anonymousplanet

-

Have a good read and feel free to share and/or recommend it!

- - diff --git a/export/README.html.asc b/export/README.html.asc deleted file mode 100644 index d8098947..00000000 --- a/export/README.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP7AAKCRAhq2tqbLLD -N0vQAQDJo/VVc1d7yMh8BX03PfAZ9MMQZVIuJ8TFhU6ijQ6P6QEAmwljnzMPvHB6 -kvsZpyAVoOgamfJDI3a0+w/WSvg+Iw8= -=JvIu ------END PGP SIGNATURE----- diff --git a/export/README.html.minisig b/export/README.html.minisig deleted file mode 100644 index 33665abc..00000000 --- a/export/README.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pH5c5TXpu7KU8Vgus0JhCsSHTEZJidOFk/W6M9+nU4xvhz+7dRNXSJrUdE/W720/djx/SgqgpmT0r9Kfx5m2Aw= -trusted comment: timestamp:1691602926 file:README.html hashed -L566yAsww8n8UlqFyqXYjBtXChMgdqZBxLqeVrj5G7CH8ILL0vxmNJ/uQFimMSrq1TznbxFADGTYvYFsxufUCQ== diff --git a/export/README.odt b/export/README.odt deleted file mode 100644 index 0e2643ac..00000000 Binary files a/export/README.odt and /dev/null differ diff --git a/export/README.odt.asc b/export/README.odt.asc deleted file mode 100644 index 77f1bf75..00000000 --- a/export/README.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP7gAKCRAhq2tqbLLD -N1HkAQCoOfl2sbKIfJsvkPLDTsTotcjEYBhvI30LOTCPlCczigEAvJBlz0OGUJTa -8huIYV4xVbjGY2j6RZvHsoanhegVbgU= -=zZqk ------END PGP SIGNATURE----- diff --git a/export/README.odt.minisig b/export/README.odt.minisig deleted file mode 100644 index 2d55f676..00000000 --- a/export/README.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/swF6kEQ4KmgPpxEOmiYa4uj9ixkaxvBRwPBTTVvwkN/bl6Mg1GuN9395QIsmtUZ/HW4/nNhuFnPJmd+T1nUWAQ= -trusted comment: timestamp:1691602928 file:README.odt hashed -8lKWWIe2re0V9kzqR15LGfrf8Ug/Y75tkMMEa6LwsjtCajVocQbsPo2bjETZEX4nsv21JEbSCsfPCX4N7HWCAw== diff --git a/export/README.pdf b/export/README.pdf deleted file mode 100644 index 52c8d4ec..00000000 Binary files a/export/README.pdf and /dev/null differ diff --git a/export/README.pdf.asc b/export/README.pdf.asc deleted file mode 100644 index 5517386d..00000000 --- a/export/README.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP8AAKCRAhq2tqbLLD -N7IQAQCEEbBphXpscfBuw10Jkjy3AReOMogL/dX534fzcjjUYAD/RCbR1kmu8Gsv -Q+w9po6SfIlcHGkpVXYTZf0uZ30TNQE= -=MOn2 ------END PGP SIGNATURE----- diff --git a/export/README.pdf.minisig b/export/README.pdf.minisig deleted file mode 100644 index b27be945..00000000 --- a/export/README.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/hM4M+Y8eL72d61rykFbSKiOk7G+xAJkXxE+Ux6R4rnVzNrO25pDnPg53aJHKvB9tNuuGLo9AqX2+6i/tVP56Aw= -trusted comment: timestamp:1691602930 file:README.pdf hashed -BSJwtv1e1HhVfgwUF25W5x2P7HQMczfrOPUh3lE4twamsh6JWRBeJVEKRmCPuvavXlA4aau6EkePqilEW6urCg== diff --git a/export/about.html b/export/about.html deleted file mode 100644 index 8527f994..00000000 --- a/export/about.html +++ /dev/null @@ -1,186 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

The current maintainers of this project are Alex (they/them) and The -Hidden (aka No).

-

After unfortunate events, we have picked up maintenance of this guide -in order to continue the project the original founder, Lena, started. -Lena faked her death, then returned later. Before her death, -she gave me access to her accounts to maintain the guide. I will be -maintaining her guide, as well as running her Matrix space, from this -point. As we’ve said before, we cannot guarantee we’ll do everything -right, or how she would have done it, but we’re trying our best.

-

Update: Alex is taking an extended leave to acquire a more -secure operating system and will not be actively involved for some time. -They promise to return ASAP. Until then, No is spearheading the -operation, including translations and research.

-
-

Please share this project if you enjoy it and think it might be -useful to others.

-

Follow or contact us on: - Twitter: https://twitter.com/AnonyPla - Mastodon: https://mastodon.social/@anonymousplanet - E-Mail: (You may use our PGP -public key to encrypt e-mails. Do not forget to attach your PGP -public key if you want an encrypted answer)

-

Discussion Channels: - Matrix room: -#anonymity:matrix.org https://matrix.to/#/#anonymity:matrix.org - Matrix -space: #privacy-security-anonymity:matrix.org https://matrix.to/#/#privacy-security-anonymity:matrix.org -- Github Discussions: https://github.com/Anon-Planet/thgtoa/discussions/

- - diff --git a/export/about.html.asc b/export/about.html.asc deleted file mode 100644 index dd8eba67..00000000 --- a/export/about.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP8gAKCRAhq2tqbLLD -N5P+AP90Y6Cm/pc7aT8jwnnu9rxAy47O31ZHDq4QBwgeroLiqgEAvBJuMTu84H9s -ANzK7LDnEUYdHW9Cuo6d+lM76drSiAY= -=Bt7J ------END PGP SIGNATURE----- diff --git a/export/about.html.minisig b/export/about.html.minisig deleted file mode 100644 index 77fefb6f..00000000 --- a/export/about.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/q2B3E11mkEPDY3pHTIW2ca0I0KQpaTb9xXJx1VwU/ExqP+mJ9ySxlttJslf7BbVHFQ5neOG8wOIaA6JVU8nMwE= -trusted comment: timestamp:1691602932 file:about.html hashed -1Hs3IK5dK0pIbMrHtKlNgPhMMOJsXGYxzpWy4O67k2kktUVaFqg0qf3po64AYSWehMzG0jtcvW/ArsonYAILAQ== diff --git a/export/about.odt b/export/about.odt deleted file mode 100644 index cc3ff6d4..00000000 Binary files a/export/about.odt and /dev/null differ diff --git a/export/about.odt.asc b/export/about.odt.asc deleted file mode 100644 index d3036ea2..00000000 --- a/export/about.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP9AAKCRAhq2tqbLLD -NwcJAP9c+LHCFLq6fq4m9CKVpSUje7Qa9n+dzvUNplBMIT0baAD+JCd1ajf6jK9n -1zsM5jyknsZGaihVLy+kycbkYdNZNwk= -=ydO4 ------END PGP SIGNATURE----- diff --git a/export/about.odt.minisig b/export/about.odt.minisig deleted file mode 100644 index 1d49f5f5..00000000 --- a/export/about.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/nFdWpop2yEW9HQvLaFuB5fNYnvYPSk3iqj8cJp7Gqhf7AYfvLHpcGfFipsinKmFR4jVuxFezL80MF23PsI9igs= -trusted comment: timestamp:1691602933 file:about.odt hashed -TYzYbsyQVe+8IEufWoUjBKobV+JdBLGh5JvmeN3n1Q3z6JBkpjADxBDwCgzD7ylerjLvxtNlBYavHrtN2t/qDw== diff --git a/export/about.pdf b/export/about.pdf deleted file mode 100644 index be53e1cb..00000000 Binary files a/export/about.pdf and /dev/null differ diff --git a/export/about.pdf.asc b/export/about.pdf.asc deleted file mode 100644 index 2e26cc11..00000000 --- a/export/about.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP9QAKCRAhq2tqbLLD -NztlAQDYYQ15rIaaDGNxCtTa5gSx+hevQ0e3553EFyO5C+A7MgEAs1Gs3SDwHMyg -PAMcVrb8lurD93c2mYB0J0D9W8q8VAA= -=08ff ------END PGP SIGNATURE----- diff --git a/export/about.pdf.minisig b/export/about.pdf.minisig deleted file mode 100644 index 425c6a0c..00000000 --- a/export/about.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/puxCLI6PERq8SQAQF/qwt4xKW5KR4H4HOOpgkZLqCz13cFgaMNs+gMFRvAO+6H3S2MvR34eUXELkxvtXkvG2AU= -trusted comment: timestamp:1691602935 file:about.pdf hashed -cGLNbUiM6RvLKz4800EGDLccfYUQBH9mPkUacLUqQZK3kczsxz+l7vZQhD8cGQ9rDn4OzwmMihpzdzlLLPU9Cw== diff --git a/export/b2sum.txt b/export/b2sum.txt deleted file mode 100644 index e87adea8..00000000 --- a/export/b2sum.txt +++ /dev/null @@ -1,51 +0,0 @@ -abcf7cec9740574e6b96e23cc8e1af21bfe6ed6aba8dc523d893858367b95b1d866598938f1d0ddceb56309cb2df848e2770c3800a851abd4ec28fa40c7f8a03 ./CHANGELOG.html -9cf7442e06e7f48c2e84023479a525505702fd607a43e6df6079608b27f1689f725a50bdd265c18fba769609204df9a127cf9cbcd7438e48102e07b1805d2a17 ./CHANGELOG.odt -d3b98eb93a5684a61663c24550c9f97af153e1c834dc7b539168bea037c91b508536a5ddb0f090e74cb7f69d0cba54c67939f9776ff075539b4eaebf1c93fcb0 ./CHANGELOG.pdf -a42e86f828749fcd6fac0adc28a6fa66c50c1a12977da075affb0ee2e24a869fc5b6a69462c3d5e25035b3fd777350f095260884474977f07d40e765b2e4a123 ./CODE_OF_CONDUCT.html -0482751ce6b306bf8f2f8c7f67bf6c16b047c16d85b7dae7fe7cd74e95284232ea1559ab68dd63adfe4fe062fa99a945560f19b3c7d4c5c2eacb262ea56e4cae ./CODE_OF_CONDUCT.odt -641df159f65ae7b9b03a28fd51614ed5fa294fc5a13de51b32df97dfe3c9bc59fbbe6d7253e3aed2795247cf39f1ebbc84ba6735e7dcbb56cd5c6330061579b1 ./CODE_OF_CONDUCT.pdf -2d2bce74df1ca2b64a032d0b366566509d324a06cc6ea250cc816d6dd8a56b53095f239419e4ca44cb9a85812606121c1f7ad71900500eb388913bf6c7735de2 ./CONTRIBUTING.html -6caa4ead4c497cb94fed99cde6406ef7daffd8dd9454376800fce9ad097e4641ab0d714e76f373c191d31bb7b52c9f337e5fe3b7cd6fa35539a0ff7b7f57d97a ./CONTRIBUTING.odt -98fd1145c63815ec3c36018638437aa9581e2cda7ead2de3a0521bc0ebff97f7bcac48291d9a99a54634a88c6840930fb024a477e2585d1b215cd24237c7c0bb ./CONTRIBUTING.pdf -05cbdcab64c5469b2d80a34f9de3b6d4f7668ed3c5914a9fd2d4c04fc97e418f0383eb3933cbd622b3a9355e092cdd5ac49cecc0f13b177ed4d7ef5ce92f37c4 ./KEY_ROTATION.html -c4026c8d9dc66a3f664da6f2e5a47fcd219b8167e50ff315833ab94d3fd30e857133803376e79059dffa30991b16e08a7ec3fc3ba51d03d18fe9941ac987ad0d ./KEY_ROTATION.odt -c90145627e73a0466d6ddf00a62af23db1abb5c1d710c17ba0f2fd86ed8cb0de5fa56e250ba5945460b2ad9ba2e3eebed622327aa088c499e3509bae14a6928c ./KEY_ROTATION.pdf -cc61c1527d6ab977dd1347e2f068673be1c0ade38dd81bca5603bb975cac55baf8336753f7dda30d3d0572b5699d209845d14d680057ef779073fe1d09a99b88 ./LICENSE.html -1fdfe69249cb26ac6906b8b76c0105719301b00e4ac7f903faf83e9a039839a87691260c92bf4cc7030382a141a2eb8ce3bc6402f6c6d696c2a9bcd078b00ba7 ./LICENSE.odt -cb3945cd5e0727c6b1c85bce7558a094f7f42b7cd249e19c7278f744859eed714204c7b720caf0edcdeb9a8654815c5174d33b69d7000df123b2562b5364b408 ./LICENSE.pdf -b65cbf90469d2aa6f4affc65af93c3975e8a5ee48165e9810ef086ea56580233a7b2c487c70239ce4f8001e5b6b0e16545c135e098956fd5fcc9e543b9d83c5f ./README.html -c3f0d9ff88949c75af5996779b2645c1b5bd0e917dfc46dcc4e9db047e377879c91c95bc7170d016dda8b63eb6ee420b93c0408cbd453e83f193119cfedfa73f ./README.odt -2381473a711137cccac727ed1698349cb8d0cd0afbb09b8fff8678a90b624bbe8708d253e7533630dd343b0f9d29cfaf9ca5789a43499ab54bae6cd0e6399895 ./README.pdf -3545587c77e744df84e0af6ba9e18daafe0a8e21793c04fef0a15d71ee5169ecc3f9e57fec0a045dd284442f9b87692b76563397f6bd7b1ec724c98255ff3db4 ./about.html -880deece375e59e2f99201e1d078c50b130dbb0390ce5bec6ebe0f00b6f9f2ee18607f7cd2866a4b27514a745ff3982288b42310e1a7bbcc662d35dd8d499930 ./about.odt -1e941f7e6ef80670642321fbcef65484ceaaac514630e4d9fb85837cbfecc4c6dd09f8ba3df37a98a252a9c19faad0863fa37dc6959ea4ea7bdba58cf6b37c42 ./about.pdf -1c6df1bc6c0436c9796906466d94d8ffb1a1214d4b88e977470edad8a0fd2df44a75b1ac27b10c82507005087f94032a36d9a2757f0659abdc1da8ac7bee7475 ./briar.html -d0c3d61bec094d2fe019e40ecad309023f485d1ec6fc3830e90d43d7b96fd75bb9dcb1f40e8672566594e2996faee9363a8b0db07976e66e9c39330a100c55f4 ./briar.odt -b50d20dd5b59c461709f2295a9df306f86e4af7d1db3ef70c5ce655a6aa88608fcec242959faefee1fa42cddb01b220338cc746534c3e83a57a11fcab8ccbcbe ./briar.pdf -6e9d17757ef246a8762a624cdea6c4ee8e75c5fb9fdf65070b68de8fcfb8cf7bf9dcda209b0729f49563854aa8a195f57bf8cd482643b3564aeb0798db5f8141 ./chatrooms-rules.html -c0b8727af723ff9db594541396257d1a9401ed21e21069467d87031f607ef08902e79843ce15bbf227a92fccd65420ed2ed4df5bd3f34c87e53b46807db98c74 ./chatrooms-rules.odt -2896ad8a56665d73f684e1b17130c6b81cc5fce82b6bb6d5ca5251aaf6cb7e7d75caf759cc3b4620fce38b2e9b092ea9502d8d62677db6f944774f0f7100cc2f ./constitution.html -08df80740e7527578a464402d80445603c8ddbffd1cb80984b420912d106d9353b8716bd9edb6cb4cb7e244ad975ac124e03996c66c7f838a1eeb990fca42a96 ./constitution.odt -a39cb27923e56b41ba446624de510dee7c96fecc592b4a5d1cf7d6ff7a2f2ec8a6e6188434cfac23b563c773a286017400ab33e877d431ef1f557b31a49c2fe3 ./constitution.pdf -d0ff054a6cec230633e8bfcf655df77bae09939e0c27e04f925b80d10a57064de9dc5ce28f6e8cd5af5d8f4b564e16bc257a09d11991f023b82eb37dc8c0b717 ./donations.html -378db7cc0ee99f6b65105b794f3b7e640568114f916bcb20d366750baf43572f4b2d698cb8960f3727bf0d6faec15d294ab0721bef0452edd98d7ae8deae7a3b ./donations.odt -efb580abb6c5c0a3d6b2af95d0a99606e3d9cda76f6d9e873c3be71d320473e890f160f187a051489bd58a78ee87aed8d69010883217ce2b088bbd2a68f688c9 ./donations.pdf -62e61a4f097977064200c92ae0b93e46e6d29e7e62faf975110c774630a95473a30c1a2205d9934b3de3e23d7b7373afbb8c342d6e3a261f823a42a1a734ddf6 ./guide.html -2ff46e0204dfe5c061d908b225f3155a19fc7b70896696ef730a3ceaf8509afd5caa02209e0fb8705f906a2a2bea5443a17cda5797ac6c3dc8e014904fa170fa ./guide.odt -0fd87f342caaaea88a987f680d1a97068fe4c8cb1a91d5cca1d6ac0350dc6a62703b7930212a09e48bddec640282026a10d18561565d9c7be69b7b5b9371773c ./guide.pdf -c30b498a3b75e3ad1514ef1dc3d6faeb834a1480605c87a18586c649d268c63f746a03fbacd66fbe23d2106c377e7adb6092b8d34363ecb0b8142dae0a3aed12 ./legacy.html -9bb98e61b30e8c5fbec54f1e2d45e756de578e5b3174d33f258d8166405f1cd2f3e36f88aebc30763485c8c194f9590aa9ef2696b7186685e6d3430a6bd4a00c ./legacy.odt -98d377ed60a8037faf4a734169047b440fa3684aa073b46f7a499eac5ec625ce1c9ce6541a5aae3146e399c7b9ae95049e3f80d3fe09cc6129ee10d3b8c9dc1a ./legacy.pdf -72b4d612178c4597afa3a6ac76178da20981edf5caa13751d12c6ce17456f78d43021b334c38c6547025abfdcb3952c16ac0cddfcdd7c619cf5d6dc45a645a97 ./links.html -27532af97ff43bb2438587966499468e62b8ba1a487a3502d0f992de9171c0bb59dbf7c2f44d18ccdd08aafbe1dcfc765d9b2dcd908af24dc5f503de1e556bda ./links.odt -10eac985987a71beb73f7b4c245359b716ff37f58af280cfe51a004661aad6a2689b6966ac1c0a56bfd4240e60e9844b0992c311a9982fb6bb52242c51fc6e78 ./links.pdf -a3a2ba7ac2da82772087fcbff3f0ed8f9b4fb4139fef218403d28df33a023a9dfa60493a44e25d004a92010ef9f6c636f7e6e5c8635ced51d14ff89c8bedc167 ./moderncrypto-rules.html -cbde7f6a6bcce4e3d121b7bfc01e6bc34cac3db0bda95a1657b45c3b746ac19f88971a7930ee53ea32f7cb2af59d6190834b059a11b1b327b1841a310684a69e ./moderncrypto-rules.odt -40dbe9de859074d4a97084d496e843043e28f7223cb5212a0c31b97d757e0e5edcc15aeb0f5269857dc2e3b87415bc16dc4e81dcb9d164e46774849f0cee4541 ./moderncrypto-rules.pdf -1d917552e8bf69988a12b3357daa025eaff7de05725d0aa1e35c4bf30beb8587e38002cba3670cdb86dc326e58456aecf3a89b9864177e89c230616f0c9c47cb ./sha256sum.txt -1a869b96d21adeb6376cc8c73d7e579e03526447f9e5a215c3421fe2b86db556988b8f8a2a30ef2f15c4d1a02b53876f14949e7950e12699ba0531f93cfa0b7c ./twitter.html -c752d2ef4fe3458382c07fd0b5321e7b9752dd972ff46f1f5c78fe0d16e305dddc52af653f78da0aa1f5cc9753f6c94860b7309d73d743f1d7c817f43260b54a ./twitter.odt -1b8aaa96177907c047baa54944a3161d85bf11685f96dc185fcd489f7502e698f98bcf252f31e5098f327b4cdf4266ebd195b8f08944027f2b101af55f3435ff ./twitter.pdf -5395068e10e88def5abf046d8b2a7c88db624a6692067f14e0d57925443aeded9fe119259c168c89a0501c59d066023ae289803bb8c649e1135fbb98da5eb716 ./verify.html -f6659c1ed9510113613f84facda34e0084c934ad436301a54f93bb7ee5286997cb2a690db3543139186b18f37b6b2405e945dccd4e1153e9dfc1ea77acf8ad2a ./verify.odt -4a36c31c40d47012377d22874c967bf2f1a9a57f757d50df41c1af0147af5b341831b4e42ec54df0d9a09977af81ead951226f31e9df4c429c0a0ce0e931d182 ./verify.pdf diff --git a/export/b2sum.txt.asc b/export/b2sum.txt.asc deleted file mode 100644 index d439f18b..00000000 --- a/export/b2sum.txt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP9wAKCRAhq2tqbLLD -NxTuAQDpbl1Db0tRFFz0y1AQy0boT92uj5KYzK4t2qospmBR+QD/YsnmrgLGv0hn -iNDie4yFRvCnxaZy1wT8QuyG1L+OCgQ= -=RuVP ------END PGP SIGNATURE----- diff --git a/export/b2sum.txt.minisig b/export/b2sum.txt.minisig deleted file mode 100644 index e6be140f..00000000 --- a/export/b2sum.txt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/j7NxBAXQ/ZSmwVIj6JzaKEc75k9N9HgNkRLZPzCHvqg7LpnplYwKl3coemb++APBJHeesMzgnkaM0p2V80HJQw= -trusted comment: timestamp:1691602937 file:b2sum.txt hashed -WLX7aP1nuBy7+gybMzTRmy+mUGhyBtIqKNixGChcfATupeWZlmLESQJOlxrwdvadRlDeCDGUpyQaxdd9M7iRCg== diff --git a/export/briar.html b/export/briar.html deleted file mode 100644 index 5c5d4666..00000000 --- a/export/briar.html +++ /dev/null @@ -1,174 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

спілкування / Communication:

-

Це послання до народу України. Ми настійно рекомендуємо вам -використовувати Briar для спілкування. Ви можете знайти його тут: -<https://briarproject.org/ . За допомогою цієї програми ви можете -спілкуватися, навіть коли немає Інтернету. Посібник тут: https://briarproject.org/manual/uk/ , Швидкий початок: -https://briarproject.org/quick-start/uk/

-
-

This is a message for the people of Ukraine. We strongly recommend -that you use Briar for communicating. You can find it here: https://briarproject.org/ With this application, you can -communicate even when there is no internet. The manual is here: https://briarproject.org/manual/ , quick-start guie -here: https://briarproject.org/quick-start/

- - diff --git a/export/briar.html.asc b/export/briar.html.asc deleted file mode 100644 index 0cea870f..00000000 --- a/export/briar.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP+QAKCRAhq2tqbLLD -N0qsAQCUsHoxN8wNg/uzxEgX+P3oWBLeH1Z6TegakRl7paW5xgEA8f8wJEzsEsaB -LGSywLdbJAnG1wiHJXmQdQGHAvEyGgc= -=pM4o ------END PGP SIGNATURE----- diff --git a/export/briar.html.minisig b/export/briar.html.minisig deleted file mode 100644 index e298e830..00000000 --- a/export/briar.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/j5FbfpKso/nUIWg7eq6suz09T2HrMIr5QqH1cZFkXLZRzzp80V43OzFgZ+sVDCbB8L/Vf4AYz8C3z5Lnb+DJAY= -trusted comment: timestamp:1691602939 file:briar.html hashed -7xx+BoIL5+LR/RYyMwWIlAbHfWi5bbQSkgv6RvlT0VDrRvc2qxHB1ofD5B9tvtEJ8ztodXywMI9HPtvczxiXDg== diff --git a/export/briar.odt b/export/briar.odt deleted file mode 100644 index 5302f441..00000000 Binary files a/export/briar.odt and /dev/null differ diff --git a/export/briar.odt.asc b/export/briar.odt.asc deleted file mode 100644 index 53303eb0..00000000 --- a/export/briar.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP+wAKCRAhq2tqbLLD -N1mVAQDpoPeaCvUlz3jfmSBlybBt6vS4SiBj6hJXhMY+Kd3IEgD/Y9/sQInkf/uX -1BXyE5JcPMLgE/GNsbCUNXcITUH89wU= -=Y08h ------END PGP SIGNATURE----- diff --git a/export/briar.odt.minisig b/export/briar.odt.minisig deleted file mode 100644 index 04540ef8..00000000 --- a/export/briar.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/s0u770VzCZezK56v3xsV3xtK0+V1GGvAhpF6cxVYtKpazcQ4gVTE+MKXf6g3DzFuPG0JOrqNo6RHF4heBDbNA4= -trusted comment: timestamp:1691602941 file:briar.odt hashed -/4sU9eSgdrYsAHGHMAeBaY3+3g239h0my3ui4G5HaR8nazYwWfLmDi1p9BPAEPPsR6aHD9Roz1pKl5un2rEEBw== diff --git a/export/briar.pdf b/export/briar.pdf deleted file mode 100644 index 7768e0f7..00000000 Binary files a/export/briar.pdf and /dev/null differ diff --git a/export/briar.pdf.asc b/export/briar.pdf.asc deleted file mode 100644 index 96da006f..00000000 --- a/export/briar.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP/QAKCRAhq2tqbLLD -N9nnAP4tYxlHxfx5NgHtFgS3zYi5MradKMJk1AlBrPIiuulRuAD/Rqs9V5+pHk31 -BI4AX3+EVpfP4tpnN6vrWXiTXyn/qgM= -=U9Vc ------END PGP SIGNATURE----- diff --git a/export/briar.pdf.minisig b/export/briar.pdf.minisig deleted file mode 100644 index a999340e..00000000 --- a/export/briar.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/gCs2wcIK8t7ms8IQdvTIgosKNLaOddZc+toNPIsrSrvepujX+LqDuuqZIHGFe0iqQU4VXT/QCaXBbZBR3oTYwM= -trusted comment: timestamp:1691602943 file:briar.pdf hashed -I2WiXwEhMu2xIw4Z/0+j6byfLKYUqBvoSl5L6c3Allvd4ROL+sMYrsyzz6CrHfY5WiRVr/KOvw77tWfRFs1SDA== diff --git a/export/chatrooms-rules.html b/export/chatrooms-rules.html deleted file mode 100644 index 956f42b8..00000000 --- a/export/chatrooms-rules.html +++ /dev/null @@ -1,273 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

PSA Community Matrix

-

You will find here the rules for the community.

-

Note: Rooms which are part of the community keep -their sovereignty and can apply their own local rules, each with their -own local moderation. Some of the rooms are following the general rules, -but some are not.

- -

General -default rules for PSA rooms unless specific rules are mentioned -below

-

These are currently enforced on -#anonymity, -#security, -#OSINT, and are NOT applied in rooms with -their own rules below.

-
    -
  • Keep it legal
  • -
  • English only
  • -
  • Be respectful to each other
  • -
  • Avoid FUD and/or disinformation
  • -
  • Avoid gatekeeping and try to remain welcoming to new users
  • -
  • No hate speech (no racism, no homophobia, no transphobia…)
  • -
  • No spam
  • -
  • No doxxing unless you have express permission and you move to -#bnonymity
  • -
  • No trolling (this doesn’t mean sarcasm is forbidden)
  • -
  • No NSFW content (no Porn, no Gore, no Hentai…)
  • -
  • No upload of any non-media files (binaries, executables, compressed -files…)
  • -
  • No voice messages (these will be auto-deleted by the bots)
  • -
  • Avoid drifting too much off-topic or move to an off-topic -room like #bnonymity
  • -
-

Just because the bot is down temporarily doesn’t mean shit.Some -exceptions can apply, see the exceptions -section at the bottom of this page. Violations will be handled at the -discretion of the acting moderator.

-

Rules for -Nothing To Hide Privacy -(#privacy:matrix.org)

-
    -
  • Zero tolerance for discussion of how to commit illicit acts
  • -
  • Limit political discussion to privacy-related topics -only
  • -
  • No suspicious links or uploading of non-image binary files
  • -
  • Be respectful
  • -
-
Mods:
- -

Rules -for Modern Cryptography -(#moderncrypto:gnuradio.org)

-

See https://anonymousplanet.org/moderncrypto-rules.html

-

Rules for OS -Security

-

See https://artemislena.eu/coc.html

-

Rules for Bnonymity -(#bnonymity:matrix.org)

-
    -
  • Keep it legal (seriously)
  • -
  • English only
  • -
  • Be “somewhat” respectful to each other
  • -
  • No hate speech (e.g., no racism, homophobia, or transphobia)
  • -
  • No spammerino (e.g., no scams, ads, or bots/flooding)
  • -
  • No NSFW content (e.g., no porn, gore, and hentai)
  • -
-

All of the above can result in an insta-ban depending on the -severity.

-
Mods:
- -

Exceptions

-
Exceptions -for #Anonymity, #Security, and #Bnonymity rooms
-
    -
  • Talks about Sci-Hub and/or LibGen are allowed.
  • -
  • Talks about torrenting anonymously are allowed unless the purpose is -blatantly illegal.
  • -
-

Bans

-

Currently, the following rooms are sharing a common PSA ban list for -serious offenders: - #Anonymity -- #Translations -- #Security -- #Bnonymity -- #ModernCrypto -- #OSINT -- #Collab

-

This means that those PSA bans are effectively applied on all those -rooms and can be issued by admins of these rooms. See the next section -for information about appeals.

-

Ban Appeals

-
    -
  • Please contact the mods or admins of the room in question to -state your case for appealing.
  • -
- - diff --git a/export/chatrooms-rules.html.asc b/export/chatrooms-rules.html.asc deleted file mode 100644 index 77c7542c..00000000 --- a/export/chatrooms-rules.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPP/wAKCRAhq2tqbLLD -N7QgAP9Rs8/b1GbxkBY+LxDq68MEF33daucK9U5hKJkSAX9X9QEA6bA4kN7azlLN -CId13Fv8B4yNfXh9KTEpZ5S6icBgJQQ= -=CPmc ------END PGP SIGNATURE----- diff --git a/export/chatrooms-rules.html.minisig b/export/chatrooms-rules.html.minisig deleted file mode 100644 index b171bb0a..00000000 --- a/export/chatrooms-rules.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/iCJRflrKoup35DCteNZX10f4t7BS/zzP9/g9Cv/vTJNZZP3L/xTB6pt9eu3VhlD1+Epcfa+WnCFmvkB7vsfNQY= -trusted comment: timestamp:1691602945 file:chatrooms-rules.html hashed -2re22N2fPq4RzI0L+aeH/u0NzIdFNEhWgi+pTU+vP1gXCWO04rajunzLEjAfOwLBX25hvW2uGiDvfGfs1yPtAA== diff --git a/export/chatrooms-rules.odt b/export/chatrooms-rules.odt deleted file mode 100644 index c4c39492..00000000 Binary files a/export/chatrooms-rules.odt and /dev/null differ diff --git a/export/chatrooms-rules.odt.asc b/export/chatrooms-rules.odt.asc deleted file mode 100644 index 079e165a..00000000 --- a/export/chatrooms-rules.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQAQAKCRAhq2tqbLLD -N7nMAPwJ13dmBRMXXFDonXMJiUXMzY0Jwij3FDgWe+B7n+JplAEAhIC8vKH8+1Oj -NQENNUzOyR7OtGSl4htNXXubIic1bAk= -=kxBE ------END PGP SIGNATURE----- diff --git a/export/chatrooms-rules.odt.minisig b/export/chatrooms-rules.odt.minisig deleted file mode 100644 index d349eeb8..00000000 --- a/export/chatrooms-rules.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/rkOyJFIpflAae2Y7esxEUaNs1pRXgVtE09ximqJD9B1LRiK0k7F9Zbcxz/L4fjLf/+5bcGYxACKRoYN6mh7LgI= -trusted comment: timestamp:1691602947 file:chatrooms-rules.odt hashed -WbTiENOcgUH9sLBeGz06bT0j60kYvTiXHnBxJXmYRyaebGmmSmCANLnnYgsX2QvIeknKIDbyn8PMC6IRROsVAw== diff --git a/export/constitution.html b/export/constitution.html deleted file mode 100644 index 1cc51daa..00000000 --- a/export/constitution.html +++ /dev/null @@ -1,280 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

A Constitution for an -Anonymous Planet.

-

To amend the rules and regulations of the network and of the PSA -community, this constitution is hereby set forth. It is applicable to -all the projects of the initiative, especially the Hitchhiker’s Guide to -Online Anonymity. All members/collaborators must abide by these lines -when contributing within the context of the initiative.

-

Requirements

-
-

Our content is licensed under Creative Commons -Attribution NonCommercial to prevent commercial usage.

-
-

1. Anonymity above everything

-

Anonymity is necessary to maintain the balance of power, specifically -to help journalists, whistleblowers, lawyers, scientists, and victims of -oppression. Anonymity first, even if that means using non-free and/or -proprietary means. Security and privacy are second, again, even if using -non-free or non-open-source and/or proprietary means. In this sense, the -ends may at times justify proprietary means.

-

2. Independence

-

The Anonymous Planet initiative has no affiliation with the -“Anonymous” collective and does not endorse their activities.
-Any overlap of their activities and our guide are purely -coincidental.

-

3. Accessibility

-

We will strive to always keep available the following methods of -reading the Hitchhiker’s Guide:
-* online;
-* offline (e.g., PDF, ODT, EPUB (in the future));
-* via the Tor network

-

4. Freedom

-

Maintain free, open-source, and non-commercial nature of all our -projects. This does not mean proprietary and/or closed-source tools -won’t be recommendeded. All scientific knowledge should be free for -anyone and we support and encourage Sci-Hub and LibGen. Any attempt to -erode the freedom of information and flow of knowledge of our projects, -in any manner, is hostile.

-

5. -Verifiability, falsifiability and reproducibility

-

We will make every effort to be transparent about any and all bias we -have.
-Anyone claiming to be unbiased is lying, therefore we will not falsely -claim to be.

-

All our content shall be verifiable, reproducible and -fact-checked:
-- academic references (e.g., studies, papers, and peer reviewed -publications);
-- reputable media references (e.g., articles, videos, and -documentaries);
-- official documentation (e.g., manuals, field guides, and technical -documents);
-- renowned and reputable expert review;
-- direct testing by our own collaborators for falsifiablity

-

6. Innocence

-

Suspected offenders are innocent until proven guilty, with zero -tolerance for abuse of power or position.

-

Any accusing/moderating member is: - Subject to the burden of proving -the wrong-doing of the offender. - Required to motivate any -sanction.

-

Any offender has the right to: - Face their accuser (know who is -accusing them). - Appeal sanctions to an uninvolved third party. - -Participate in their own incrimination (the burden of proof lies with -the accuser). - Due process of the above.

-

7. Freedom of thought

-

Open-minded and pragmatic - with no tolerance for gatekeeping.

-

Critical thinking and fact-checking are strongly encouraged; we -welcome criticism including of a harsh nature (excluding ad-hominem and -slurs).

-

8. We do not tolerate -intolerance

-

See the Paradox of -Tolerance, which includes hate speech.

-

9. No analytics

-

Note that, while we will never use analytics, the (now free) -platforms hosting our content might be gathering such analytics outside -of our control, such as Github pages. As the initiative progresses, we -will strive to avoid these as soon as possible.

-

10. No profit

-

Any excess donations will only be used to support our main projects -first and possibly support other intitiatives (like hosting Tor exit -nodes). In all cases, we abide by the following principles:

-
    -
  • Funding transparency (i.e., all donations, spendings, source code, -and future goals will be public).
    -
  • -
  • Acceptance of donations from any entity anonymously or acknowledged -(opt-in) will not have any influence on our content.
    -
  • -
  • No sponsored content.
    -
  • -
  • No affiliate links.
    -
  • -
  • No product placements.
    -
  • -
  • No advertising.
  • -
-

Disclaimer: it is possible that, coincidentally, a donation -could correlate with a recommendation. It will then be clearly stated -that while the donation was welcome, the donating entity will not be -gaining visibility/coverage/endorsement/recommendations due to such a -donation.

-

Core Goals.

-
    -
  1. Help people in need of anonymity to maintain both their physical and -digital safety.
  2. -
-

Non-Goals:

-
    -
  1. Help any people who are using this knowledge for bad purposes. -Helping people takes precedence and we know our content can be used -nefariously. Our initiative believes in having one good person given an -anonymous voice, safely, is worth the risk of having several using our -content for evil. As we do adhere to a fair “rule of law” system which, -having 9 criminals and 1 innocent person free, is much better than -having one innocent person in prison among 9 criminals.
  2. -
-

Yours faithfully, Anonymous Planet

- - diff --git a/export/constitution.html.asc b/export/constitution.html.asc deleted file mode 100644 index 7a937838..00000000 --- a/export/constitution.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQAwAKCRAhq2tqbLLD -N6jAAP4/nGLXffWB27sLitMAkQPD616zJ6+JUj09SnFgxHIEpAD/UmISYn07ABHM -ibN86gPxRt7J6IcwP+n9sm+qxwPtOw8= -=t9F9 ------END PGP SIGNATURE----- diff --git a/export/constitution.html.minisig b/export/constitution.html.minisig deleted file mode 100644 index 5f1461c3..00000000 --- a/export/constitution.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/r5ifjEh1APhgfyeImZRLjGbKwnX5FJ5N77ZXVz8tPp5QFtbuYaf879CTtkUT1aeoi+0bRSzA6LpEavn6abAuwg= -trusted comment: timestamp:1691602949 file:constitution.html hashed -CizPoAEhtqKyd0dICbQXa5ne4Ilz63+TACb2FmeSCEHLe8kvVJK+zxa2n88Ld5GcRTkN/DqYQ200DpP1mAbYBg== diff --git a/export/constitution.odt b/export/constitution.odt deleted file mode 100644 index eae14058..00000000 Binary files a/export/constitution.odt and /dev/null differ diff --git a/export/constitution.odt.asc b/export/constitution.odt.asc deleted file mode 100644 index 63460111..00000000 --- a/export/constitution.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQBQAKCRAhq2tqbLLD -N2UrAQCxJUTiS1ZumrKthn4nYC9vTfnHem2RQQysmYEkxvfDVAD/cD/0mrDPhZVz -/qDT3FjguuNWouvU+mYztkAkcSMLMw8= -=XIkp ------END PGP SIGNATURE----- diff --git a/export/constitution.odt.minisig b/export/constitution.odt.minisig deleted file mode 100644 index a47ad220..00000000 --- a/export/constitution.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/kXiKyUeBKyKgdBntIwKGumSCx3W4W0rESgUp/L8Co5XZ+d4tSAeWz7nuFmTGVIyDA5xA4dv2IkE5cnX3V3G4wM= -trusted comment: timestamp:1691602951 file:constitution.odt hashed -Bk/t8jlPq1wcLcw5q9hgRrzWQWJmTYuzk202uBHS5dwOylW9A8sS81jSJUkZdfc6to5sOfoBU7qccP9YLP0iCw== diff --git a/export/constitution.pdf b/export/constitution.pdf deleted file mode 100644 index a64b15cd..00000000 Binary files a/export/constitution.pdf and /dev/null differ diff --git a/export/constitution.pdf.asc b/export/constitution.pdf.asc deleted file mode 100644 index e6a3db73..00000000 --- a/export/constitution.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQBwAKCRAhq2tqbLLD -N7yhAP0f8J/ygqRpiGjiksh8F6xEN5Rx9MVF+4mc/7BzjIed9QD9GncluXdX8AzK -3wWt/zO8vPTSbJM8UCCbFez5vyEsAQM= -=VbO4 ------END PGP SIGNATURE----- diff --git a/export/constitution.pdf.minisig b/export/constitution.pdf.minisig deleted file mode 100644 index 7a0a05d2..00000000 --- a/export/constitution.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/lre01Gl6VUCQuZpIVLS2nczaQ0TB0jYv9m0lbAtohcg+EIwbpgnipzjzmb2qIlWupdNxo69HP+4VayvDcZhVA4= -trusted comment: timestamp:1691602953 file:constitution.pdf hashed -jLOb6cUjkcOmnY8NMhfWQsRkaprrFW+0vTOyOvcCUfUE2S0fCPQSWpsuc8UIt2ndoG0MbNLFH+mAhft5GnzeAA== diff --git a/export/donations.html b/export/donations.html deleted file mode 100644 index a1334946..00000000 --- a/export/donations.html +++ /dev/null @@ -1,331 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Donations to support this project are welcome as the funding of this -project is limited. Those donations are mainly used to pay for Tor onion -hosting (VPS), mail hosting, domain name registration, and to -maintain/run Tor exit nodes. No profit is ever being -made. All donations and spendings are being logged here below -for transparency.

-

Current project donation -goals:

-
    -
  • -Funding for a VPS for hosting our .onion website - -: done
  • -
  • -Funding for extending our domain name - -: Recovery of original domain secured until 2029
  • -
  • Funding for a decent mail hosting
  • -
  • Funding for a VPS for hosting various services
  • -
-

Donate anonymously using Monero (XMR):

-

Here is the address for the main project:

-
    -
  • 46crzj54eL493BA68pPT4A1MZyKQxrpZu9tVNsfsoa5nT85QqCt8cDTfy1fcTH1oyjdtUbhmpZ4QcVtfEXB337Ng6PS21ML
  • -
-

-

Donate using Bitcoin (BTC):

-

Here are the addresses for the main project:

-
    -
  • SegWit address: -bc1qp9g2c6dquh5lnvft50esxsl97kupdpyqyd4kkv
  • -
  • Legacy address: 1BBgBSVe6w4DWq2BewUQhDEjsNovhfPswD
  • -
-

____________________

-

Thank you for any contribution. All donations will be -mentioned within this file.

-

Donations log (UTC date/time):

-
    -
  • 2021-02-06 16:48: 0.1 XMR
  • -
  • 2021-03-15 00:09: 1.24869 mBTC
  • -
  • 2021-03-15 08:41: 0.07896 mBTC
  • -
  • 2021-03-31 16:28: 1 XMR (Special thanks for this very generous -donation)
  • -
  • 2021-04-03 22:31: 0.5 XMR (Special thanks for this very generous -donation)
  • -
  • 2021-05-07 06:22: 0.010433355105 XMR
  • -
  • 2021-06-16 03:05: 0.03 XMR
  • -
  • 2021-06-27 18:39: 0.05 XMR
  • -
  • 2021-07-12 07:24: 0.02 XMR
  • -
  • 2021-07-16 14:31: 0.1 mBTC
  • -
  • 2021-07-20 21:01: 0.058981 XMR
  • -
  • 2021-07-24 15:16: 0.000000000001 XMR
  • -
  • 2021-07-25 02:37: 0.000000000001 XMR
  • -
  • 2021-08-03 00:17: 0.04119191113 XMR
  • -
  • 2021-08-07 15:05: 0.206328241262 XMR
  • -
  • 2021-08-10 11:42: 0.21 mBTC
  • -
  • 2021-08-13 00:25: 0.25 XMR
  • -
  • 2021-08-14 04:58: 0.25588 mBTC
  • -
  • 2021-08-30 17:32: 0.000000000001 XMR
  • -
  • 2021-09-17 14:34: 0.018 XMR
  • -
  • 2021-10-01 06:23: 0.000000002137 XMR
  • -
  • 2021-10-02 19:16: 1 XMR (Special thanks for this very generous -donation)
  • -
  • 2021-10-17 15:40: 0.02 XMR
  • -
  • 2021-10-18 16:06: 0.1958 XMR
  • -
  • 2021-11-12 20:42: 0.02 XMR
  • -
  • 2021-11-14 18:28: 0.018 XMR
  • -
  • 2021-12-03 21:38: 0.10134722595 XMR
  • -
  • 2021-12-16 01:16: 1 XMR (Special thanks for this very generous -donation)
  • -
  • 2021-12-16 18:06: 0.017 XMR
  • -
  • 2022-01-09 17:54: 0.045918219893 XMR
  • -
  • 2022-01-15 17:35: 0.014 XMR
  • -
  • 2022-01-24 21:08: 0.010786 XMR
  • -
  • 2022-01-26 12:07: 0.010391 XMR
  • -
  • 2022-02-03 19:59: 0.013013984 XMR
  • -
  • 2022-02-18 17:27: 0.019 XMR
  • -
  • 2022-03-14 10:25: 0.0139887 XMR
  • -
  • 2022-07-30 03:51: 0.0222 XMR
  • -
  • 2022-09-28 05:13: 2 XMR
  • -
  • 2022-08-19 : SimpleLogin.io Premium Account for life (This -is not sponsoring/advertising)
  • -
  • 2022-09-19 : 0.345024603905 XMR (Thanks to Rick Deckhard which is -also one of our contributors)
  • -
-

Total Monero donations received: 7.101317184263 XMR -Total Bitcoin donations received: 1.89353 mBTC

-

Spendings log (UTC date):

-
    -
  • 2021-03-12: 0.08181086 XMR (+fees) for domain anonymousplanet.org (1 -year)
  • -
  • 2021-03-16: 1.20179 mBTC (+fees) for domain anonymousplanet.org -renewal (extension 3 years totalling 4 years)
  • -
  • 2021-04-01: 0.8317 XMR (+fees) for basic VPS for Tor Mirror -hosting
  • -
  • -2021-04-05: 0.99367 mBTC (+fees +exchange from XMR to BTC) for Mail -Hosting (1 year): Lost
  • -
  • -2021-04-13: 0.71895 mBTC (+fees +exchange from XMR to BTC) for Mail -Hosting (extension to 2 years) - -: Lost
  • -
  • 2021-04-25: 0.02892 mBTC (Wallet to Wallet transfer fee)
  • -
  • 2021-07-13: 0.78463 mBTC (+fees +exchange from BTC to XMR) for -consoliation
  • -
  • -2021-07-13: 0.067261698061 XMR (+fees) for a Tor Exit Node (01) Hosting -(3 months) - -: Lost
  • -
  • -2021-07-15: 0.151959953047 XMR (+fees) for a Tor Exit Node (02) Hosting -(6 months) - -: Lost
  • -
  • -2021-08-16: 0.253331471239 XMR (+fees) for a Tor Exit Node (03) Hosting -(12 months) - -: Lost
  • -
  • 2021-08-18: AtomicSwap conversion from remaining mBTC (-0.56588) to -XMR (+0.081904862179)
  • -
  • -2021-08-19: 0.0644 XMR (+fees) for Mail Hosting extension - -: Lost
  • -
  • -2021-09-18: 0.246971511836 XMR (+fees) for renewal 1 year of Tor Exit -Node 01 - -: Lost
  • -
  • 2021-10-04: 0.26954 XMR (+fees) for securing the anonymousplanet.org -domain name until 2029
  • -
  • -2021-10-06: 0.236073464623 XMR (+fees) for a Tor Exit Node (04) Hosting -(12 months) - -: Lost
  • -
  • -2021-10-18: 0.01952 XMR (+fees) for testing a new VPS hosting provider -(Privex.io) for one month - -: Ended
  • -
  • -2021-10-30: 0.240787814495 XMR (+fees) for a Synapse Hosting VPS (12 -months) with bots to help grow the community. This is a test program -that will be converted into a Tor Exit Node in case of failure - -: Lost
  • -
  • -2022-01-01: 0.28055816111 XMR (+fees) for renewal 1 year of Tor Exit -Node 02 - -: Lost
  • -
  • -2022-02-02: 0.966793601024 XMR (+fees) for sponsoring a related external -special project in line with the Universal Declaration of Human Rights -(details will remain indisclosed to protect project members) - -: Lost
  • -
  • 2022-07-11: 0.503232784687 XMR (+fees) for 1984.is VPS (12 -months):
  • -
  • 2022-09-19: 0.345024603905 XMR (+fees) for upgrading VPS -RAM/Disk
  • -
-

Total Monero remaining: 2.059336719397 XMR Total -Bitcoin remaining: 0 mBTC

- - diff --git a/export/donations.html.asc b/export/donations.html.asc deleted file mode 100644 index 8454f01b..00000000 --- a/export/donations.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQCQAKCRAhq2tqbLLD -Nzx6AP9bYtashswDV1PpLo2uWUgYs4Dx+fuiYUy4snAHcz/6OQEA5VXWo/IpeRUi -PPmCg/6G5m+pL+3IIYzPmodToPx2YAA= -=Qcz6 ------END PGP SIGNATURE----- diff --git a/export/donations.html.minisig b/export/donations.html.minisig deleted file mode 100644 index 2242450e..00000000 --- a/export/donations.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pOjrC0caWDaxfjcw4tutrS1O0rqUp4lC7Zya6ulMKtt8MAeO4MrwQ+/BHRdewww/TgJFONrYULskB7MuclKYg0= -trusted comment: timestamp:1691602955 file:donations.html hashed -Q6K2khhCljaeAoh7gVySAvRoieiDD+USfrUBs28E2CE6yHBMjH4HtUMFvqYM3zTEHS6vyY0y6LfyRzMeyLZeDA== diff --git a/export/donations.odt b/export/donations.odt deleted file mode 100644 index 81ac76e6..00000000 Binary files a/export/donations.odt and /dev/null differ diff --git a/export/donations.odt.asc b/export/donations.odt.asc deleted file mode 100644 index b23f0e93..00000000 --- a/export/donations.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQCwAKCRAhq2tqbLLD -N3SkAPwNChQuuHkxipGh8Q95ZYTLpqU2vKu2t8pGhk/cvQE04QD/do5JSkiXtCqP -ILnuOu7PPAhuNCQGYoGMrI8fS6KFBwA= -=UD7G ------END PGP SIGNATURE----- diff --git a/export/donations.odt.minisig b/export/donations.odt.minisig deleted file mode 100644 index f6066230..00000000 --- a/export/donations.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/ogfIWcRb36o5hYVIKOa/qxMyMpbTEgIyCi0h2ymuFTna5lfq6q0nZ5CcxpOQBf60qAgi2c+tzOu69G+ToQwSA4= -trusted comment: timestamp:1691602956 file:donations.odt hashed -DkfrLd/uSU2nztR9cyyMKlf62Cs6/EGQ9fOXIMskhudJBYH+wY1+u6Qb6swW/qKemgr3wW9uGBGQsT4uhhU2DQ== diff --git a/export/donations.pdf b/export/donations.pdf deleted file mode 100644 index 1827fff7..00000000 Binary files a/export/donations.pdf and /dev/null differ diff --git a/export/donations.pdf.asc b/export/donations.pdf.asc deleted file mode 100644 index c93fde56..00000000 --- a/export/donations.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQDAAKCRAhq2tqbLLD -NyKqAP0QsEFeUdzOzO3Ud/ZS4WOhAt+WE8467ny91pNrUivzeQD/dVdWZC4LFlt+ -GcFVQv6Vg4o4iw2RTqQGiHLf3L4CfQQ= -=uyoq ------END PGP SIGNATURE----- diff --git a/export/donations.pdf.minisig b/export/donations.pdf.minisig deleted file mode 100644 index 60f5dee9..00000000 --- a/export/donations.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/u3amNykiBYffKBXXibi6yFIc38T6zbshTdYNrGCvm+HMQAGUExEYn+vqsxx7P+NaaIkQOFuMI1mNNya/lkmkAE= -trusted comment: timestamp:1691602958 file:donations.pdf hashed -LrCyI4kE90T0hTs5cIRdzOSP5qSRYuJMX/15XR8lEChQxbruqIkH6UGkQ1SV1+rJzg3Tb6XTqsFtCFagq0RxCQ== diff --git a/export/guide.html b/export/guide.html deleted file mode 100644 index 30097a7a..00000000 --- a/export/guide.html +++ /dev/null @@ -1,20224 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

The Hitchhiker’s -Guide to Online Anonymity

-

(Or “How I learned to start worrying and love privacy -anonymity”)

-

Version v1.1.9, August 2023 by Anonymous Planet

-

IMPORTANT -RECOMMENDATION FOR UKRAINIANS. ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ -УКРАЇНЦІВ

-

Це послання до народу України. Ми настійно рекомендуємо вам -використовувати Briar для спілкування. Ви можете знайти його тут: -<https://briarproject.org/ . За допомогою цієї програми ви можете -спілкуватися, навіть коли немає Інтернету. Посібник тут: https://briarproject.org/manual/uk/, Швидкий початок: https://briarproject.org/quick-start/uk/

-
-

This is a message for the people of Ukraine. We strongly recommend -that you use Briar for communicating. You can find it here: https://briarproject.org/ With this application, you can -communicate even when there is no internet. The manual is here: https://briarproject.org/manual/, quick-start guide -here: https://briarproject.org/quick-start/

-
-

This guide is a work in progress. It will probably -never be “finished”.

-

No affiliation with the Anonymous -[Wikiless] -[Archive.org] -collective/movement.

-

There might be some wrong or outdated information in this -guide because no one is perfect.

-

Your experience may vary. Remember to check regularly for an -updated version of this guide.

-

This guide is a non-profit open-source initiative, licensed under -Creative Commons Attribution-NonCommercial 4.0 -International (cc-by-nc-4.0 -[Archive.org]).

- -

Feel free to submit issues (please do report anything -wrong) using GitHub Issues at: https://github.com/Anon-Planet/thgtoa/issues

-

Feel free to come to discuss ideas at:

- -

Follow us on:

- -

To contact me, see the updated information on the website or send an -e-mail to

-

Please consider donating if you -enjoy the project and want to support the hosting fees or support the -funding of initiatives like the hosting of Tor Exit Nodes.

-

There are several ways you could read this guide:

- -

Precautions while reading this guide and accessing the various -links:

-
    -
  • Documents/Files have a -[Archive.org] link next to them for accessing content -through Archive.org for increased privacy and in case the content goes -missing. Some links are not yet archived or outdated on archive.org in -which case we encourage you to ask for a new save if possible.

  • -
  • YouTube Videos have a -[Invidious] link next to them for accessing content -through an Invidious Instance (in this case yewtu.be hosted in the -Netherlands) for increased privacy. It is recommended to use these links -when possible. See https://github.com/iv-org/invidious [Archive.org] -for more information.

  • -
  • Twitter links have a [Nitter] -link next to them for accessing content through a Nitter Instance (in -this case nitter.net) for increased privacy. It is recommended to use -these links when possible. See https://github.com/zedeus/nitter [Archive.org] -for more information.

  • -
  • Wikipedia links have a -[Wikiless] link next to them for accessing content -through a Wikiless Instance (in this case Wikiless.org) for increased -privacy. It is recommended to use these links when possible. See https://codeberg.org/orenom/wikiless [Archive.org] -for more information.

  • -
  • Medium links have [Scribe.rip] -link next to them for accessing content through a Scribe.rip Instance -for increased privacy. Again, it is recommended to use these links when -possible. See https://scribe.rip/ [Archive.org] -for more information.

  • -
  • If you are reading this in PDF or ODT format, you will notice -plenty of ``` in place of double quotes (““). These ``` are there to -ease conversion into Markdown/HTML format for online viewing of code -blocks on the website.

  • -
-

If you do not want the hassle and use one of the browsers below, you -could also just install the following extension on your browser: https://libredirect.github.io/ [Archive.org]:

- -

If you are having trouble accessing any of the many academic -articles referenced in this guide due to paywalls, feel free to use -Sci-Hub (https://en.wikipedia.org/wiki/Sci-Hub [Wikiless] [Archive.org]) -or LibGen (https://en.wikipedia.org/wiki/Library_Genesis -[Wikiless] -[Archive.org]) -for finding and reading them. Because Science should be free. All of it. -If you are faced with a paywall accessing some resources, consider using -https://12ft.io/.

-

Finally note that this guide does mention and even recommends various -commercial services (such as VPNs, CDNs, e-mail providers, hosting -providers…) but is not endorsed or sponsored by any of them in -any way. There are no referral links and no commercial ties with any of -these providers. This project is 100% non-profit and only relying on -donations.

-

Contents:

- -

Pre-requisites and -limitations:

-

Pre-requisites:

-
    -
  • Understanding of the English language (in this case American -English).

  • -
  • Be a permanent resident in Germany where the courts have upheld -the legality of not using real names on online platforms (§13 VI of the -German Telemedia Act of 200712). -Alternatively, be a resident of any other country where you can -confirm and verify the legality of this guide -yourself.

  • -
  • This guide will assume you already have access to some -(Windows/Linux/macOS) laptop computer - ideally not a work/shared device -- and a basic understanding of how computers work.

  • -
  • Have patience, as this process could take several weeks to -complete if you want to go through all the content.

  • -
  • Have some free time on your hands to dedicate to this process -(depending on which route you pick).

  • -
  • Be prepared to read a lot of references (do read them), guides -(do not skip them), and tutorials thoroughly (do not skip them -either).

  • -
  • Don’t be evil (for real this time)3.

  • -
  • Understand that there is no common path that will be both quick -and easy.

  • -
-

Limitations:

-

This guide is not intended for:

-
    -
  • Creating bot accounts of any kind.

  • -
  • Creating impersonation accounts of existing people (such as -identity theft).

  • -
  • Helping malicious actors conduct unethical, criminal, or illicit -activities (such as trolling, stalking, disinformation, misinformation, -harassment, bullying, or fraud).

  • -
  • Use by minors.

  • -
-

Introduction:

-

TLDR for the whole guide: “A strange game. The only winning -move is not to play” 4.

-

Making a social media account with a pseudonym or artist/brand name -is easy. And it is enough in most use cases to protect your identity as -the next George Orwell. There are plenty of people using pseudonyms all -over Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/… But -the vast majority of those are anything but anonymous and can easily be -traced to their real identity by your local police officers, random -people within the OSINT5 (Open-Source Intelligence) -community, and trolls6 on 4chan7.

-

This is a good thing as most criminals/trolls are not tech-savvy and -will usually be identified with ease. But this is also a terrible thing -as most political dissidents, human rights activists and whistleblowers -can also be tracked rather easily.

-

This guide aims to provide an introduction to various -de-anonymization techniques, tracking techniques, ID verification -techniques, and optional guidance to creating and maintaining -reasonably and truly online anonymous identities -including social media accounts safely. This includes mainstream -platforms and not only the privacy-friendly ones.

-

It is important to understand that the purpose of this guide is -anonymity and not just privacy but much of the guidance you will find -here will also help you improve your privacy and security even if you -are not interested in anonymity. There is an important overlap in -techniques and tools used for privacy, security, and anonymity but they -differ at some point:

-
    -
  • Privacy is about people knowing who you are but not -knowing what you are doing.

  • -
  • Anonymity is about people knowing what you are doing but -not knowing who you are 8.

  • -
-
-image01 - -
-

(Illustration from9)

-

Will this guide help you protect yourself from the NSA, the FSB, Mark -Zuckerberg, or the Mossad if they are out to find you? Probably not … -Mossad will be doing “Mossad things” 10 -and will probably find you no matter how hard you try to hide11.

-

You must consider your threat model12 -before going further.

-
-image02 - -
-

(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC -2.5)

-

Will this guide help you protect your privacy from OSINT researchers -like Bellingcat13, Doxing14 -trolls on 4chan15, and others that have no access to -the NSA toolbox? More likely. Tho we would not be so sure about -4chan.

-

Here is a basic simplified threat model for this guide:

-
-image40 - -
-

(Note that the “magical amulets/submarine/fake your own death” jokes -are quoted from the excellent article “This World of Ours” by James -Mickens, 2014.16)

-

Disclaimer: Jokes aside (magical amulet…). Of course, there are also -advanced ways to mitigate attacks against such advanced and skilled -adversaries but those are just out of the scope of this guide. It is -crucially important that you understand the limits of the threat model -of this guide. And therefore, this guide will not double in size to help -with those advanced mitigations as this is just too complex and will -require an exceedingly high knowledge and skill level that is not -expected from the targeted audience of this guide.

-

The EFF provides a few security scenarios of what you should consider -depending on your activity. While some of those tips might not be within -the scope of this guide (more about Privacy than Anonymity), they are -still worth reading as examples. See https://ssd.eff.org/en/module-categories/security-scenarios -[Archive.org].

-

If you want to go deeper into threat modeling, see Appendix B3: Threat -modeling resources.

-

You might think this guide has no legitimate use but there are many17181920212223 -such as:

-
    -
  • Evading Online Censorship24

  • -
  • Evading Online Oppression

  • -
  • Evading Online Stalking, Doxxing, and Harassment

  • -
  • Evading Online Unlawful Government Surveillance

  • -
  • Anonymous Online Whistle Blowing

  • -
  • Anonymous Online Activism

  • -
  • Anonymous Online Journalism

  • -
  • Anonymous Online Legal Practice

  • -
  • Anonymous Online Academic Activities (For instance accessing -scientific research where such resources are blocked). See note -below.

  • -
  • -
-

This guide is written with hope for those good-intended -individuals who might not be knowledgeable enough to consider -the big picture of online anonymity and privacy.

-

Lastly, use it at your own risk. Anything in here is not -legal advice and you should verify compliance with your local law before -use (IANAL25). “Trust but -verify”26 all the information -yourself (or even better, “Never Trust, always verify”27). We strongly encourage you -to inform yourself and do not hesitate to check any information in this -guide with outside sources in case of doubt. Please do report any -mistake you spot to us as we welcome criticism. Even harsh but sound -criticism is welcome and will result in having the necessary corrections -made as quickly as possible.

-

Understanding -some basics of how some information can lead back to you and how to -mitigate some:

-

There are many ways you can be tracked besides browser cookies and -ads, your e-mail, and your phone number. And if you think only the -Mossad or the NSA/FSB can find you, you would be wrong.

-

First, you could also consider these more general resources on -privacy and security to learn more basics:

- -

Note that these websites could contain affiliate/sponsored -content and/or merchandising. This guide does not endorse and is not -sponsored by any commercial entity in any way.

-

If you skipped those, you should really still consider viewing this -YouTube playlist from the Techlore Go Incognito project (https://github.com/techlore-official/go-incognito -[Archive.org]) -as an introduction before going further: https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO -[Invidious]. -This guide will cover many of the topics in the videos of this playlist -with more details and references as well as some added topics not -covered within that series. This will just take you 2 or 3 hours to -watch it all.

-

Now, here is a non-exhaustive list of some of the many ways -you could be tracked and de-anonymized:

-

Your Network:

-

Your IP address:

-

Disclaimer: this whole paragraph is about your public-facing -Internet IP and not your local network IP.

-

Your IP address28 is the most known and obvious way -you can be tracked. That IP is the IP you are using at the source. This -is where you connect to the internet. That IP is usually provided by -your ISP (Internet Service Provider) (xDSL, Mobile, Cable, Fiber, Cafe, -Bar, Friend, Neighbor). Most countries have data retention regulations29 that mandate keeping logs of who is -using what IP at a certain time/date for up to several years or -indefinitely. Your ISP can tell a third party that you were using a -specific IP at a specific date and time, years after the fact. If that -IP (the original one) leaks at any point for any reason, it can be used -to track down you directly. In many countries, you will not be able to -have internet access without providing some form of identification to -the provider (address, ID, real name, e-mail …).

-

Needless to say, that most platforms (such as social networks) will -also keep (sometimes indefinitely) the IP addresses you used to sign-up -and sign into their services.

-

Here are some online resources you can use to find some information -about your current public IP right now:

- -

For those reasons, you will need to obfuscate and hide that origin IP -(the one tied to your identification) or hide it through a combination -of various means:

-
    -
  • Using a public Wi-Fi service (free).

  • -
  • Using the Tor Anonymity Network30 -(free).

  • -
  • Using VPN31 services anonymously (anonymously -paid with cash or Monero).

  • -
-

Do note that, unfortunately, these solutions are not perfect, and you -will experience performance issues32.

-

All those will be explained later in this guide.

-

Your DNS and IP requests:

-

DNS stands for “Domain Name System”33 -and is a service used by your browser (and other apps) to find the IP -addresses of a service. It is a huge “contact list” (phone book for -older people) that works like asking it a name and it returns the number -to call. Except it returns an IP instead.

-

Every time your browser wants to access a certain service such as -Google through www.google.com. Your Browser (Chrome or Firefox) will -query a DNS service to find the IP addresses of the Google web -servers.

-

Here is a video explaining DNS visually if you are already lost: https://www.youtube.com/watch?v=vrxwXXytEuI [Invidious]

-

Usually, the DNS service is provided by your ISP and automatically -configured by the network you are connecting to. This DNS service could -also be subject to data retention regulations or will just keep logs for -other reasons (data collection for advertising purposes for instance). -Therefore, this ISP will be capable of telling everything you did online -just by looking at those logs which can, in turn, be provided to an -adversary. Conveniently this is also the easiest way for many -adversaries to apply censoring or parental control by using DNS -blocking34. The provided DNS servers will give -you a different address (than their real one) for some websites (like -redirecting thepiratebay.org to some government website). Such blocking -is widely applied worldwide for certain sites35.

-

Using a private DNS service or your own DNS service would mitigate -these issues, but the other problem is that most of those DNS requests -are by default still sent in clear text (unencrypted) over the network. -Even if you browse PornHub in an incognito Window, using HTTPS and using -a private DNS service, chances are exceedingly high that your browser -will send a clear text unencrypted DNS request to some DNS servers -asking basically “So what’s the IP address of www.pornhub.com?”.

-

Because it is not encrypted, your ISP and/or any other adversary -could still intercept (using a Man-in-the-middle attack36) -your request will know and possibly log what your IP was looking for. -The same ISP can also tamper with the DNS responses even if you are -using a private DNS. Rendering the use of a private DNS service -useless.

-

As a bonus, many devices and apps will use hardcoded DNS servers -bypassing any system setting you could set. This is for example the case -with most (70%) Smart TVs and a large part (46%) of Game Consoles37. For these devices, you will have -to force them38 to stop using their hardcoded DNS -service which could make them stop working properly.

-

A solution to this is to use encrypted DNS using DoH (DNS over -HTTPS39), DoT (DNS over TLS40) -with a private DNS server (this can be self-hosted locally with a -solution like pi-hole41, remotely hosted with a solution -like nextdns.io or using the solutions provided by your VPN provider or -the Tor network). This should prevent your ISP or some go-between from -snooping on your requests … except it might not.

-

Small in-between Disclaimer: This guide does not necessarily -endorse or recommend Cloudflare services even if it is mentioned several -times in this section for technical understanding.

-

Unfortunately, the TLS protocol used in most HTTPS connections in -most Browsers (Chrome/Brave among them) will leak the Domain Name again -through SNI42 handshakes (this can be checked -here at Cloudflare: https://www.cloudflare.com/ssl/encrypted-sni/ [Archive.org] -). As of the writing of this guide, only Firefox-based browsers -supports ECH (Encrypted Client Hello43 -previously known as eSNI44) on some websites which -will encrypt everything end to end (in addition to using a secure -private DNS over TLS/HTTPS) and will allow you to hide your DNS requests -from a third party45. And -this option is not enabled by default either so you will have to enable -it yourself.

-

-

In addition to limited browser support, only web Services and CDNs46 behind Cloudflare CDN support -ECH/eSNI at this stage47. This means that ECH and eSNI are -not supported (as of the writing of this guide) by most mainstream -platforms such as:

-
    -
  • Amazon (including AWS, Twitch…)

  • -
  • Microsoft (including Azure, OneDrive, Outlook, Office -365…)

  • -
  • Google (including Gmail, Google Cloud…)

  • -
  • Apple (including iCloud, iMessage…)

  • -
  • Reddit

  • -
  • YouTube

  • -
  • Facebook

  • -
  • Instagram

  • -
  • Twitter

  • -
  • GitHub

  • -
  • -
-

Some countries like Russia48 and China49 might (unverified despite the -articles) block ECH/eSNI handshakes at the network level to allow -snooping and prevent bypassing censorship. Meaning you will not be able -to establish an HTTPS connection with a service if you do not allow them -to see what it was.

-

The issues do not end here. Part of the HTTPS TLS validation is -called OCSP50 and this protocol used by -Firefox-based browsers will leak metadata in the form of the serial -number of the certificate of the website you are visiting. An adversary -can then easily find which website you are visiting by matching the -certificate number51. This issue can be mitigated by -using OCSP stapling52. Unfortunately, this is enabled but -not enforced by default in Firefox/Tor Browser. But the website you are -visiting must also be supporting it and not all do. Chromium-based -browsers on the other hand use a different system called CRLSets5354 -which is arguably better.

-

Here is a list of how various browsers behave with OCSP: https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/ -[Archive.org]

-

Here is an illustration of the issue you could encounter on -Firefox-based browsers:

-

-

Finally, even if you use a custom encrypted DNS server (DoH or DoT) -with ECH/eSNI support and OCSP stapling, it might still not be enough as -traffic analysis studies55 have shown it is still -possible to reliably fingerprint and block unwanted requests. Only DNS -over Tor was able to show efficient DNS Privacy in recent studies but -even that can still be defeated by other means (see Your Anonymized Tor/VPN -traffic).

-

One could also decide to use a Tor Hidden DNS Service or ODoH -(Oblivious DNS over HTTPS56) to further increase -privacy/anonymity but unfortunately, as far as we know, -these methods are only provided by Cloudflare as of this writing (https://blog.cloudflare.com/welcome-hidden-resolver/ -[Archive.org], -https://blog.cloudflare.com/oblivious-dns/ [Archive.org]). -These are workable and reasonably secure technical options but there is -also a moral choice if you want to use Cloudflare or not (despite the -risk posed by some researchers57).

-

Note that Oblivious DNS addresses an adversary that -eavesdrops on one of the connections listed here but not all. It does -not address a global passive adversary (GPA) who can eavesdrop on many -or all of these connections: - traffic between the client -resolver and the recursive resolver - the recursive resolver and the -ODNS resolver - the ODNS resolver and an authoritative server.

-

Lastly, there is also this new possibility called DoHoT which stands -for DNS over HTTPS over Tor which could also further increase your -privacy/anonymity and which you could consider if you are more skilled -with Linux. See https://github.com/alecmuffett/dohot [Archive.org]. -This guide will not help you with this one at this stage, but it might -be coming soon.

-

Here is an illustration showing the current state of DNS and HTTPS -privacy based on our current knowledge.

-

-

As for your normal daily use (non-sensitive), remember that only -Firefox-based browsers support ECH (formerly eSNI) so far and that it is -only useful with websites hosted behind Cloudflare CDN at this stage. If -you prefer a Chrome-based version (which is understandable for some due -to some better-integrated features like on-the-fly Translation), then we -would recommend the use of Brave instead which supports all Chrome -extensions and offers much better privacy than Chrome.

-

But the story does not stop there right. Now because after all this, -even if you encrypt your DNS and use all possible mitigations. Simple IP -requests to any server will probably allow an adversary to still detect -which site you are visiting. And this is simply because the majority of -websites have unique IPs tied to them as explained here: https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/ -[Archive.org]. -This means that an adversary can create a dataset of known websites for -instance including their IPs and then match this dataset against the IP -you ask for. In most cases, this will result in a correct guess of the -website you are visiting. This means that despite OCSP stapling, despite -ECH/eSNI, despite using Encrypted DNS … An adversary can still guess the -website you are visiting anyway.

-

Therefore, to mitigate all these issues (as much as possible and as -best as we can), this guide will later recommend two solutions: Using -Tor and a virtualized (See Appendix W: -Virtualization) multi-layered solution of VPN over Tor solution (DNS -over VPN over Tor or DNS over TOR). Other options will also be explained -(Tor over VPN, VPN only, No Tor/VPN) but are less recommended.

-

Your RFID enabled devices:

-

RFID stands for Radio-frequency identification58, -it is the technology used for instance for contactless payments and -various identification systems. Of course, your smartphone is among -those devices and has RFID contactless payment capabilities through -NFC59. As with everything else, such -capabilities can be used for tracking by various actors.

-

But unfortunately, this is not limited to your smartphone, and you -also probably carry some amount of RFID enabled device with you all the -time such as:

-
    -
  • Your contactless-enabled credit/debit cards

  • -
  • Your store loyalty cards

  • -
  • Your transportation payment cards

  • -
  • Your work-related access cards

  • -
  • Your car keys

  • -
  • Your national ID or driver license

  • -
  • Your passport

  • -
  • The price/anti-theft tags on object/clothing

  • -
  • -
-

While all these cannot be used to de-anonymize you from a remote -online adversary, they can be used to narrow down a search if your -approximate location at a certain time is known. For instance, you -cannot rule out that some stores will effectively scan (and log) all -RFID chips passing through the door. They might be looking for their -loyalty cards but are also logging others along the way. Such RFID tags -could be traced to your identity and allow for de-anonymization.

-

More information over at Wikipedia: https://en.wikipedia.org/wiki/Radio-frequency_identification#Security_concerns -[Wikiless] -[Archive.org] -and https://en.wikipedia.org/wiki/Radio-frequency_identification#Privacy -[Wikiless] -[Archive.org]

-

The only way to mitigate this problem is to have no RFID tags on you -or to shield them again using a type of Faraday cage. You could also use -specialized wallets/pouches that specifically block RFID communications. -Many of those are now made by well-known brands such as Samsonite60. You should just not carry such -RFID devices while conducting sensitive activities.

-

See Appendix -N: Warning about smartphones and smart devices

-

The Wi-Fi and -Bluetooth devices around you:

-

Geolocation is not only done by using mobile antennas triangulation. -It is also done using the Wi-Fi and Bluetooth devices around you. -Operating systems makers like Google (Android61) -and Apple (IOS62) maintain a convenient database of -most Wi-Fi access points, Bluetooth devices, and their location. When -your Android smartphone or iPhone is on (and not in Plane mode), it will -scan actively (unless you specifically disable this feature in the -settings) Wi-Fi access points, and Bluetooth devices around you and will -be able to geolocate you with more precision than when using a GPS.

-

This active and continuous probing can then be sent back to -Google/Apple/Microsoft as part of their Telemetry. The issue is that -this probing is unique and can be used to uniquely identify a user and -track such user. Shops, for example, can use this technique to -fingerprint customers including when they return, where they go in the -shop and how long they stay at a particular place. There are several -papers6364 -and articles65 describing this issue in depth.

-

This allows them to provide accurate locations even when GPS is off, -but it also allows them to keep a convenient record of all Wi-Fi -Bluetooth devices all over the world. Which can then be accessed by them -or third parties for tracking.

-

Note: If you have an Android smartphone, Google probably knows where -it is no matter what you do. You cannot really trust the settings. The -whole operating system is built by a company that wants your data. -Remember that if it is free then you are the product.

-

But that is not what all those Wi-Fi access points can do. Recently -developed techs could even allow someone to track your movements -accurately just based on radio interferences. What this means is that it -is possible to track your movement inside a room/building based on the -radio signals passing through. This might seem like a tinfoil hat -conspiracy theory claim but here are the references66 -with demonstrations showing this tech in action: http://rfpose.csail.mit.edu/ [Archive.org] -and the video here: https://www.youtube.com/watch?v=HgDdaMy8KNE [Invidious]

-

Other researchers have found a way to count the people in a defined -space using only Wi-Fi, see https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you -[Archive.org]

-

You could therefore imagine many use cases for such technologies like -recording who enters specific buildings/offices (hotels, hospitals, or -embassies for instance) and then discover who meets who and thereby -tracking them from outside. Even if they have no smartphone on them.

-

-

Again, such an issue could only be mitigated by being in a -room/building that would act as a Faraday cage.

-

Here is another video of the same kind of tech in action: https://www.youtube.com/watch?v=FDZ39h-kCS8 [Invidious]

-

See Appendix -N: Warning about smartphones and smart devices

-

There is not much you can do about these. Besides being -non-identifiable in the first place.

-

Malicious/Rogue Wi-Fi Access -Points:

-

These have been used at least since 2008 using an attack called -“Jasager”67 and can be done by anyone using -self-built tools or using commercially available devices such as Wi-Fi -Pineapple68.

-

Here are some videos explaining more about the topic:

- -

These devices can fit in a small bag and can take over the Wi-Fi -environment of any place within their range. For instance, a -Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients -to disconnect from their current Wi-Fi (using de-authentication, -disassociation attacks69) while spoofing the normal Wi-Fi -networks at the same location. They will continue to perform this attack -until your computer, or you decide to try to connect to the rogue -AP.

-

These devices can then mimic a captive portal70 -with the exact same layout as the Wi-Fi you are trying to access (for -instance an Airport Wi-Fi registration portal). Or they could just give -you unrestricted access internet that they will themselves get from the -same place.

-

Once you are connected through the Rogue AP, this AP will be able to -execute various man-in-the-middle attacks to perform analysis on your -traffic. These could be malicious redirections or simple traffic -sniffing. These can then easily identify any client that would for -instance try to connect to a VPN server or the Tor Network.

-

This can be useful when you know someone you want to de-anonymize is -in a crowded place, but you do not know who. This would allow such an -adversary to possibly fingerprint any website you visit despite the use -of HTTPS, DoT, DoH, ODoH, VPN, or Tor using traffic analysis as pointed -above in the DNS section.

-

These can also be used to carefully craft and serve you advanced -phishing webpages that would harvest your credentials or try to make you -install a malicious certificate allowing them to see your encrypted -traffic.

-

How to mitigate those? If you do connect to a public wi-fi access -point, use Tor, or use a VPN and then Tor (Tor over VPN) or even (VPN -over Tor) to obfuscate your traffic from the rogue AP while still using -it.

-

Your Anonymized Tor/VPN -traffic:

-

Tor and VPNs are not silver bullets. Many advanced techniques have -been developed and studied to de-anonymize encrypted Tor traffic over -the years71. Most of those techniques are -Correlation attacks that will correlate your network traffic in one way -or another to logs or datasets. Here are some examples:

-
    -
  • Correlation Fingerprinting Attack: As illustrated -(simplified) below, this attack will fingerprint your encrypted Tor -traffic (like the websites you visited) based on the analysis of your -encrypted traffic without decrypting it. Some of those methods can do so -with a 96% success rate in a closed-world setting. -The efficacy of those methods in a real open-world -setting has not been demonstrated yet and would -probably require tremendous resources computing power making it very -unlikely that such techniques would be used by a local adversary in the -near future. Such techniques could however hypothetically be -used by an advanced and probably global adversary with access to your -source network to determine some of your activity. Examples of those -attacks are described in several research papers727374 -as well as their limitations75. The Tor Project -itself published an article about these attacks with some mitigations: -https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations -[Archive.org].
  • -
-

-
    -
  • Correlation Timing Attacks: As illustrated -(simplified) below, an adversary that has access to network connection -logs (IP or DNS for instance, remember that most VPN servers and most -Tor nodes are known and publicly listed) at the source and the -destination could correlate the timings to de-anonymize you without -requiring any access to the Tor or VPN network in between. A real use -case of this technique was done by the FBI in 2013 to de-anonymize76 a bomb threat hoax at Harvard -University.
  • -
-

-
    -
  • Correlation Counting Attacks: As illustrated -(simplified) below, an adversary that has no access to detailed -connection logs (cannot see that you used Tor or Netflix) but has access -to data counting logs could see that you have downloaded 600MB on a -specific time/date that matches the 600MB upload at the destination. -This correlation can then be used to de-anonymize you over time.
  • -
-

-

There are ways to mitigate these such as:

-
    -
  • Do not use Tor/VPNs to access services that are on the same -network (ISP) as the destination service. For example, do not connect to -Tor from your University Network to access a University Service -anonymously. Instead, use a different source point (such as a public -Wi-Fi) that cannot be correlated easily by an adversary.

  • -
  • Do not use Tor/VPN from an obviously heavily monitored network -(such as a corporate/governmental network) but instead try to find an -unmonitored network such as a public Wi-Fi or a residential -Wi-Fi.

  • -
  • Consider the use of multiple layers (such as what will be -recommended in this guide later: VPN over Tor) so that an adversary -might be able to see that someone connected to the service through Tor -but will not be able to see that it was you because you were connected -to a VPN and not the Tor Network.

  • -
-

Be aware again that this might not be enough against a motivated -global adversary77 with wide access to global mass -surveillance. Such an adversary might have access to logs no matter -where you are and could use those to de-anonymize you. Usually, these -attacks are part of what is called a Sybil Attack78. -These adversaries are out of the scope of this -guide.

-

Be also aware that all the other methods described in this guide such -as Behavioral analysis can also be used to deanonymize Tor users -indirectly (see further Your -Digital Fingerprint, Footprint, and Online Behavior).

-

I also strongly recommend reading this very good, complete, and -thorough (and more detailed) guide on most known Attack Vectors on Tor: -https://github.com/Attacks-on-Tor/Attacks-on-Tor [Archive.org] -as well as this recent research publication https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research -[Archive.org]

-

As well as this great series of blog posts: https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html -[Archive.org]

-

Recently, one of these attacks was attempted on the Tor Network with -more information here: https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/ -[Archive.org]

-

Lastly, do remember that using Tor can already be considered -suspicious activity79, and its use could be considered -malicious by some80.

-

This guide will later propose some mitigations to such attacks by -changing your origin from the start (using public wi-fi’s for instance). -Remember that such attacks are usually carried by highly skilled, highly -resourceful, and motivated adversaries and are out of scope from this -guide. It is also recommended that you learn about practical correlation -attacks, as performed by intelligence agencies: https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo -[Archive.org]

-

Disclaimer: it should also be noted that Tor is not designed -to protect against a global adversary. For more information see https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf -[Archive.org] -and specifically, “Part 3. Design goals and assumptions.”.

-

Some Devices can -be tracked even when offline:

-

You have seen this in action/spy/Sci-Fi movies and shows, the -protagonists always remove the battery of their phones to make sure it -cannot be used. Most people would think that’s overkill. Well, -unfortunately, no, this is now becoming true at least for some -devices:

-
    -
  • iPhones and iPads (IOS 13 and above)8182

  • -
  • Samsung Phones (Android 10 and above)83

  • -
  • MacBooks (macOS 10.15 and above)84

  • -
-

Such devices will continue to broadcast identity information to -nearby devices even when offline using Bluetooth Low-Energy85. They do not have access to the -devices directly (which are not connected to the internet) but instead -use BLE to find them through other nearby devices86. -They are using peer-to-peer short-range Bluetooth communication to -broadcast their status through nearby online devices.

-

They could now find such devices and keep the location in some -database that could then be used by third parties or themselves for -various purposes (including analytics, advertising, or -evidence/intelligence gathering).

-

See Appendix -N: Warning about smartphones and smart devices

-

TLDR: Do not take such devices with you when conducting sensitive -activities.

-

Your Hardware Identifiers:

-

Your IMEI -and IMSI (and by extension, your phone number):

-

The IMEI (International Mobile Equipment Identity87) -and the IMSI (International Mobile Subscriber Identity88) -are unique numbers created by cell phone manufacturers and cell phone -operators.

-

The IMEI is tied directly to the phone you are using. This number is -known and tracked by the cell phone operators and known by the -manufacturers. Every time your phone connects to the mobile network, it -will register the IMEI on the network along with the IMSI (if a SIM card -is inserted but that is not even needed). It is also used by many -applications (Banking apps abusing the phone permission on Android for -instance89) and smartphone Operating Systems -(Android/IOS) for identification of the device90. -It is possible but difficult (and not illegal in many jurisdictions91) to change the IMEI on a phone but -it is probably easier and cheaper to just find and buy some old -(working) Burner phone for a few Euros (this guide is for Germany -remember) at a flea market or some random small shop.

-

The IMSI is tied directly to the mobile subscription or pre-paid plan -you are using and is tied to your phone number by your mobile provider. -The IMSI is hardcoded directly on the SIM card and cannot be changed. -Remember that every time your phone connects to the mobile network, it -will also register the IMSI on the network along with the IMEI. Like the -IMEI, the IMSI is also being used by some applications and smartphone -Operating systems for identification and is being tracked. Some -countries in the EU for instance maintain a database of IMEI/IMSI -associations for easy querying by Law Enforcement.

-

Today, giving away your (real) phone number is the same or better -than giving away your Social Security number/Passport ID/National -ID.

-

The IMEI and IMSI can be traced back to you in at least six ways:

-
    -
  • The mobile operator subscriber logs will usually store the IMEI -along with the IMSI and their subscriber information database. If you -use a prepaid anonymous SIM (anonymous IMSI but with a known IMEI), they -could see this cell belongs to you if you used that cell phone before -with a different SIM card (different anonymous IMSI but same known -IMEI).

  • -
  • The mobile operator antenna logs will conveniently keep a log of -which IMEI. IMSI also keep some connection data. They know and log for -instance that a phone with this IMEI/IMSI combination connected to a set -of mobile antennas and how powerful the signal to each of those antennas -were, allowing easy triangulation/geolocation of the signal. They also -know which other phones (your real one for instance) connected at the -same time to the same antennas with the same signal. This makes it -possible to know precisely that this “burner phone” was always connected -at the same place/time than this other “known phone” which shows up -every time the burner phone is being used. This information can/is used -by various third parties to geolocate/track you quite precisely9293.

  • -
  • The manufacturer of the Phone can trace back the sale of the -phone using the IMEI if that phone was bought in a non-anonymous way. -Indeed, they will have logs of each phone sale (including serial number -and IMEI), to which shop/person to whom it was sold. And if you are -using a phone that you bought online (or from someone that knows you). -It can be traced to you using that information. Even if they do not find -you on CCTV94 and you bought the phone using -cash, they can still find what other phone (your real one in your -pocket) was there (in that shop) at that time/date by using the antenna -logs.

  • -
  • The IMSI alone can be used to find you as well because most -countries now require customers to provide an ID when buying a SIM card -(subscription or pre-paid). The IMSI is then tied to the identity of the -buyer of the card. In the countries where the SIM can still be bought -with cash (like the UK), they still know where (which shop) it was -bought and when. This information can then be used to retrieve -information from the shop itself (such as CCTV footage as for the IMEI -case). Or again the antenna logs can also be used to figure out which -other phone was there at the moment of the sale.

  • -
  • The smartphone OS makers (Google/Apple for Android/IOs) also keep -logs of IMEI/IMSI identifications tied to Google/Apple accounts and -which user has been using them. They too can trace back the history of -the phone and to which accounts it was tied in the past95.

  • -
  • Government agencies around the world interested in your phone -number can and do use96 special devices called “IMSI -catchers”97 like the Stingray98 -or more recently the Nyxcell99. These devices can -impersonate (to spoof) a cell phone Antenna and force a specific IMSI -(your phone) to connect to it to access the cell network. Once they do, -they will be able to use various MITM100 -(Man-In-The-Middle Attacks) that will allow them to:

    -
      -
    • Tap your phone (voice calls and SMS).

    • -
    • Sniff and examine your data traffic.

    • -
    • Impersonate your phone number without controlling your -phone.

    • -
    • -
  • -
-

Here is also a good YouTube video on this topic: DEFCON Safe Mode - -Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time https://www.youtube.com/watch?v=siCk4pGGcqA [Invidious]

-

For these reasons, it is crucial to get a dedicated anonymous -phone number and/or an anonymous burner phone with a cash-bought -pre-paid sim card that is not tied to you in any way (past or present) -for conducting sensitive activities. It is also possible to get an -anonymous pre-paid but preferably dedicated number from free and paid -online services accepting anonymous cryptocurrencies like Monero. Get -more practical guidance here: Getting an anonymous Phone -number.

-

While there are some smartphones manufacturers like Purism with their -Librem series101 who claim to have your privacy in -mind, they still do not allow IMEI randomization which we believe is a -key anti-tracking feature that should be provided by such manufacturers. -While this measure will not prevent IMSI tracking within the SIM card, -it would at least allow you to keep the same “burner phone” and only -switch SIM cards instead of having to switch both for privacy.

-

See Appendix -N: Warning about smartphones and smart devices

-

Your Wi-Fi or Ethernet MAC -address:

-

The MAC address102 is a unique identifier tied to -your physical Network Interface (Wired Ethernet or Wi-Fi) and could of -course be used to track you if it is not randomized. As it was the case -with the IMEI, manufacturers of computers and network cards usually keep -logs of their sales (usually including things like serial number, IMEI, -Mac Addresses, …) and it is possible again for them to track where and -when the computer with the MAC address in question was sold and to whom. -Even if you bought it with cash in a supermarket, the supermarket might -still have CCTV (or a CCTV just outside that shop) and again the -time/date of sale could be used to find out who was there using the -Mobile Provider antenna logs at that time (IMEI/IMSI).

-

Operating Systems makers (Google/Microsoft/Apple) will also keep logs -of devices and their MAC addresses in their logs for device -identification (Find my device type services for example). Apple can -tell that the MacBook with this specific MAC address was tied to a -specific Apple Account before. Maybe yours before you decided to use the -MacBook for sensitive activities. Maybe to a different user who sold it -to you but remembers your e-mail/number from when the sale happened.

-

Your home router/Wi-Fi access point keeps logs of devices that are -registered on the Wi-Fi, and these can be accessed too to find out who -has been using your Wi-Fi. Sometimes this can be done remotely (and -silently) by the ISP depending on if that router/Wi-Fi access point is -being “managed” remotely by the ISP (which is often the case when they -provide the router to their customers).

-

Some commercial devices will keep a record of MAC addresses roaming -around for various purposes such as road congestion103.

-

So, it is important again not to bring your phone along -when/where you conduct sensitive activities. If you use your own laptop, -then it is crucial to hide that MAC address (and Bluetooth address) -anywhere you use it and be extra careful not to leak any information. -Thankfully many recent OSes now feature or allow the possibility to -randomize MAC addresses (Android, IOS, Linux, and Windows -10/11) with the notable exception of macOS which does not -support this feature even in its latest Big Sur version.

-

See Appendix -N: Warning about smartphones and smart devices

-

Your Bluetooth MAC address:

-

Your Bluetooth MAC is like the earlier MAC address except it is for -Bluetooth. Again, it can be used to track you as manufacturers and -operating system makers keep logs of such information. It could be tied -to a sale place/time/date or accounts and then could be used to track -you with such information, the shop billing information, the CCTV, or -the mobile antenna logs in correlation.

-

Operating systems have protections in place to randomize those -addresses but are still subject to vulnerabilities104.

-

For this reason, and unless you really need those, you should just -disable Bluetooth completely in the BIOS/UEFI settings if possible or in -the Operating System otherwise.

-

On Windows 10, you will need to disable and enable the Bluetooth -device in the device manager itself to force randomization of the -address for next use and prevent tracking.

-

In general, this should not be too much of a concern compared to MAC -Addresses. BT Addresses are randomized quite often.

-

See Appendix -N: Warning about smartphones and smart devices

-

Your CPU:

-

All modern CPUs105 are now integrating hidden -management platforms such as the now infamous Intel Management Engine106 and the AMD Platform Security -Processor107.

-

Those management platforms are small operating systems running -directly on your CPU as long as they have power. These systems have full -access to your computer’s network and could be accessed by an adversary -to de-anonymize you in various ways (using direct access or using -malware for instance) as shown in this enlightening video: BlackHat, How -to Hack a Turned-Off Computer, or Running Unsigned Code in Intel -Management Engine https://www.youtube.com/watch?v=9fhNokIgBMU [Invidious].

-

These have already been affected by several security vulnerabilities -in the past108 that allowed malware to gain -control of target systems. These are also accused by many privacy actors -including the EFF and Libreboot of being a backdoor into any system109.

-

There are some not so straightforward ways110 -to disable the Intel IME on some CPUs and you should do so if you can. -For some AMD laptops, you can disable it within the BIOS settings by -disabling PSP.

-

Note that, to AMD’s defense, there were no security vulnerabilities -found for ASP and no backdoors either. See https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s -[Invidious]. -In addition, AMD PSP does not provide any remote management capabilities -contrary to Intel IME.

-

If you are feeling a bit more adventurous, you could install your own -BIOS using Coreboot 111 or Libreboot (a distribution of -Coreboot) if your laptop supports it. Coreboot allows users to add their -own microcode or other firmware blobs in order for the machine to -function, but this is based upon user choice, and as of Dec 2022, -Libreboot has adopted a similar pragmatic approach in order to support -newer devices in the Coreboot tree. (Thanks, kind Anon who corrected -previous information in this paragraph.)

-

Check yourself:

- -

Some CPUs have unfixable flaws (especially Intel CPUs) that could be -exploited by various malware. Here is a good current list of such -vulnerabilities affecting recent widespread CPUs: https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability -[Wikiless] -[Archive.org]

-

Some of these can be avoided using Virtualization Software settings -that can mitigate such exploits. See this guide for more information https://www.whonix.org/wiki/Spectre_Meltdown [Archive.org] -(warning: these can severely impact the performance of your VMs).

-

This guide won’t go too deep into side-channel and microarchitecture -attacks but we will highlight some issues with both Intel and AMD CPU -architectures that will be mitigated throughout. It’s important to -recognize hardware is just as susceptible to bugs, and therefore -exploitation, regardless of manufacturer.

-

We will mitigate some of these issues in this guide by recommending -the use of virtual machines on a dedicated anonymous laptop for your -sensitive activities that will only be used from an anonymous public -network.

-

In addition, we recommend the use of AMD CPUs instead of -Intel CPUs.

- -

Your -Operating Systems and Apps telemetry services:

-

Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most -popular Operating Systems now collect telemetry information by default -even if you never opt-in or opted-out112 -from the start. Some like Windows will not even allow disabling -telemetry completely without some technical tweaks. This information -collection can be extensive and include a staggering number of details -(metadata and data) on your devices and their usage.

-

Here are good overviews of what is being collected by those five -popular OSes in their last versions:

- -

Not only are Operating Systems gathering telemetry services but so -are Apps themselves like Browsers, Mail Clients, and Social Networking -Apps installed on your system.

-

It is important to understand that this telemetry data can be tied to -your device and help de-anonymizing you and later can be used against -you by an adversary that would get access to this data.

-

This does not mean for example that Apple devices are terrible -choices for good Privacy (tho this might be changing115), but they are certainly not the -best choices for (relative) Anonymity. They might protect you from third -parties knowing what you are doing but not from themselves. In all -likelihood, they certainly know who you are.

-

Later in this guide, we will use all the means at our disposal to -disable and block as much telemetry as possible to mitigate this attack -vector in the Operating Systems supported in this guide. These will -include Windows, macOS, and even Linux in some regard.

-

See Appendix -N: Warning about smartphones and smart devices

-

Your Smart devices in -general:

-

You got it; your smartphone is an advanced spying/tracking device -that:

-
    -
  • Records everything you say at any time (“Hey Siri”, “Hey -Google”).

  • -
  • Records your location everywhere you go.

  • -
  • Always records other devices around you (Bluetooth devices, Wi-Fi -Access points).

  • -
  • Records your habits and health data (steps, screen time, exposure -to diseases, connected devices data)

  • -
  • Records all your network locations.

  • -
  • Records all your pictures and videos (and most likely where they -were taken).

  • -
  • Has most likely access to most of your known accounts including -social media, messaging, and financial accounts.

  • -
-

Data is being transmitted even if you opt-out116, processed, and stored -indefinitely (most likely unencrypted117) by various third parties118.

-

But that is not all, this section is not called “Smartphones” but -“Smart devices” because it is not only your smartphone spying on you. It -is also every other smart device you could have:

-
    -
  • Your Smart Watch? (Apple Watch, Android Smartwatch …)

  • -
  • Your Fitness Devices and Apps119120? (Strava121122, Fitbit123, Garmin, Polar124, …)

  • -
  • Your Smart Speaker? (Amazon Alexa125, Google Echo, Apple Homepod -…)

  • -
  • Your Smart Transportation? (Car? Scooter?)

  • -
  • Your Smart Tags? (Apple AirTag, Galaxy SmartTag, Tile…)

  • -
  • Your Car? (Yes, most modern cars have advanced logging/tracking -features these days126)

  • -
  • Any other Smart device? There are even convenient search engines -dedicated to finding them online:

    -
  • -
-

See Appendix -N: Warning about smartphones and smart devices

-

Conclusion: Do not bring your smart devices with you when conducting -sensitive activities.

-

Yourself:

-

Your Metadata -including your Geo-Location:

-

Your metadata is all the information about your activities without -the actual content of those activities. For instance, it is like knowing -you had a call from an oncologist before then calling your family and -friends successively. You do not know what was said during the -conversation, but you can guess what it was just from the metadata127.

-

This metadata will also often include your location that is being -harvested by Smartphones, Operating Systems (Android128/IOS), Browsers, Apps, Websites. -Odds are several companies are knowing exactly where you are at any -time129 because of your smartphone130.

-

This location data has been used in many judicial cases131 already as part of “geofencing -warrants” 132 that allow law enforcement to ask -companies (such as Google/Apple) a list of all devices present at a -certain location at a certain time. In addition, this location data is -even sold by private companies to the military who can then use it -conveniently133. These warrants are becoming -widely used by law enforcement134135136.

-

If you want to experience yourself what a “geofencing warrant” would -look like, here is an example: https://wigle.net/.

-

Now let us say you are using a VPN to hide your IP. The social media -platform knows you were active on that account on November 4th from 8 am -to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot -trace back that VPN IP to your IP. Your ISP however knows (or at least -can know) you were connected to that same VPN provider on November 4th -from 7:30 am to 2 pm but does not know what you were doing with it.

-

The question is: Is there someone somewhere that would have both -pieces of information available137 for correlation in a -convenient database?

-

Have you heard of Edward Snowden138? Now is the time to -google him and read his book139. Also read about -XKEYSCORE140141, MUSCULAR142, SORM143, Tempora144 -, and PRISM145.

-

See “We kill people based on Metadata”146 -or this famous tweet from the IDF https://twitter.com/idf/status/1125066395010699264 -[Archive.org] -[Nitter].

-

See Appendix -N: Warning about smartphones and smart devices

-

Your -Digital Fingerprint, Footprint, and Online Behavior:

-

This is the part where you should watch the documentary “The Social -Dilemma”147 on Netflix as they cover this -topic much better than anyone else.

-

This includes is the way you write (stylometry) 148149, the way you behave150151. The way you click. The way you -browse. The fonts you use on your browser152. Fingerprinting is being used to -guess who someone is by the way that user is behaving. You might be -using specific pedantic words or making specific spelling mistakes that -could give you away using a simple Google search for similar features -because you typed comparably on some Reddit post 5 years ago using a not -so anonymous Reddit account153. The words you type -in a search engine alone can be used against you as the authorities now -have warrants to find users who used specific keywords in search -engines154.

-

Social Media platforms such as Facebook/Google can go a step further -and can register your behavior in the browser itself. For instance, they -can register everything you type even if you do not send it / save it. -Think of when you draft an e-mail in Gmail. It is saved automatically as -you type. They can register your clicks and cursor movements as -well.

-

All they need to achieve this in most cases is Javascript enabled in -your browser (which is the case in most Browsers including Tor Browser -by default). Even with Javascript disabled, there are still ways to -fingerprint you155.

-

While these methods are usually used for marketing purposes and -advertising, they can also be a useful tool for fingerprinting users. -This is because your behavior is unique or unique enough that over time, -you could be de-anonymized.

-

Here are some examples:

-
    -
  • Specialized companies are selling to, for example, law -enforcement agencies products for analyzing social network activities -such as https://mediasonar.com/ [Archive.org]

  • -
  • For example, as a basis of authentication, a user’s typing speed, -keystroke depressions, patterns of error (say accidentally hitting an -“l” instead of a “k” on three out of every seven transactions) and mouse -movements establish that person’s unique pattern of behavior156. Some commercial services such as -TypingDNA (https://www.typingdna.com/ [Archive.org]) -even offer such analysis as a replacement for two-factor -authentications.

  • -
  • This technology is also widely used in CAPTCHAS157 -services to verify that you are “human” and can be used to fingerprint a -user.

  • -
  • See Appendix A4: -Counteracting Forensic Linguistics.

  • -
-

Analysis algorithms could then be used to match these patterns with -other users and match you to a different known user. It is unclear -whether such data is already used or not by Governments and Law -Enforcement agencies, but it might be in the future. And while this is -mostly used for advertising/marketing/captchas purposes now. It could -and probably will be used for investigations in the short or mid-term -future to deanonymize users.

-

Here is a fun example you try yourself to see some of those things in -action: https://clickclickclick.click (no archive links for this -one sorry). You will see it becoming interesting over time (this -requires Javascript enabled).

-

Here is also a recent example just showing what Google Chrome -collects on you: https://web.archive.org/web/https://pbs.twimg.com/media/EwiUNH0UYAgLY7V?format=jpg&name=4096x4096

-

Here are some other resources on the topic if you cannot see this -documentary:

- -

So, how can you mitigate these?

-
    -
  • This guide will provide some technical mitigations using -Fingerprinting resistant tools but those might not be -sufficient.

  • -
  • You should apply common sense and try to find your own patterns -in your behavior and behave differently when using anonymous identities. -This includes:

    -
      -
    • The way you type (speed, accuracy…).

    • -
    • The words you use (be careful with your usual -expressions).

    • -
    • The type of response you use (if you are sarcastic by default, -try to have a different approach with your identities).

    • -
    • The way you use your mouse and click (try to solve the Captchas -differently than your usual way)

    • -
    • The habits you have when using some Apps or visiting some -Websites (do not always use the same menus/buttons/links to reach your -content).

    • -
    • -
  • -
-

You need to act and fully adopt a role as an actor would do for a -performance. You need to become a different person, think, and act like -that person. This is not a technical mitigation but a human one. You can -only rely on yourself for that.

-

Ultimately, it is mostly up to you to fool those algorithms by -adopting new habits and not revealing real information when using your -anonymous identities. See Appendix A4: -Counteracting Forensic Linguistics.

-

Your Clues about your -Real Life and OSINT:

-

These are clues you might give over time that could point to your -real identity. You might be talking to someone or posting on some -board/forum/Reddit. In those posts, you might over time leak some -information about your real life. These might be memories, experiences, -or clues you shared that could then allow a motivated adversary to build -a profile to narrow their search.

-

A real use and well-documented case of this was the arrest of the -hacker Jeremy Hammond158 who shared over time several -details about his past and was later discovered.

-

There are also a few cases involving OSINT at Bellingcat159. Have a look at their very -informative (but slightly outdated) toolkit here: https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607 -[Archive.org]

-

We have an OSINT discussion room in our Matrix community. -Feel free to join at #OSINT:matrix.org.

-

You can also view some convenient lists of some available OSINT tools -here if you want to try them on yourself for example:

- -

As well as this interesting Playlist on YouTube: https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy -[Invidious]

-

As well as those interesting podcasts:

-

https://www.inteltechniques.com/podcast.html

-

You should never share real individual experiences/details using your -anonymous identities that could later lead to finding your real -identity. You will see more details about this in the Creating new identities section.

-

Your Face, Voice, -Biometrics, and Pictures:

-

“Hell is other people”, even if you evade every method listed above, -you are not out of the woods yet thanks to the widespread use of -advanced Face recognition by everyone.

-

Companies like Facebook have used advanced face recognition for -years160161 -and have been using other means (Satellite imagery) to create maps of -“people” around the world162. This evolution has -been going on for years to the point we can now say “we lost control of -our faces”163.

-

If you are walking in a touristy place, you will most likely appear -in someone’s selfie within minutes without knowing it. That person could -then go ahead and upload that selfie to various platforms (Twitter, -Google Photos, Instagram, Facebook, Snapchat …). Those platforms will -then apply face recognition algorithms to those pictures under the -pretext of allowing better/easier tagging or to better organize your -photo library. In addition to this, the same picture will provide a -precise timestamp and in most cases geolocation of where it was taken. -Even if the person does not provide a timestamp and geolocation, it can -still be guessed with other means164165.

-

Here are a few resources for even trying this yourself:

- -

Gait -Recognition and Other Long-Range Biometrics

-

Even if you are not looking at the camera, they can still figure out -who you are166, make out your emotions167, analyze your gait168169170, read your lips171, analyze the behavior of your -eyes172, and probably guess your political -affiliation173174.

-

Contrary to popular belief and pop culture, modern gait recognition -systems aren’t fooled by simply changing how you walk (ex. with -something uncomfortable in your shoe), as they analyze the way your -body’s muscles move across your entire body, as you perform certain -actions. The best way to fool modern gait recognition is to wear loose -clothes that obscure the way your muscles move as you perform -actions.

-

Other things than can be used to identify you include your earlobes, -which are actually more identifiable than fingerprints, or even the -shape of your skull. As such, soft headcoverings such as balaclavas are -not recommendable for obscuring your identity - they make you look -incredibly suspicious, while also conforming to the shape of your -skull.

-

-

(Illustration from https://www.nature.com/articles/s41598-020-79310-1 -[Archive.org])

-

-

(illustration from https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15 -[Archive.org])

-

Those platforms (Google/Facebook) already know who you are for a few -reasons:

-
    -
  • Because you have or had a profile with them, and you identified -yourself.

  • -
  • Even if you never made a profile on those platforms, you still -have one without even knowing it175176177178179.

  • -
  • Because other people have tagged you or identified you in their -holidays/party pictures.

  • -
  • Because other people have put a picture of you in their contact -list which they then shared with them.

  • -
-

Here is also an insightful demo of Microsoft Azure you can try for -yourself at https://azure.microsoft.com/en-us/services/cognitive-services/face/#demo -where you can detect emotions and compare faces from different -pictures.

-

Governments already know who you are because they have your -ID/Passport/Driving License pictures and often added biometrics -(Fingerprints) in their database. Those same governments are integrating -those technologies (often provided by private companies such as the -Israeli Oosto180, Clearview AI181182, or NEC183) in their CCTV networks to look -for “persons of interest”184. And some heavily -surveilled states like China have implemented widespread use of Facial -Recognition for various purposes185186 -including possibly identifying ethnic minorities187. A simple face recognition error -by some algorithm can ruin your life188189.

-

Here are some resources detailing some techniques used by Law -Enforcement today:

- -

Apple is making FaceID mainstream and pushing its use to log you into -many services including the Banking systems.

-

The same goes with fingerprint authentication being mainstreamed by -many smartphone makers to authenticate yourself. A simple picture where -your fingers appear can be used to de-anonymize you190191192193.

-

The same goes with your voice which can be analyzed for various -purposes as shown in the recent Spotify patent194.

-

Even your iris can be used for identification in some places195.

-

We can safely imagine a near future where you will not be able to -create accounts or sign in anywhere without providing unique biometrics -(A suitable time to re-watch Gattaca196, Person of Interest197 , and Minority Report198). And you can safely imagine how -useful these large biometrics databases could be to some interested -third parties.

-

In addition, all this information can also be used against you (if -you are already de-anonymized) using deepfake199 -by crafting false information (Pictures, Videos, Voice Recordings200…) and have already been used for -such purposes201202. There are even commercial -services for this readily available such as https://www.respeecher.com/ [Archive.org] -and https://www.descript.com/overdub [Archive.org].

-

See this demo: https://www.youtube.com/watch?v=t5yw5cR79VA [Invidious]

-

At this time, there are a few steps203 -you can use to mitigate (and only mitigate) face recognition when -conducting sensitive activities where CCTV might be present:

-
    -
  • Wear a facemask as they have been proven to defeat some face -recognition technologies204 but not all205.

  • -
  • Wear a baseball cap or hat to mitigate identification from -high-angle CCTVs (filming from above) from recording your face. Remember -this will not help against front-facing cameras.

  • -
  • Wear sunglasses in addition to the facemask and baseball cap to -mitigate identification from your eye’s features.

  • -
  • Consider wearing special sunglasses (expensive, unfortunately) -called “Reflectacles” https://www.reflectacles.com/ [Archive.org]. -There was a small study showing their efficiency against IBM and Amazon -facial recognition206.

  • -
  • All that might still be useless because of gait recognition -mentioned earlier but there might be hope here if you have a 3D Printer: -https://gitlab.com/FG-01/fg-01 [Archive.org]

  • -
-

(see Gait -Recognition and Other Long-Range Biometrics)

-

(Note that if you intend to use these where advanced facial -recognition systems have been installed, these measures could also flag -as you as suspicious by themselves and trigger a human check)

-

Phishing and Social -Engineering:

-

Phishing207 is a social engineering208 type of attack where an adversary -could try to extract information from you by pretending or impersonating -something/someone else.

-

A typical case is an adversary using a man-in-the-middle209 attack or a fake e-mail/call to -ask for your credential for a service. This could for example be through -e-mail or through impersonating financial services.

-

Such attacks can also be used to de-anonymize someone by tricking -them into downloading malware or revealing personal information over -time. The only defense against those is not to fall for them and common -sense.

-

These have been used countless times since the early days of the -internet and the usual one is called the “419 scam” (see https://en.wikipedia.org/wiki/Advance-fee_scam [Wikiless] -[Archive.org]).

-

Here is a good video if you want to learn a bit more about phishing -types: Black Hat, Ichthyology: Phishing as a Science https://www.youtube.com/watch?v=Z20XNp-luNA [Invidious].

-

Malware, exploits, and -viruses:

-

Malware in your -files/documents/e-mails:

-

Using steganography or other techniques, it is easy to embed malware -into common file formats such as Office Documents, Pictures, Videos, PDF -documents…

-

These can be as simple as HTML tracking links or complex targeted -malware.

-

These could be simple pixel-sized images210 -hidden in your e-mails that would call a remote server to try and get -your IP address.

-

These could be exploiting a vulnerability in an outdated format or an -outdated reader211. Such exploits could then be used -to compromise your system.

-

See these good videos for more explanations on the matter:

- -

You should always use extreme caution. To mitigate these attacks, -this guide will later recommend the use of virtualization (See Appendix W: -Virtualization) to mitigate leaking any information even in case of -opening such a malicious file.

-

If you want to learn how to try detecting such malware, see Appendix T: Checking files -for malware

-

Malware and -Exploits in your apps and services:

-

So, you are using Tor Browser or Brave Browser over Tor. You could be -using those over a VPN for added security. But you should keep in mind -that there are exploits212 (hacks) that could -be known by an adversary (but unknown to the App/Browser provider). Such -exploits could be used to compromise your system and reveal details to -de-anonymize you such as your IP address or other details.

-

A real use case of this technique was the Freedom Hosting213 case in 2013 where the FBI -inserted malware214 using a Firefox browser exploit on -a Tor website. This exploit allowed them to reveal details of some -users. More recently, there was the notable SolarWinds215 -hack that breached several US government institutions by inserting -malware into an official software update server.

-

In some countries, Malware is just mandatory and/or distributed by -the state itself. This is the case for instance in China with WeChat216 which can then be used in -combination with other data for state surveillance217.

-

There are countless examples of malicious browser extensions, -smartphone apps, and various apps that have been infiltrated with -malware over the years.

-

Here are some steps to mitigate this type of attack:

-
    -
  • You should never have 100% trust in the apps you are -using.

  • -
  • You should always check that you are using the updated version of -such apps before use and ideally validate each download using their -signature if available.

  • -
  • You should not use such apps directly from a hardware system but -instead, use a Virtual Machine for compartmentalization.

  • -
-

To reflect these recommendations, this guide will therefore later -guide you in the use of Virtualization (See Appendix W: -Virtualization) so that even if your Browser/Apps get compromised by -a skilled adversary, that adversary will find himself stuck in a -sandbox218 without being able to access -identifying information or compromise your system.

-

Malicious USB devices:

-

There are readily available commercial and cheap “badUSB” 219devices that can take deploy -malware, log your typing, geolocate you, listen to you or gain control -of your laptop just by plugging them in. Here are some examples that you -can already buy yourself:

- -

Such devices can be implanted anywhere (charging cable, mouse, -keyboard, USB key …) by an adversary and can be used to track you or -compromise your computer or smartphone. The most notable example of such -attacks is probably Stuxnet220 in 2005.

-

While you could inspect a USB key physically, scan it with various -utilities, check the various components to see if they are genuine, you -will most likely never be able to discover complex malware embedded in -genuine parts of a genuine USB key by a skilled adversary without -advanced forensics equipment221.

-

To mitigate this, you should never trust such devices and plug them -into sensitive equipment. If you use a charging device, you should -consider the use of a USB data blocking device that will only allow -charging but not any data transfer. Such data blocking devices are now -readily available in many online shops. You should also consider -disabling USB ports completely within the BIOS of your computer unless -you need them (if you can).

-

Malware -and backdoors in your Hardware Firmware and Operating System:

-

This might sound a bit familiar as this was already partially covered -previously in the Your CPU section.

-

Malware and backdoors can be embedded directly into your hardware -components. Sometimes those backdoors are implemented by the -manufacturer itself such as the IME in the case of Intel CPUs. And in -other cases, such backdoors can be implemented by a third party that -places itself between orders of new hardware and customer delivery222.

-

Such malware and backdoors can also be deployed by an adversary using -software exploits. Many of those are called rootkits223 -within the tech world. Usually, these types of malware are harder to -detect and mitigate as they are implemented at a lower level than the -userspace224 and often in the firmware225 of hardware components itself.

-

What is firmware? Firmware is a low-level operating system for -devices. Each component in your computer probably has firmware including -for instance your disk drives. The BIOS226/UEFI227 -system of your machine for instance is a type of firmware.

-

These can allow remote management and are capable of enabling full -control of a target system silently and stealthily.

-

As mentioned previously, these are harder to detect by users but some -limited steps that can be taken to mitigate some of those by protecting -your device from tampering and use some measures (like re-flashing the -bios for example). Unfortunately, if such malware or backdoor is -implemented by the manufacturer itself, it becomes extremely difficult -to detect and disable those.

-

Your files, documents, -pictures, and videos:

-

Properties and Metadata:

-

This can be obvious to many but not to all. Most files have metadata -attached to them. Good examples are pictures that store EXIF228 information which can hold a lot -of information such as GPS coordinates, which camera/phone model took -it, and when it was taken precisely. While this information might not -directly give out who you are, it could tell exactly where you were at a -certain moment which could allow others to use various sources to find -you (CCTV or other footage taken at the same place at the same time -during a protest for instance). You must verify any file you would put -on those platforms for any properties that might hold any information -that might lead back to you.

-

Here is an example of EXIF data that could be on a picture:

-

-

(Illustration from Wikipedia)

-

This also works for videos. Yes, videos too have geo-tagging, and -many are very unaware of this. Here Is for instance a very convenient -tool to geo-locate YouTube videos: https://mattw.io/youtube-geofind/location [Archive.org]

-

For this reason, you will always have to be incredibly careful when -uploading files using your anonymous identities and check the metadata -of those files.

-

Even if you publish a plain text file, you should always -double or triple-check it for any information leakage before publishing. -You will find some guidance about this in the Some additional -measures against forensics section at the end of the -guide.

-

Watermarking:

-

Pictures/Videos/Audio:

-

Pictures/Videos often contain visible watermarks indicating who is -the owner/creator but there are also invisible watermarks in various -products aiming at identifying the viewer itself.

-

So, if you are a whistleblower and thinking about leaking some -picture/audio/video file. Think twice. There are chances that those -might contain invisible watermarking within them that would include -information about you as a viewer. Such watermarks can be enabled with a -simple switch in like Zoom (Video229 or Audio230) or with extensions231 for popular apps such as Adobe -Premiere Pro. These can be inserted by various content management -systems.

-

For a recent example where someone leaking a Zoom meeting recording -was caught because it was watermarked: https://theintercept.com/2021/01/18/leak-zoom-meeting/ -[Tor -Mirror] [Archive.org]

-

Such watermarks can be inserted by various products232233234235 -using Steganography236 and can resist compression237 and re-encoding238239.

-

These watermarks are not easily detectable and could allow -identification of the source despite all efforts.

-

In addition to watermarks, the camera used for filming (and therefore -the device used for filming) a video can also be identified using -various techniques such as lens identification240 -which could lead to de-anonymization.

-

Be extremely careful when publishing videos/pictures/audio files from -known commercial platforms as they might contain such invisible -watermarks in addition to details in the images themselves. There is no -guaranteed 100% protection against those. You will have to use common -sense.

-

Printing Watermarking:

-

Did you know your printer is most likely spying on you too? Even if -it is not connected to any network? This is usually a known fact by many -people in the IT community but few outside people.

-

Yes … Your printers can be used to de-anonymize you as well as -explained by the EFF here https://www.eff.org/issues/printers [Archive.org]

-

With this (old but still relevant) video explaining how from the EFF -as well: https://www.youtube.com/watch?v=izMGMsIZK4U [Invidious]

-

Many printers will print an invisible watermark allowing for -identification of the printer on every printed page. This is called -Printer Steganography241. There is no tangible way to -mitigate this but to inform yourself on your printer and make sure it -does not print any invisible watermark. This is important if you intend -to print anonymously.

-

Here is an (old but still relevant) list of printers and brands who -do not print such tracking dots provided by the EFF https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots -[Archive.org]

-

Here are also some tips from the Whonix documentation (https://www.whonix.org/wiki/Printing_and_Scanning -[Archive.org]):

-

Do not ever print in Color, usually, watermarks are not -present without color toners/cartridges242.

-

Pixelized or Blurred -Information:

-

Did you ever see a document with blurred text? Did you ever make fun -of those movies/series where they “enhance” an image to recover -seemingly impossible-to-read information?

-

Well, there are techniques for recovering information from such -documents, videos, and pictures.

-

Here is for example an open-source project you could use yourself for -recovering text from some blurred images yourself: https://github.com/beurtschipper/Depix [Archive.org]

-
-image14 - -
-

This is of course an open-source project available for all to use. -But you can imagine that such techniques have probably been used before -by other adversaries. These could be used to reveal blurred information -from published documents that could then be used to de-anonymize -you.

-

There are also tutorials for using such techniques using Photo -Editing tools such as GIMP such as https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b -[Archive.org] -followed by https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d -[Scribe.rip] -[Archive.org]

-
-image15 - -
-

Finally, you will find plenty of deblurring resources here: https://github.com/subeeshvasu/Awesome-Deblurring -[Archive.org]

-

Some online services could even help you do this automatically to -some extent like MyHeritage.com enhance tool:

-

https://www.myheritage.com/photo-enhancer [Archive.org]

-

Here is the result of the above image:

-
-image16 - -
-

Of course, this tool is more like “guessing” than really deblurring -at this point, but it could be enough to find you using various reverse -image searching services.

-

There are also techniques to deblur/depixelate parts in videos: see -https://positive.security/blog/video-depixelation -[Archive.org]

-

For this reason, it is always extremely important that you correctly -redact and curate any document you might want to publish. Blurring is -not enough, and you should always completely blacken/remove any -sensitive data to avoid any attempt at recovering data from any -adversary. Do not pixelized, do not blur, just put a hard black -rectangle to redact information.

-

Your Cryptocurrencies -transactions:

-

Contrary to widespread belief, Crypto transactions (such as Bitcoin -and Ethereum) are not anonymous243. Most -cryptocurrencies can be tracked accurately through various methods244245.

-

Remember what they say on their page: https://bitcoin.org/en/you-need-to-know [Archive.org] -and https://bitcoin.org/en/protect-your-privacy [Archive.org]: -“Bitcoin is not anonymous”

-

The main issue is not setting up a random Crypto wallet to receive -some currency behind a VPN/Tor address (at this point, the wallet is -anonymous). The issue is mainly when you want to convert Fiat money -(Euros, Dollars …) to Crypto and then when you want to cash in your -Crypto. You will have few realistic options but to transfer those to an -exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges -have known wallet addresses and will keep detailed logs (due to KYC246 financial regulations) and can -then trace back those crypto transactions to you using the financial -system247.

-

There are some cryptocurrencies with privacy/anonymity in mind like -Monero but even those have some and warnings to consider248249.

-

Use of “private” mixers, tumblers250 -(centralized services that specialize in “anonymizing” cryptocurrencies -by “mixing them”) and coinjoiners are risky as you don’t know what’s -happening on them251 and can be trivially de-mixed252. Their centrally-controlled nature -could also put you in trouble as they are more susceptible to -money-laundering laws253.

-

This does not mean you cannot use Bitcoin anonymously at all. You can -actually use Bitcoin anonymously as long as you do not convert it to -actual currency, use a Bitcoin wallet from a safe anonymous network, and -do not reuse addresses or consolidate outputs that were used when -spending at different merchants. Meaning you should avoid KYC/AML -regulations by various exchanges, avoid using the Bitcoin network from -any known IP address, and use a wallet that provides privacy-preserving -tools. See Appendix -Z: Online anonymous payments using cryptocurrencies.

-

Overall, the best option for using Crypto with reasonable -anonymity and privacy is still Monero and you should ideally not use any -other for sensitive transactions unless you are aware of the limitations -and risks involved. Please do read Appendix B2: Monero -Disclaimer.

-

TLDR: Use Monero!

-

Your Cloud backups/sync -services:

-

All companies are advertising their use of end-to-end encryption -(E2EE). This is true for almost every messaging app and website (HTTPS). -Apple and Google are advertising their use of encryption on their -Android devices and their iPhones.

-

But what about your backups? Those automated iCloud/Google Drive -backups you have?

-

Well, you should know that most of those backups are not fully -end-to-end encrypted and will hold some of your information readily -available for a third party. You will see their claims that data is -encrypted at rest and safe from anyone … Except they usually do keep a -key to access some of the data themselves. These keys are used for them -indexing your content, recover your account, collecting various -analytics.

-

There are specialized commercial forensics solutions available -(Magnet Axiom254, Cellebrite Cloud255) that will help an adversary -analyze your cloud data with ease.

-

Notable Examples:

- -

You should not trust cloud providers with your (not previously and -locally encrypted) sensitive data and you should be wary of their -privacy claims. In most cases, they can access your data and provide it -to a third party if they want to256.

-

The only way to mitigate this is to encrypt your data on your side -and then only upload it to such services or just not use them at -all.

-

Microarchitectural -Side-channel Deanonymization Attacks:

-

There was an attack published that can deanonymize users if they have -a known alias. For example, an attacker trying to track the activities -of a journalist can use that journalist’s public Twitter handle to link -their anonymous identities with their public one. This breaks -compartmentalization of identities and can lead to complete -deanonymization, even of users who practice proper OPSEC.

-

The attack, published at https://leakuidatorplusteam.github.io/ [Archive.org], -can be mitigated using the well-known NoScript extension and will be our -preferred recommendation.

-

One loosely documented attack might take the following approach to -fingerprinting: Alice is browsing the web using Firefox. The website she -has just visited is using an invisible iframe that creates -long strings, e.g., sentences or hashes, to produce some -non-user-viewable string. These strings are setting a certain font type, -Arial. Whether the browser renders this is non-essential, it only -matters if the font changes. The iframe in this case serves -no purpose but to identify whether a user has installed a certain font -on their machine. If Alice is using a font that this frame has tried to -render, then it is reported back to the website and to the person in -control of the website.

-

The font renders a box with a specific height and width around -itself, so that means a specific height and width of the text contained -within. The iframe keeps doing this for each installed font -to create a list of installed fonts for Alice. Because of stylistic -differences between each font family, the same string and the same font -size will add up to a different height and a different width than Arial. -It is used as a fallback font to display text that won’t display -otherwise, in the case of a user not having that font on their machine -and thus non-viewable from their browser.

-

If a font requested by an iframe is not available, Arial -will be used to show that text to the user. Every time the font -measurement (identified by the dimensions of the box produced) changed, -it means the font is present on Alice’s browser and her machine. By -doing this for hundreds of fonts, websites can use this information to -track users using their installed fonts across websites. Imagine a -website then selling this “anonymized” information as a dataset to -advertisement companies to serve you ads based on the websites you -visit, because they know every font you have installed on your machine -and can now track your identity across the internet. This attack is -demonstrated here: Everything you always -wanted to know about web-based device fingerprinting (but were afraid to -ask) by Dr. Nick Nikiforakis, PhD in Computer Science from KU -Leuven. He explains how his team of researchers identified which sites -were using such techniques on Alexa’s top 10,000 websites. Primarily, -they found that of those, 145 were fingerprinting browsers. They were -fingerprinted 100% of the time — whether they were using the Do Not -Track header, a popular Privacy & Security setting in many browsers, -did not matter.

-

Attacks such as invisible iframes and media elements can be avoided -by blocking all scripts globally by using something like uBlock Origin -https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm -or by using NoScript https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm. -This is highly encouraged, not only to those wishing to be anonymous, -but also to general web users.

-

Tor Browser:

-

Note: This attack is now prevented by default by an update of -NoScript (11.4.8 and above) on all -security levels in Tor Browser.

-

All others:

-

Installing the NoScript extension -will prevent the attack by default only in private -Windows using their new “TabGuard feature”. But can be enabled -in the NoScript options to work on all Windows. See:

- -

Alternative to -NoScript for all other browsers:

-

The researches who disclosed the issue also made an extension -available below. Again, nothing is required in Tor -Browser. This path is not our preferred path but is still -available if you do not want to use NoScript.

- -

Separating identities via separate browsers or even with VMs is not -enough to avoid this attack. However, another solution is to make sure -that when you start working with an anonymous identity, you entirely -close all activities linked to other identities. The vulnerability only -works if you’re actively logged into a non-anonymous identity. The issue -with this is that it can hinder effective workflow, as multitasking -across multiple identities becomes impossible.

-

Local Data Leaks and -Forensics:

-

Most of you have probably seen enough Crime dramas on Netflix or TV -to know what forensics are. These are technicians (usually working for -law enforcement) that will perform various analysis of evidence. This of -course could include your smartphone or laptop.

-

While these might be done by an adversary when you already got -“burned”, these might also be done randomly during a routine control or -a border check. These unrelated checks might reveal secret information -to adversaries that had no prior knowledge of such activities.

-

Forensics techniques are now very advanced and can reveal a -staggering amount of information from your devices even if they are -encrypted257. These techniques are widely used -by law enforcement all over the world and should be considered.

-

Here are some recent resources you should read about your -smartphone:

- -

I also highly recommend that you read some documents from a forensics -examiner perspective such as:

- -

And finally, here is this very instructive detailed paper on the -current state of IOS/Android security from the John Hopkins University: -https://securephones.io/main.html258.

-

When it comes to your laptop, the forensics techniques are many and -widespread. Many of those issues can be mitigated by using full disk -encryption, virtualization (See Appendix W: -Virtualization), and compartmentalization. This guide will later -detail such threats and techniques to mitigate them.

-

Bad Cryptography:

-

There is a frequent adage among the infosec community: “Don’t roll -your own crypto!”.

-

And there are reasons259260261262 -for that:

-

We would not want people discouraged from studying and innovating in -the crypto field because of that adage. So instead, we would recommend -people to be cautious with “Roll your own crypto” because it is not -necessarily good crypto:

-
    -
  • Good cryptography is not easy and usually takes years of research -to develop and fine-tune.

  • -
  • Good cryptography is transparent and not proprietary/closed -source so it can be reviewed by peers.

  • -
  • Good cryptography is developed carefully, slowly, and rarely -alone.

  • -
  • Good cryptography is usually presented and discussed in -conferences and published in various journals.

  • -
  • Good cryptography is extensively peer-reviewed before it is -released for use in the wild.

  • -
  • Using and implementing existing good cryptography correctly is -already a challenge.

  • -
-

Yet, this is not stopping some from doing it anyway and publishing -various production Apps/Services using their self-made cryptography or -proprietary closed-source methods:

-
    -
  • You should apply caution when using Apps/Services using -closed-source or proprietary encryption methods. All the good crypto -standards are public and peer-reviewed and there should be no issue -disclosing the one you use.

  • -
  • You should be wary of Apps/Services using a “modified” or -proprietary cryptographic method263.

  • -
  • By default, you should not trust any “Roll your own crypto” until -it was audited, peer-reviewed, vetted, and accepted by the cryptography -community264265.

  • -
  • There is no such thing as “military-grade crypto”266267268.

  • -
-

Cryptography is a complex topic and bad cryptography could easily -lead to your de-anonymization.

-

In the context of this guide,we recommend sticking to Apps/Services -using well-established, published, and peer-reviewed methods.

-

So, what to prefer and what to avoid as of 2021? You will have to -look up for yourself to get the technical details of each app and see if -they are using “bad crypto” or “good crypto”. Once you get the technical -details, you could check this page for seeing what it is worth: https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html -[Archive.org]

-

Here are some examples:

-
    -
  • Hashes:

    -
      -
    • Prefer: SHA-3 or BLAKE2269

    • -
    • Still relatively ok to use: SHA-2 (such as the widely used -SHA-256 or SHA-512)

    • -
    • Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6 -(rarely used)

    • -
  • -
  • File/Disk Encryption:

    -
      -
    • Prefer:

      -
        -
      • Hardware Accelerated270: AES (Rijndael) 256 -Bits with HMAC-SHA-2 or HMAC-SHA-3 (This is what Veracrypt, Bitlocker, -Filevault 2, KeepassXC, and LUKS use by default). Prefer SHA-3.

      • -
      • Non-Hardware Accelerated: Same as accelerated above or if -available consider:

        -
      • -
    • -
    • Avoid: Pretty much anything else

    • -
  • -
  • Password Storage:

    -
      -
    • Prefer: Argon2, scrypt

    • -
    • If these aren’t options, use bcrypt, or if not possible at least -PBKDF2 (only as a last resort)

    • -
    • Be skeptical of Argon2d, as it’s vulnerable to some forms of -side-channels. Prefer Argon2i or Argon2id

    • -
    • Avoid: SHA-3, SHA-2, SHA-1, MD5

    • -
  • -
  • Browser Security (HTTPS):

    -
      -
    • Prefer: TLS 1.3 (ideally TLS 1.3 with ECH/eSNI support) or at -least TLS 1.2 (widely used)

    • -
    • Avoid: Anything Else (TLS =<1.1, SSL =<3)

    • -
  • -
  • Signing messages/files with PGP/GPG:

    -
  • -
  • SSH keys:

    -
      -
    • ED25519 (preferred) or RSA 4096 Bits*

    • -
    • Avoid: RSA 2048 bits

    • -
  • -
  • Warning: RSA and ED25519 are unfortunately not seen as -“Quantum Resistant”275 and while -they have not been broken yet, they probably will be broken someday into -the future. It is just a matter of when rather than if RSA will ever be -broken. So, these are preferred in those contexts due to the lack of a -better possibility.

  • -
-

Here are some real cases of issues bad cryptography:

- -

Later this guide will not recommend “bad cryptography” and that -should hopefully be enough to protect you?

-

No logging but logging -anyway policies:

-

Many people have the idea that privacy-oriented services such as VPN -or E-Mail providers are safe due to their no-logging policies or their -encryption schemes. Unfortunately, many of those same people forget that -all those providers are legal commercial entities subject to the laws of -the countries in which they operate.

-

Any of those providers can be forced to silently (without your -knowing (using for example a court order with a gag order276 or a national security letter277) log your activity to de-anonymize -you. There have been several recent examples of those:

-
    -
  • 2021, Proton, Proton logged IP address of French activist after -an order by Swiss authorities (source link unavailable).

  • -
  • 2021, WindScribe, Servers were not encrypted as they should have -been allowing MITM attacks by authorities278.

  • -
  • 2021, DoubleVPN servers, logs, and account info seized by law -enforcement279.

  • -
  • 2021, The Germany-based mail provider Tutanota was forced to -monitor specific accounts for 3 months280.

  • -
  • 2020, The Germany-based mail provider Tutanota was forced to -implement a backdoor to intercept and save copies of the unencrypted -e-mails of one user281 (they did not decrypt the stored -e-mail).

  • -
  • 2017, PureVPN was forced to disclose information of one user to -the FBI282.

  • -
  • 2014, an EarthVPN user was arrested based on logs provider to the -Dutch Police283.

  • -
  • 2013, Secure E-Mail provider Lavabit shuts down after fighting a -secret gag order284.

  • -
  • 2011, HideMyAss user was de-anonymized, and logs were provided to -the FBI285.

  • -
-

Some providers have implemented the use of a Warrant Canary286 that would allow their users to -find out if they have been compromised by such orders, but this has not -been tested yet as far as we know.

-

Finally, it is now well known that some companies might be sponsored -front ends for some state adversaries (see the Crypto AG story287 and Omnisec story288).

-

For these reasons, you mustn’t trust such providers for your privacy -despite all their claims. In most cases, you will be the last person to -know if any of your accounts were targeted by such orders and you might -never know at all.

-

To mitigate this, in cases where you want to use a VPN, we will -recommend the use of a cash/Monero-paid VPN provider over Tor to prevent -the VPN service from knowing any identifiable information about you.

-

If the VPN provider knows nothing about you, it should mitigate any -issue due to them not logging but logging anyway.

-

Some Advanced targeted -techniques:

-
-image17 - -
-

(Illustration: an excellent movie we highly recommend: Das Leben der -Anderen289)

-

Many advanced techniques can be used by skilled adversaries290 to bypass your security measures -provided they already know where your devices are. Many of those -techniques are detailed here https://cyber.bgu.ac.il/advanced-cyber/airgap [Archive.org] -(Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion -University of the Negev, Israel) but also in this report https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf -[Archive.org] -(ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and -include:

- -

Here is also a good video from the same authors to explain those -topics: Black Hat, The Air-Gap Jumpers https://www.youtube.com/watch?v=YKRtFgunyj4 [Invidious]

-

Realistically, this guide will be of little help against such -adversaries as such malware could be implanted on the devices by a -manufacturer, anyone in the middle296, or by anyone with -physical access to the air-gapped computer but there are still some ways -to mitigate such techniques:

-
    -
  • Do not conduct sensitive activity while connected to an -untrusted/unsecured power line to prevent power line leaks.

  • -
  • Do not use your devices in front of a camera that could be -compromised.

  • -
  • Use your devices in a soundproofed room to prevent sound -leaks.

  • -
  • Use your devices in a Faraday cage to prevent electromagnetic -leaks.

  • -
  • Do not talk about sensitive information where lightbulbs could be -seen from outside.

  • -
  • Buy your devices from different/unpredictable/offline places -(shops) where the probability of them being infected with such malware -is lower.

  • -
  • Do not let anyone access your air-gapped computers except trusted -people.

  • -
-

Some bonus resources:

- -

Notes:

-

If you still do not think such information can be used by various -actors to track you, you can see some statistics for yourself for some -platforms and keep in mind those are only accounting for the lawful data -requests and will not count things like PRISM, MUSCULAR, SORM or -XKEYSCORE explained earlier:

- -

General Preparations:

-

Personally, in the context of this guide, it is also interesting to -have a look at your security model. And in this context,we only have one -to recommend:

-

Zero-Trust Security297 (“Never trust, -always verify”).

-

Here are some various resources about what Zero-Trust Security -is:

- -

Picking your route:

-

First, here is a small basic UML diagram showing your available -options according to your skills/budget/time/resources.

-
-image18 - -
-

Timing limitations:

-
    -
  • You have no time at all:

    -
      -
    • Go for the Tor Browser route.
    • -
  • -
  • You have extremely limited time to learn and need a fast-working -solution:

    -
      -
    • Your best option is to go for the Tails route (excluding the -persistent plausible deniability section).
    • -
  • -
  • You have time and more importantly motivation to learn:

    -
      -
    • Go with any route.
    • -
  • -
-

Budget/Material limitations:

-
    -
  • You have no budget and even accessing a laptop is complicated or -you only have your smartphone:

    -
      -
    • Go for the Tor Browser route.
    • -
  • -
  • You only have one laptop available and cannot afford anything -else. You use this laptop for either work, family, or your personal -stuff (or both):

    -
      -
    • Your best option is to go for the Tails route.
    • -
  • -
  • You can afford a spare dedicated unsupervised/unmonitored laptop -for your sensitive activities:

    -
      -
    • But it is old, slow, and has bad specs (less than 6GB of RAM, -less than 250GB disk space, old/slow CPU):

      -
        -
      • You should go for the Tails route.
      • -
    • -
    • It is not that old, and it has decent specs (at least 8GB of RAM, -250GB of disk space or more, decent CPU):

      -
        -
      • You could go for Tails, Whonix routes.
      • -
    • -
    • It is new and it has great specs (more than 16GB or ideally 32GB -of RAM, >250GB of disk space, recent fast CPU):

      -
        -
      • You could go for any route, but we would recommend Qubes OS -if your threat model allows it. Please see the requirements.298
      • -
    • -
    • If it is an ARM-based M1/M2 Mac:

      -
        -
      • Not possible currently for these reasons:

        -
          -
        • Virtualization of Intel x86 images on ARM (M1/M2) hosts is still -limited to commercial software (e.g., Parallels, Fusion) which are -mostly not supported by Whonix, yet. They are very buggy and for -advanced people only. Please seek this information yourself.

        • -
        • Virtualbox -is now available natively for ARM64 architecture in a package as of -October 2022. Download the “Developer preview for -macOS/Arm64 (M1/M2) hosts”.

        • -
        • Whonix does not support macOS easily. “You need to build Whonix -using the build script to get it running on Apple Silicon.” See the forum -thread.

        • -
        • Tails is not supported on ARM64 architecture yet. See -this thread for more information (keep in mind this page hasn’t been -updated recently).

        • -
        • Qubes OS is not supported on ARM64 architecture yet, but there is -work being done to make it available on aarch64, which may be delayed -for the unforseeable future..

        • -
      • -
    • -
  • -
-

The general advice in this guide regarding virtualization -software is that it’s costly. That said, you should probably get a -dedicated laptop, capable of running virtualization software, preferably -a 64-bit architecture, to be used for more sensitive activities and -testing.

-

Skills:

-
    -
  • Do you have no IT skills at all the content of this guide look -like an alien language to you? Consider:

    -
      -
    • The Tor Browser route (simplest of all)

    • -
    • The Tails route (excluding the persistent plausible -deniability section).

    • -
  • -
  • You have some IT skills and mostly understand this guide so far, -consider:

    -
      -
    • The Tails route (with the optional persistent plausible -deniability section).

    • -
    • The Whonix route.

    • -
  • -
  • You have moderate to high IT skills, and you are already familiar -with some of the content of this guide, consider:

    -
      -
    • Any route (Qubes OS is preferred if you can afford -it).
    • -
  • -
  • You are an l33T hacker, “there is no spoon”, “the cake is a lie”, -you have been using “doas” for years, and “all your base is belong to -us”, and you have strong opinions on systemd.

    -
      -
    • This guide is not meant for you and will not help you with -your HardenedBSD on your hardened Libreboot laptop ;-)
    • -
  • -
-

Adversarial considerations:

-

Now that you know what is possible, you should also consider threats -and adversaries before picking the right route.

-

Threats:

-
    -
  • If your main concern is a forensic examination of your devices, -you should consider the Tor Browser route or the Tails route.

  • -
  • If your main concerns are remote adversaries that might uncover -your online identity on various platforms, you should consider the -Tails, Whonix, or Qubes OS routes (listed in order of -difficulty).

  • -
  • If you want system-wide plausible deniability299300 -despite the risks301302, consider the Tails route, -including the persistent plausible deniability section (see Persistent -Plausible Deniability using Whonix within Tails).**

  • -
  • If you are in a hostile environment where Tor/VPN usage alone is -impossible/dangerous/suspicious, consider the Tails route (without -actually using Tor), or more advanced routes like Whonix or Qubes -OS.

  • -
-

Adversaries:

-
    -
  • Low skills:

    -
      -
    • Low resources:

      -
        -
      • Any motivation: Any Route
      • -
    • -
    • Medium resources:

      -
        -
      • Low to Medium motivation: Any Route

      • -
      • High motivation: Tails, Whonix, Qubes OS Routes

      • -
    • -
    • High resources:

      -
        -
      • Low motivation: Any route

      • -
      • Medium to High motivation: Tails, Whonix, Qubes OS -Routes

      • -
    • -
  • -
  • Intermediate skills:

    -
      -
    • Low resources:

      -
        -
      • Low motivation: Any Route

      • -
      • Medium to High motivation: Tails, Whonix, Qubes OS -Routes

      • -
    • -
    • Medium resources:

      -
        -
      • Low motivation: Any Route

      • -
      • Medium to High motivation: Tails, Whonix, Qubes OS -Routes

      • -
    • -
    • High resources:

      -
        -
      • Low to High motivation: Tails, Whonix, Qubes OS Routes
      • -
    • -
  • -
  • Highly skilled:

    -
      -
    • Low resources:

      -
        -
      • Low motivation: Any Route

      • -
      • Medium to High motivation: Tails, Whonix, Qubes OS -Routes

      • -
    • -
    • Medium resources:

      -
        -
      • Low to High motivation: Tails, Whonix, Qubes OS Routes
      • -
    • -
    • High resources:

      -
        -
      • Low to High motivations: Tails, Whonix, Qubes OS Routes (but -likely out of scope from this guide as this is probably a global -adversary)
      • -
    • -
  • -
-

In all cases, you should read these two pages from the Whonix -documentation that will give you in-depth insight into your choices:

- -

You might be asking yourself: “How do I know if I’m in a hostile -online environment where activities are actively monitored and -blocked?”

- -

Steps for all routes:

-

Getting used to using -better passwords:

-

See Appendix -A2: Guidelines for passwords and passphrases.

-

Getting an anonymous Phone -number:

-

Skip this step if you have no intention of creating anonymous -accounts on most mainstream platforms but just want anonymous browsing -or if the platforms you will use allow registration without a phone -number.

-

Physical Burner -Phone and prepaid SIM card:

-
Get a burner phone:
-

This is rather easy. Leave your smartphone on and at home. Have some -cash and go to some random flea market or small shop (ideally one -without CCTV inside or outside and while avoiding being -photographed/filmed) and just buy the cheapest phone you can find with -cash and without providing any personal information. It only needs to be -in working order.

-

A note regarding your current phone: The point of leaving -your smartphone on is to create avoid leaking the fact that you’re not -using the device. If a smartphone is turned off, this creates a metadata -trail that can be used to correlate the time your smartphone was turned -off with the activation of your burner. If possible, leave your phone -doing something (for example, watching YouTube on auto-play) to obscure -the metadata trail further. This will not make it impossible to -correlate your inactivity, but may make it more difficult if your -phone’s usage patterns can look convincing while you buy your -burner.

-

We would recommend getting an old “dumbphone” with a removable -battery (old Nokia if your mobile networks still allow those to connect -as some countries phased out 1G-2G completely). This is to avoid the -automatic sending/gathering of any telemetry/diagnostic data on the -phone itself. You should never connect that phone to any Wi-Fi.

-

Site Note: Be careful of some sellers as shown here https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/ -[Archive.org]

-

It will also be crucial not to power on that burner phone ever (not -even without the SIM card) in any geographical location that could lead -to you (at your home/work for instance) and never at the same location -as your other known smartphone (because that one has an IMEI/IMSI that -will easily lead to you). This might seem like a big burden, but it is -not as these phones are only being used during the setup/sign-up process -and for verification from time to time.

-

See Appendix -N: Warning about smartphones and smart devices

-

You should test that the phone is in working order before going to -the next step. But we will repeat ourselves and state that it is -important to leave your smartphone at home when going (or turn it off -before leaving if you must keep it) and that you test the phone at a -random location that cannot be tracked back to you (and again, do not do -that in front of a CCTV, avoid cameras, be aware of your surroundings). -No need for Wi-Fi at this place either.

-

When you are certain the phone is in working order, disable Bluetooth -then power it off (remove the battery if you can) and go back home and -resume your normal activities. Go to the next step.

-
Getting an anonymous -pre-paid SIM card:
-

This is the hardest part of the whole guide. It is a SPOF (Single -Point of Failure). The places where you can still buy prepaid SIM cards -without ID registration are getting increasingly limited due to various -KYC type regulations304.

-

So here is a list of places where you can still get them now: https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country -[Archive.org]

-

You should be able to find a place that is “not too far” and just go -there physically to buy some pre-paid cards and top-up vouchers with -cash. Do verify that no law was passed before going that would make -registration mandatory (in case the above wiki was not updated). Try to -avoid CCTV and cameras and do not forget to buy a Top-Up voucher with -the SIM card (if it is not a package) as most pre-paid cards will -require a top-up before use.

-

See Appendix -N: Warning about smartphones and smart devices

-

Double-check that the mobile operators selling the pre-paid SIM cards -will accept the SIM activation and top-up without any ID registration of -any kind before going there. Ideally, they should accept SIM activation -and top-up from the country you live in.

-

We would recommend GiffGaff in the UK as they are “affordable”, do -not require identification for activation and top-up, and will even -allow you to change your number up to two times from their website. One -GiffGaff prepaid SIM card will therefore grant you three numbers to use -for your needs.

-

Power off the phone after activation/top-up and before going home. Do -not ever power it on again unless you are not at a place that can be -used to reveal your identity and ideally leave your real phone on but at -home before going to the safe place with only your burner phone.

-

Online Phone Number:

-

DISCLAIMER: Do not attempt this until you are done setting up -a secure environment according to one of the selected routes. This step -will require online access and should only be done from an anonymous -network. Do not do this from any known/unsecured environment. Skip this -until you have finished one of the routes.

-

There are many commercial services offering numbers to receive SMS -messages online but most of those have no anonymity/privacy and can be -of no help as most Social Media platforms place a limit on how many -times a phone number can be used for registration.

-

There are some forums and subreddits (like r/phoneverification/) -where users will offer the service of receiving such SMS messages for -you for a small fee (using PayPal or some crypto payment). -Unfortunately, these are full of scammers and very risky in terms of -anonymity. You should not use those under any -circumstance.

-

To this date, we do not know any reputable service that would offer -this service and accept cash payments (by post for instance) like some -VPN providers. But a few services are providing online phone numbers and -do accept Monero which could be reasonably anonymous (yet less -recommended than that physical way in the earlier chapter) that you -could consider:

- -

There are some other possibilities listed here https://cryptwerk.com/companies/sms/xmr/ [Archive.org]. -Use at your own risk.

-

Now, what if you have no money? Well, in that case, you will have to -try your luck with free services and hope for the best. Here are some -examples, use at your own risk:

- -

Disclaimer: We cannot vouch for any of these providers. We -recommend doing it yourself physically. In this case, you will have to -rely on the anonymity of Monero and you should not use any service that -requires any kind of identification using your real identity. Please do -read Appendix B2: Monero -Disclaimer.

-

It is more convenient, cheaper, and less risky to just get a pre-paid -SIM card from one of the physical places that still sell them for cash -without ID.

-

Get a USB key:

-

Skip this step if you have no intention of creating anonymous -accounts on most mainstream platforms, but you will want anonymous -browsing; or if the platforms which you will use allow registration -without a phone number.

-

Get at least one or two decent size generic USB keys (at least 16GB -but we would recommend 32GB).

-

Please do not buy or use gimmicky self-encrypting devices such as -these: https://syscall.eu/blog/2018/03/12/aigo_part1/ [Archive.org]

-

Some might be very efficient305 but many are -gimmicky gadgets that offer no real protection306.

-

Find some safe -places with decent public Wi-Fi:

-

You need to find safe places where you will be able to do your -sensitive activities using some publicly accessible Wi-Fi (without any -account/ID registration, avoid CCTVs).

-

This can be anywhere that will not be tied to you directly (your -home/work) and where you can use the Wi-Fi for a while without being -bothered. But also, a place where you can do this without being -“noticed” by anyone.

-

If you think Starbucks is a clever idea, you may reconsider:

-
    -
  • They probably have CCTVs in all their shops and keep those -recordings for an unknown amount of time.

  • -
  • You will need to buy a coffee to get the Wi-Fi access code in -most. If you pay for this coffee with an electronic method, they will be -able to tie your Wi-Fi access with your identity.

  • -
-

Situational awareness is key, and you should be constantly aware of -your surroundings and avoid touristy places like it was plagued by -Ebola. You want to avoid appearing on any picture/video of anyone while -someone is taking a selfie, making a TikTok video, or posting some -travel pictures on their Instagram. If you do, remember chances are high -that those pictures will end up online (publicly or privately) with full -metadata attached to them (time/date/geolocation) and your face. -Remember these can and will be indexed by Facebook/Google/Yandex/Apple -and probably all three letters’ agencies.

-

While this will not be available yet to your local police officers, -it could be in the near future.

-

You will ideally need a set of 3-5 separate places such as this to -avoid using the same place twice. Several trips will be needed over the -weeks for the various steps in this guide.

-

You could also consider connecting to these places from a safe -distance for added security. See Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance.

-

The Tor Browser route:

-

This part of the guide will help you in setting up the simplest and -easiest way to browse the web anonymously. It is not necessarily the -best method and there are more advanced methods below with (much) better -security and (much) better mitigations against various adversaries. Yet, -this is a straightforward way of accessing resources anonymously and -quickly with no budget, no time, no skills, and limited usage.

-

So, what is Tor Browser? Tor Browser (https://www.torproject.org/ [Archive.org]) -is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with -privacy and anonymity in mind.

-

This browser is different from other browsers as it will connect to -the internet through the Tor Network using Onion Routing. We first -recommend that you watch this very nice introduction video by the Tor -Project themselves: https://www.youtube.com/watch?v=JWII85UlzKw [Invidious]. After -that, you should probably head over to their page to read their quick -overview here: https://2019.www.torproject.org/about/overview.html.en -[Archive.org]. -Without going into too many technical details, Tor Browser is an easy -and simple “fire and forget” solution to browse the web anonymously from -pretty much any device. It is probably sufficient for most people and -can be used from any computer or smartphone.

-

Here are several ways to set it up for all main OSes.

-

Warning: You should avoid installing extensions in -Tor Browser, as they can be used to fingerprint and identify you.

-

Windows, Linux, and macOS:

-

Please see Appendix Y: -Installing and using desktop Tor Browser.

-

Android:

-

Note on Tor Browser for Android: The development of Tor -Browser for Android is behind desktop Tor Browser Bundle (TBB). Some -features are not available yet. E.g., the desktop version of Tor now -enables automatic bridges using Moat:

-

Connection Assist works by looking up and -downloading an up-to-date list of country-specific options to try using -your location (with your consent). It manages to do so without needing -to connect to the Tor Network first by utilizing moat – the same -domain-fronting tool that Tor Browser uses to request a bridge from -torproject.org.”

- -

Personally, if you need to use a Bridge (this is not necessary for a -non-hostile environment), you should pick a Meek-Azure. Those will -probably work even if you are in China and want to bypass the Great -Firewall. It is probably the best option to obfuscate your Tor -activities if needed and Microsoft servers are usually not blocked.

-

Only available for Desktop Tor users: Recently, the Tor Project -has made it incredibly simple to access Bridges with Connection -Assist, and it is now automatically done in hostile or censored -regions. Simply open the Tor Browser and the connection will be -configured based on your needs on any hostile network. Previously, we -had a list of options below this paragraph which were necessary to -enable and configure bridges, but now that this is done automatically -using moat. -[Archive.org]

-
    -
  • You are almost done
  • -
-

As with the desktop version, you need to know there are safety levels -in Tor Browser. On Android, you can access these by following these -steps:

-
    -
  • Click the menu (bottom right)

  • -
  • Click Settings.

  • -
  • Head over to the Privacy and security -section.

  • -
  • Click Security Settings.

  • -
-

You will find details about each level here: https://tb-manual.torproject.org/security-settings/ -[Archive.org] -but here is a summary:

-
    -
  • Standard (the default):

    -
      -
    • All features are enabled (including JavaScript)
    • -
  • -
  • Safer:

    -
      -
    • JavaScript is disabled on non-HTTPS websites

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
  • Safest:

    -
      -
    • Javascript is disabled everywhere

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
-

We would recommend the “Safer” level for most cases. The Safest level -should be enabled if you think you are accessing suspicious or dangerous -websites and/or if you are extra paranoid.

-

If you are extra paranoid, use the “Safest” level by default and -consider downgrading to Safer is the website is unusable because of -Javascript blocking.

-

However, the Safer level should be used with some extra precautions -while using some websites: see Appendix -A5: Additional browser precautions with JavaScript enabled.

-

Now, you are really done, and you can now surf the web anonymously -from your Android device.

-

Please see Warning for using -Orbot on Android.

-

iOS:

-

Disclaimer: Onion Browser, following a 2018 release on iOS, -has had IP leaks via WebRTC. It is still the only officially endorsed -browser for the Tor network for iOS. Users should exercise caution when -using the browser and check for any DNS leaks.

-

While the official Tor Browser is not yet available for iOS, there is -an alternative called Onion Browser endorsed by the Tor Project307.

- -

Personally, if you need to use a Bridge (this is not necessary for a -non-hostile environment), you should pick a Snowflake one (since -Meek-Azure bridges are not available). Those will probably work even if -you are in China and want to bypass the Great Firewall. It is probably -the best option you have on iOS.

-
    -
  • You are almost done
  • -
-

As with the desktop version, you need to know there are safety levels -in Onion Browser. On iOS, you can access these by following these -steps:

-
    -
  • Click the shield icon (upper left)

  • -
  • You will have three levels to pick from

    -
      -
      1. -
      2. Gold: Ideal if you are suspicious, paranoid, or accessing what you -think are dangerous resources.
      3. -
      -
        -
      • JavaScript is disabled

      • -
      • WebSockets, Geolocation, and XHR are disabled

      • -
      • No Video or Audio

      • -
      • Links cannot open Apps

      • -
      • WebRTC is blocked

      • -
      • Mixed HTTP/HTTPS is blocked

      • -
      • Ads and Pop-Ups are blocked

      • -
    • -
      1. -
      2. Silver:
      3. -
      -
        -
      • JavaScript partially allowed

      • -
      • WebSockets, Geolocation, and XHR are disabled

      • -
      • No Video or Audio

      • -
      • Links cannot open Apps

      • -
      • WebRTC is blocked

      • -
      • Mixed HTTP/HTTPS is blocked

      • -
      • Ads and Pop-Ups are blocked

      • -
    • -
      1. -
      2. Bronze (not recommended):
      3. -
      -
        -
      • JavaScript allowed

      • -
      • Audio and Video allowed

      • -
      • Links cannot open Apps

      • -
      • WebRTC is not blocked

      • -
      • Mixed HTTP/HTTPS is not blocked

      • -
      • Ads and Pop-Ups are blocked

      • -
    • -
  • -
-

We would recommend the “Silver” level for most cases. The Gold level -should only be enabled if you think you are accessing suspicious or -dangerous websites or if you are extra paranoid. The Gold mode will also -most likely break many websites that rely actively on JavaScript.

-

As JavaScript is enabled in the Silver mode, please see Appendix -A5: Additional browser precautions with JavaScript enabled.

-

Now, you are really done, and you can now surf the web anonymously -from your iOS device.

-

Important Warning:

-

This route is the easiest but is not designed to resist -highly skilled adversaries. It is however usable on any device -regardless of the configuration. This route is also vulnerable to -correlation attacks (See Your -Anonymized Tor/VPN traffic) and is blind to anything that might be -on your device (this could be any malware, exploit, virus, remote -administration software, parental controls…). Yet, if your threat model -is quite low, it is probably sufficient for most people.

-

If you have time and want to learn, we recommend going for other -routes instead as they offer far better security and mitigate far more -risks while lowering your attack surface considerably.

-

The Tails route:

-

This part of the guide will help you in setting up Tails if one of -the following is true:

-
    -
  • You cannot afford a dedicated laptop

  • -
  • Your dedicated laptop is just too old and too slow

  • -
  • You have very low IT skills

  • -
  • You decide to go with Tails anyway

  • -
-

Tails308 stands for The Amnesic -Incognito Live System. It is a bootable Live Operating System -running from a USB key that is designed for leaving no traces and -forcing all connections through the Tor network.

-

You insert the Tails USB key into your laptop, boot from it and you -have a full operating system running with privacy and anonymity in mind. -As soon as you shut down the computer, everything will be gone unless -you saved it somewhere.

-

Tails is an amazingly straightforward way to get going in no time -with what you have and without much learning. It has extensive -documentation and tutorials.

-

WARNING: Tails is not always up to date with their bundled -software. And not always up to date with the Tor Browser updates either. -You should always make sure you are using the latest version of Tails -and you should use extreme caution when using bundled apps within Tails -that might be vulnerable to exploits and reveal your location309.

-

It does however have some drawbacks:

-
    -
  • Tails uses Tor and therefore you will be using Tor to access any -resource on the internet. This alone will make you suspicious to most -platforms where you want to create anonymous accounts (this will be -explained in more detail later).

  • -
  • Your ISP (whether it is yours or some public Wi-Fi) will also see -that you are using Tor, and this could make you suspicious in -itself.

  • -
  • Tails does not include (natively) some of the software you might -want to use later which will complicate things quite a bit if you want -to run some specific things (Android Emulators for instance).

  • -
  • Tails uses Tor Browser which while it is very secure will be -detected as well by most platforms and will hinder you in creating -anonymous identities on many platforms.

  • -
  • Tails will not protect you more from the 5$ wrench310.

  • -
  • Tor in itself might not be enough to protect you from an -adversary with enough resources as explained earlier.

  • -
-

Important Note: If your laptop is monitored/supervised and -some local restrictions are in place, please read Appendix -U: How to bypass (some) local restrictions on supervised -computers.

-

You should also read Tails Documentation, Warnings, and limitations, -before going further https://tails.boum.org/doc/about/warnings/index.en.html -[Archive.org]

-

Taking all this into account and the fact that their documentation is -great, we will just redirect you towards their well-made and -well-maintained tutorial:

-

https://tails.boum.org/install/index.en.html [Archive.org], -pick your flavor and proceed.

-

If you’re having an issue accessing Tor due to censorship or other -issues, you can try using Tor Bridges by following this Tails tutorial: -https://tails.boum.org/doc/anonymous_internet/tor/index.en.html -[Archive.org] -and find more information about these on Tor Documentation https://2019.www.torproject.org/docs/bridges [Archive.org]

-

If you think using Tor alone is dangerous/suspicious, see Appendix -P: Accessing the internet as safely as possible when Tor/VPN is not an -option

-

Tor Browser settings on -Tails:

-

When using Tor Browser, you should click the little shield Icon -(upper right, next to the Address bar) and select your Security level -(see https://tb-manual.torproject.org/security-settings/ -[Archive.org] -for details). Basically, there are three.

-
    -
  • Standard (the default):

    -
      -
    • All features are enabled (including JavaScript)
    • -
  • -
  • Safer:

    -
      -
    • JavaScript is disabled on non-HTTPS websites

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
  • Safest:

    -
      -
    • Javascript is disabled everywhere

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
-

We would recommend the “Safer” level for most cases. The Safest level -should be enabled if you think you are accessing suspicious or dangerous -websites or if you are extra paranoid. The Safest mode will also most -likely break many websites that rely actively on JavaScript.

-

If you are extra paranoid, use the “Safest” level by default and -consider downgrading to Safer is the website is unusable because of -Javascript blocking.

-

Lastly, while using Tor Browser on Tails on the “Safer” level, please -consider Appendix -A5: Additional browser precautions with JavaScript enabled

-

When you are done and have a working Tails on your laptop, go to the -Creating your -anonymous online identities step much further in this guide or if -you want persistence and plausible deniability, continue with the next -section.

-

Persistent -Plausible Deniability using Whonix within Tails:

-

Consider checking the https://github.com/aforensics/HiddenVM [Archive.org] -project for Tails.

-

This project is a clever idea of a one-click self-contained VM -solution that you could store on an encrypted disk using plausible -deniability311 (see The Whonix route: first chapters and also -for some explanations about Plausible deniability, as well as the How -to securely delete specific files/folders/data on your HDD/SSD and Thumb -drives: section at the end of this guide for more -understanding).

-

This would allow the creation of a hybrid system mixing Tails with -the Virtualization options of the Whonix route in this guide.

-
-image19 - -
-

Note: See Pick your connectivity method -in the Whonix Route for more explanations about Stream -Isolation

-

In short:

-
    -
  • You could run non-persistent Tails from one USB key (following -their recommendations)

  • -
  • You could store persistent VMs within a secondary container that -could be encrypted normally or using the Veracrypt plausible deniability -feature (these could be Whonix VMs for instance or any other).

  • -
  • You do benefit from the added Tor Stream Isolation feature (see -Tor over VPN for more info about stream -isolation).

  • -
-

In that case, as the project outlines it, there should be no traces -of any of your activities on your computer and the sensitive work could -be done from VMs stored into a Hidden container that should not be -easily discoverable by a soft adversary.

-

This option is particularly interesting for “traveling light” -and to mitigate forensics attacks while keeping persistence on your -work. You only need 2 USB keys (one with Tails and one with a -Veracrypt container containing persistent Whonix). The first USB key -will appear to contain just Tails and the second USB will appear to -contain just random garbage but will have a decoy volume which you can -show for plausible deniability.

-

You might also wonder if this will result in a “Tor over Tor” setup, -but it will not. The Whonix VMs will be accessing the network directly -through clearnet and not through Tails Onion Routing.

-

In the future, this could also be supported by the Whonix project -themselves as explained here: https://www.whonix.org/wiki/Whonix-Host [Archive.org] -but it is not yet recommended as of now for end-users.

-

Remember that encryption with or without plausible deniability is not -a silver bullet and will be of little use in case of torture. As a -matter a fact, depending on who your adversary would be (your threat -model), it might be wise not to use Veracrypt (formerly TrueCrypt) at -all as shown in this demonstration: https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm -[Archive.org]

-

Plausible deniability is only effective against soft lawful -adversaries that will not resort to physical means.

-

See https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis -[Wikiless] -[Archive.org]

-

CAUTION: Please see Appendix -K: Considerations for using external SSD drives and Understanding HDD vs -SSD sections if you consider storing such hidden VMs on an -external SSD drive:

-
    -
  • Do not use hidden volumes on SSD drives as this is not -supported/recommended by Veracrypt312.

  • -
  • Use instead file containers instead of encrypted -volumes.

  • -
  • Make sure you do know how to clean data from an external -SSD drive properly.

  • -
-

Here is my guide on how to achieve this:

-

First Run:

-
    -
  • Download the latest HiddenVM release from https://github.com/aforensics/HiddenVM/releases [Archive.org]

  • -
  • Download the latest Whonix XFCE release from https://www.whonix.org/wiki/VirtualBox/XFCE [Archive.org]

  • -
  • Prepare a USB Key/Drive with Veracrypt

    -
      -
    • Create a Hidden Volume on the USB/Key Drive (We would recommend -at least 16GB for the hidden volume)

    • -
    • In the Outer Volume, place some decoy files

    • -
    • In the Hidden Volume, place the HiddenVM appimage file

    • -
    • In the Hidden Volume, place the Whonix XFCE ova file

    • -
  • -
  • Boot into Tails

  • -
  • Setup the Keyboard layout as you want.

  • -
  • Select Additional Settings and set an administrator (root) -password (needed for installing HiddenVM)

  • -
  • Start Tails

  • -
  • Connect to a safe wi-fi (this is a required step for the rest to -work)

  • -
  • Go into Utilities and Unlock your Veracrypt (hidden) Volume (do -not forget to check the hidden volume checkbox)

  • -
  • Launch the HiddenVM appimage

  • -
  • When prompted to select a folder, select the Root of the Hidden -volume (where the Whonix OVA and HiddenVM app image files are).

  • -
  • Let it do its thing (This will install Virtualbox within Tails -with one click)

  • -
  • When it is done, it should automatically start Virtualbox -Manager.

  • -
  • Import the Whonix OVA files (see Whonix Virtual Machines:)

  • -
-

Note, if during the import you are having issues such as -“NS_ERROR_INVALID_ARG (0x80070057)”, this is probably because there is -not enough disk space on your Hidden volume for Whonix. Whonix -themselves recommend 32GB of free space but that’s probably not -necessary and 10GB should be enough for a start. You can try working -around this error by renaming the Whonix .OVA file to .TAR and -decompressing it within Tails. When you are done with decompression, -delete the OVA file and import the other files with the Import wizard. -This time it might work.

-

Subsequent Runs:

-
    -
  • Boot into Tails

  • -
  • Connect to Wi-Fi

  • -
  • Unlock your Hidden Volume

  • -
  • Launch the HiddenVM App

  • -
  • This should automatically open VirtualBox manager and show your -earlier VMs from the first run

  • -
-

Steps for all other routes:

-

Get a -dedicated laptop for your sensitive activities:

-

Ideally, you should get a dedicated laptop that will not be tied to -you in any effortless way (ideally paid with cash anonymously and using -the same precautions as previously mentioned for the phone and the SIM -card). It is recommended but not mandatory. This guide will help you -harden your laptop as much as possible to prevent data leaks through -various means. There will be several lines of defense standing between -your online identities and yourself which should prevent most -adversaries from de-anonymizing you - besides state/global actors. It -will take considerable resources.

-

This laptop should ideally be a clean, freshly installed laptop -(running Windows, Linux, or macOS); which is clean of your normal -day-to-day activities; and which is offline (never connected to your -home network). In the case of a Windows laptop, and if you used it -before such a clean install, it should also not be activated. Simply -reinstall without a product key in the case that it came pre-activated. -Specifically, in the case of MacBooks, it should never have been tied to -your identity before in any means. So, buy secondhand with cash from an -unknown stranger who does not know your identity.

-

This is to mitigate some future issues in case of online leaks -(including telemetry from your OS or Apps) that could compromise any -unique identifiers of the laptop while using it (MAC Address, Bluetooth -Address, and Product key …). But also, to avoid being tracked back if -you need to dispose of the laptop.

-

If you used this laptop before for different purposes (like your -day-to-day activities), all its hardware identifiers are probably known -and registered by Microsoft or Apple. If later any of those identifiers -is compromised (by malware, telemetry, exploits, human errors …) they -could lead back to you.

-

The laptop should have at least 250GB of Disk Space at least -6GB (ideally 8GB or 16GB) of RAM and should be able to run a -couple of Virtual Machines at the same time. It should have a working -battery that lasts a few hours. You should aim for something with large -storage (1TB+) if possible because we will need as much as possible.

-

This laptop could have an HDD (7200rpm) or an SSD/NVMe drive. Both -possibilities have their benefits and issues that will be detailed -later.

-

All future online steps performed with this laptop should ideally be -done from a safe network such as Public Wi-Fi in a safe place (see Find some safe -places with decent public Wi-Fi). But several steps will have to be -taken offline first.

-

Some laptop recommendations:

-

We would strongly recommend getting a “business grade” laptop -(meaning not consumer/gaming-grade laptop) if you can. For instance, -some ThinkPad from Lenovo (my personal favorite).

-

This is because those business laptops usually offer better and more -customizable security features (especially in the BIOS/UEFI settings) -with longer support than most consumer laptops (Asus, MSI, Gigabyte, -Acer…). The interesting features to look for are:

-
    -
  • Better custom Secure Boot settings (where you can -selectively manage all the keys and not just use the Standard -ones)

  • -
  • HDD/SSD passwords in addition to just BIOS/UEFI -passwords.

  • -
  • AMD laptops could be more interesting as some provide the ability -to disable AMD PSP (the AMD equivalent of Intel IME) from the BIOS/UEFI -settings by default. And, because AFAIK, AMD PSP was audited and -contrary to IME was not found to have any “evil” functionalities313. However, if you are going for the -Qubes OS Route consider Intel CPUs as Qubes OS does not support AMD with -their anti-evil-maid system314.

  • -
  • Secure Wipe tools from the BIOS (especially useful for SSD/NVMe -drives, see Appendix -M: BIOS/UEFI options to wipe disks in various Brands).

  • -
  • Better control over the disabling/enabling of select peripherals -(USB ports, Wi-Fis, Bluetooth, Camera, Microphone …).

  • -
  • Better security features with Virtualization.

  • -
  • Native anti-tampering protections.

  • -
  • Longer support with BIOS/UEFI updates (and subsequent BIOS/UEFI -security updates).

  • -
  • Some are supported by Libreboot

  • -
-

Bios/UEFI/Firmware -Settings of your laptop:

-

PC:

-

These settings can be accessed through the boot menu of your laptop. -Here is a good tutorial from HP explaining all the ways to access the -BIOS on various computers: https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs -[Archive.org]

-

Usually how to access it is by pressing a specific key (F1, F2, or -Del) at boot (before your OS).

-

Once you are in there, you will need to apply a few recommended -settings:

-
    -
  • Disable Bluetooth completely if you can.

  • -
  • Disable Biometrics (fingerprint scanners) if you have any if you -can. However, you could add a biometric additional check for booting -only (pre-boot) but not for accessing the BIOS/UEFI settings.

  • -
  • Disable the Webcam and Microphone if you can.

  • -
  • Enable BIOS/UEFI password and use a long passphrase instead of a -password (if you can) and make sure this password is required for:

    -
      -
    • Accessing the BIOS/UEFI settings themselves

    • -
    • Changing the Boot order

    • -
    • Startup/Power-on of the device

    • -
  • -
  • Enable HDD/SSD password if the feature is available. This feature -will add another password on the HDD/SSD itself (not in the BIOS/UEFI -firmware) that will prevent this HDD/SSD from being used in a different -computer without the password. Note that this feature is also specific -to some manufacturers and could require specific software to unlock this -disk from a completely different computer.

  • -
  • Prevent accessing the boot options (the boot order) without -providing the BIOS/UEFI password if you can.

  • -
  • Disable USB/HDMI or any other port (Ethernet, Firewire, SD card -…) if you can.

  • -
  • Disable Intel ME if you can (odds are very high you -can’t).

  • -
  • Disable AMD PSP if you can (AMD’s equivalent to IME, see Your CPU)

  • -
  • Disable Secure Boot if you intend to use Qubes OS as they do not -support it out of the box315. Keep it on if you -intend to use Linux/Windows.

  • -
  • Check if your laptop BIOS has a secure erase option for your -HDD/SSD that could be convenient in case of need.

  • -
-

Only enable those on a “need to use” basis and disable them again -after use. This can help mitigate some attacks in case your laptop is -seized while locked but still on OR if you had to shut it down rather -quickly and someone took possession of it (this topic will be explained -later in this guide).

-
About Secure boot:
-

So, what is Secure Boot316? In short, it is a -UEFI security feature designed to prevent your computer from booting an -operating system from which the bootloader was not signed by specific -keys stored in the UEFI firmware of your laptop.

-

When the operating system (or the Bootloader317) supports it, you can store the -keys of your bootloader in your UEFI firmware, and this will prevent -booting up any unauthorized Operating System (such as a live OS USB or -anything similar).

-

Secure Boot settings are protected by the password you set up to -access the BIOS/UEFI settings. If you have that password, you can -disable Secure Boot and allow unsigned OSes to boot on your system. This -can help mitigate some Evil-Maid attacks (explained later in this -guide).

-

In most cases, Secure Boot is disabled by default or is enabled but -in “setup” mode which will allow any system to boot. For Secure Boot to -work, your Operating System will have to support it and then sign its -bootloader and push those signing keys to your UEFI firmware. After -that, you will have to go to your BIOS/UEFI settings and save those -pushed keys from your OS and change the Secure Boot from setup to user -mode (or custom mode in some cases).

-

After doing that step, only the Operating Systems from which your -UEFI firmware can verify the integrity of the bootloader will be able to -boot.

-

Most laptops will have some default keys already stored in the secure -boot settings. Usually, those are from the manufacturer itself or some -companies such as Microsoft. So, this means that by default, it will -always be possible to boot some USB disks even with secure boot. These -include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, OpenSUSE, Tails, -Clonezilla, and many others. Secure Boot is however not supported at all -by Qubes OS at this point.

-

In some laptops, you can manage those keys and remove the ones you do -not want with a “custom mode” to only authorize your bootloader that you -could sign yourself if you want to.

-

So, what is Secure Boot protecting you from? It will protect your -laptop from booting unsigned bootloaders (by the OS provider) with for -instance injected malware.

-

What is Secure Boot not protecting you from?

-
    -
  • Secure Boot is not encrypting your disk and an adversary can -still just remove the disk from your laptop and extract data from it -using a different machine. Secure Boot is therefore useless without full -disk encryption.

  • -
  • Secure Boot is not protecting you from a signed bootloader that -would be compromised and signed by the manufacturer itself (Microsoft -for example in the case of Windows). Most mainstream Linux distributions -are signed these days and will boot with Secure Boot enabled.

  • -
  • Secure Boot can have flaws and exploits like any other system. If -you are running an old laptop that does not benefit from new BIOS/UEFI -updates, these can be left unfixed.

  • -
-

Additionally, several attacks could be possible against Secure Boot -as explained (in-depth) in these technical videos:

- -

So, it can be useful as an added measure against some -adversaries but not all. Secure Boot in itself is not encrypting your -hard drive. It is an added layer but that is it.

-

I still recommend you keep it on if you can.

-

Mac:

-

Take a moment to set a firmware password according to the tutorial -here: https://support.apple.com/en-au/HT204455 [Archive.org]

-

You should also enable firmware password reset protection (available -from Catalina) according to the documentation here: https://support.apple.com/en-gb/guide/security/sec28382c9ca/web -[Archive.org]

-

This feature will mitigate the possibility for some adversaries to -use hardware hacks to disable/bypass your firmware password. Note that -this will also prevent Apple themselves from accessing the firmware in -case of repair.

-

Physically Tamper protect -your laptop:

-

At some point, you will inevitably leave this laptop alone somewhere. -You will not sleep with it and take it everywhere every single day. You -should make it as hard as possible for anyone to tamper with it without -you noticing it. This is mostly useful against some limited adversaries -that will not use a 5$ wrench against you318.

-

It is important to know that it is trivially easy for some -specialists to install a key logger in your laptop, or to just make a -clone copy of your hard drive that could later allow them to detect the -presence of encrypted data in it using forensic techniques (more on that -later).

-

Here is a good cheap method to make your laptop tamper-proof using -Nail Polish (with glitter) https://mullvad.net/en/help/how-tamper-protect-laptop/ -[Archive.org] -319 (with pictures).

-

While this is a good cheap method, it could also raise suspicions as -it is quite “noticeable” and might just reveal that you “have something -to hide”. So, there are more subtle ways of achieving the same result. -You could also for instance make a close-up macro photography of the -back screws of your laptop or just use a small amount of candle wax -within one of the screws that could just look like usual dirt. You could -then check for tampering by comparing the photographs of the screws with -new ones. Their orientation might have changed a bit if your adversary -was not careful enough (Tightening them exactly the same way they were -before). Or the wax within the bottom of a screw head might have been -damaged compared to before.

-
-image20 - -
-
-image21 - -
-

The same techniques can be used with USB ports where you could just -put a tiny amount of candle wax within the plug that would be damaged by -inserting a USB key in it.

-

In riskier environments, check your laptop for tampering before using -it regularly.

-

The Whonix route:

-

Picking -your Host OS (the OS installed on your laptop):

-

This route will make extensive use of Virtual Machines320, they will require a host OS to -run the Virtualization software. You have three recommended choices in -this part of the guide:

-
    -
  • Your Linux distribution of choice (excluding Qubes OS)

  • -
  • Windows 10/11 (preferably Home edition due to the absence of -Bitlocker)

  • -
  • macOS (Catalina or higher up to Monterey)

  • -
-

In addition, chances are high that your Mac is or has been tied to an -Apple account (at the time of purchase or after signing-in) and -therefore its unique hardware identifiers could lead back to you in case -of hardware identifiers leak.

-

Linux is also not necessarily the best choice for anonymity depending -on your threat model. This is because using Windows will allow us to -conveniently use Plausible Deniability321 -(aka Deniable Encryption322) easily at the OS -level. Windows is also unfortunately at the same time a privacy -nightmare323 but is the only easy to set up -option for using OS-wide plausible deniability. Windows telemetry and -telemetry blocking are also widely documented which should mitigate many -issues.

-

So, what is Plausible Deniability? You can cooperate -with an adversary requesting access to your device/data without -revealing your true secret. All this using Deniable Encryption324.

-

A soft lawful adversary could ask for your encrypted laptop password. -At first, you could refuse to give out any password (using your “right -to remain silent”, “right not to incriminate yourself”) but some -countries are implementing laws325326 -to exempt this from such rights (because terrorists and “think of the -children”). In that case, you might have to reveal the password or face -jail time in contempt of court. This is where plausible deniability will -come into play.

-

You could then reveal a password, but that password will only give -access to “plausible data” (a decoy OS). The forensics will be well -aware that it is possible for you to have hidden data but should not be -able to prove this (if you do this right). You will -have cooperated, and the investigators will have access to something but -not what you actually want to hide. Since the burden of proof should lie -on their side, they will have no options but to believe you unless they -have proof that you have hidden data.

-

This feature can be used at the OS level (a plausible OS and a hidden -OS) or at the files level where you will have an encrypted file -container (similar to a zip file) where different files will be shown -depending on the encryption password you use.

-

This also means you could set up your own advanced “plausible -deniability” setup using any Host OS by storing for instance Virtual -Machines on a Veracrypt hidden volume container (be careful of traces in -the Host OS tho that would need to be cleaned if the host OS is -persistent, see Some additional -measures against forensics section later). There is a project for -achieving this within Tails (https://github.com/aforensics/HiddenVM [Archive.org]) -which would make your Host OS non-persistent and use plausible -deniability within Tails.

-

In the case of Windows, plausible deniability is also the reason you -should ideally have Windows 10/11 Home (and not Pro). This is because -Windows 10/11 Pro natively offers a full-disk encryption system -(Bitlocker327) where Windows 10/11 Home offers -no full-disk encryption at all. You will later use third-party -open-source software for encryption that will allow full-disk encryption -on Windows 10/11 Home. This will give you a good (plausible) excuse to -use this software. While using this software on Windows 10/11 Pro would -be suspicious.

-

Note about Linux: So, what about Linux and plausible -deniability? Yes, it is possible to achieve plausible deniability with -Linux too. More information within the Linux Host OS section later.

-

Unfortunately, encryption is not magic and there are some risks -involved:

-

Threats with encryption:

-
The 5$ Wrench:
-

Remember that encryption with or without plausible deniability is not -a silver bullet and will be of little use in case of torture. As a -matter a fact, depending on who your adversary would be (your threat -model), it might be wise not to use Veracrypt (formerly TrueCrypt) at -all as shown in this demonstration: https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm -[Archive.org]

-

Plausible deniability is only effective against soft lawful -adversaries that will not resort to physical means. Avoid, if -possible, the use of plausible deniability-capable software (such as -Veracrypt) if your threat model includes hard adversaries. So, Windows -users should in that case install Windows Pro as a Host OS and use -Bitlocker instead.

-

See https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis -[Wikiless] -[Archive.org]

-
Evil-Maid Attack:
-

Evil Maid Attacks328 are conducted when someone tampers -with your laptop while you are away. To install to clone your hard -drive, install malware or a key logger. If they can clone your hard -drive, they can compare one image of your hard drive at the time they -took it while you were away with the hard drive when they seize it from -you. If you used the laptop again in between, forensics examiners might -be able to prove the existence of the hidden data by looking at the -variations between the two images in what should be an empty/unused -space. This could lead to compelling evidence of the existence of hidden -data. If they install a key logger or malware within your laptop -(software or hardware), they will be able to simply get the password -from you for later use when they seize it. Such attacks can be done at -your home, your hotel, a border crossing, or anywhere you leave your -devices unattended.

-

You can mitigate this attack by doing the following (as recommended -earlier):

-
    -
  • Have basic tamper protection (as explained previously) to prevent -physical access to the internals of the laptop without your knowing. -This will prevent them from cloning your disks and installing a physical -key logger without your knowledge.

  • -
  • Disable all the USB ports (as explained previously) within a -password-protected BIOS/UEFI. Again, they will not be able to turn them -on (without physically accessing the motherboard to reset the BIOS) to -boot a USB device that could clone your hard drive or install a -software-based malware that could act as a key logger.

  • -
  • Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized -boot of an unauthorized device.

  • -
  • Some OSes and Encryption software have the Anti Evil Maid (AEM) protection that can -be enabled. This is the case with Windows/Veracrypt and QubeOS (only on -Intel CPUs).

  • -
-
Cold-Boot Attack:
-

Cold Boot attacks329 are trickier than the Evil Maid -Attack but can be part of an Evil Maid attack as it requires an -adversary to come into possession of your laptop while you are actively -using your device or shortly afterward.

-

The idea is rather simple, as shown in this video330, an adversary could theoretically -quickly boot your device on a special USB key that would copy the -content of the RAM (the memory) of the device after you shut it down. If -the USB ports are disabled or if they feel like they need more time, -they could open it and “cool down” the memory using a spray or other -chemicals (liquid nitrogen for instance) preventing the memory from -decaying. They could then be able to copy its content for analysis. This -memory dump could contain the key to decrypt your device. You will later -apply a few principles to mitigate these.

-

In the case of Plausible Deniability, there have been some forensics -studies331 about technically proving the -presence of the hidden data with a simple forensic examination (without -a Cold Boot/Evil Maid Attack) but these have been contested by other -studies332 and by the maintainer of -Veracrypt333 so we would not worry too much -about those yet.

-

The same measures used to mitigate Evil Maid attacks should be in -place for Cold Boot attacks with some added ones:

-
    -
  • If your OS or Encryption software allows it, you should consider -encrypting the keys within RAM too (this is possible with -Windows/Veracrypt and will be explained later). Again see https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ -[Archive.org]

  • -
  • Do enable the option to Wipe keys from memory if a device is -inserted in Veracrypt.

  • -
  • You should limit the use of Sleep stand-by and instead use -Shutdown or Hibernate to prevent the encryption keys from staying in RAM -when your computer goes to sleep. This is because sleep will maintain -power in your memory for resuming your activity faster. Only hibernation -and shutdown will actually clear the key from the memory334.

  • -
-

See also https://www.whonix.org/wiki/Cold_Boot_Attack_Defense -[Archive.org] -and https://www.whonix.org/wiki/Protection_Against_Physical_Attacks -[Archive.org]

-

Here are also some interesting tools to consider for Linux users to -defend against these:

- -
About Sleep, Hibernation, -and Shutdown:
-

If you want better security, you should shut down your laptop -completely every time you leave it unattended or close the lid. This -should clean and/or release the RAM and provide mitigations against cold -boot attacks. However, this can be a bit inconvenient as you will have -to reboot completely and type in a ton of passwords into various apps. -Restart various VMs and other apps. So instead, you could also use -hibernation (not supported on Qubes OS). Since the whole disk is -encrypted, hibernation in itself should not pose a large security risk -but will still shut down your laptop and clear the memory while allowing -you to conveniently resume your work afterward. What you should -never do is using the standard sleep feature which will keep your -computer on, and the memory powered. This is an attack vector against -evil-maid and cold-boot attacks discussed earlier. This is because your -powered-on memory holds the encryption keys to your disk (encrypted or -not) and could then be accessed by a skilled adversary.

-

This guide will provide guidance later on how to enable hibernation -on various host OSes (except Qubes OS) if you do not want to shut down -every time.

-
Local Data -Leaks (traces) and forensics examination:
-

As mentioned briefly earlier, these are data leaks and traces from -your operating system and apps when you perform any activity on your -computer. These mostly apply to encrypted file containers (with or -without plausible deniability) than OS-wide encryption. Such leaks are -less “important” if your whole OS is encrypted (if you are not compelled -to reveal the password).

-

Let us say for example you have a Veracrypt encrypted USB key with -plausible deniability enabled. Depending on the password you use when -mounting the USB key, it will open a decoy folder or the sensitive -folder. Within those folders, you will have decoy documents/data within -the decoy folder and sensitive documents/data within the sensitive -folder.

-

In all cases, you will (most likely) open these folders with Windows -Explorer, macOS Finder, or any other utility and do whatever you planned -to do. Maybe you will edit a document within the sensitive folder. Maybe -you will search for a document within the folder. Maybe you will delete -one or watch a sensitive video using VLC.

-

Well, all those Apps and your Operating System might keep logs and -traces of that usage. This might include the full path of the -folder/files/drives, the time those were accessed, temporary caches of -those files, the “recent” lists in each app, the file indexing system -that could index the drive, and even thumbnails that could be -generated

-

Here are some examples of such leaks:

-
Windows:
-
    -
  • Windows ShellBags that are stored within the Windows Registry -silently storing various histories of accessed volumes/files/folders335.

  • -
  • Windows Indexing keeping traces of the files present in your user -folder by default336.

  • -
  • Recent lists (aka Jump Lists) in Windows and various apps keeping -traces of recently accessed documents337.

  • -
  • Many more traces in various logs, please see this convenient -interesting poster for more insight: https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download -[Archive.org]

  • -
-
macOS:
-
    -
  • Gatekeeper338 and XProtect keeping track of your -download history in a local database and file attributes.

  • -
  • Spotlight Indexing

  • -
  • Recent lists in various apps keeping traces of recently accessed -documents.

  • -
  • Temporary folders keeping various traces of App usage and -Document usage.

  • -
  • macOS Logs

  • -
  • -
-
Linux:
-
    -
  • Tracker Indexing

  • -
  • Bash History

  • -
  • USB logs

  • -
  • Recent lists in various apps keeping traces of recently accessed -documents.

  • -
  • Linux Logs

  • -
  • -
-

Forensics could’ use all those leaks (see Local Data Leaks and -Forensics) to prove the existence of hidden data and defeat your -attempts at using plausible deniability and to find out about your -various sensitive activities.

-

It will be therefore important to apply various steps to prevent -forensics from doing this by preventing and cleaning these leaks/traces -and more importantly by using whole disk encryption, virtualization, and -compartmentalization.

-

Forensics cannot extract local data leaks from an OS they cannot -access. And you will be able to clean most of those traces by wiping the -drive or by securely erasing your virtual machines (which is not as easy -as you think on SSD drives).

-

Some cleaning techniques will nevertheless be covered in the “Cover -your Tracks” part of this guide at the very end.

-
Online Data Leaks:
-

Whether you are using simple encryption or plausible deniability -encryption. Even if you covered your tracks on the computer itself. -There is still a risk of online data leaks that could reveal the -presence of hidden data.

-

Telemetry is your enemy. As explained earlier in -this guide, the telemetry of Operating Systems but also from Apps can -send staggering amounts of private information online.

-

In the case of Windows, this data could for instance be used to prove -the existence of a hidden OS / Volume on a computer and would be readily -available at Microsoft. Therefore, it is critically important that you -disable and block telemetry with all the means at your disposal. No -matter what OS you are using.

-

Conclusion:

-

You should never conduct sensitive activities from a non-encrypted -system. And even if it is encrypted, you should never conduct sensitive -activities from the Host OS itself. Instead, you should use a VM to be -able to efficiently isolate and compartmentalize your activities and -prevent local data leaks.

-

If you have little to no knowledge of Linux or if you want to use -OS-wide plausible deniability, we recommend going for Windows (or back -to the Tails route) for convenience. This guide will help you hardening -it as much as possible to prevent leaks. This guide will also help you -hardening macOS and Linux as much as possible to prevent similar -leaks.

-

If you have no interest in OS-wide plausible deniability and want to -learn to use Linux, we will strongly recommend going for Linux or the -Qubes OS route if your hardware allows it.

-

In all cases, the host OS should never be used to conduct -sensitive activities directly. The host OS will only be used to connect -to a public Wi-Fi Access Point. It will be left unused while you conduct -sensitive activities and should ideally not be used for any of your -day-to-day activities.

-

Consider also reading https://www.whonix.org/wiki/Full_Disk_Encryption#Encrypting_Whonix_VMs -[Archive.org]

-

Linux Host OS:

-

As mentioned earlier, we do not recommend using your daily laptop for -sensitive activities. Or at least we do not recommend using your -in-place OS for these. Doing that might result in unwanted data leaks -that could be used to de-anonymize you. If you have a dedicated laptop -for this, you should reinstall a fresh clean OS. If you do not want to -wipe your laptop and start over, you should consider the Tails route or -proceed at your own risk.

-

I also recommend that you do the initial installation completely -offline to avoid any data leak.

-

You should always remember that despite the reputation, Linux -mainstream distributions (Ubuntu for instance) are not necessarily -better at security than other systems such as macOS and Windows. See -this reference to understand why https://madaidans-insecurities.github.io/linux.html -[Archive.org].

-

Full disk encryption:

-

There are two routes here with Ubuntu or Debian based distros:

- -

For other distros, you will have to document yourself, but it will -likely be similar. Encryption during install is just much easier in the -context of this guide.

-

Note about plausible -deniability on Linux:

-

There are several ways to achieve plausible deniability on Linux339 and it is possible to achieve. -Here are some more details about some of the ways we would recommend. -All these options require some higher level of skills at using -Linux.

-
The Detached Headers Way:
-

While not supported yet by this guide, it is possible to achieve a -form of deniability on Linux using LUKS by using detached LUKS headers. -For now, we will redirect you toward this page for more information: https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header -[Archive.org]

-
The Veracrypt Way:
-

It is technically possible to not only use Veracrypt but also to -achieve plausible deniability on a Linux Host OS by using Veracrypt for -system full-disk encryption (instead of LUKS). This is not supported by -Veracrypt (System encryption is only supported on Windows) and requires -some tinkering with various commands. This is not recommended at all for -unskilled users and should only be used at your own risk.

-

The steps to achieve this are not yet integrated into this guide but -can be found here: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/5779e55aae7fc06e4758 -(this is a .onion address and requires Tor Browser).

-

Reject/Disable any telemetry:

- -

Disable anything unnecessary:

- -
Hibernation:
-

As explained previously, you should not use the sleep features but -shut down or hibernate your laptop to mitigate some evil-maid and -cold-boot attacks. Unfortunately, this feature is disabled by default on -many Linux distros including Ubuntu. It is possible to enable it, but it -might not work as expected. Follow this information at your own risk. If -you do not want to do this, you should never use the sleep function and -power off instead (and set the lid closing behavior to power off instead -of sleep).

-

Follow one of these tutorials to enable Hibernate:

- -

After Hibernate is enabled, change the behavior so that your laptop -will hibernate when you close the lid by following this tutorial for -Ubuntu 20.04 http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/ -[Archive.org] -and this tutorial for Ubuntu 18.04 https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/ -[Archive.org]. -There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for -20.04 should probably work too.

-

Unfortunately, this will not clean the key from memory directly when -hibernating. To avoid this at the cost of some performance, you might -consider encrypting the swap file by following this tutorial: https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap -[Archive.org]

-

These settings should mitigate cold boot attacks if you can hibernate -fast enough.

-

Enable MAC address -randomization:

- -

Hardening Linux:

-

As a light introduction for new Linux users, consider https://www.youtube.com/watch?v=Sa0KqbpLye4 [Invidious]

-

For more in-depth and advanced options, refer to:

- -

Setting up a safe Browser:

-

See Appendix G: -Safe Browser on the Host OS

-

macOS Host OS:

-

Note: Mac M1/M2 chips are now supported natively, or, if you -wish to use commercial tools like VMWare Fusion or Parallels Desktop, -but those are not covered in this guide. Seek this information -yourself.

-

As mentioned earlier, we do not recommend using your daily laptop for -sensitive activities. Or at least we do not recommend using your -in-place OS for these. Doing that might result in unwanted data leaks -that could be used to de-anonymize you. If you have a dedicated laptop -for this, you should reinstall a fresh clean OS. If you do not want to -wipe your laptop and start over, you should consider the Tails route or -proceed at your own risk.

-

We also recommend that you do the initial installation completely -offline to avoid any data leak.

-

Do not ever sign in with your Apple account using that -Mac.

-

During the install:

-
    -
  • Stay Offline

  • -
  • Disable all data sharing requests when prompted including -location services

  • -
  • Do not sign in with Apple

  • -
  • Do not enable Siri

  • -
-

Hardening macOS:

-

As a light introduction for new macOS users, consider https://www.youtube.com/watch?v=lFx5icuE6Io [Invidious]

-

Now to go more in-depth in securing and hardening your macOS, we -recommend reading this guide which covers many of the issues: https://www.bejarano.io/hardening-macos/ [Archive.org]

-

Here are the basic steps you should take after your offline -installation:

-
Enable -Firmware password with “disable-reset-capability” option:
-

First, you should set up a firmware password following this guide -from Apple: https://support.apple.com/en-us/HT204455 [Archive.org]

-

Unfortunately, some attacks are still possible and an adversary could -disable this password so you should also follow this guide to prevent -disabling the firmware password from anyone including Apple: https://support.apple.com/en-gb/guide/security/sec28382c9ca/web -[Archive.org]

-
Enable Hibernation instead -of sleep:
-

Again, this is to prevent some cold-boot and evil-maid attacks by -powering down your RAM and cleaning the encryption key when you close -the lid. You should always either hibernate or shut down. On macOS, the -hibernate feature even has a special option to specifically clear the -encryption key from memory when hibernating (while you might have to -wait for the memory to decay on other Operating Systems). Once again -there are no easy options to do this within the settings so instead, we -will have to do this by running a few commands to enable -hibernation:

-
    -
  • Open a Terminal

  • -
  • Run: sudo pmset -a destroyfvkeyonstandby 1

    -
      -
    • This command will instruct macOS to destroy the Filevault key on -Standby (sleep)
    • -
  • -
  • Run: sudo pmset -a hibernatemode 25

    -
      -
    • This command will instruct macOS to power off the memory during -sleep instead of doing a hybrid hibernate that keeps the memory powered -on. It will result in slower wakes but will increase battery life.
    • -
  • -
-

Now when you close the lid of your MacBook, it should hibernate -instead of sleep and mitigate attempts at performing cold-boot -attacks.

-

In addition, you should also set up an automatic sleep (Settings > -Energy) so that your MacBook will hibernate automatically if left -unattended.

-
Disable unnecessary services:
-

Disable some unnecessary settings within the settings:

-
    -
  • Disable Bluetooth

  • -
  • Disable the Camera and Microphone

  • -
  • Disable Location Services

  • -
  • Disable Airdrop

  • -
  • Disable Indexing

  • -
-
Prevent Apple OCSP calls:
-

These are the infamous “unblockable telemetry” calls from macOS Big -Sur disclosed here: https://sneak.berlin/20201112/your-computer-isnt-yours/ -[Archive.org]

-

You could block OCSP reporting by issuing the following command in -Terminal:

-
    -
  • sudo sh -c 'echo "127.0.0.1 ocsp.apple.com" >> /etc/hosts'
  • -
-

But you should document yourself on the actual issue before acting. -This page is a good place to start: https://blog.jacopo.io/en/post/apple-ocsp/ [Archive.org]

-

Up to you really. We would block it because we do not want any -telemetry at all from my OS to the mothership without my specific -consent. None.

-
Enable Full Disk -encryption (Filevault):
-

You should enable full disk encryption on your Mac using Filevault -according to this part of the guide: https://github.com/drduh/macOS-Security-and-Privacy-Guide#full-disk-encryption -[Archive.org]

-

Be careful when enabling. Do not store the recovery key at -Apple if prompted (should not be an issue since you should be offline at -this stage). You do not want a third party to have your recovery -key.

-
MAC Address Randomization:
-

Unfortunately, macOS does not offer a native convenient way of -randomizing your MAC Address and so you will have to do this manually. -This will be reset at each reboot, and you will have to re-do it each -time to ensure you do not use your actual MAC Address when connecting to -various Wi-Fis

-

You can do this by issuing the following commands in terminal -(without the parentheses):

-
    -
  • (Turn the Wi-Fi off) -networksetup -setairportpower en0 off

  • -
  • (Change the MAC Address) -sudo ifconfig en0 ether 88:63:11:11:11:11

  • -
  • (Turn the Wi-Fi back on) -networksetup -setairportpower en0 on

  • -
-

Setting up a safe Browser:

-

See Appendix G: -Safe Browser on the Host OS

-

Windows Host OS:

-

As mentioned earlier, we do not recommend using your daily laptop for -sensitive activities. Or at leastWedo not recommend using your in-place -OS for these. Doing that might result in unwanted data leaks that could -be used to de-anonymize you. If you have a dedicated laptop for this, -you should reinstall a fresh clean OS. If you do not want to wipe your -laptop and start over, you should consider the Tails route or proceed at -your own risk.

-

I also recommend that you do the initial installation completely -offline to avoid any data leak.

-

Installation:

-

You should follow Appendix -A: Windows Installation

-

As a light introduction, consider watching https://www.youtube.com/watch?v=vNRics7tlqw [Invidious]

-

Enable MAC address -randomization:

-

You should randomize your MAC address as explained earlier in this -guide:

-

Go into Settings > Network & Internet > Wi-Fi > Enable -Random hardware addresses

-

Alternatively, you could use this free piece of software: https://technitium.com/tmac/ [Archive.org]

-

Setting up a safe Browser:

-

See Appendix G: -Safe Browser on the Host OS

-

Enable -some additional privacy settings on your Host OS:

-

See Appendix B: -Windows Additional Privacy Settings

-
Windows Host OS encryption:
-
If you -intend to use system-wide plausible deniability:
-

Veracrypt340 is the software we will recommend -for full-disk encryption, file encryption, and plausible deniability. It -is a fork of the well-known but deprecated and unmaintained TrueCrypt. -It can be used for:

-
    -
  • Full Disk simple encryption (your hard drive is encrypted with -one passphrase).

  • -
  • Full Disk encryption with plausible deniability (this means that -depending on the passphrase entered at boot, you will either boot a -decoy OS or a hidden OS).

  • -
  • File container simple encryption (it is a large file that you -will be able to mount within Veracrypt as if it were an external drive -to store encrypted files within).

  • -
  • File container with plausible deniability (it is the same large -file but depending on the passphrase you use when mounting it, you will -either mount a “hidden volume” or the “decoy volume”).

  • -
-

It is to my knowledge the only (convenient and usable by anyone) -free, open-source, and openly audited341 -encryption software that also provides plausible deniability for -widespread use and it works with Windows Home Edition.

-

Go ahead and download and install Veracrypt from: https://www.veracrypt.fr/en/Downloads.html [Archive.org]

-

After installation, please take a moment to review the following -options that will help mitigate some attacks:

-
    -
  • Encrypt the memory with a Veracrypt option342 -(settings > performance/driver options > encrypt RAM) at a cost of -5-15% performance. This setting will also disable hibernation (which -does not actively clear the key when hibernating) and instead encrypt -the memory altogether to mitigate some cold-boot attacks. More details -about this feature here: https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ -[Archive.org]

  • -
  • Enable the Veracrypt option to wipe the keys from memory if a new -device is inserted (system > settings > security > clear keys -from memory if a new device is inserted). This could help in case your -system is seized while still on (but locked).

  • -
  • Enable the Veracrypt option to mount volumes as removable volumes -(Settings > Preferences > Mount volume as removable media). This -will prevent Windows from writing some logs about your mounts in the -Event logs343 and prevent some local data -leaks.

  • -
  • Be careful and have a good situational awareness if you sense -something weird. Shut your laptop down as fast as possible.

  • -
-

If you do not want to use encrypted memory (because performance might -be an issue), you should at least enable hibernation instead of sleep. -This will not clear the keys from memory (you are still vulnerable to -cold boot attacks) but at least should mitigate them if your memory has -enough time to decay.

-

More details later in Route -A and B: Simple Encryption using Veracrypt (Windows tutorial).

-
If -you do not intend to use system-wide plausible deniability:
-

For this case, we will recommend the use of BitLocker instead of -Veracrypt for the full disk encryption. The reasoning is that BitLocker -does not offer a plausible deniability possibility contrary to -Veracrypt. A hard adversary has then no incentive in pursuing his -“enhanced” interrogation if you reveal the passphrase.

-

Normally, you should have installed Windows Pro in this case and the -BitLocker setup is quite straightforward.

-

Basically, you can follow the instructions here: https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838 -[Archive.org]

-

But here are the steps:

-
    -
  • Click the Windows Menu

  • -
  • Type “Bitlocker”

  • -
  • Click “Manage Bitlocker”

  • -
  • Click “Turn on Bitlocker” on your System Drive

  • -
  • Follow the instructions

    -
      -
    • Do not save your recovery key to a Microsoft Account if -prompted.

    • -
    • Only save the recovery key to an external encrypted -drive. To bypass this, print the recovery key using the Microsoft Print -to PDF printer and save the key within the Documents folder. Delete that -file later.

    • -
    • Encrypt Entire Drive (do not encrypt the used disk space -only).

    • -
    • Use “New Encryption Mode”

    • -
    • Run the BitLocker Check

    • -
    • Reboot

    • -
  • -
  • Encryption should now be started in the background (you can check -by clicking the Bitlocker icon on the lower right side of the -taskbar).

  • -
-

Unfortunately, this is not enough. With this setup, your Bitlocker -key can just be stored as-is in the TPM chip of your computer. This is -rather problematic as the key can be extracted in some cases with ease344345346347.

-

To mitigate this, you will have to enable a few more options as per -the recommendations of Microsoft348:

-
    -
  • Click the Windows icon

  • -
  • Type Run

  • -
  • Type “gpedit.msc” (this is the group policy editor)

  • -
  • Navigate to Computer Configuration > Administrative Templates -> Windows Components > BitLocker > Operating System Drives

    -
      -
    • Double Click the “Require Additional Authentication at -Startup”

      -
        -
      • Click the “Configure TPM Startup PIN” and set it to “Require Startup -PIN with TPM”
      • -
    • -
    • Double Click the “Allow enhanced PINs for startup”

      -
        -
      • Click the “Enable” (this will allow us to set a password rather than -a PIN)
      • -
    • -
  • -
  • Close the Group Policy Editor

  • -
  • Click the Windows icon

  • -
  • Type Command to display the “Command Prompt”

  • -
  • Right Click on it and click “Run as Administrator”

  • -
  • Run manage-bde -protectors -delete c: (this will -delete current protection: the recovery key you will not need)

  • -
  • Run manage-bde -protectors -add c: -TPMAndPIN (this -will prompt you for a pre-boot password)

    -
      -
    • Enter a password or passphrase of your choice (a good one)
    • -
  • -
  • Run manage-bde -status

    -
      -
    • You should now see at your C: drive below “Key Protectors” the -option “TPM and PIN”
    • -
  • -
  • You are done

  • -
-

Now when you reboot your computer, you should ideally be prompted -for:

-
    -
  • A BIOS/UEFI boot password

  • -
  • An SSD/HDD unlock password (if the feature is available on your -BIOS)

  • -
  • A Bitlocker Pre-Boot Pin Screen where you need to enter the -password/passphrase you just set-up

  • -
  • And finally, the Windows Logon Screen where you can enter the -credentials you set-up earlier

  • -
-
Enable Hibernation (optional):
-

Again, as explained earlier. You should never use the sleep/stand-by -feature to mitigate some cold-boot and evil-maid attacks. Instead, you -should Shut down or hibernate. You should therefore switch your laptop -from sleeping to hibernating when closing the lid or when your laptop -goes to sleep.

-

(Note that you cannot enable hibernation if you previously -enabled RAM encryption within Veracrypt)

-

The reason is that Hibernation will actually shut down your laptop -completely and clean the memory. Sleep on the other hand will leave the -memory powered on (including your decryption key) and could leave your -laptop vulnerable to cold-boot attacks.

-

By default, Windows 10/11 might not offer you this possibility so you -should enable it by following this Microsoft tutorial: https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation -[Archive.org]

-
    -
  • Open an administrator command prompt (right-click on Command -Prompt and “Run as Administrator”)

  • -
  • Run: powercfg.exe /hibernate on

  • -
  • Now run the additional command: -**powercfg /h /type full**

    -
      -
    • This command will make sure your hibernate mode is full and -will fully clean the memory (not securely tho).
    • -
  • -
-

After that you should go into your power settings:

-
    -
  • Open the Control Panel

  • -
  • Open System & Security

  • -
  • Open Power Options

  • -
  • Open “Choose what the power button does”

  • -
  • Change everything from sleep to hibernate or shutdown

  • -
  • Go back to the Power Options

  • -
  • Select Change Plan Settings

  • -
  • Select Advanced Power Settings

  • -
  • Change all the Sleep Values for each Power Plan to 0 -(Never)

  • -
  • Make sure Hybrid Sleep is Off for each Power Plan

  • -
  • Enable Hibernate After the time you would like

  • -
  • Disable all the Wake timers

  • -
-

Deciding which sub-route -you will take:

-

Now you will have to pick your next step between two options:

-
    -
  • Route A: Simple encryption of your current OS

    -
      -
    • Pros:

      -
        -
      • Does not require you to wipe your laptop

      • -
      • No issue with local data leaks

      • -
      • Works fine with an SSD drive

      • -
      • Works with any OS

      • -
      • Simple

      • -
    • -
    • Cons:

      -
        -
      • You could be compelled by an adversary to reveal your password -and all your secrets and will have no plausible deniability.

      • -
      • The danger of Online data leaks

      • -
    • -
  • -
  • Route B: Simple encryption of your current OS with later use of -plausible deniability on files themselves:

    -
      -
    • Pros:

      -
        -
      • Does not require you to wipe your laptop

      • -
      • Works fine with an SSD drive

      • -
      • Works with any OS

      • -
      • Plausible deniability is possible with “soft” -adversaries

      • -
    • -
    • Cons:

      -
        -
      • The danger of Online Data leaks

      • -
      • The danger of Local Data leaks (that will lead to more work to -clean up those leaks)

      • -
    • -
  • -
  • Route C: Plausible Deniability Encryption of your Operating -system (you will have a “hidden OS” and a “decoy OS” running on the -laptop):

    -
      -
    • Pros:

      -
        -
      • No issues with local Data leaks

      • -
      • Plausible deniability is possible with “soft” -adversaries

      • -
    • -
    • Cons:

      -
        -
      • Requires Windows (this feature is not “easily” supported on -Linux).

      • -
      • The danger of online Data leaks

      • -
      • Requires full wipe of your laptop

      • -
      • No use with an SSD drive due to the requirement of disabling -Trim349 Operations350. This will severely degrade the -performance/health of your SSD drive over time.

      • -
    • -
  • -
-

As you can see, Route C only offers two privacy advantages -over the others, and it will only be of use against a soft lawful -adversary. Remember https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis -[Wikiless] -[Archive.org].

-

Deciding which route you will take is up to you. Route A is a -minimum.

-

Always be sure to check for new versions of Veracrypt -frequently to ensure you benefit from the latest patches. Especially -check this before applying large Windows updates that might break the -Veracrypt bootloader and send you into a boot loop.

-

NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM -PASSWORD IN QWERTY (display the password as a test). This can cause -issues if your boot input is using your laptop’s keyboard (AZERTY for -example) as you will have set up your password in QWERTY and will input -it at boot time in AZERTY. So, make sure you check when doing the test -boot what keyboard layout your BIOS is using. You could fail to log in -just because of the QWERTY/AZERTY mix-up. If your BIOS boots using -AZERTY, you will need to type the password in QWERTY within -Veracrypt.

-
Route -A and B: Simple Encryption using Veracrypt (Windows tutorial)
-

Skip this step if you used BitLocker instead -earlier.

-

You do not have to have an HDD for this method, and you do not need -to disable Trim on this route. Trim leaks will only be of use to -forensics in detecting the presence of a Hidden Volume but will not be -of much use otherwise.

-

This route is rather straightforward and will just encrypt your -current Operating System in place without losing any data. Be sure to -read all the texts Veracrypt is showing you, so you have a full -understanding of what is going on. Here are the steps:

-
    -
  • Launch VeraCrypt

  • -
  • Go into Settings:

    -
      -
    • Settings > Performance/driver options > Encrypt -RAM

    • -
    • System > Settings > Security > Clear keys from memory if -a new device is inserted

    • -
    • System > Settings > Windows > Enable Secure -Desktop

    • -
  • -
  • Select System

  • -
  • Select Encrypt System Partition/Drive

  • -
  • Select Normal (Simple)

  • -
  • Select Single-Boot

  • -
  • Select AES as encryption Algorithm (click the test button if you -want to compare the speeds)

  • -
  • Select SHA-512 as hash Algorithm (because why not)

  • -
  • Enter a strong passphrase (longer the better, remember Appendix -A2: Guidelines for passwords and passphrases)

  • -
  • Collect some entropy by randomly moving your cursor around until -the bar is full

  • -
  • Click Next as the Generated Keys screen

  • -
  • To rescue disk351 or not rescue disk, well that is -up to you. We recommend making one (just in case), just make sure to -store it outside your encrypted drive (USB key for instance or wait and -see the end of this guide for guidance on safe backups). This rescue -disk will not store your passphrase and you will still need it to use -it.

  • -
  • Wipe mode:

    -
      -
    • If you have no sensitive data yet on this laptop, select -None

    • -
    • If you have sensitive data on an SSD, Trim alone should take care -of it352 but we would recommend one pass -(random data) just to be sure.

    • -
    • If you have sensitive data on an HDD, there is no Trim, and we -Swould recommend at least 1-pass.

    • -
  • -
  • Test your setup. Veracrypt will now reboot your system to test -the bootloader before encryption. This test must pass for encryption to -go forward.

  • -
  • After your computer rebooted and the test is passed. You will be -prompted by Veracrypt to start the encryption process.

  • -
  • Start the encryption and wait for it to complete.

  • -
  • You are done, skip Route B and go to the next steps.

  • -
-

There will be another section on creating encrypted file containers -with Plausible Deniability on Windows.

-
Route -B: Plausible Deniability Encryption with a Hidden OS (Windows only)
-

This is only supported on Windows.

-

This is only recommended on an HDD drive. This is not -recommended on an SSD drive.

-

Your Hidden OS should not be activated (with an MS product -key). Therefore, this route will recommend and guide you through a full -clean installation that will wipe everything on your -laptop.

-

Read the Veracrypt Documentation https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html -[Archive.org] -(Process of Creation of Hidden Operating System part) and https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html -[Archive.org] -(Security Requirements and Precautions Pertaining to Hidden -Volumes).

-

This is how your system will look after this process is done:

-
-image22 - -
-

(Illustration from Veracrypt Documentation, https://veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html -[Archive.org])

-

As you can see this process requires you to have two partitions on -your hard drive from the start.

-

This process will do the following:

-
    -
  • Encrypt your second partition (the outer volume) that will look -like an empty unformatted disk from the decoy OS.

  • -
  • Prompt you with the opportunity to copy some decoy content within -the outer volume.

    -
      -
    • This is where you will copy your decoy Anime/Porn collection from -some external hard drive to the outer volume.
    • -
  • -
  • Create a hidden volume within the outer volume of that second -partition. This is where the hidden OS will reside.

  • -
  • Clone your currently running Windows 10/11 installation onto the -hidden volume.

  • -
  • Wipe your currently running Windows 10/11.

  • -
  • This means that your current Windows 10/11 will become the hidden -Windows 10/11 and that you will need to reinstall a fresh decoy Windows -10/11 OS.

  • -
-

Mandatory if you have an SSD drive and you still want to do -this against the recommendation: Disable SSD Trim in Windows353 (again this is NOT -recommended at all as disabling Trim in itself is -highly suspicious). Also as mentioned -earlier, disabling Trim will reduce the lifetime of your SSD drive and -will significantly impact its performance over time (your laptop will -become slower and slower over several months of use until it becomes -almost unusable, you will then have to clean the drive and re-install -everything). But you must do it to prevent data leaks354 that could allow forensics -to defeat your plausible deniability355356. The only way around this -at the moment is to have a laptop with a classic HDD drive -instead.

-
Step 1: Create a -Windows 10/11 install USB key
-

See [Appendix C: Windows Installation Media Creation][306] and go -with the USB key route.

-
Step -2: Boot the USB key and start the Windows 10/11 install process (Hidden -OS)
- -
Step 3: Privacy Settings -(Hidden OS)
-

See Appendix B: -Windows Additional Privacy Settings

-
Step -4: Veracrypt installation and encryption process start (Hidden OS)
-

Remember to read https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html -[Archive.org]

-

Do not connect this OS to your known Wi-Fi. You should download the -Veracrypt installer from a different computer and copy the installer -here using a USB key. Here are the steps:

-
    -
  • Install Veracrypt

  • -
  • Start Veracrypt

  • -
  • Go into Settings:

    -
      -
    • Settings > Performance/driver options > Encrypt RAM -(note that this option is not compatible with Hibernation your -laptop and means you will have to shut down -completely)

    • -
    • System > Settings > Security > Clear keys from memory if -a new device is inserted

    • -
    • System > Settings > Windows > Enable Secure -Desktop

    • -
  • -
  • Go into System and select Create Hidden Operating System

  • -
  • Read all the prompts thoroughly

  • -
  • Select Single-Boot if prompted

  • -
  • Create the Outer Volume using AES and SHA-512.

  • -
  • Use all the space available on the second partition for the Outer -Volume

  • -
  • Use a strong passphrase (remember Appendix -A2: Guidelines for passwords and passphrases)

  • -
  • Select yes to Large Files

  • -
  • Create some Entropy by moving the mouse around until the bar is -full and select NTFS (do not select exFAT as you want this outer volume -to look “normal” and NTFS is normal).

  • -
  • Format the Outer Volume

  • -
  • Open Outer Volume:

    -
      -
    • At this stage, you should copy decoy data onto the outer volume. -So, you should have some sensitive but not so sensitive files/folders to -copy there. In case you need to reveal a password to this -Volume. This is a good place for your -Anime/Mp3/Movies/Porn collection.

    • -
    • We recommend you do not fill the outer volume too much or too -little (about 40%). Remember you must leave enough space for the Hidden -OS (which will be the same size as the first partition you created -during installation).

    • -
  • -
  • Use a strong passphrase for the Hidden Volume (obviously a -different one than the one for the Outer Volume).

  • -
  • Now you will create the Hidden Volume, select AES and -SHA-512

  • -
  • Fill the entropy bar until the end with random mouse -movements

  • -
  • Format the hidden Volume

  • -
  • Proceed with the Cloning

  • -
  • Veracrypt will now restart and Clone the Windows where you -started this process into the Hidden Volume. This Windows will become -your Hidden OS.

  • -
  • When the cloning is complete, Veracrypt will restart within the -Hidden System

  • -
  • Veracrypt will inform you that the Hidden System is now installed -and then prompt you to wipe the Original OS (the one you installed -previously with the USB key).

  • -
  • Use 1-Pass Wipe and proceed.

  • -
  • Now your Hidden OS will be installed, proceed to the next -step

  • -
-
Step -5: Reboot and boot the USB key and start the Windows 10/11 install -process again (Decoy OS)
-

Now that the Hidden OS is fully installed, you will need to install a -Decoy OS:

-
    -
  • Insert the USB key into your laptop

  • -
  • See Appendix A: -Windows Installation and proceed with installing Windows 10/11 Home -again (do not install a different version and stick with Home).

  • -
-
Step 6: Privacy settings -(Decoy OS)
-

See Appendix B: -Windows Additional Privacy Settings

-
Step -7: Veracrypt installation and encryption process start (Decoy OS)
-

Now you will encrypt the Decoy OS:

-
    -
  • Install Veracrypt

  • -
  • Launch VeraCrypt

  • -
  • Select System

  • -
  • Select Encrypt System Partition/Drive

  • -
  • Select Normal (Simple)

  • -
  • Select Single-Boot

  • -
  • Select AES as encryption Algorithm (click the test button if you -want to compare the speeds)

  • -
  • Select SHA-512 as hash Algorithm (because why not)

  • -
  • Enter a short weak password (yes this is serious, do it, it will -be explained later).

  • -
  • Collect some entropy by randomly moving your cursor around until -the bar is full

  • -
  • Click Next as the Generated Keys screen

  • -
  • To rescue disk357 or not rescue disk, well that is -up to you. We recommend making one (just in case), just make sure to -store it outside your encrypted drive (USB key for instance or wait and -see the end of this guide for guidance on safe backups). This rescue -disk will not store your passphrase and you will still need it to use -it.

  • -
  • Wipe mode: Select 1-Pass just to be safe

  • -
  • Pre-Test your setup. Veracrypt will now reboot your system to -test the bootloader before encryption. This test must pass for -encryption to go forward.

  • -
  • After your computer rebooted and the test is passed. You will be -prompted by Veracrypt to start the encryption process.

  • -
  • Start the encryption and wait for it to complete.

  • -
  • Your Decoy OS is now ready for use.

  • -
-
Step 8: Test your setup -(Boot in Both)
-

Time to test your setup:

-
    -
  • Reboot and input your Hidden OS passphrase, you should boot -within the Hidden OS.

  • -
  • Reboot and input your Decoy OS passphrase, you should boot within -the Decoy OS.

  • -
  • Launch Veracrypt on the Decoy OS and mount the second partition -using the Outer Volume Passphrase (mount it as read-only, by going into -Mount Options and Selecting Read-Only) and it should mount the second -partition as a read-only displaying your decoy data (your Anime/Porn -collection). You are mounting it as read-only now because if you were to -write data on it, you could override content from your Hidden -OS.

  • -
-
Step -9: Changing the decoy data on your Outer Volume safely
-

Before going to the next step, you should learn the way to mount your -Outer Volume safely for writing content on it. This is also explained in -this official Veracrypt Documentation https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html -[Archive.org]

-

You should do this from a safe, trusted space.

-

Basically, you are going to mount your Outer Volume while also -providing the Hidden Volume passphrase within the Mount Options to -protect the Hidden Volume from being overwritten:

-
    -
  • Open Veracrypt

  • -
  • Select your Second Partition

  • -
  • Click Mount

  • -
  • Click Mount Options

  • -
  • Check the “Protect the Hidden volume…” Option

  • -
  • Enter the Hidden OS passphrase

  • -
  • Click OK

  • -
  • Enter your Outer Volume passphrase

  • -
  • Click OK

  • -
  • You should now be able to open and write to your Outer Volume to -change the content (copy/move/delete/edit…)

  • -
-

This operation will not actually mount the Hidden Volume and should -prevent the creation of any forensic evidence that could lead to the -discovery of the Hidden OS. However, while you are performing this -operation, both passwords will be stored in your RAM. You could still be -vulnerable to a Cold-Boot Attack. To mitigate this, be sure to have the -option to encrypt your RAM as instructed before.

-
Step -10: Leave some forensics evidence of your Outer Volume (with the decoy -Data) within your Decoy OS
-

We must make the Decoy OS as plausible as possible. We also want your -adversary to underestimate your intelligence.

-

It is important to voluntarily leave some forensic evidence of your -Decoy Content within your Decoy OS. This evidence will let forensic -examiners see that you mounted your Outer Volume frequently to access -its content.

-

Here are useful tips to leave some forensics evidence:

-
    -
  • Play the content from the Outer Volume from your Decoy OS (using -VLC for instance). Be sure to keep a history of those.

  • -
  • Edit documents and work on them.

  • -
  • Enable file indexing again on the Decoy OS and include the -mounted Outer Volume.

  • -
  • Unmount it and mount it frequently to watch some content or move -files around.

  • -
  • Copy some content from your Outer Volume to your Decoy OS and -then delete it unsafely. Just put it in the Recycle Bin, which only -someone who is naive would do, thinking it were deleted.

  • -
  • Have a Torrent Client installed on the Decoy OS; use it from time -to time to download some similar stuff that you will leave on the Decoy -OS.

  • -
  • You could have a VPN client installed on the Decoy OS with a -known VPN of yours (non-cash paid).

  • -
-

Do not put anything suspicious on the Decoy OS such as:

-
    -
  • This guide

  • -
  • Any links to this guide

  • -
  • Any suspicious anonymity software such as Tor Browser

  • -
  • Any Veracrypt volumes

  • -
  • Any documents on anonymity or security

  • -
-

The intention is to make your adversary believe you are not as smart -as they thought, to deter them from searching deeper.

-
Notes:
-

Remember that you will need valid excuses for this plausible -deniability scenario to work:

-
    -
  • You are using Veracrypt because you are using Windows -10/11 Home, which do not feature Bitlocker, but you still wanted -reasonable Privacy.

  • -
  • You have two partitions because you wanted to separate -the system from the data for easy organization, and because some geeky -friend told you this was better for performance.

  • -
  • You have used a weak password for easy convenient booting -of the system and a strong, long passphrase on the Outer Volume. You -were too lazy to type a strong passphrase at each -boot.

  • -
  • You encrypted the second partition with a different -password than the system because you do not want anyone in your -group/domain to see your stuff. You did not want that data available to -anyone.

  • -
-

Take some time to read again the “Possible Explanations for Existence -of Two Veracrypt Partitions on Single Drive” of the Veracrypt -documentation here https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html -[Archive.org]

-

Be careful:

-
    -
  • You should never mount the Hidden Volume from the Decoy -OS (NEVER EVER). If you did this, it would create forensic evidence of -the Hidden Volume within the Decoy OS which could jeopardize your -attempt at plausible deniability. If you did this anyway -(intentionally or by mistake) from the Decoy OS, there are ways to erase -forensic evidence that will be explained later at the end of this guide, -so this mistake alone isn’t a huge deal if you follow the steps in Some additional -measures against forensics.

  • -
  • Never use the Decoy OS from the same network (public -Wi-Fi) as the Hidden OS.

  • -
  • When you do mount the Outer Volume from the Decoy OS, do -not write any data within the Outer Volume. This could override what -looks like empty space, but is in fact your Hidden OS. You should always -mount it as read-only.

  • -
  • If you want to change the decoy content of the Outer -Volume, you should use a Live OS USB Key that will run -Veracrypt.

  • -
  • Note that you will not use the Hidden OS to perform -sensitive activities, this will be done later from a VM within the -Hidden OS. The Hidden OS is only meant to protect you from soft lawful -adversaries that could gain access to your laptop and compel you to -reveal your password.

  • -
  • Be careful of any tampering with your laptop. Evil-Maid -Attacks can reveal your Hidden OS.

  • -
-

Virtualbox on your Host OS:

-

Remember Appendix W: -Virtualization.

-

This step and the following steps should be done from within the Host -OS. This can either be your Host OS with simple encryption -(Windows/Linux/macOS) or your Hidden OS with plausible deniability -(Windows only).

-

In this route, you will make extensive use of the free Oracle -Virtualbox358 software. This is a virtualization -software in which you can create Virtual Machines that emulate a -computer running a specific OS (if you want to use something else like -Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide -covers Virtualbox only for convenience).

-

So, you should be aware that Virtualbox is not the virtualization -software with the best track record in terms of security. Some of the -reported issues359 have not been completely fixed to -date360. If you are using Linux, and you -possess a bit more technical skill, you should consider using KVM -instead by following the guide available at Whonix here https://www.whonix.org/wiki/KVM [Archive.org] -and here https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F -[Archive.org]

-

Some steps should be taken in all cases:

-

All your sensitive activities will be done from within a -guest Virtual Machine running Windows 10/11 Pro (not Home this time), -Linux, or macOS.

-

This has a few advantages that will help you remain anonymous:

-
    -
  • It should prevent the guest VM OS (Windows/Linux/macOS), apps, -and any telemetry within the VMs from accessing your hardware directly. -Even if your VM is compromised by malware, the malware should not be -able to access the Host OS and compromise your actual machine.

  • -
  • It will allow us to force all the network traffic from your VM to -run through another Gateway VM that will direct all the traffic over the -Tor Network. This is a network “kill switch”. Your VM will lose its -network connectivity completely and go offline if the target network VM -loses its connection to the Tor Network.

  • -
  • The VM itself, which only has internet connectivity through a Tor -Network Gateway, will connect to your cash-paid VPN service through -Tor.

  • -
  • DNS Leaks will be impossible because the VM is on an isolated -network that must go through Tor no matter what.

  • -
-

Pick your connectivity -method:

-

There are seven possibilities within this route:

-
    -
  • Recommended and preferred:

    -
      -
    • Use Tor alone (User > Tor > -Internet)

    • -
    • Use VPN over Tor (User > Tor > VPN > Internet) -in specific cases

    • -
    • Use a VPS with a self-hosted VPN/Proxy over Tor (User -> Tor > Self-Hosted VPN/Proxy > Internet) in specific -cases

    • -
  • -
  • Possible if required by context:

    -
      -
    • Use VPN over Tor over VPN (User > VPN > Tor > VPN > -Internet)

    • -
    • Use Tor over VPN (User > VPN > Tor > Internet)

    • -
  • -
  • Not recommended and risky:

    -
      -
    • Use VPN alone (User > VPN > Internet)

    • -
    • Use VPN over VPN (User > VPN > VPN > Internet)

    • -
  • -
  • Not recommended and highly risky (but -possible)

    -
      -
    • No VPN and no Tor (User > Internet)
    • -
  • -
-
-image23 - -
-

Tor only:

-

This is the preferred and most recommended solution.

-
-image24 - -
-

With this solution, all your network goes through Tor, and it should -be sufficient to guarantee your anonymity in most cases.

-

There is one main drawback tho: Some services block/ban Tor -Exit nodes outright and will not allow account creations from -those.

-

To mitigate this, you might have to consider the next option: VPN -over Tor but consider some risks associated with it explained in the -next section.

-

VPN/Proxy over Tor:

-

This solution can bring some benefits in some specific cases vs using -Tor only where accessing the destination service would be impossible -from a Tor Exit node. This is because many services will just outright -ban, hinder, or block Tor Exit Nodes (see https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor -[Archive.org]).

-

This solution can be achieved in two ways:

-
    -
  • Paid VPN over Tor (easiest)

  • -
  • Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in -avoiding online obstacles such as captchas but requiring more skills -with Linux)

  • -
-

As you can see in this illustration, if your cash (preferred)/Monero -paid VPN/Proxy is compromised by an adversary (despite their privacy -statement and no-logging policies), they will only find an anonymous -cash/Monero paid VPN/Proxy account connecting to their services from a -Tor Exit node.

-
-image25 - -
-

If an adversary somehow manages to compromise the Tor network too, -they will only reveal the IP of a random public Wi-Fi that is not tied -to your identity.

-

If an adversary somehow compromises your VM OS (with malware or an -exploit for instance), they will be trapped within the internal Network -of Whonix and should be unable to reveal the IP of the public Wi-Fi.

-

This solution however has one main drawback to consider: -Interference with Tor Stream Isolation361.

-

Stream isolation is a mitigation technique used to prevent some -correlation attacks by having different Tor Circuits for each -application. Here is an illustration to show what stream isolation -is:

-
-image26 - -
-

(Illustration from Marcelo Martins, https://stakey.club/en/decred-via-tor-network/ [Archive.org])

-

VPN/Proxy over Tor falls on the right-side362 -meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all -activities instead of multiple circuits for each. This means that using -a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases -and should therefore be used only for some specific cases:

-
    -
  • When your destination service does not allow Tor Exit -nodes.

  • -
  • When you do not mind using a shared Tor circuit for various -services. For instance, when using various authenticated -services.

  • -
-

You should however consider not using this method when your -aim is just to browse random various unauthenticated websites as you -will not benefit from Stream Isolation and this could make correlation -attacks easier over time for an adversary between each of your sessions -(see Your Anonymized Tor/VPN -traffic). If your goal however is to use the same identity at each -session on the same authenticated services, the value of Stream -isolation is lessened as you can be correlated through other -means.

-

You should also know that Stream Isolation is not necessarily -configured by default on Whonix Workstation. It is only pre-configured -for some applications (including Tor Browser).

-

Also, note that Stream Isolation does not necessarily change all the -nodes in your Tor circuit. It can sometimes only change one or two. In -many cases, Stream Isolation (for instance within the Tor Browser) will -only change the relay (middle) node and the exit node while keeping the -same guard (entry) node.

-

More information at:

- -

Tor over VPN:

-

You might be wondering: Well, what about using Tor over VPN instead -of VPN over Tor? Well, we would not necessarily recommend it:

-
    -
  • Disadvantages:

    -
      -
    • Your VPN provider is just another ISP that will then know your -origin IP and will be able to de-anonymize you if required. We do not -trust them. We prefer a situation where your VPN provider does not know -who you are. It does not add much in terms of anonymity.

    • -
    • This would result in you connecting to various services using the -IP of a Tor Exit Node which is banned/flagged in many places. It does -not help in terms of convenience.

    • -
  • -
  • Advantages:

    -
      -
    • The main advantage is that if you are in a hostile -environment where Tor access is impossible/dangerous/suspicious, but VPN -is okay.

    • -
    • This method also does not break Tor Stream isolation.

    • -
    • This also hides your Tor activities from your main ISP.

    • -
  • -
-

Note, if you are having issues accessing the Tor Network due to -blocking/censorship, you could try using Tor Bridges. See Appendix X: -Using Tor bridges in hostile environments.

-

It is also possible to consider VPN over Tor over VPN (User -> VPN > Tor > VPN > Internet) using two cash/Monero -paid VPNs instead. This means that you will connect the Host OS to a -first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and -finally, your VM will connect to a second VPN over Tor over VPN (see https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor -[Archive.org]).

-

This will of course have a significant performance impact and might -be quite slow, but Tor is necessary somewhere for achieving reasonable -anonymity.

-

Achieving this technically is easy within this route, you need two -separate anonymous VPN accounts and must connect to the first VPN from -the Host OS and follow the route.

-

Conclusion: Only do this if you think using Tor alone is -risky/impossible but VPNs are okay. Or just because you can and so why -not. This method will not lower your security/privacy/anonymity.

-

VPN only:

-

This route will not be explained nor recommended.

-

If you can use VPNs then you should be able to add a Tor -layer over it. And if you can use Tor, then you can add an anonymous VPN -over Tor to get the preferred solution.

-

Just using a VPN or even a VPN over VPN makes no sense as those can -be traced back to you over time. One of the VPN providers will know your -real origin IP (even if it is in a safe public space) and even if you -add one over it, the second one will still know you were using that -other first VPN service. This will only slightly delay your -de-anonymization. Yes, it is an added layer … but it is a persistent -centralized added layer, and you can be de-anonymized over time. This is -just chaining 3 ISPs that are all subject to lawful requests.

-

For more info, please see the following references:

- -

In the context of this guide, Tor is required somewhere to -achieve reasonable and safe anonymity and you should use it if you -can.

-

No VPN/Tor:

-

If you cannot use VPN nor Tor where you are, you probably are in a -very hostile environment where surveillance and control are extremely -high.

-

Just do not, it is not worth it and too risky. You can be -de-anonymized almost instantly by any motivated adversary that could get -to your physical location in a matter of minutes.

-

Do not forget to check back on Adversaries -(threats) and Appendix -S: Check your network for surveillance/censorship using OONI.

-

If you have absolutely no other option and still want to do -something, see Appendix -P: Accessing the internet as safely as possible when Tor/VPN is not an -option (at your own risk) and consider The Tails route instead.

-

Conclusion:

- ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Connection TypeAnonymityEase of Access to online resourcesTor Stream isolationSafer where Tor is suspicious/dangerousSpeedCostRecommended
Tor AloneGoodMediumPossibleNoMediumFreeYes
Tor over VPNGood+MediumPossibleYesMediumAround 50€/yIf needed (Tor inaccessible)
Tor over VPN over TorBestMediumPossibleYesPoorAround 50€/yYes
VPN over TorGood-GoodNoNoMediumAround 50€/yIf needed (convenience)
Self-Hosted VPS VPN/Proxy over TorGood-Very GoodNoYesMediumAround 50€/yIf needed (convenience)
VPN/Proxy over Tor over VPNGood-GoodNoYesPoorAround 100€/yIf needed (convenience and Tor inaccessible)
VPN/Proxy AloneBadGoodN/AYesGoodAround 50€/yNo.
No Tor and VPNBadUnknownN/ANoGoodAround 100€ (Antenna)No.
-

Unfortunately, using Tor alone will raise the suspicion of many -destinations’ platforms. You will face many hurdles (captchas, errors, -difficulties signing up) if you only use Tor. In addition, using Tor -where you are could put you in trouble just for that. But Tor is still -the best solution for anonymity and must be somewhere for anonymity.

-
    -
  • If you intend to create persistent shared and authenticated -identities on various services where access from Tor is hard, we -recommend the VPN over Tor and VPS VPN/Proxy -over Tor options (or VPN over Tor over VPN if needed). It might -be a bit less secure against correlation attacks due to breaking Tor -Stream isolation but provides much better convenience in accessing -online resources than just using Tor. It is an “acceptable” trade-off -IMHP if you are careful enough with your identity.

    -
      -
    • Note: It is becoming more common that mainstream services -and CDNS are also blocking or hindering VPN users with captchas and -other various obstacles. In that case, a self-hosted -VPS with a VPN/Proxy over Tor is the best solution for this as having -your own dedicated VPS guarantees you are the sole user of your IP and -encounter little to no obstacles. Consider a Self-hosted -VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with -Linux) if you want the least amount of issues (this will be -explained in the next section in more details).
    • -
  • -
  • If your intent however is just to browse random services -anonymously without creating specific shared identities, using tor -friendly services; or if you do not want to accept that trade-off in the -earlier option. Then we recommend using the Tor Only route to -keep the full benefits of Stream Isolation (or Tor over VPN if you need -to).

  • -
  • If cost is an issue, we recommend the Tor Only option if -possible.

  • -
  • If both Tor and VPN access are impossible or dangerous then you -have no choice but to rely on Public wi-fi safely. See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

  • -
-

For more information, you can also see the discussions here that -could help decide yourself:

- -

Getting an anonymous -VPN/Proxy:

-

Skip this step if you want to use Tor only.

-

See Appendix O: -Getting an anonymous VPN/Proxy

-

Whonix:

-

Skip this step if you cannot use Tor.

-

This route will use Virtualization and Whonix363 -as part of the anonymization process. Whonix is a Linux distribution -composed of two Virtual Machines:

-
    -
  • The Whonix Workstation (this is a VM where you can conduct -sensitive activities)

  • -
  • The Whonix Gateway (this VM will establish a connection to the -Tor network and route all the network traffic from the Workstation -through the Tor network).

  • -
-

This guide will therefore propose two flavors of this route:

-
    -
  • The Whonix only route where all traffic is routed through the Tor -Network (Tor Only or Tor over VPN).
  • -
-
-image27 - -
-
    -
  • A Whonix hybrid route where all traffic is routed through a cash -(preferred)/Monero paid VPN over the Tor Network (VPN over Tor or VPN -over Tor over VPN).
  • -
-
-image28 - -
-

You will be able to decide which flavor to use based on my -recommendations. We recommend the second one as explained before.

-

Whonix is well maintained and has extensive and incredibly detailed -documentation.

-

A note on Virtualbox -Snapshots:

-

Later, you will create and run several Virtual Machines within -Virtualbox for your sensitive activities. Virtualbox provides a feature -called “Snapshots”364 that allow for saving the state of -a VM at any point in time. If for any reason later you want to go back -to that state, you can restore that snapshot at any moment.

-

I strongly recommend that you do make use of this feature by -creating a snapshot after the initial installation/update of each VM. -This snapshot should be done before its use for any sensitive/anonymous -activity.

-

This will allow you to turn your VMs into a kind of disposable “Live -Operating Systems” (like Tails discussed earlier). Meaning that you will -be able to erase all the traces of your activities within a VM by -restoring a Snapshot to an earlier state. Of course, this will not be -“as good” as Tails (where everything is stored in memory) as there might -be traces of this activity left on your hard disk. Forensics studies -have shown the ability to recover data from a reverted VM365. Fortunately, there will be ways -to remove those traces after the deletion or reverting to an earlier -snapshot. Such techniques will be discussed in the Some additional -measures against forensics section of this guide.

-

Download Virtualbox -and Whonix utilities:

-

You should download a few things within the host OS:

- -

This will conclude the preparations and you should now be ready to -start setting up the final environment that will protect your anonymity -online.

-

Virtualbox Hardening -recommendations:

-

For ideal security, you should follow the recommendations provided -here for each Virtualbox Virtual Machine https://www.whonix.org/wiki/Virtualization_Platform_Security#VirtualBox_Hardening -[Archive.org] -:

-
    -
  • Disable Audio.

  • -
  • Do not enable Shared Folders.

  • -
  • Do not enable 2D acceleration. This one is done running the -following command -VBoxManage modifyvm "vm-id" --accelerate2dvideo on|off

  • -
  • Do not enable 3D acceleration.

  • -
  • Do not enable the Serial Port.

  • -
  • Remove the Floppy drive.

  • -
  • Remove the CD/DVD drive.

  • -
  • Do not enable the Remote Display server.

  • -
  • Enable PAE/NX (NX is a security feature).

  • -
  • Disable Advanced Configuration and Power Interface (ACPI). This -one is done running the following command -VBoxManage modifyvm "vm-id" --acpi on|off

  • -
  • Do not attach USB devices.

  • -
  • Disable the USB controller which is enabled by default. Set the -Pointing Device to “PS/2 Mouse” or changes will revert.

  • -
-

Finally, also follow this recommendation to desync the clock you are -your VM compared to your host OS https://www.whonix.org/wiki/Network_Time_Synchronization#Spoof_the_Initial_Virtual_Hardware_Clock_Offset -[Archive.org]

-

This offset should be within a 60000-millisecond range and should be -different for each VM and here are some examples (which can be later -applied to any VM):

-
    -
  • VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset -35017

  • -
  • VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset +27931

  • -
  • VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset -35017

  • -
  • VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931

  • -
-

Also, consider applying these mitigations from VirtualBox to mitigate -Spectre366/Meltdown367 -vulnerabilities by running this command from the VirtualBox Program -Directory. All of these are described here: https://www.whonix.org/wiki/Spectre_Meltdown [Archive.org] -(be aware these can impact severely the performance of your VMs but -should be done for best security).

-

Finally, consider the security advice from Virtualbox themselves here -https://www.virtualbox.org/manual/ch13.html [Archive.org]

-

Tor over VPN:

-

Skip this step if you do not intend to use Tor over VPN and -only intend to use Tor or cannot.

-

If you intend to use Tor over VPN for any reason. You first must -configure a VPN service on your host OS.

-

Remember that in this case, we recommend having two VPN accounts. -Both paid with cash/Monero (see Appendix O: Getting an -anonymous VPN/Proxy). One will be used in the Host OS for the first -VPN connection. The other could be used in the VM to achieve VPN over -Tor over VPN (User > VPN > Tor > VPN).

-

If you intend to only use Tor over VPN, you only need one VPN -account.

-

See Appendix R: -Installing a VPN on your VM or Host OS for instructions.

-

Whonix Virtual Machines:

-

Skip this step if you cannot use Tor.

- -

Remember at this stage that if you are having issues connecting to -Tor due to censorship or blocking, you should consider connecting using -Bridges as explained in this tutorial https://www.whonix.org/wiki/Bridges [Archive.org].

- -

Important Note: You should also read these very good -recommendations over there https://www.whonix.org/wiki/DoNot [Archive.org] -as most of those principles will also apply to this guide. You -should also read their general documentation here https://www.whonix.org/wiki/Documentation -[Archive.org] -which will also provide tons of advice like this -guide.

-

Pick your guest -workstation Virtual Machine:

-

Using Whonix/Linux will require more skills on your side as these are -Linux distributions. You will also encounter more difficulties if you -intend to use specific software that might be harder to use on -Whonix/Linux. Setting up a VPN over Tor on Whonix will also be more -complicated than on Windows as well.

-

If you can use Tor:

-

You can decide if you prefer to conduct your sensitive activities -from the Whonix Workstation provided in the earlier section -(highly recommended) or from a Custom VM that will use -the Whonix Gateway like the Whonix Workstation (less secure but might be -required depending on what you intend to do).

-

If you cannot use Tor:

-

If you cannot use Tor, you can use a Custom VM of your choice that -will ideally use an anonymous VPN, if possible, to then connect to the -Tor network. Or you could go with the risky route: See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-

Linux Virtual Machine -(Whonix or Linux):

- -

Skip this step if you cannot use Tor.

-

Just use the provided Whonix Workstation VM. It is the safest -and most secure way to go on this route.

-

It is also the only VM that will provide Stream Isolation -pre-configured for most apps by default368.

-

If you want additional software on the Workstation (such as another -Browser), follow their guide here https://www.whonix.org/wiki/Install_Software [Archive.org]

-

Consider running Whonix in Live Mode if for extra malware protection, -See https://www.whonix.org/wiki/Anti-Forensics_Precautions -[Archive.org]

-

Do not forget to apply the VM hardening recommendations here: Virtualbox Hardening -recommendations.

-

Consider using AppArmor on your Whonix Workstations by following this -guide: https://www.whonix.org/wiki/AppArmor [Archive.org]

-

Linux (any distro):

-

Be careful, any customization you make to the non-Whonix -guest VMs (keyboard layout, language, time zone, screen resolution, or -other) could be used to fingerprint your VMs later. See https://www.whonix.org/wiki/VM_Fingerprinting -[Archive.org]

-
If you can use Tor -(natively or over a VPN):
-

Use the Linux Distro of your choice. We would recommend Ubuntu or -Fedora for convenience but any other would work too. Be sure to not -enable any telemetry.

-

Refer to this tutorial https://www.whonix.org/wiki/Other_Operating_Systems -[Archive.org] -for detailed instructions.

-

Consider hardening the VM as recommended in Hardening Linux.

-
If you cannot use Tor:
-

Use the Linux Distro of your choice. We would recommend Ubuntu or -Fedora for convenience but any other would work too. Be sure to not -enable any telemetry. You could go with the risky route: See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-
Choose a browser within the -VM:
-

This time, we will recommend Brave browser.

-

See why here: Appendix -V: What browser to use in your Guest VM/Disposable VM

-

See Appendix V1: -Hardening your Browsers as well.

-

Windows 10/11 Virtual -Machine:

-

Be careful, any customization you make to the non-Whonix -guest VMs (keyboard layout, language, time zone, screen resolution, or -other) could be used to fingerprint your VMs later. See https://www.whonix.org/wiki/VM_Fingerprinting -[Archive.org]

-

Windows 10 and 11 ISO -download:

-

Go with the Official Windows 10/11 Pro VM and harden it yourself: see -[Appendix C: Windows Installation Media Creation][306] and go with the -ISO route.

-

If you can use Tor -(natively or over a VPN):

-

Refer to this tutorial https://www.whonix.org/wiki/Other_Operating_Systems -[Archive.org] -for detailed instructions.

-
Install:
-
    -
  • Shut down the Whonix Gateway VM (this will prevent Windows from -sending out telemetry and allow you to create a local account).

  • -
  • Open Virtualbox

  • -
  • Select Machine > New > Select Windows 10 or Windows 11 -64bit

  • -
  • Allocate a minimum amount of 2GB for Windows 10 and 4GB for -Windows 11

  • -
  • Create a Virtual Disk using the VDI format and select Dynamically -Allocated

  • -
  • Keep the disk size at 50GB for Windows 10 and 80GB for Windows 11 -(this is a maximum; it should not reach that much)

  • -
  • Make sure PAE/NX is enabled in System > Processor

  • -
  • Select the VM and click Settings, Go into the Network -Tab

  • -
  • Select “Internal Network” in the “Attached to” Field and select -Whonix.

  • -
  • Go into the Storage Tab, Select the Empty CD and click the icon -next to SATA Port 1

  • -
  • Click on “Choose a disk file” and select the Windows ISO you -previously downloaded

  • -
  • Click ok and start the VM

  • -
  • Virtualbox will prompt you to either push a button to boot the -ISO or ask you what to boot, select the ISO or click.

  • -
  • Follow the steps in Appendix A: Windows -Installation

  • -
  • Start the Whonix Gateway VM

  • -
-
Network Settings:
-
    -
  • Back to your Windows

  • -
  • Windows 10: Go back into Settings then Network & Internet. -Windows 11: Go into settings, click the upper left menu and pick -“Network and Internet”

  • -
  • Windows 10: Click Properties (Below Ethernet). Windows 11: Click -Ethernet

  • -
  • Windows 10: Edit IP settings. Windows 11: Edit IP -assignment.

  • -
  • Windows 10: Enable IPv4 and set the following, Windows 11: Switch -from DHCP to Manual and set the following:

    -
      -
    • IP address 10.152.152.50 (increase this IP by one -for any other VM)

    • -
    • Subnet prefix length 18 -(255.255.192.0)

    • -
    • Gateway 10.152.152.10 (this is the Whonix -Gateway)

    • -
    • (Windows 10) DNS 10.152.152.10 (this is again the -Whonix Gateway)

    • -
    • (Windows 11) exit the IP assignment and select DNS server -assignment and set it to 10.152.152.10 (this is again the -Whonix Gateway)

    • -
    • Save

    • -
  • -
  • Windows might prompt you if you want to be “discoverable” on this -network. Click NO. Always stay on a “public network” if -prompted.

  • -
-

Every time you will power on this VM in the future, you -should make sure to change its Ethernet Mac Address before each boot. -You can do this in Virtualbox > Settings > Network > Advanced -> Click the refresh button next to the MAC address. You can only do -this while the VM is powered off.

-

If you cannot use Tor:

-

See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-
Install:
-
    -
  • Open Virtualbox

  • -
  • Select Machine > New > Select Windows 10 or 11 -64bit

  • -
  • Allocate a minimum amount of 4GB of RAM for 11 , 2GB of RAM for -10.

  • -
  • Create a Virtual Disk using the VDI format and select Dynamically -Allocated

  • -
  • In the System/Processor tab, make sure PAE/NX is -enabled.

  • -
  • Keep the disk size at 80GB for 11, 50GB for 10 (this is a -maximum; it should not reach that much)

  • -
  • Go into the Storage Tab, Select the Empty CD and click the icon -next to SATA Port 1

  • -
  • Click on “Choose a disk file” and select the Windows ISO you -previously downloaded

  • -
  • Click ok and start the VM

  • -
  • Virtualbox will prompt you to either push a button to boot the -ISO or ask you what to boot, select the ISO or click.

  • -
  • Follow the steps in Appendix A: Windows -Installation

  • -
-
Network Settings:
-
    -
  • Windows will prompt you if you want to be discoverable on this -network. Click NO.
  • -
-

Every time you will power on this VM in the future, you -should make sure to change its Ethernet Mac Address before each boot. -You can do this in Virtualbox > Settings > Network > Advanced -> Click the refresh button next to the MAC address. You can only do -this while the VM is powered off.

-

Choose a browser within the -VM:

-

This time, we will recommend Brave browser.

-

See why here: Appendix -V: What browser to use in your Guest VM/Disposable VM

-

See Appendix V1: -Hardening your Browsers as well.

-

Additional Privacy -settings in Windows 10/11:

-

See Appendix B: -Windows Additional Privacy Settings

-

Android Virtual Machine:

-

Because sometimes you want to run mobile Apps anonymously too. You -can also set up an Android VM for this purpose. As in other cases, -ideally, this VM will also be sitting behind the Whonix Gateway for Tor -network connectivity. But this can also be set up as VPN over Tor over -VPN

-

If you can use Tor -(natively or over a VPN):

-

Later in the VM settings during creation, go into Network and select -Internal Network, Whonix.

-

Then on Android itself:

-
    -
  • Select Wi-Fi

  • -
  • Select VirtWifi to connect

  • -
  • Go into the advanced Wi-Fi properties

  • -
  • Switch from DHCP to Static

    -
      -
    • IP address 10.152.152.50 (increase this IP by one -for any other VM)

    • -
    • Subnet prefix length 18 -(255.255.192.0)

    • -
    • Gateway 10.152.152.10 (this is the Whonix -Gateway)

    • -
    • DNS 10.152.152.10 (this is again the Whonix -Gateway)

    • -
  • -
-

If you cannot use Tor:

-

Just use the tutorials as is and see Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-

Installation:

-

Two possibilities: AnBox or Android-x86

-

Personally, We would recommend AnBox over Android-x86 but it requires -Linux

-
AnBox:
-

Basically follow the tutorial here for installing AnBox on the Whonix -Workstation: https://www.whonix.org/wiki/Anbox [Archive.org] -for running Android Applications within an AnBox VM.

-

Or follow the instructions here https://anbox.io/ to install on any other VM -(Linux Only)

-
Android-x86:
-

Basically, follow the tutorial here: https://www.android-x86.org/documentation/virtualbox.html -[Archive.org]

-
    -
  • Download the ISO file of your choice

  • -
  • Create a New VM.

  • -
  • Select Linux and Linux 2.6 / 3.x / 4.x 64 Bit.

  • -
  • In System:

    -
      -
    • Allocate at least 2048MB (2GB) memory

    • -
    • Uncheck the Floppy drive

    • -
    • In the Processor Tab, select at least 1 or more CPUs

    • -
    • Enable PAE/NX

    • -
  • -
  • In Display Settings, Change the adapter to VBoxVGA

  • -
  • In Audio Settings, Change to Intel HD Audio

  • -
  • Start the VM

  • -
  • Select Advanced if you want persistence, Live if you want a -disposable Boot (and skip the next steps).

  • -
  • Select Auto Install on Selected Hard Disk

  • -
  • Select Run Android

  • -
  • Set up as you wish (disable all prompts for data collections). -I recommend using the TaskBar Home.

  • -
  • Go into Settings, Android-x86 Options, and disable all -collections.

  • -
  • Connect to VirtWifi Wi-Fi Network (see the above section -if you are behind Whonix and want to use Tor)

  • -
-

You are now done and can now install any Android app.

-

macOS Virtual Machine:

-

Yes, you can actually run macOS within Virtualbox (on -Windows/Linux/macOS host systems) if you want to use macOS. You can run -any version of macOS you want.

-

If you can use Tor -(natively or over a VPN):

-

During the following tutorials, before starting the macOS VM, make -sure you do put the macOS VMs on the Whonix Network.

-
    -
  • Select the VM and click Settings, Go into the Network -Tab

  • -
  • Select “Internal Network” in the “Attached to” Field and select -Whonix

  • -
-

Afterward, and during the install, you will need to input an IP -address manually to connect through the Whonix Gateway.

-

Use these settings when prompted in the macOS installation -process:

-
    -
  • IP address 10.152.152.50 (increase this IP by one -for any other VM)

  • -
  • Subnet prefix length 18 -(255.255.192.0)

  • -
  • Gateway 10.152.152.10 (this is the Whonix -Gateway)

  • -
  • DNS 10.152.152.10 (this is again the Whonix -Gateway)

  • -
-

If you cannot use Tor:

-

Just use the tutorials as is and see Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-

Installation:

- -

There are some drawbacks to running macOS on Virtual Machines. The -main one is that they do not have a serial number (0 by default) and you -will be unable to log in to any Apple-provided service (iCloud, -iMessage…) without a genuine ID. You can set such IDs using this script: -https://github.com/myspaghetti/macos-virtualbox [Archive.org] -but keep in mind that randomly generated IDs will not work and using the -ID of someone else will break their Terms of Services and could count as -impersonation (and therefore could be illegal).

-

Note: We also ran in multiple issues with running these on AMD -processors. This can be fixed so here is the configurationWeused which -worked fine with Catalina, Big Sur and Monterey which will tell -Virtualbox to emulate an Intel Processor instead:

-
    -
  • VBoxManage modifyvm "macOSCatalina" ---cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff

  • -
  • VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBookPro15,1"

  • -
  • VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-551B86E5744E2388"

  • -
  • VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"

  • -
  • VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1

  • -
  • VBoxManage modifyvm "macOSCatalina" --cpu-profile "Intel Core i7-6700K"

  • -
  • VBoxManage setextradata "macOSCatalina" VBoxInternal2/EfiGraphicsResolution 1920x1080

  • -
-

Hardening macOS:

-

Refer to Hardening macOS.

-

Choose a browser within the -VM:

-

This time, we will recommend Brave browser.

-

See why here: Appendix -V: What browser to use in your Guest VM/Disposable VM

-

See Appendix V1: -Hardening your Browsers as well.

-

KeepassXC:

-

You will need something to store your data (logins/passwords, -identities, and TOTP369 information).

-

For this purpose, we strongly recommend KeePassXC because of its -integrated TOTP feature. This is the ability to create entries for 2FA370 authentication with the -authenticator feature.

-

Remember this should ideally be installed on your Guest VM and not on -your Host OS. You should never do any sensitive activities from your -Host OS.

-

Here are the tutorials:

- -

Test that KeePassXC is working before going to the next step.

-

VPN client installation -(cash/Monero paid):

-

If you decided to not use a cash-paid VPN and just want to -use Tor, skip this step.

-

If you cannot use a VPN at all in a hostile environment, skip -this step.

-

Otherwise, see Appendix R: -Installing a VPN on your VM or Host OS to install a VPN client on -your client VM.

-

This should conclude the Route and you should now be ready.

-

About VPN Client Data -Mining/Leaks:

-

You might be asking yourself if those VPN clients are trustworthy not -to leak any information about your local environment to the VPN provider -when using them in the “VPN over Tor” context.

-

This is a valid concern but should be taken with a grain of salt.

-

Remember that all VPN activities are happening from a sandboxed VM on -an internal network behind a Network Gateway (the Whonix Gateway). It -does not matter much if the VPN client leaves some identifiers on your -guest VM. The guest VM is still sandboxed and walled-off from the Host -OS. The attack surface is small especially when using the reputable and -recommended VPN providers within the guides (iVPN, Mullvad, Proton VPN, -and maybe Safing.io).

-

At best, the VPN client would know your local IP (internal IP) and -some randomized identifiers but should not be able to get anything from -the Host OS. And in theory, the VPN client should not send any telemetry -back to the VPN provider. If your VPN client does this or asks this, you -should consider changing the provider.

-

(Optional) VM kill switch:

-

This step will allow you to configure your Host OS so that only the -Whonix Gateway VM will have access to the internet. This will therefore -prevent any “leak” from your Host OS while letting the Whonix Gateway -establish the tor connectivity. The other VMs (Whonix Workstation or any -other VM you installed behind it will not be affected)

-

There are three ways to do this:

-
    -
  • The Lazy Way (not really recommended): not supported by Whonix -and might have some security implications as you will expose the Whonix -Gateway VM to the Public Wi-Fi network. We would recommend against this -unless you are in a hurry or very lazy.

    -
      -
    • This method will not work with Wi-Fi captive portals -requiring any registration to connect.
    • -
  • -
  • The Better Way (see further down): still not supported by Whonix -but it will not expose the Whonix Gateway VM to the Public Wi-Fi -network. This should keep things in check in terms of security.

  • -
  • The Best Way: Using an external USB Wi-Fi dongle and just -disabling Wi-Fi on the Host OS/Computer.

  • -
-

The -Lazy Way (not supported by Whonix but it will work if -you are in a hurry, see further for the better way):

-

This way is not supported by the Whonix project371 but I will go ahead and give this -option anyway. This is helpful to prevent your Host OS from leaking any -information while you are using the Whonix VMs.

-

Note that this option as-is will only work on Wi-Fis without -a captive portal (where you must enter some information to unlock -access).

-

The illustration below shows the result of this step:

-
-image29 - -
-
Configuration of the -Whonix Gateway VM:
-

For this to work, we will need to change some configurations on the -Whonix Gateway VM. we will need to add a DHCP client to the Whonix -Gateway to receive IP addresses from the network. To do those changes -the Host OS will still have to have internet access allowed for now.

-

So here is how:

-
    -
  • Be sure to have your Host OS connected to a safe Wi-Fi.

  • -
  • Through VirtualBox, start the Whonix Gateway VM

  • -
  • Start a Terminal on the VM

  • -
  • Install a DHCP client on the Whonix Gateway VM using the -following command:

    -
      -
    • sudo apt install dhcpcd5
    • -
  • -
  • Now edit the Whonix Gateway VM network configuration using the -following command:

    -
      -
    • sudo nano /etc/network/interfaces.d/30_non-qubes-whonix
    • -
  • -
  • Within the file change the following lines:

    -
      -
    • # auto eth0 to auto eth0

    • -
    • # iface eth0 inet dhcp to -iface eth0 inet dhcp

    • -
    • iface eth0 inet static to -# iface eth0 inet static

    • -
    • address 10.0.2.15 to -# address 10.0.2.15

    • -
    • netmask 255.255.255.0 to -# netmask 255.255.255.0

    • -
    • gateway 10.0.2.2 to -# gateway 10.0.2.2

    • -
  • -
  • Save (using Ctrl+X and confirm with Y) and power off the VM from -the top left menu

  • -
  • Go into the VirtualBox Application and select the Whonix Gateway -VM

  • -
  • Click Settings

  • -
  • Click the Network Tab

  • -
  • For Adapter 1, change the “Attached To” value from “NAT” to -“Bridged Adapter”

  • -
  • As “Name”, select your Wi-Fi network Adapter

  • -
  • Click OK and you are done with the VM configuration part

  • -
-
Configuration of the Host OS:
-

Now you must block internet access from your Host OS while still -allowing the VM to connect. This will be done by connecting to Wi-Fi -with the Host OS but without assigning itself an IP address. The VM will -then use your Wi-fi association to get an IP address.

-
Windows Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open an administrative command prompt (right-click on Command -Prompt and Run as Administrator)

  • -
  • Run the following command: route delete 0.0.0.0 -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the Whonix Gateway VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
-
Linux Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open a Terminal

  • -
  • Run the following command: sudo ip route del default -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the Whonix Gateway VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
-
macOS Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open a Terminal

  • -
  • Run the following command: sudo route delete default -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the Whonix Gateway VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
- -

This way will not go against Whonix recommendations (as it will not -expose the Whonix Gateway to the Host OS) and will have the advantage of -allowing connections not only to open Wi-Fis but also to the ones with a -Captive Portal where you need to enter some information to access the -internet.

-

Yet this will still not be supported by the Whonix project, but it is -fine as the main concern for the earlier Lazy Way is to have the Whonix -Gateway VM exposed to the Host Network, and it will not be the case -here.

-

This option will require an additional VM between the Host OS and the -Whonix Gateway to act as a Network Bridge.

-

For this purpose, I will recommend the use of a lightweight Linux -Distro. Any will do but the easiest will be an Ubuntu-based distro and I -would recommend the lightweight XUbuntu as it will be extremely easy to -configure this setup.

-

Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE -desktop environment which is lightweight and this VM will only serve as -a proxy and nothing else.

-

Of course, you can also achieve this with any other Linux distro if -you so decide you do not like XUbuntu.

-

This is how it will look at the end:

-
-image30 - -
-
Installing XUbuntu VM:
-

XUbuntu was picked due the performance of XFCE.

-

Make sure you are connected to a safe Wi-Fi for this operation.

-

First, you will need to download the latest XUbuntu Stable release -ISO from https://xubuntu.org/download/

-

When you are done with the download, it is time to create a new -VM:

-
    -
  • Start VirtualBox Manager

  • -
  • Create a new VM and name it as you want, for example, “XUbuntu -Bridge”

  • -
  • Select type “Linux”

  • -
  • Select Version “Ubuntu (64-bit)”

  • -
  • Leave other options to default and click Create

  • -
  • On the next screen, leave the default options and click -Create

  • -
  • Select the newly create VM and click Settings

  • -
  • Select Network

  • -
  • For Adapter 1, Switch to Bridged Mode and pick your Wi-Fi adapter -in the Name

  • -
  • Select Adapter 2 and enable it

  • -
  • Attach it to “Internal Network” and name it “XUbuntu -Bridge”

  • -
  • Select Storage

  • -
  • Select the Empty CD drive

  • -
  • On the right side, click the CD icon and select “Choose a disk -file”

  • -
  • Select the ISO of XUbuntu you previously downloaded and Click -Ok

  • -
  • Start the VM

  • -
  • Select Start XUbuntu

  • -
  • Select Install XUbuntu

  • -
  • Pick your Keyboard Layout and click Continue

  • -
  • Select Minimal Installation and Download Updates while installing -XUbuntu

  • -
  • Select Erase Disk and install XUbuntu and click Install -Now

  • -
  • Select the Time Zone of your choice and click Continue

  • -
  • Pick some random names unrelated to you (my favorite username is -“NoSuchAccount”)

  • -
  • Pick a password and require a password to login

  • -
  • Click Continue and wait for the install to finish and -Restart

  • -
  • When you are done rebooting, log-in

  • -
  • Click the upper right connection icon (it looks like two rotating -spheres)

  • -
  • Click Edit Connections

  • -
  • Select Wired Connection 2 (Adapter 2 previously configured in -VirtualBox settings)

  • -
  • Select the IPv4 Tab

  • -
  • Change the Method to “Shared to other computers” and click -Save

  • -
  • You are now done setting up the XUbuntu Bridge VM

  • -
-
Configuring the Whonix -Gateway VM:
-

By default, the Whonix Gateway has no DHCP client and will require -one to get an IP from a shared network you configured earlier:

-
    -
  • Through VirtualBox, start the Whonix Gateway VM

  • -
  • Start a Terminal on the VM

  • -
  • Install a DHCP client on the Whonix Gateway VM using the -following command:

    -
      -
    • sudo apt install dhcpcd5
    • -
  • -
  • Now edit the Whonix Gateway VM network configuration using the -following command:

    -
      -
    • sudo nano /etc/network/interfaces.d/30_non-qubes-whonix
    • -
  • -
  • Within the file change the following lines:

    -
      -
    • # auto eth0 to auto eth0

    • -
    • # iface eth0 inet dhcp to -iface eth0 inet dhcp

    • -
    • iface eth0 inet static to -# iface eth0 inet static

    • -
    • address 10.0.2.15 to -# address 10.0.2.15

    • -
    • netmask 255.255.255.0 to -# netmask 255.255.255.0

    • -
    • gateway 10.0.2.2 to -# gateway 10.0.2.2

    • -
  • -
  • Save (using Ctrl+X and confirm with Y) and power off the VM from -the top left menu

  • -
  • Go into the VirtualBox Application and select the Whonix Gateway -VM

  • -
  • Click Settings

  • -
  • Click the Network Tab

  • -
  • For Adapter 1, change the “Attached To” value from “NAT” to -“Internal Network”

  • -
  • As “Name”, select the internal network “XUbuntu Bridge” you -created earlier and click OK

  • -
  • Reboot the Whonix Gateway VM

  • -
  • From the upper left menu, select System, Tor Control Panel, and -check that you are connected (you should be)

  • -
  • You are done configuring the Whonix Gateway VM

  • -
-
Configuration of the Host -OS:
-

Now you must block internet access from your Host OS while still -allowing the XUbuntu Bridge VM to connect. This will be done by -connecting to Wi-Fi with the Host OS but without assigning itself a -gateway address. The VM will then use your Wi-fi association to get an -IP address.

-

If necessary, from the XUbuntu Bridge VM, you will be able to launch -a Browser to enter information into any captive/registration portal on -the Wi-Fi network.

-

Only the XUbuntu Bridge VM should be able to access the internet. The -Host OS will be limited to local traffic only.

-
Windows Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open an administrative command prompt (right-click on Command -Prompt and Run as Administrator)

  • -
  • Run the following command: route delete 0.0.0.0 -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the XUbuntu Bridge VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • If necessary, you can use the XUbuntu Bridge VM Browser to fill -in any information on any captive/registration portal to access the -Wi-Fi.

  • -
  • After that, you can start the Whonix Gateway VM which should -obtain the Internet Connection from the XUbuntu Bridge VM.

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
-
Linux Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open a Terminal

  • -
  • Run the following command: sudo ip route del default -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the XUbuntu Bridge VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • If necessary, you can use the XUbuntu Bridge VM Browser to fill -in any information on any captive/registration portal to access the -Wi-Fi.

  • -
  • After that, you can start the Whonix Gateway VM which should -obtain the Internet Connection from the XUbuntu Bridge VM.

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
-
macOS Host OS:
-

The goal here is to associate with a Wi-Fi network without having an -internet connection. You will achieve this by deleting the Gateway from -the connection after you are connected:

-
    -
  • First, connect to the safe Wi-Fi of your choice

  • -
  • Open a Terminal

  • -
  • Run the following command: sudo route delete default -(this deletes the Gateway from your IP configuration)

  • -
  • You are done, your Host OS will now be unable to access the -internet while still connected to the Wi-Fi

    -
      -
    • Note that this will reset at each disconnect/reconnection to a -network, and you will have to delete the route again. This is not -permanent.
    • -
  • -
  • You can now start the XUbuntu Bridge VM which should now obtain -an IP automatically from the Wi-Fi network and should provide Network to -the other VMs behind (Whonix Workstation or other).

  • -
  • If necessary, you can use the XUbuntu Bridge VM Browser to fill -in any information on any captive/registration portal to access the -Wi-Fi.

  • -
  • After that, you can start the Whonix Gateway VM which should -obtain the Internet Connection from the XUbuntu Bridge VM.

  • -
  • And finally, after that, you can start the Whonix Workstation VM -(or any other VM you configured to work behind the Whonix Gateway VM) -and it should be connected to the internet through Tor.

  • -
-

The best way:

-

This way will not go against Whonix recommendations (as it will not -expose the Whonix Gateway to the Host OS) and will have the advantage of -allowing connections not only to open Wi-Fis but also to the ones with a -Captive Portal where you need to enter some information to access the -internet. Yet this will still not be supported by the Whonix project, -but it is fine as the main concern for the earlier Lazy Way is to have -the Whonix Gateway VM exposed to the Host Network, and it will not be -the case here. This option is the best because the network will be -completely disabled on the Host OS from booting up.

-

This option will require an additional VM between the Host OS and the -Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi -network. This option requires a working USB Wi-Fi Dongle that -will be passed through to a bridge VM.

-

For this purpose, I will recommend the use of a lightweight Linux -Distro. Any will do but the easiest will be an Ubuntu-based distro and I -would recommend the lightweight XUbuntu as it will be extremely easy to -configure this setup.

-

Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE -desktop environment which is lightweight and this VM will only serve as -a proxy and nothing else.

-

Of course, you can also achieve this with any other Linux distro if -you so decide you do not like XUbuntu.

-

This is how it will look at the end:

-
-image31 - -
-
Configuration of the Host -OS:
-
    -
  • Disable Networking on your Host OS completely (Turn off the -on-board Wi-Fi completely)

  • -
  • Plug in and install your USB Wi-Fi Dongle. Connect it to a safe -Public Wi-Fi. This should be easy and automatically installed by any -recent OS (Windows 10/11, macOS, Linux).

  • -
-
Configuring the Whonix -Gateway VM:
-

By default, the Whonix Gateway has no DHCP client and will require -one to get an IP from a shared network you will configure later, on a -Bridge VM:

-
    -
  • Through VirtualBox, start the Whonix Gateway VM

  • -
  • Start a Terminal on the VM

  • -
  • Install a DHCP client on the Whonix Gateway VM using the -following command:

    -
      -
    • sudo apt install dhcpcd5
    • -
  • -
  • Now edit the Whonix Gateway VM network configuration using the -following command:

    -
      -
    • sudo nano /etc/network/interfaces.d/30_non-qubes-whonix
    • -
  • -
  • Within the file change the following lines:

    -
      -
    • # auto eth0 to auto eth0

    • -
    • # iface eth0 inet dhcp to -iface eth0 inet dhcp

    • -
    • iface eth0 inet static to -# iface eth0 inet static

    • -
    • address 10.0.2.15 to -# address 10.0.2.15

    • -
    • netmask 255.255.255.0 to -# netmask 255.255.255.0

    • -
    • gateway 10.0.2.2 to -# gateway 10.0.2.2

    • -
  • -
  • Save (using Ctrl+X and confirm with Y) and power off the VM from -the top left menu

  • -
-
Installing XUbuntu VM:
-

Make sure you are connected to a safe Wi-Fi for this operation.

-

First, you will need to download the latest XUbuntu Stable release -ISO from https://xubuntu.org/download/

-

When you are done with the download, it is time to create a new -VM:

-
    -
  • Disconnect your host OS from the Wi-Fi you previously connected -to with the dongle and forget the network.

  • -
  • Start VirtualBox Manager

  • -
  • Create a new VM and name it as you want, for example, “XUbuntu -Bridge”

  • -
  • Select type “Linux”

  • -
  • Select Version “Ubuntu (64-bit)”

  • -
  • Leave other options to default and click Create

  • -
  • On the next screen, leave the default options and click -Create

  • -
  • Select the newly create VM and click Settings

  • -
  • Select Network

  • -
  • For Adapter 1, Attach it to “Internal Network” and name it -“XUbuntu Bridge”

  • -
  • Select Storage

  • -
  • Select the Empty CD drive

  • -
  • On the right side, click the CD icon and select “Choose a disk -file”

  • -
  • Select the ISO of XUbuntu you previously downloaded and Click -Ok

  • -
  • Select the USB Tab

  • -
  • On the right side, click the USB icon with a + sign (the second -from the top)

  • -
  • Select the Wi-Fi Adapter Dongle from the list and make sure it is -checked (leave the USB options to default)

  • -
  • Start the VM

  • -
  • Select Start XUbuntu

  • -
  • Select Install XUbuntu

  • -
  • Pick your Keyboard Layout and click Continue

  • -
  • Select Minimal Installation and do not check the Download Updates -during the install option

  • -
  • Select Erase Disk and install XUbuntu and click Install -Now

  • -
  • Select the Time Zone of your choice and click Continue

  • -
  • Pick some random names unrelated to you (my favorite username is -“NoSuchAccount”)

  • -
  • Pick a password and require a password to login

  • -
  • Click Continue and wait for the install to finish and -Restart

  • -
  • When you are done rebooting, log-in

  • -
  • Click the upper right connection icon (it looks like two rotating -spheres)

  • -
  • Click Edit Connections

  • -
  • Select Wired Connection 1 (normally there should only be -one)

  • -
  • Select the IPv4 Tab

  • -
  • Change the Method to “Shared to other computers” and click -Save

  • -
  • Again, click the upper right connection icon

  • -
  • Connect to the safe Wi-Fi of your choice and if necessary, input -the necessary information into a Captive Portal.

  • -
  • You are now done setting up the XUbuntu Bridge VM

  • -
-

At this stage, your Host OS should have no network at all and your -XUbuntu VM should have a fully working Wi-Fi connection and this Wi-Fi -connection will be shared to the Internal Network “XUbuntu Bridge”.

-
Additional -configuration of the Whonix Gateway VM:
-

Now it is time to configure the Whonix Gateway VM to get access from -the shared network from the bridge VM you just made on the earlier -step:

-
    -
  • Go into the VirtualBox Application and select the Whonix Gateway -VM

  • -
  • Click Settings

  • -
  • Click the Network Tab

  • -
  • For Adapter 1, change the “Attached To” value from “NAT” to -“Internal Network”

  • -
  • As “Name”, select the internal network “XUbuntu Bridge” you -created earlier and click OK

  • -
  • Reboot the Whonix Gateway VM

  • -
  • From the upper left menu, select System, Tor Control Panel, and -check that you are connected (you should be)

  • -
  • You are done configuring the Whonix Gateway VM

  • -
-

At this stage, your Whonix Gateway VM should be getting internet -access from the XUbuntu Bridge VM which in turn is getting internet -access from the Wi-Fi Dongle and sharing it. Your Host OS should have no -network connectivity at all.

-

All the VMs behind the Whonix Gateway should now work fine without -additional configuration.

-

Final step:

-

Take a post-install VirtualBox snapshot of your -VMs.

-

You are done and can now skip the rest to go to the Getting Online part.

-

The Qubes Route:

-

Note that the guide has been updated to Qubes OS -4.1

-

As they say on their website, Qubes OS is a reasonably secure, free, -open-source, and security-oriented operating system for single-user -desktop computing. Qubes OS leverages and extensively uses Xen-based -virtualization to allow for the creation and management of isolated -compartments called Qubes.

-

Qubes OS is not a Linux distribution372 -but a Xen distribution. It is different from Linux distributions because -it will make extensive use of Virtualization and Compartmentalization so -that any app will run in a different VM (Qube). As a bonus, Qubes OS -integrates Whonix by default and allows for increased privacy and -anonymity. It is highly recommended that you document yourself over -Qubes OS principles before going this route. Here are some recommended -resources:

- -

This OS is recommended by prominent figures such as Edward Snowden, -PrivacyGuides.org.

-

Qubes is the best option in this guide for people who are more -comfortable with Linux and tech in general. But it has some downsides -such as the lack of OS-wide plausible deniability, its hardware -requirements, and its hardware compatibility. While you can run this on -4GB of RAM as per their requirements [Archive.org], the -recommended RAM is 16GB. We would recommend against using Qubes OS if -you have less than 8GB of RAM. If you want a comfortable experience, you -should have 16GB, if you want a particularly enjoyable experience, you -should have 24GB or 32GB.

-

The reason for this RAM requirement is that each app will run in a -different VM and each of those VM will require and allocate a certain -amount of memory that will not be available for other apps. If you are -running native Windows apps within Qubes OS Qubes, the ram overhead will -be significant.

-

You should also check their hardware compatibility here https://www.qubes-os.org/hcl/ [Archive.org] -before proceeding. Your mileage might vary, and you might experience -several issues about hardware compatibility that you will have to -troubleshoot and solve yourself.

-

I think that if you can afford it and are comfortable with the idea -of using Linux, you should go with this route as it is probably the best -one in terms of security and privacy. The only disadvantage of this -route is that it does not provide a way to enable OS-wide plausible -deniability https://en.wikipedia.org/wiki/Plausible_deniability -[Wikiless], -unlike the Whonix route.

-

Pick your connectivity -method:

-

There are seven possibilities within this route:

-
    -
  • Recommended and preferred:

    -
      -
    • Use Tor alone (User > Tor > -Internet)

    • -
    • Use VPN over Tor (User > Tor > VPN > Internet) -in specific cases

    • -
    • Use a VPS with a self-hosted VPN/Proxy over Tor (User -> Tor > Self-Hosted VPN/Proxy > Internet) in specific -cases

    • -
  • -
  • Possible if required by context:

    -
      -
    • Use VPN over Tor over VPN (User > VPN > Tor > VPN > -Internet)

    • -
    • Use Tor over VPN (User > VPN > Tor > Internet)

    • -
  • -
  • Not recommended and risky:

    -
      -
    • Use VPN alone (User > VPN > Internet)

    • -
    • Use VPN over VPN (User > VPN > VPN > Internet)

    • -
  • -
  • Not recommended and highly risky (but -possible)

    -
      -
    • No VPN and no Tor (User > Internet)
    • -
  • -
-
-image23 - -
-

Tor only:

-

This is the preferred and most recommended solution.

-
-image32 - -
-

With this solution, all your network goes through Tor, and it should -be sufficient to guarantee your anonymity in most cases.

-

There is one main drawback tho: Some services block/ban Tor -Exit nodes outright and will not allow account creations from -those.

-

To mitigate this, you might have to consider the next option: VPN -over Tor but consider some risks associated with it explained in the -next section.

-

VPN/Proxy over Tor:

-

This solution can bring some benefits in some specific cases vs using -Tor only where accessing the destination service would be impossible -from a Tor Exit node. This is because many services will just outright -ban, hinder, or block Tor Exit Nodes (see https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor -[Archive.org]).

-

This solution can be achieved in two ways:

-
    -
  • Paid VPN over Tor (easiest)

  • -
  • Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in -avoiding online obstacles such as captchas but requiring more skills -with Linux)

  • -
-

As you can see in this illustration, if your cash (preferred)/Monero -paid VPN/Proxy is compromised by an adversary (despite their privacy -statement and no-logging policies), they will only find an anonymous -cash/Monero paid VPN account connecting to their services from a Tor -Exit node.

-
-image33 - -
-

If an adversary somehow manages to compromise the Tor network too, -they will only reveal the IP of a random public Wi-Fi that is not tied -to your identity.

-

If an adversary somehow compromises your VM OS (with malware or an -exploit for instance), they will be trapped within the internal Network -of Whonix and should be unable to reveal the IP of the public Wi-Fi.

-

This solution however has one main drawback to consider: -Interference with Tor Stream Isolation373.

-

Stream isolation is a mitigation technique used to prevent some -correlation attacks by having different Tor Circuits for each -application. Here is an illustration to show what stream isolation -is:

-
-image26 - -
-

(Illustration from Marcelo Martins, https://stakey.club/en/decred-via-tor-network/ [Archive.org])

-

VPN/Proxy over Tor falls on the right-side374 -meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all -activities instead of multiple circuits for each. This means that using -a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases -and should therefore be used only for some specific cases:

-
    -
  • When your destination service does not allow Tor Exit -nodes.

  • -
  • When you do not mind using a shared Tor circuit for various -services. For instance for using various authenticated -services.

  • -
-

You should however consider not using this method when your -aim is just to browse random various unauthenticated websites as you -will not benefit from Stream Isolation and this could make correlation -attacks easier for an adversary between each of your sessions (see Your Anonymized Tor/VPN -traffic).

-

More information at:

- -

Tor over VPN:

-

You might be wondering: Well, what about using Tor over VPN instead -of VPN over Tor?

-
    -
  • Disadvantages

    -
      -
    • Your VPN provider is just another ISP that will then know your -origin IP and will be able to de-anonymize you if needed. We do not -trust them. Prefer a situation where your VPN provider does not know who -you are. It does not add much in terms of anonymity.

    • -
    • This would result in you connecting to various services using the -IP of a Tor Exit Node which is banned/flagged in many places. It does -not help in terms of convenience.

    • -
  • -
  • Advantages:

    -
      -
    • The main advantage is that if you are in a hostile -environment where Tor access is impossible/dangerous/suspicious, but VPN -is okay.

    • -
    • This method also does not break Tor Stream isolation.

    • -
  • -
-

Note, if you’re having issues accessing the Tor Network due to -blocking/censorship, you could try using Tor Bridges (see Tor -Documentation https://2019.www.torproject.org/docs/bridges [Archive.org] -and Whonix Documentation https://www.whonix.org/wiki/Bridges [Archive.org]).

-

It is also possible to consider VPN over Tor over VPN (User -> VPN > Tor > VPN > Internet) using two cash/Monero -paid VPNs instead. This means that you will connect the Host OS to a -first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and -finally, your VM will connect to a second VPN over Tor over VPN (see https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor -[Archive.org]).

-

This will of course have a significant performance impact and might -be quite slow, but Tor is necessary somewhere for achieving reasonable -anonymity.

-

Achieving this technically is easy within this route, you need two -separate anonymous VPN accounts and must connect to the first VPN from -the Host OS and follow the route.

-

Conclusion: Only do this if you think using Tor alone is -risky/impossible but VPNs are okay. Or just because you can and so why -not. This method will not lower your security/privacy/anonymity.

-

VPN only:

-

This route will not be explained nor recommended.

-

If you can use VPNs then you should be able to add a Tor -layer over it. And if you can use Tor, then you can add an anonymous VPN -over Tor to get the preferred solution.

-

Just using a VPN or even a VPN over VPN makes no sense as those can -be traced back to you over time. One of the VPN providers will know your -real origin IP (even if it is in a safe public space) and even if you -add one over it, the second one will still know you were using that -other first VPN service. This will only slightly delay your -de-anonymization. Yes, it is an added layer … but it is a persistent -centralized added layer, and you can be de-anonymized over time. This is -just chaining 3 ISPs that are all subject to lawful requests.

-

For more info, please see the following references:

- -

In the context of this guide, Tor is required somewhere to -achieve reasonable and safe anonymity and you should use it if you -can.

-

No VPN/Tor:

-

If you cannot use VPN nor Tor where you are, you probably are in a -very hostile environment where surveillance and control are extremely -high.

-

Just do not, it is not worth it and too risky. You can be -de-anonymized almost instantly by any motivated adversary that could get -to your physical location in a matter of minutes.

-

Do not forget to check back on Adversaries -(threats) and Appendix -S: Check your network for surveillance/censorship using OONI.

-

If you have absolutely no other option and still want to do -something, see Appendix -P: Accessing the internet as safely as possible when Tor/VPN is not an -option (at your own risk).

-

Conclusion:

- ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Connection TypeAnonymityEase of Access to online resourcesTor Stream isolationSafer where Tor is suspicious/dangerousSpeedCostRecommended
Tor AloneGoodMediumPossibleNoMediumFreeYes
Tor over VPNGood+MediumPossibleYesMediumAround 50€/yIf needed (Tor inaccessible)
Tor over VPN over TorBestMediumPossibleYesPoorAround 50€/yYes
VPN over TorGood-GoodNoNoMediumAround 50€/yIf needed (convenience)
Self-Hosted VPS VPN/Proxy over TorGood-Very GoodNoNoMediumAround 50€/yIf needed (convenience)
VPN/Proxy over Tor over VPNGood-GoodNoYesPoorAround 100€/yIf needed (convenience and Tor inaccessible)
VPN/Proxy AloneBadGoodN/AYesGoodAround 50€/yNo
No Tor and VPNBadUnknownN/ANoGoodAround 100€ (Antenna)No. At your own risk.
-

Unfortunately, using Tor alone will raise the suspicion of many -destinations’ platforms. You will face many hurdles (captchas, errors, -difficulties signing up) if you only use Tor. In addition, using Tor -where you are could put you in trouble just for that. But Tor remains -the best solution for anonymity and must be somewhere for anonymity.

-
    -
  • If you intend to create persistent shared and authenticated -identities on various services where access from Tor is hard, we -recommend the VPN over Tor and VPS VPN/Proxy -over Tor options (or VPN over Tor over VPN if needed). It might -be a bit less secure against correlation attacks due to breaking Tor -Stream isolation but provides much better convenience in accessing -online resources than just using Tor. It is an “acceptable” trade-off -IMHP if you are careful enough with your identity.

    -
      -
    • Note: It is becoming more common that mainstream services -and CDNS are also blocking or hindering VPN users with captchas and -other various obstacles. In that case, a self-hosted -VPS with a VPN/Proxy over Tor is the best solution for this as having -your own dedicated VPS guarantees you are the sole user of your IP and -encounter little to no obstacles. Consider a Self-hosted -VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with -Linux) if you want the least amount of issues (this will be -explained in the next section in more details).
    • -
  • -
  • If your intent however is just to browse random services -anonymously without creating specific shared identities, using tor -friendly services; or if you do not want to accept that trade-off in the -earlier option. Then we recommend using the Tor Only route to -keep the full benefits of Stream Isolation (or Tor over VPN if you need -to).

  • -
  • If cost is an issue, we recommend the Tor Only option if -possible.

  • -
  • If both Tor and VPN access are impossible or dangerous then you -have no choice but to rely on Public wi-fi safely. See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

  • -
-

For more information, you can also see the discussions here that -could help decide yourself:

- -

Getting an anonymous -VPN/Proxy:

-

Skip this step if you want to use Tor only or VPN is not an -option.

-

See Appendix O: -Getting an anonymous VPN/Proxy

-

Note about Plausible -Deniability:

-

Qubes OS uses LUKS for full disk encryption and it is technically -possible to achieve a form of deniability by using detached LUKS -headers. This is not yet integrated into this guide but you will find an -evolving tutorial on how to achieve this here: https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205 -and some more background information within the Linux Host OS section -(see Note about -plausible deniability on Linux).

-

Installation:

-

You will follow the instructions from their own guide https://www.qubes-os.org/doc/installation-guide/ [Archive.org]:

-

(Secure Boot is not supported as per their FAQ: https://www.qubes-os.org/faq/#is-secure-boot-supported -[Archive.org] -so it should be disabled in the BIOS/UEFI settings.)

-
    -
  • Download the latest Qubes OS 4.1.x installation ISO according to -their hardware compatibility list.

  • -
  • Get and verify the Qubes OS Master Signing key: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc

  • -
  • Prepare a USB key with the Qubes OS ISO file

  • -
  • Install Qubes OS according to the installation guide:

    -
      -
    • If you want to use Tor or VPN over Tor: Check -theEnabling system and template updates over the Tor -anonymity network using Whonix” during the last step. This will force -all Qubes OS updates to go through Tor. While this will significantly -reduce your update speed, it will increase your anonymity from the -start. (If you are having issues connecting to Tor due to -censorship or blocking, consider using Tor Bridges as recommended -earlier. Just follow the tutorial provided here: https://www.whonix.org/wiki/Bridges [Archive.org])

    • -
    • If you want to use Tor over VPN or cannot use any of those, leave -it unchecked.

    • -
    • Be absolutely sure that you are verifying the signature of the -ISO, which you can find on this page: https://www.qubes-os.org/security/verifying-signatures/ -[Archive.org]. -Check by obtaining the fingerprint from multiple independent sources in -several different ways as recommended. This is to ensure the image has -not been tampered with. Do not skip this vital step even though you know -you are getting the ISO from a trusted source, because it’s possible for -the Qubes website to be compromised.

    • -
  • -
  • If you are prevented from using Tor, there is no point in -installing the Whonix VM templates. You can disable Whonix installation -during the post-installation, initial setup wizard.

  • -
-

To be sure your Qubes ISO hasn’t been tampered with, you should get -the Qubes master key fingerprint from multiple different sources. This -guide can be used as one source.

-

The Qubes master signing key fingerprint should match -427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494.

-

Remember to read the guide to verifying signatures on the Qubes -website: https://www.qubes-os.org/security/verifying-signatures/ -[Archive.org].

-

Lid Closure Behavior:

-

Unfortunately, Qubes OS does not support hibernation375 -which is an issue regarding cold-boot attacks. To mitigate those, I -highly recommend that you configure Qubes OS to shut down on any power -action (power button, lid closure). You can do set this from the XFCE -Power Manager. Do not use the sleep features.

-

Anti Evil Maid (AEM):

-

Warning, this step only works with Intel CPUs, a -legacy BIOS, TPM 1.2. If you do not meet those requirements, skip this -step.

-

Anti Evil Maid is an implementation of a TPM-based static trusted -boot with a primary goal to prevent Evil Maid attacks. Installing and -using AEM requires attaching a USB drive directly to dom0. So the user -must make a choice between protecting dom0 from a potentially malicious -USB drive, and protecting the system from Evil Maid attacks. Note that -AEM is only compatible with Intel CPUs and Legacy boot options.

-

The preference for mitigating any evil maid attack is to maintain -physical control of your device at all times. If that is not possible, -then this might be relevant to your threat model.

-

Before deciding to use this system, please read Appendix -B4: Important notes about evil-maid and tampering

-

See the following links for more details and installation -instructions:

- -

Connect to a Public Wi-Fi:

-

Remember this should be done from a safe place (see Find some safe -places with decent public Wi-Fi and Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance):

-
    -
  • In the upper right corner, Left-click the network icon and note -the Wi-Fi SSID you want to connect to

  • -
  • Now right-click the network icon and select Edit -Connections

  • -
  • Add one using the + sign

  • -
  • Select Wi-Fi

  • -
  • Enter the SSID of the desired network you noted before (if -needed)

  • -
  • Select Cloned Mac Address

  • -
  • Select Random to randomize your Mac Address

    -
  • -
  • Save

  • -
  • Now again Left-click the connection account and connect to the -desired Wi-Fi

  • -
  • If this is an Open Wi-Fi requiring registration: You will have to -start a browser to register

    -
      -
    • After you are connected, Start a Disposable Fedora Firefox -Browser

    • -
    • Go into the upper left Menu

    • -
    • Select Disposable, Fedora, Firefox

    • -
    • Open Firefox and register (anonymously) into the Wi-Fi

    • -
  • -
-

Upgrading -Qubes OS from 4.0.x to 4.1.x (you should do it)

-

Personally, we wouldn’t do it in-place and do a fresh install.

-

But if you really want to, it’s technically possible by following -this guide: https://www.qubes-os.org/doc/upgrade/4.1/ [Archive.org]

-

Updating Qubes OS:

-

After you are connected to a Wi-Fi you need to update Qubes OS and -Whonix. You must keep Qubes OS always updated before conducting any -sensitive activities. Especially your Browser VMs. Normally, Qubes OS -will warn you about updates in the upper right corner with a gear icon. -As this might take a while in this case due to using Tor, you can force -the process by doing the following:

-
    -
  • Click the upper left Applications icon

  • -
  • Select Qubes Tools

  • -
  • Select Qubes Update

  • -
  • Check the “Enable updates for Qubes without known available -updates”

  • -
  • Select all the Qubes

  • -
  • Click Next and wait for updates to complete

  • -
  • If you checked the Tor option during install, be patient as this -might take a while over Tor

  • -
-

Upgrading Whonix -from version 15 to version 16:

-

Again, you should really do this ASAP. We would use a fresh install -but it’s technically possible to do it in-place, see https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16 -[Archive.org]

-

Follow the instructions on https://www.whonix.org/wiki/Qubes/Install [Archive.org]. -If you’re running Qubes 4.1.x, this is already done for -you.

-

Hardening Qubes OS:

-

Disclaimer: This section is under construction and will be -worked on heavily in the next releases. This section is for more -advanced users.

-

Application Sandboxing:

-

While Qubes OS is already sandboxing everything by design, it is also -useful to consider sandboxing apps themselves using AppArmor or -SELinux.

-
AppArmor:
-

“AppArmor is a Mandatory Access Control framework. When enabled, -AppArmor confines programs according to a set of rules that specify what -files a given program can access. This initiative-taking approach helps -protect the system against both known and unknown vulnerabilities” -(Debian.org).

-

Basically, AppArmor376 is an application -sandboxing system. By default, it is not enabled but supported by Qubes -OS.

- -
SELinux:
-

SELinux377 is similar to AppArmor. The -differences between SELinux and AppArmor are technical details into -which we will not get.

-

Here is a good explanation of what it is: https://www.youtube.com/watch?v=_WOKRaM-HI4 [Invidious]

-

In this guide and the context of Qubes OS, it is important to mention -it as it is the recommended method by Fedora which is one of the default -systems on Qubes OS.

-

So, head out and read https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/ -[Archive.org]

-

You could make use of SELinux on your Fedora Templates. But this is -up to you. Again, this is for advanced users.

-

Setup the VPN ProxyVM:

-

Skip this step if you do not want to use a VPN and just use -Tor only or if VPN is not an option either.

-

This tutorial should also work with any OpenVPN provider (Mullvad, -IVPN, Safing.io, or Proton VPN for instance).

-

This is based on the tutorial provided by Qubes OS themselves (https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md -[Archive.org]). -If you are familiar with this process, you can follow their -tutorial.

-

Alternatively, Mullvad also have a help article that guides you -through setting up a Proxy VM https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/ -[Archive.org].

-

Create the ProxyVM:

-
    -
  • Click the Applications icon (upper left corner)

  • -
  • Click Create Qubes VM

  • -
  • Name and label as you wish: I suggest “VPNGatewayVM”

  • -
  • Select Type: Standalone Qube copied from a template

  • -
  • Select Template: Debian-11 (the default)

  • -
  • Select Networking:

    -
      -
    • Select sys-whonix if you want to do VPN over Tor / Tor only -(recommended)

    • -
    • Select sys-firewall if you want to do Tor over VPN / No Tor or -VPN / Just VPN

    • -
  • -
  • Advanced: Check provides network

  • -
  • Check “Start Qube automatically on boot”

  • -
  • Create the VM

    -
      -
    • If you are going for VPN over Tor, you need to go into the settings -of the ProxyVM you made and select “sys-vpn” for networking. -
        -
      • An easier way to setup your ProxyVM is to simply run a VPN client on -the ProxyVM.
      • -
      • Usually when you connect to your VPN provider’s website, it’ll tell -you whether your traffic is being properly routed through the VPN.
      • -
    • -
    • If you are going for Tor over VPN, the opposite should be done, the -ProxyVM should have its networking set as “sys-tor” and the “sys-tor” VM -should have “sys-vpn” for its networking. -
    • -
  • -
-

Download -the VPN configuration from your cash/Monero paid VPN provider:

-
If you can use Tor:
-

Using Tor Browser (be careful not to use any Clearnet Browser -for this), download the necessary OpenVPN configuration files -for Linux from your VPN provider.

-

This can be done by using the Qubes OS integrated Tor Browser by -accessing the Applications icon (upper left corner) and selecting the -Disposable Tor Browser application.

-
If you cannot use Tor:
-

Launch a browser from a DisposableVM and download the necessary -OpenVPN configuration files for Linux from your VPN provider. See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option.

-

When you are done downloading the configuration files within the -Disposable Browser (usually a zip file), copy them to your ProxyVM VPN -Gateway machine (using right-click on the file and send to another -AppVM).

-

Configure the ProxyVM:

-

Skip this step if you are not going to use a VPN

-
    -
  • Click the upper left corner

  • -
  • Select the VPN VM you just created

  • -
  • Open the Files of the VPN VM

  • -
  • Go into “Qubesincoming” > dispXXXX (This was your Disposable -Browser VM)

  • -
  • Double Click your downloaded zip file containing your OpenVPN -configuration files to unzip it

  • -
  • Now select the VPN VM again and start a terminal

  • -
  • Install OpenVPN with the following command -sudo apt-get install openvpn

  • -
  • Copy all the OpenVPN configuration files provided by your VPN -provider in /etc/openvpn/

  • -
  • For all the OpenVPN configuration files (for each location):

    -
      -
    • Edit each file using sudo nano configfile (do not -forget sudo to edit the file within /etc)

    • -
    • Change the protocol from “udp” to “tcp” (Tor does not support -UDP)

    • -
    • Change the port to a supported (by your VPN provider) TCP port -(like 80 or 443)

    • -
    • Save and exit each file

    • -
  • -
  • Edit the OpenVPN config file (/etc/default/openvpn) by typing -sudo nano /etc/default/openvpn

    -
      -
    • Change #AUTOSTART="all" to -AUTOSTART="all" (in other words, remove the “#”)

    • -
    • Save and Exit

    • -
  • -
  • Edit the Qubes firewall rules file -(/rw/config/qubes-firewall-user-script) by typing “sudo nano -/rw/config/qubes-firewall-user-script”

    -
      -
    • Add the following lines (without the quotes and remarks in -parentheses)

      -
        -
      • virtualif=10.137.0.17
      • -
    • -
  • -
-
-

(This is the IP of the ProxyVM, this is not dynamic, and you might -need to change it at reboot)

-
-
    -
  • vpndns1=10.8.0.1
  • -
-
-

(This is the first DNS server of your VPN provider; it should not -change)

-
-
    -
  • vpndns2=10.14.0.1
  • -
-
-

(This is the second DNS server of your VPN provider; it should not -change)

-
-
    -
  • iptables -F OUTPUT

  • -
  • iptables -I FORWARD -o eth0 -j DROP

  • -
  • iptables -I FORWARD -i eth0 -j DROP

  • -
  • ip6tables -I FORWARD -o eth0 -j DROP

  • -
  • ip6tables -I FORWARD -i eth0 -j DROP

  • -
-
-

(These will block outbound traffic when the VPN is down, it is a kill -switch, more information here https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux -[Archive.org] -)

-
-
    -
  • iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT

  • -
  • iptables -A OUTPUT -d 10.14.0.1 -j ACCEPT

  • -
-
-

(These will allow DNS requests to your VPN provider DNS to resolve -the name of the VPN servers in the OpenVPN configuration files)

-
-
    -
  • iptables -F PR-QBS -t nat

  • -
  • iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns1

  • -
  • iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns1

  • -
  • iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns2

  • -
  • iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns2

  • -
-
-

(These will redirect all DNS requests from the ProxyVM to the VPN -provider DNS servers)

-
- -

VPN over Tor:

-
Set up a -disposable Browser Qube for VPN over Tor use:
-
    -
  • Within the Applications Menu (upper left corner), Select the -Disposable Fedora VM

  • -
  • Go into Qube Settings

  • -
  • Click Clone Qube and name it like “sys-VPNoverTor” for -example

  • -
  • Again, within the Application Menu, Select the Clone you just -created

  • -
  • Go into Qube Settings

  • -
  • Change the Networking to your ProxyVPN created earlier

  • -
  • Click OK

  • -
  • Start a Browser within the Whonix Workstation

  • -
  • Check that you have VPN connectivity, and it should work

  • -
-

You should now have a Disposable Browser VM that works with your -cash/Monero paid VPN over Tor.

-

Tor Over VPN:

-

Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM -instead of sys-firewall:

-
    -
  • Within the Applications Menu (upper left corner), Select the -sys-whonix VM.

  • -
  • Go into Qube Settings

  • -
  • Change the Networking NetVM to your ProxyVPN created earlier -instead of sys-firewall

  • -
  • Click OK

  • -
  • Create a Whonix Workstation Disposable VM (follow this tutorial -https://www.whonix.org/wiki/Qubes/DisposableVM [Archive.org])

  • -
  • Launch a browser from the VM and Check that you have VPN -connectivity, and it should work.

  • -
-

Alternatively, you can also create any other type of disposable VM -(but less secure than the Whonix one):

-
    -
  • Within the Applications Menu (upper left corner), Select the -Disposable Fedora VM

  • -
  • Go into Qube Settings

  • -
  • Click Clone Qube and name it like “sys-TorOverVPN” for -example

  • -
  • Again, within the Application Menu, Select the Clone you just -created

  • -
  • Go into Qube Settings

  • -
  • Change the Networking to your sys-whonix created earlier

  • -
  • Click OK

  • -
  • Start a Browser within the VM

  • -
  • Check that you have VPN connectivity, and it should work

  • -
-

You should now have a Disposable Browser VM that works with Tor over -a cash/Monero paid VPN.

-

Any -other combination? (VPN over Tor over VPN for instance)

-

By now you should understand how easy it is to route traffic from one -VM to the other with Qubes.

-

You can create several ProxyVMs for VPN accesses and keep the Whonix -one for Tor. You just need to change the NetVM settings of the various -VMs to change the layout.

-

You could have:

-
    -
  • One VPN ProxyVM for the base Qubes OS connection

  • -
  • Use the sys-whonix VM (Whonix Gateway) getting its network from -the first ProxyVM

  • -
  • A second VPN ProxyVM getting network from sys-whonix

  • -
  • Disposable VMs getting their NetVM from the second -ProxyVM

  • -
-

This would result in User > VPN > Tor > VPN > Internet -(VPN over Tor over VPN). Experiment for yourself. Qubes OS is great for -these things.

- -

See: Appendix -V: What browser to use in your Guest VM/Disposable VM

-

Fedora Disposable VM:

-

Within the Applications Menu (upper left), Select the Fedora-36 -template:

-
    -
  • Go into Qube Settings

  • -
  • Clone the VM and name it “fedora-36-brave” (this VM template will -have Brave)

  • -
  • Again, go into the Applications Menu and select the clone you -just created

  • -
  • Go into Qube Settings

  • -
  • Change its network to the ProxyVPN and Apply

  • -
  • Launch a terminal from the VM

  • -
-

If you want to use Brave: apply the instructions from https://brave.com/linux/ -[Archive.org] -and run the following commands:

-
    -
  • sudo dnf install dnf-plugins-core

  • -
  • sudo dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/

  • -
  • sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc

  • -
  • sudo dnf install brave-browser

  • -
-

You should also consider hardening your browser, see Appendix V1: Hardening your -Browsers

-

Whonix Disposable VM:

-

Edit the Whonix Disposable VM template and follow instructions here -https://www.whonix.org/wiki/Install_Software [Archive.org]

-

Additional browser -precautions:

- -

Setup an Android VM:

-

Because sometimes you want to run mobile Apps anonymously too. You -can also set up an Android VM for this purpose. As in other cases, -ideally, this VM will also be sitting behind the Whonix Gateway for Tor -network connectivity. But this can also be set up as VPN over Tor over -VPN.

-

Since the Android-x86 does not work “well” with Qubes OS (my own -experience). We will instead recommend using AnBox (https://anbox.io/ [Archive.org]) -which works “well enough” with Qubes OS. More information can also be -found at https://www.whonix.org/wiki/Anbox [Archive.org]

-

If you can use Tor -(natively or over a VPN):

-

Later in the Qubes settings during creation:

-
    -
  • Select Networking

  • -
  • Change to sys-whonix to put it behind the Whonix Gateway (over -Tor).

  • -
-

If you cannot use Tor:

-

Just use the tutorials as is. See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option.

-

Installation:

-

Basically, follow the tutorial here:

-
    -
  • Click the Applications icon (upper left corner)

  • -
  • Click Create Qubes VM

  • -
  • Name and label as you wish: we suggest “Android”

  • -
  • Select Type: Standalone Qube copied from a template

  • -
  • Select Template: Debian-11

  • -
  • Select Networking:

    -
      -
    • Select sys-whonix if you want to do VPN over Tor / Tor only -(recommended)

    • -
    • Select sys-firewall if you want to do Tor over VPN / No Tor or -VPN / Just VPN

    • -
  • -
  • Start the Qube and open a Terminal

  • -
-

Now you will have to follow the instructions from here: https://github.com/anbox/anbox-modules [Archive.org]:

-
    -
  • Start by closing the AnBox Modules repository by running:

    -
      -
    • git clone https://github.com/anbox/anbox-modules.git

    • -
    • Go into the cloned directory

    • -
    • Run ./INSTALL.sh (or follow the manual instructions -on the tutorial)

    • -
  • -
  • Reboot the machine

  • -
  • Open a new terminal

  • -
  • Install Snap by running:

    -
      -
    • sudo apt install snapd
    • -
  • -
-

Now you will follow their other tutorial from here: https://github.com/anbox/anbox/blob/master/docs/install.md -[Archive.org]:

-
    -
  • Install AnBox by running:

    -
      -
    • snap install --devmode --beta anbox
    • -
  • -
  • To update AnBox later, run:

    -
      -
    • snap refresh --beta --devmode anbox
    • -
  • -
  • Reboot the machine

  • -
  • Open a terminal again and start the emulator by running:

    -
      -
    • anbox.appmgr
    • -
  • -
-

This should pop up an Android interface. Sometimes it will crash, and -you might have to run it twice to make it work.

-

If you want to install apps on this emulator:

-
    -
  • Install ADB by running:

    -
      -
    • sudo apt install android-tools-adb
    • -
  • -
  • First start Anbox (run anbox.appmgr)

  • -
  • Grab the APK of any app you want to install

  • -
  • Now install any APK by running:

    -
      -
    • adb install my-app.apk
    • -
  • -
-

That’s it, you should now have an Android Qube over Tor (or anything -else) capable of running pretty much any App you can sideload with ADB. -This is, for now, the easiest way to get Android emulation on Qubes -OS.

-

KeePassXC:

-

You will need somewhere to store your data (logins/passwords, -identities, and TOTP378 information).

-

For this purpose, KeePassXC is recommended because of its integrated -TOTP feature. This is the ability to create entries for 2FA379 authentication with the -authenticator feature.

-

In the context of Qubes OS you should store your sensitive -information within the vault Qube:

-
    -
  • First, click the Applications icon (upper left) and select the -vault Qube.

  • -
  • Click Qubes Settings

  • -
  • Select the Applications tab

  • -
  • From the list of available applications, add KeePassXC to the -list of selected applications.

  • -
-

You are done and can now skip the rest to go to the “Creating your anonymous online -identities” part.

-

Tutorial -for installing Windows based VMs on Qubes OS:

-

See their tutorial here: https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools41.md -[Archive.org]

-

Quick note: Correlation -vs Attribution

-

Correlation is a relationship between two or more -variables or attributes. -How are attributions determined? During digital forensic and incident -response (DFIR), analysts typically look for indicators of compromise -(IoCs) following events that call them to act. These indicators usually -consist of IP addresses, names, databases; all of which can prescribe a -certain behavioral “tag” to an individual or group. This is called -attribution. A principal in statistics is that “correlation does not -infer causality”. What this means is that, while you may leave certain -traces on certain areas of a device or network, that only shows presence -of action, i.e., not explicitly your presence. It doesn’t show who you -are, it only resolves that something occurred and someone has -done something.

-

Attribution is required to prove fault or guilt, and is the prime -reason why people using the Tor network to access the dark web have been -compromised: they left traces that were shown to be connected to their -real identities. Your IP can be — but is usually not — a large enough -indicator to attribute guilt. This is shown in the infamous NotPetya -cyber attacks against the U.S., which were later also released upon -Ukraine. Though the White House never said it was Russia’s -doing, they attributed the attack to Russia’s (GRU) -which is a direct office housing the Russian deniable warfare380 cyber divisions, uncommonly -referred to as “spy makers” in the intelligence community (IC).

-

What is the point, you may ask? Well, bluntly speaking, this -a perfect example because NotPetya, which is now undoubtedly the work of -Russian cyber operations against foreign countries and governments, has -still never been formally attributed to Russia, only to a known group -within Russia (colloquially dubbed Cozy Bear) which can not -be confirmed nor denied given that it is highly compartmentalized within -the structure of Russia’s military. And it’s also in part because of the -efforts used to disguise itself as a common Ransomware, and because it -routinely used the servers of hacked foreign assets not linked to Russia -or to its internal networks.

-

It’s all to show you the lengths that state actors will go to. You -may not be aware of it, but foreign governments use concealment -techniques such as the ones discussed in the sections of this guide. -They routinely use Tor, VPNs to conceal traffic; they use hacked devices -and access to stolen equipment to perform cyber espionage every day and -it makes attribution incredibly difficult, if not improbable, from a -forensic examiner’s point of view. The problem of correlation is -trivial, and you can solve it by simply using IP hiding tools such as a -VPN and the Tor network, but still be connected to your IRL name and IP -through data leaks or other factors. You can not easily be attributed to -your activities if you carefully follow and adopt the given techniques -and skills discussed below.

-

Creating your -anonymous online identities:

-

Understanding -the methods used to prevent anonymity and verify identity:

-

Captchas:

-

image34image35

-

(Illustrations by Randall Munroe, xkcd.com, licensed under CC BY-NC -2.5)

-

Captcha381 stands for “Completely Automated -Public Turing test to tell Computers and Humans Apart” are Turing -tests382 puzzles you need to complete -before accessing a form/website. You will mostly encounter those -provided by Google (reCAPTCHA service383) and Cloudflare (hCaptcha384). hCaptcha is used on 15% of the -internet by their own metrics385.

-

They are designed to separate bots from humans but are also clearly -used to deter anonymous and private users from accessing services.

-

If you often use VPNs or Tor, you will quickly encounter many -captchas everywhere386. Quite often when using Tor, even -if you succeed in solving all the puzzles (sometimes dozens in a row), -you will still be denied after solving the puzzles.

-

See https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor -[Archive.org]

-

While most people think those puzzles are only about solving a little -puzzle, it is important to understand that it is much more complex, and -that modern Captchas uses advanced machine learning and risk analysis -algorithms to check if you are human387:

-
    -
  • They check your browser, cookies, and browsing history using -Browser fingerprinting388.

  • -
  • They track your cursor movements (speed, accuracy) and use -algorithms to decide if it is “human/organic”.

  • -
  • They track your behavior before/during/after the tests to ensure -you are “human”389.

  • -
-

It is also highly likely that those platforms could already reliably -identify you based on the unique way you interact with those puzzles. -This could work despite obfuscation of your IP address / Browser and -clearing all cookies.

-

Watch for example this DEF CON 25 presentation: DEF CON 25 - Svea -Eckert, Andreas Dewes - Dark Data [Invidious]

-

You will often experience several in a row (sometimes endlessly) and -sometimes exceedingly difficult ones involving reading undecipherable -characters or identifying various objects on endless pictures sets. You -will also have more captchas if you use an ad-blocking system (uBlock -for example) or if your account was flagged for any reason for using -VPNs or Tor previously.

-

You will also have (in my experience) more Captchas (Google’s -reCAPTCHA) if you do not use a Chromium-based browser. But this can be -mitigated by using a Chromium-based browsers such as Brave. There is -also a Browser extension called Buster that could help you those https://github.com/dessant/buster [Archive.org].

-

As for Cloudflare (hCaptcha), you could also use their Accessibility -solution here (https://www.hcaptcha.com/accessibility [Archive.org]) -which would allow you to sign-up (with your anonymous identity created -later) and set a cookie within your Browser that would allow you to -bypass their captchas. Another solution to mitigate hCaptcha would be to -use their own solution called “Privacy Pass”390 -https://privacypass.github.io/ [Archive.org] -in the form of a Browser extension you could install in your VM -Browser.

-

You should therefore deal with those carefully and force yourself to -alter the way you are solving them (speed/movement/accuracy/…) to -prevent “Captcha Fingerprinting”.

-

Fortunately, as far as we are aware, these are not yet -officially/publicly used to de-anonymize users for third parties.

-

To not have those issues, you should consider using a VPN over Tor. -And the best option to avoid those is likely to use a self-hosted -VPN/Proxy over Tor on a cash/Monero paid VPS server.

-

Phone verification:

-

Phone verification is advertised by most platforms to verify you are -human. But do not be fooled, the main reason for phone verification is -not only to check if you are human but also to be able to de-anonymize -you if needed.

-

Most platforms (including the privacy-oriented ones such as -Signal/Telegram/Proton will require a phone number to register, and most -countries now make it mandatory to submit a proof of ID to register391.

-

Fortunately, this guide explained earlier how to get a number for -these cases: Getting an -anonymous Phone number.

-

E-Mail verification:

-

E-Mail verification is what used to be enough but is not anymore in -most cases. What is important to know is that open e-mail providers -(disposable e-mail providers for instance) are flagged as much as open -proxies (like Tor).

-

Most platforms will not allow you to register using an “anonymous” or -disposable e-mail. As they will not allow you to register using an IP -address from the Tor network.

-

The key thing to this is that it is becoming increasingly difficult -to sign-up for a free e-mail account anywhere without providing (you -guessed it) … a cell phone number. That same cell phone number can be -used conveniently to track you down in most places.

-

It is possible that those services (Proton for instance) might -require you to provide an e-mail address for registration. In that case, -we would recommend you create an e-mail address from these -providers:

- -

Keep in mind that those do not provide a zero-access design (a -zero-access design is where only you can access your e-mail - not even -the service’s admins can read your messages). This means they can access -your e-mail at rest in their database.

-

A note about Riseup:

-

RiseUp’s warrant canary has been renewed late, with their Twitter -posting a cryptic message seeming to tell users not to trust them. Due -to the suspicious situation, this guide can no longer recommend -them.

-

Also see: https://forums.whonix.org/t/riseup-net-likely-compromised/3195

-

For the https://riseup.net [Tor -Mirror] (It has come to my attention that the site now, -unfortunately, requires an invitation from a current registered -user)

-

Protecting -your anonymous online identities e-mails using Aliasing services:

-

If you want to avoid communicating your anonymous e-mail addresses to -various parties. We would strongly suggest considering using e-mail -aliasing services such as:

- -

These services will allow creating random aliases for your anonymous -e-mail (on Proton for example) and could increase your general privacy -if you do not want to disclose that e-mail for any purpose. They are -both recommended by Privacyguides.org and Privacytools.io. I’m -recommending them as well.

-

User details checking:

-

Obviously, Reddit does not do this (yet), but Facebook most likely -does and will look for “suspicious” things in your details (which could -include face recognition).

-

Some examples:

-
    -
  • IP address from a country different than your profile -country.

  • -
  • Age in the profile not matching the picture age.

  • -
  • Ethnicity in the profile not matching the picture -ethnicity.

  • -
  • Language not matching the country language.

  • -
  • Unknown in anyone else contacts (Meaning nobody else knows -you).

  • -
  • Locking down privacy settings after signing up.

  • -
  • Name that does not match the correct -ethnicity/language/country?

  • -
-

Proof of ID verification:

-

The deal-breaker in most cases. As far as we know, only Facebook and -LinkedIn (outside of financial services) have requested such -verifications which involve sending pictures of some form of -identification (passport, national ID card, driver’s license …). The -only way to do this would involve creating fake official documents -(forgery) using some decent Photoshop skills and this might be illegal -in most places.

-

Therefore, this is a line we are not going to help you cross within -this guide. Some services are offering such services online, but we -think they are bad actors and are overstepping their -boundaries.

-

In many countries, only law enforcement, some specific processes -(such as GDPR requests), and some well-regulated financial services may -request proof of identification. So, the legality of asking for such -documents is debatable and we beieve such platforms should not be -allowed to require those.

-

In few countries (like Germany), this practice is illegal and online -platforms such as Facebook or LinkedIn are legally bound to allow you to -use a pseudonym and remain anonymous.

-

IP Filters:

-

As stated previously in this guide, many platforms will apply filters -on the IPs of the users. Tor exit nodes are publicly listed, and VPN -exit servers are “well known”. There are many commercial and free -services providing the ability to block those IPs with ease (hi -Cloudflare).

-

Many platforms’ operators and administrators do not want traffic from -these IPs as they often drive a lot of unlawful/malicious/unprofitable -traffic to their platforms. These platforms usually argue using one of -the following points:

-
    -
  • “Think of the children!”;
  • -
  • “Terrorism!”;
  • -
  • “Russian troll propaganda!”;
  • -
  • “Well, it’s noise in the data we sell to advertisers!” (e.g., -AdSense or Facebook Ads).
  • -
-

“Yet we still pay traffic for them so let us just deny them all -instead.”

-

Fortunately, those systems are not perfect, and you will (still) be -able to get around those restrictions by switching identities (in the -case of Tor) and trying to access the website each time until you find -an Exit Node that is not yet blacklisted.

-

Some platforms will allow you to log in with a Tor IP but not to sign -up (See https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor -[Archive.org]). -Those platforms will keep a convenient, permanent log of the IP which -you used during sign-up - And some will keep such logs indefinitely, -e.g., all the IPs which you have used to log in (hi Facebook).

-

The tolerance is much higher with VPNs as they are not considered -“open proxies”, but that will not stop many platforms from making them -hard to use by forcing increasingly difficult CAPTCHAs on most VPN -users.

-

For this reason, this guide does recommend the use of VPN over Tor -(and not Tor over VPN) in certain use cases. Remember that the -best option to avoid those is to use a self-hosted VPN/Proxy over Tor on -a cash/Monero paid VPS.

-

Browser and Device -Fingerprinting:

-

Your Browser and Device Fingerprints392 -are a set of properties/capabilities of your System/Browser. These are -used on most websites for invisible user tracking but also to adapt the -website user experience depending on their browser. For instance, -websites will be able to provide a “mobile experience” if you are using -a mobile browser or propose a specific language/geographic version -depending on your fingerprint. Most of those techniques work with recent -Browsers like Chromium-based393 browsers (such as -Chrome/Edge) or Firefox394 unless taking -specific measures. Browser and Device395 -Fingerprinting are usually integrated into the Captcha services but also -in other various services.

-

Many platforms (like Google396) will check your -browser for various capabilities and settings and block browsers they do -not like. This is one of the reasons we recommend using Chromium-based -browsers such as Brave Browser over Tor Browser within this VM.

-

It should also be noted that while some browsers and extensions will -offer some fingerprint resistance, this resistance in itself can also be -used to fingerprint you as explained here https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/ -[Archive.org]

-

This guide will mitigate these issues by randomizing or hiding many -of those fingerprinting identifiers by:

- -

Here are some of the things they check within recent browsers:

-
    -
  • User-Agent: This is your Browser name and Version.

  • -
  • HTTP_ACCEPT Headers: This is the type of content your Browser can -handle.

  • -
  • Time Zone and Time Zone Offset: Your time zone.

  • -
  • Screen Size and Color Depth: The resolution of your -screen.

  • -
  • System Fonts: The typing fonts installed on your system.

  • -
  • Cookies support: If your browser supports cookies or -not.

  • -
  • Hash of Canvas fingerprint and Hash of WebGL fingerprint: These -are generated unique IDs based on your graphic rendering -capabilities.

  • -
  • WebGL Vendor & Renderer: Name of your Video card

  • -
  • Do-Not-Track enabled or not: Well, yes, they can use your DNT -information to track you

  • -
  • Language: The language of your Browser

  • -
  • Platform: The Operating System you are using

  • -
  • Touch Support: If your system supports touch (such as a -phone/tablet or touchscreen-enabled laptop)

  • -
  • Ad Blocking use: If your browser block ads

  • -
  • AudioContext fingerprint: Like the Canvas and WebGL fingerprints -these will fingerprint your audio capabilities.

  • -
  • CPU: What kind of CPU you are using and how many of them

  • -
  • Memory: How much memory you have in your System

  • -
  • Browser Permissions: Is your browser allowing some things like -geolocation or microphone/webcam access.

  • -
-

Most of the time, those fingerprints will, unfortunately, be unique -or nearly unique to your browser/system. This means that even If you log -out from a website and then log back in using a different username, your -fingerprint might remain the same if you did not take precautionary -measures. An adversary could then use such fingerprints to track you -across multiple services even if you have no account on any of them and -are using adblocking. These fingerprints could in turn be used to -de-anonymize you if you keep the same fingerprint between services.

-

Here are services you can use to check your browser fingerprints:

- -

Chances are you will find your browser fingerprint unique no matter -what you do.

-

Human interaction:

-

Some platforms will add this as a bonus step and require you to have -an actual human interaction with a customer care representative. Usually -by e-mail but sometimes by chat/phone. They will want to verify that you -exist by asking you to reply to an e-mail/chat/phone call.

-

It is annoying but quite easy to deal with in our case. We are not -making bots. This guide is for humans making human accounts.

-

User Moderation:

-

Many platforms will delegate and rely on their users to moderate the -others and their content. These are the “report” features that you will -find on most platforms.

-

Getting reported thousands of times does not matter when you are -Donald Trump or Kim Kardashian but if you as a sole “friendless” -anonymous user gets reported even once, you might get -suspended/flagged/banned instantly.

-

Behavioral Analysis:

-

See Your -Digital Fingerprint, Footprint, and Online Behavior.

-

Financial transactions:

-

Simple and efficient, some platforms will require you to perform a -financial transaction to verify your account sometimes under the pretext -of verifying your age. This could be a credit card verification or an -exceedingly small amount bank wire. Some will accept a donation in a -main cryptocurrency like Bitcoin or Ethereum.

-

While this might seem innocent, this is obviously an ID verification -and de-anonymization method. This is just indirectly relying on -third-party financial KYC397 regulations.

-

This is for instance now the case on YouTube for some European -Users398 but also used by services like -Amazon that requires a valid payment method for creating an account.

-
-image36 - -
-

Sign-in with some platform:

-

“Why do this user-verification ourselves when we can just ask others -to deal with it?”

-

You will notice this, and you probably already encountered this. Some -apps/platforms will ask/require you to sign in with a well-known and -well-used reputable platform instead of their own system (Sign-in with -Google/Facebook/Apple/Twitter).

-

This option is often presented as the “default one”, hiding away the -“Sign-in with e-mail and password” with clever Dark Patterns399 and unfortunately sometimes -needed.

-

This method will delegate the verification process on those platforms -instead of assuming that you will not be able to create an anonymous -Google/Facebook/Apple/Twitter account with ease.

-

Fortunately, it is still possible to this day to create those.

-

Live Face -recognition and biometrics (again):

-

This is a common method used on some Crypto trading platforms and -some dating Apps.

-

Some platforms/apps will require you to take a live picture of -yourself either doing something (a wink, holding an arm up …) or showing -a custom piece of information (a handwritten text, a passport, or ID) -within the picture. Sometimes the platform/app will require several -pictures to increase their certainty.

-
-image37 - -
-

This guide will not cover this one (yet) as it is mainly used on -financial platforms (that will be able to identify you with other means -anyway) and some dating apps like Tinder400. Unfortunately, this method is now -also sometimes being used on Facebook401 -and Instagram as part of their verification methods (tho we did not face -it yet so far).

-
-image38 - -
-

In some cases, these verifications must be done from your Smartphone -and with an “in-app” camera to prevent you from sending a previously -saved (edited) image.

-

Recently even platforms such as PornHub decided to implement similar -measures in the future402.

-

This verification is extremely hard to defeat but possible. A method -to possibly defeat those would be to use “deep fake” technology software -such as the open-source FaceSwap https://github.com/deepfakes/faceswap [Archive.org] -to generate the required verification pictures using a randomly -computer-generated face that would be swapped over the picture of a -complicit model (or a stock photo).

-

Unfortunately, some apps require direct access to a smartphone camera -to process the verification. In that case, you will need to find a way -to do such “face swaps” on the fly using a filter and another way to -feed this into the camera used by the app. A possible approach would be -similar to this impressive project https://github.com/iperov/DeepFaceLive [Archive.org].

-

Manual reviews:

-

These can be triggered by any of the above and just means someone -(usually specialized employees) will review your profile manually and -decide whether it is real or not based on their subjective opinion.

-

Some countries have even developed hotlines where you can report any -subversive content403.

-

Pros: Usually that verdict is “final”, and you will probably avoid -further issues if you are good.

-

Cons: Usually that verdict is “final”, and you will probably be -banned without any appeal possibility if you are not good. Sometimes -those reviews end up on the platform just ghosting you and cancel you -without any reason whatsoever. Any appeal will be left unanswered, -ignored, or will generate some random dark pattern bug when trying to -appeal that specific identity (this happens on Instagram for instance -where if your account gets “suspended” obviously by some manual review, -trying to complete the appeal form will just throw an error and tell you -to try again later (We have been trying this same appeal for that -identity for the past 6 months at least).

-

Getting Online:

-

Now that you have a basic understanding of all the ways you can be -de-anonymized, tracked, and verified. Let us get started at evading -these while staying anonymous. Remember:

-
    -
  • You cannot trust ISPs

  • -
  • You cannot trust VPS providers

  • -
  • You cannot trust public Wi-Fi providers

  • -
  • You cannot trust Mobile Network providers

  • -
  • You cannot trust VPN providers

  • -
  • You cannot trust any Online Platform

  • -
  • You cannot trust Tor

  • -
  • You cannot trust your Operating System

  • -
  • You cannot trust your Laptop

  • -
  • You cannot trust your Smartphone (especially Android)

  • -
  • You cannot trust your Smart devices

  • -
  • Above all, you cannot trust people

  • -
-

So what? Well instead of not trusting anyone or anything, we would -advise to “Trust but verify”404 -(or “Never trust, always verify” if you are more hardcore about it and -want to apply Zero-Trust Security405) instead.

-

Do not start this process unless:

-
    -
  • You consulted your local law for compliance and the -legality of your actions.

  • -
  • You are aware of your threat model.

  • -
  • You are in a safe place with public Wi-Fi without your -smartphone or any other smart device on you. And preferably in a place -without CCTV filming you (remember to Find some safe -places with decent public Wi-Fi and Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance)

  • -
  • You are fully done and preparing one of the -routes.

  • -
  • Again, it is crucially important to understand that you -will be unable to create most accounts without a valid phone number. -Therefore, most of your anonymity on mainstream platforms depends on the -anonymity of your online phone number and/or the burner phone with its -pre-paid SIM card (if you use one). If your phone number is not -anonymous or your burner phone can be traced back to you then you can be -de-anonymized. If you cannot get this anonymous phone number and/or a -physical SIM with a Burner phone, then you will have to restrict -yourself to platforms not asking for phone number -verification.

  • -
-

Remember to see Appendix -N: Warning about smartphones and smart devices

-

Creating new identities:

-

This is the fun part where you will now create your identities from -thin air. These identities do not exist but should be plausible and look -“organic”. They should ideally have a story, a “legend” (yes this is the -real term for this406).

-

What is a legend? Well, it is a full back-story for your -character:

-
    -
  • Age

  • -
  • Sex

  • -
  • Gender

  • -
  • Ethnicity

  • -
  • Place of Birth and date of Birth

  • -
  • Place of residence

  • -
  • Country of origin

  • -
  • Visited Countries (for travels for instance)

  • -
  • Interests and hobbies

  • -
  • Education History

  • -
  • Work experience

  • -
  • Health information

  • -
  • Religion if any

  • -
  • Goals

  • -
  • Family history

  • -
  • Family composition if any (Children? Spouse? Husband?)

  • -
  • Relationship Status if any (Married? Single?)

  • -
  • Spoken Languages

  • -
  • Personality traits (Introvert, Extrovert …)

  • -
  • -
-

All these should be crafted carefully for every single identity, and -you should be incredibly careful to stick to the details of each legend -when using those identities. Nothing can leak that could lead to your -real persona. Nothing could leak that could compromise the consistency -of your legend. Everything should always be consistent.

-

Tools that can help with this:

-
    -
  • https://www.fakenamegenerator.com/

  • -
  • https://thispersondoesnotexist.com/

  • -
  • https://generated.photos/face-generator -(Generated pictures using this tool have a watermark that you -might need to remove using image editing software such as -Gimp)

    -
      -
    • Warning: This tool requires JavaScript to function -and does a lot of fingerprinting. Most of it is being sent to Microsoft -Clarity. Even with uBlock installed and on safer level, Tor Browser -wasn’t efficient at blocking the fingerprinting. This obviously does not -work on Safest level. On our tests, only Brave with agressive -fingerprinting/ad shields did not send analytics.
    • -
  • -
-

Now is also the moment where you could finally consider getting an -online phone number as explained in the Online Phone Number (less recommended) -section.

-

We will help you bit by listing a few tips we learned while -researching over the years (disclaimer: this is based on my -individual experiences alone):

-
    -
  • “Some animals are more equal than others”.

    -
      -
    • Ethnicity is important and you will have fewer issues and attract -less attention to verification algorithms if your identity is -Caucasian/East-Asian than if it is Arabic/Black (yes, we tested this -extensively and it is definitely an issue).

    • -
    • Age is important and you will have fewer issues if you are young -(18-22) than if you are middle-aged or older. Platforms seem to be more -lenient in not imposing restrictions on new younger audiences.

    • -
    • Sex/Gender is important, and you will have fewer issues if you -are a female than if you are a male.

    • -
    • Country of origin is important, and you will have fewer issues if -your identity is Norwegian than if it is Ukrainian, Nigerian, or -Mexican.

    • -
    • Country of residence is important, and you will have fewer issues -if your identity has its residence in Oslo or Paris than if you decide -to live in Kyiv or Cairo.

    • -
    • Language is important and you will have fewer issues if you speak -English or the language of your Identity than if you use a non-related -language. Do not make a Norwegian-born Arabic 20-year-old female that -speaks Ukrainian or Arabic.

    • -
  • -
  • Identities that are “EU residents” with an “EU IP” (VPN/Tor Exit -IP) will benefit from GDPR protections on many platforms. Others will -not. GDPR is your friend in most cases, and you should take this into -account.

  • -
  • Similarly, origin IP geolocation (your IP/location when you go to -“whatsmyipaddress.com”) should match your identity location as much as -possible (When using a VPN over Tor, you can pick this in the VPN client -if you use the VPN over Tor approach or just create a new identity in -Tor Browser or Brave Tor Tab until you get an appropriate Exit node, or -configure Tor to restrict your Exit Nodes). Consider excluding any exit -IP that is not located in Western Europe/US/Canada/Japan/South -Korea/Australia/New Zealand as you will have fewer issues. Ideally, you -should get a European Union IP to get additional GDPR protection and if -possible, a German exit IP due to their legal stance on using anonymous -accounts on online platforms.

  • -
  • Brave Browser (Chromium-based) with a Private Tor Tab has a -better acceptance level than Tor Browser (Firefox based). You will -experience fewer issues with captchas and online platforms407 if you use Brave than if you use -Tor Browser (feel free to try this yourself).

  • -
  • For every identity, you should have a matching profile picture -associated with it. For this purpose, we recommend you just go to https://thispersondoesnotexist.com/ or https://generated.photos/face-generator* and generate a -computer-generated profile picture (Do note that algorithms have been -developed408409 -to detect these and it might not work 100% of the time). You can also -generate such pictures yourself from your computer if you prefer by -using the open-source StyleGan project here https://github.com/NVlabs/stylegan2 [Archive.org]. -Just refresh the page until you find a picture that matches your -identity in all aspects (age, sex, and ethnicity) and save that picture. -It would be even better to have several pictures associated with that -identity, butWedo not have an “easy way” of doing that yet.

  • -
-

*Warning: https://generated.photos/face-generator -requires JavaScript to function and does a lot of fingerprinting. Most -of it is being sent to Microsoft Clarity. Even with uBlock installed and -on safer level, Tor Browser wasn’t efficient at blocking the -fingerprinting. This obviously does not work on Safest level. On our -tests, only Brave with agressive fingerprinting/ad shields did not send -analytics.

- -
-image39 - -
-
    -
  • Result (see Online because PDFs do not work well with embedded -media):
  • -
-
-after-gif - -
-

Slight issue tho: MyHeritrage.com bans Tor Exit nodes so you -might have again to consider VPN over Tor for this.

-

You could also achieve the same result without using MyHeritage and -by doing it yourself using for example https://github.com/AliaksandrSiarohin/first-order-model -[Archive.org] -but this will require more manual operations (and requires an -NVIDIA GPU). Other commercial products will soon be available -such as: https://www.d-id.com/talkingheads/ [Archive.org] -with examples here: https://www.youtube.com/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos -[Invidious].

-

Note: If you make several pictures of the same identity using some of -the tools mentioned above, be sure to compare the similarities using the -Microsoft Azure Face Verification tool at https://azure.microsoft.com/en-us/services/cognitive-services/face/#demo.

-
    -
  • Create in advance and store in KeePassXC each identity details -that should include some crafted details as mentioned earlier.

  • -
  • Do not pick an occupation at a well-known private -corporation/company as they have people in their HR departments -monitoring activities in platforms such as LinkedIn and will report your -profile as being fake if it does not match their database. Instead, pick -an occupation as a freelancer or at a large public institution where you -will face less scrutiny due to their decentralized nature.

  • -
  • Keep track (write down) of the background stories of your -Identities. You should always use the same dates and answers everywhere. -Everything should always match up. Even the stories you tell about your -imaginary life should always match. If you say you work as an intern at -the Department of Health one day and later on another platform, say you -work as an intern at the Department of Transportation, people might -question your identity. Be consistent.

  • -
  • Use a different phone number for each identity. Online platforms -do keep track of phone number usage and if one identity/number gets -flagged for violating Community Guidelines or Terms of Services, it -might also get the other identities using the same number flagged/banned -as well.

  • -
  • Adapt your language/writing to the identity to not raise -suspicions and lower your chances of being fingerprinted by online -platforms. Be especially careful with using pedantic words and figures -of speech/quotes that could allow some people to guess your writing is -very similar to that person with this Twitter handle or this Reddit -user. See Appendix A4: -Counteracting Forensic Linguistics.

  • -
  • Always use TOTP 2FA (not SMS to prevent Sim Swapping -attacks410 and to keep your identity -working when your pre-paid card expires) using KeePassXC when available -to secure your logins to various platforms.

  • -
  • Remember Appendix -A2: Guidelines for passwords and passphrases.

  • -
-

Here is also a good guide on this specific topic: https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual#.22Real.22_names -[Archive.org]

-

Note: If you are having trouble finding an exit node in the country -of your choice you can force using specific countries for Exit Nodes -(and therefore exit countries) on Tor by editing the torrc file on the -Whonix Gateway or even the Tor Browser:

-
    -
  • Whonix/Tails: Create/Edit a file -/usr/local/etc/torrc.d/50_user.conf411.

  • -
  • On Tor Browser: Edit the torrc file located at -Browser/TorBrowser/Data/Tor412.

  • -
-

Once you are in the file, you can do the following:

-
    -
  • Specify the Exit Nodes by adding those two lines (which will -require an Exit Node in China/Russia/Ukraine:

    -
      -
    • ExitNodes {CH},{RU},{UA}

    • -
    • StrictNodes 1

    • -
  • -
  • Exclude specific Exit Nodes by adding this line (which will -exclude all Exit Nodes from France/Germany/USA/UK):

    -
      -
    • ExcludeNodes {FR},{DE},{US},{UK}
    • -
  • -
-

Always use uppercase letters for any setting.

-

Please note that this is restricting Onion Routing could -limit your Anonymity if you are too restrictive. You can see a -visualized list of available Exit Nodes here: https://www.bigdatacloud.com/insights/tor-exit-nodes -[Archive.org]

-

Here is the list of possibilities (this is a general list and many of -those countries might not have Exit nodes at all): https://web.archive.org/web/https://b3rn3d.herokuapp.com/blog/2014/03/05/tor-country-codes/

-

Checking if your Tor -Exit Node is terrible:

-

Skip this if you are using a VPN/Proxy over Tor (tho you can -also do the same checks with a VPN exit node if you want).

-

Not all Tor Exit nodes are equal. This is mostly due to what type of -“exit policy” their operator applies to them. Some Tor Exit nodes are -seen are more or less “clean” and will only show up in the Tor Exit -nodes lists. Some other Tor Exit nodes are seen as “dirty” and will show -up in dozens of various blacklists. So how do you know if you are on a -clean one or a bad one? It is not that simple.

-

This process is very easy:

-

This works whether you’re using Tor Browser on a Host OS, in a VM, -with Whonix or Qubes OS.

-
    -
  • Go on the target website you want to sign up for in a -tab

  • -
  • Click the Tor Circuit icon to the left of the “lock” icon in the -upper left corner to view your route through the Tor network.

  • -
  • Look at the third IP (Exit IP) you are using in that tab for that -website. (You can’t copy the IP address, but you can type it into the -browser address bar if needed.)

  • -
  • Open a new tab and go to MX Toolbox. https://mxtoolbox.com/blacklists.aspx

  • -
  • Put the Exit IP from the first tab in the search box. You will -likely see “We notice you are on a blacklist.”

  • -
  • Check the amount of blacklists the Tor Exit node is in. Ideally, -it should only be in two. If it is in other lists, such as Spamhaus ZEN, -you might run into issues:

    -
      -
    • DAN TOR

    • -
    • DAN TOREXIT

    • -
  • -
-

If the Exit Node is “clean” (in few lists), proceed to go back to the -first tab and open the site you want to use to sign up.

-

The Real-Name System:

-

Unfortunately, not using your real identity is against the Terms of -Services (“TOS”) of many services, especially those owned by Microsoft -and Facebook. But don’t despair, as explained in the Requirements, it’s still -legal in Germany where the courts have upheld the legality of not using -real names on online platforms (§13 VI of the German Telemedia Act of -2007413414). Fortunately, ToS cannot -override laws (yet).

-

This does not mean that it is illegal in other places but that it -might be a breach of their TOS if you do not have the law on your side. -Remember this guide only endorses this for German users residing -in Germany.

-

On my side, we strongly condemn this type of real-name policy. See -for instance this Wikipedia article giving some examples: https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy -[Wikiless] -[Archive.org]

-

Here are some more references about the German case for -reference:

- -

Alternatively, you could be an adult resident of any other country -where you can confirm and verify the legality of this yourself. Again, -this is not legal advice, and we are not lawyers. Do this at -your own risk.

-

Other countries where this was ruled illegal:

- -

Some platforms are bypassing this requirement altogether by requiring -a valid payment method instead (see Financial transactions:). While this -does not directly require a real name through their ToS, this has the -same results as they usually only accept mainstream (not Monero/Cash) -payment methods (such as Visa/MasterCard/Maestro or PayPal) which do -require a real-name legally as part of their KYC415 -regulations. The result is the same and even better than a simple -real-name policy you could ignore in some countries such as Germany.

-

About paid services:

-

If you intend to use paid services, privilege those accepting cash -payments or Monero payments which you can do directly and safely while -keeping your anonymity.

-

If the service you intend to buy does not accept those but accepts -Bitcoin (BTC), consider the following appendix: Appendix -Z: Paying anonymously online with BTC (or any other -cryptocurrency).

-

Overview:

-

This section will show you an overview of the current various -requirements on some platforms:

- -

The following overview does not mention the privacy practices -of those platforms but only their requirements for registering an -account. If you want to use privacy-aware tools and platforms, head on -to https://privacyguides.org [Archive.org].

-

Legend:

-
    -
  • “Unclear”: Unclear due to lack of information or confusing -information.

  • -
  • “Maybe”: It did happen in a minority of my tests.

  • -
  • “Likely”: It did happen in most of my tests.

  • -
  • “Yes” or “No”: This either happened or never happened -systematically in all my tests.

  • -
  • “Easy”: The overall experience was straightforward with little to -no obstacles.

  • -
  • “Medium”: The overall experience has some obstacles, but it is -still doable without too much hassle.

  • -
  • “Hard”: The overall experience is a painful struggle with many -obstacles.

  • -
  • “N/A”: Not Applicable because it was not possible to test within -the context of this guide

  • -
  • “Indirectly”: This means they do require something but indirectly -through a third-party system (Financial KYC for example).

  • -
- ------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Service - -Against ToS - -Requires Phone - -Requires E-Mail - -VPN Sign-up - -Tor Sign-up - -Captchas - -

-ID or -

-

-Financial Checks -

-
-Facial Checks - -Manual Checks - -Overall difficulty -
-Amazon - -No - -No - -Yes - -Yes - -Yes - -No - -Yes* - -No - -Unclear - -N/A -
-Apple - -Yes* - -Yes - -Yes - -Yes - -Yes - -No - -No - -No - -No - -Medium -
-Binance - -Yes* - -No - -Yes - -Yes - -No - -Yes - -No - -No - -No - -Medium -
-Briar - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Discord - -No - -No - -Yes - -Yes - -Yes - -Yes - -No - -No - -No - -Medium -
-Element - -No - -No - -No - -Yes - -Yes - -Yes - -No - -No - -No - -Easy -
-Facebook - -Yes* - -Yes - -Yes - -Maybe - -Maybe - -Yes - -Maybe - -Maybe - -Maybe - -Hard -
-GitHub - -No - -No - -Yes - -Yes - -Yes - -Yes - -No - -No - -No - -Easy -
-GitLab - -No - -No - -Yes - -Yes - -Yes - -Yes - -No - -No - -No - -Easy -
-Google - -No - -Likely - -Likely - -Yes - -Yes - -Yes - -Maybe - -No - -Maybe - -Medium -
-HackerNews - -No - -No - -No - -Yes - -Yes - -Yes - -No - -No - -No - -Easy -
-Instagram - -Unclear - -Likely - -Yes - -Yes - -Yes - -Yes - -No - -Maybe - -Maybe - -Medium -
-Jami - -No - -No - -No - -Yes - -No - -No - -No - -No - -No - -Easy -
-iVPN - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Kraken - -Yes* - -No - -Yes - -Yes - -No - -No - -No - -No - -No - -Medium -
-LinkedIn - -Yes* - -Yes - -Yes - -Yes - -Yes - -Yes - -Maybe - -Maybe - -Maybe - -Hard -
-MailFence - -No - -No - -Yes - -Yes - -Maybe - -Yes - -No - -No - -No - -Medium -
-Medium - -No - -No - -Yes - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Microsoft - -Yes* - -Maybe - -Maybe - -Yes - -Yes - -Yes - -No - -No - -No - -Medium -
-Mullvad - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Njalla - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-OnionShare - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-OnlyFans - -No - -No - -Yes - -Yes - -Yes - -Yes - -Yes (for full functionalities) - -No - -No - -Hard (for full functionalities) -
-Proton Mail - -No - -Maybe - -Likely - -Yes - -Yes - -Yes - -No - -No - -No - -Medium -
-Proton VPN - -No - -No - -Yes - -Yes - -Yes - -No - -No - -No - -No - -Medium -
-Reddit - -No - -No - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Slashdot - -Yes* - -No - -No - -Yes - -Yes - -Yes - -No - -No - -No - -Medium -
-Telegram - -No - -Yes - -No - -Yes - -Yes - -No - -No - -No - -No - -Easy -
-Tutanota - -No - -No - -No - -Maybe - -No - -Yes - -No - -No - -No - -Hard -
-Twitch - -No - -No - -Yes - -Yes - -Yes - -Yes - -No - -No - -No - -Easy -
-Twitter - -No - -Yes - -Yes - -Yes - -Yes - -Yes - -No - -No - -Maybe - -Medium -
-WhatsApp - -Yes* - -Yes - -No - -Yes - -Yes - -No - -No - -No - -No - -Medium -
-4chan - -No - -No - -No - -No - -No - -Yes - -No - -No - -No - -Hard -
- -
Below -you’ll find a list of “problematic services”. If they’re not below, it -means there are no issues at all with anything (like Briar for -example)
-

Amazon:

- -

“1. Amazon Services, Amazon Software

-

A. Use of Amazon Services on a Product. To use certain Amazon -Services on a Product, you must have your own Amazon.com account, be -logged in to your account on the Product, and have a valid -payment method associated with your account.

-

While it does not technically require a real name. It does require a -valid payment method. Unfortunately, it will not accept “cash” or -“Monero” as a payment method. So instead, they are relying on financial -KYC (where a real-name policy is pretty much enforced everywhere).

-
    -
  • Will they require a phone number? Yes, but see below

  • -
  • Can you create accounts through Tor? Yes, but see below

  • -
-

Because of this valid payment method requirement, we could not test -this. While this is seemingly not against their ToS, it is not possible -within the context of this guide unless you manage to obtain a valid KYC -payment method anonymously which AFAIK is pretty much impossible or -extremely difficult.

-

So, AFAIK, it is not possible to create an anonymous Amazon -account.

-

Apple:

- -

“IV. Your Use of the Service

-

A. Your Account

-

In order to use the Service, you must enter your Apple ID and -password to authenticate your Account. You agree to provide -accurate and complete information when you register with, and as you -use, the Service (“Service Registration Data”), and you agree to update -your Service Registration Data to keep it accurate and -complete”.

-
    -
  • Will they require a phone number? Yes

  • -
  • Can you create accounts through Tor? Yes

  • -
-

Note that this account will not allow you to set up an Apple mail -account. For that, you will need an Apple device.

-

Binance:

- -

Discord:

-
    -
  • Is this against their ToS? No https://discord.com/terms [Archive.org]

  • -
  • Will they require a phone number? No, but they do require an -e-mail

  • -
  • Can you create accounts through Tor? We had no issues with that -so far using the Desktop Client

  • -
-

You might encounter more issues using the Web Client (Captchas). -Especially with Tor Browser.

-

I suggest using the Discord Client app on a VM through Tor or ideally -through VPN/Proxy over Tor to mitigate such issues.

-

Element:

- -

Expect some Captchas during account creation on some homeservers.

-

Facebook:

- -

“1. Who can use Facebook

-

When people stand behind their opinions and actions, our community is -safer and more accountable. For this reason, you must:

-
    -
  • Use the same name that you use in everyday life.

  • -
  • Provide accurate information about yourself.

  • -
  • Will they require a phone number? Yes, and probably more -later

  • -
  • Can you create accounts through Tor? Yes, but it is very -difficult and their onion address416 will not help. In -most cases, you’ll just have a random error at sign-up and your account -suspended after sign-in.”

  • -
-

But this clause of their ToS is illegal in Germany (see Requirements).

-

Facebook is one of the most aggressive platforms with identity -verification and is pushing hard their “real name policy”. It is why -this guide is only advised to German residents.

-

Over our tests tho we were able to pinpoint a few tips:

-
    -
  • It will be easier if you have an Instagram account -first.

  • -
  • Signing up through Tor is almost impossible (even using their -.onion address which is a joke) and will only succeed if you are ” very -lucky” (I assume if you are using an exit node that is not yet known by -Facebook verification systems). In most cases, it will not allow -registration at all and will just fail with “An error has occurred -during registration”.

  • -
  • Signing up through VPNs is more likely to succeed but might still -result in the same error. So, you must be ready for a lot of trial and -error here.

  • -
  • Signing up through a Self-Hosted VPN/Proxy is your best bet but -make sure your profile/identity matches the IP geolocation.

  • -
  • My earlier entry in the guide about the Orwellian quote from -Animal Farm is in full effect on Facebook. You will experience huge -variation in acceptance depending on age/sex/ethnicity/nationality/… -This is where you will have far fewer issues if you are making an -account of a Young European Caucasian Female. You will almost certainly -fail if you try making a Middle-Aged Male where my other accounts are -still unsuspended/unbanned to this day.

  • -
  • Logging-in (after you sign-up) however works fine with VPN and -Tor but might still trigger an account suspension for violating -Community Guidelines or Terms of Services (despite you not using the -account at all for anything else than signing-up/logging-in). Ideally, -you should log-in back with the same IP from a self-hosted -VPN/Proxy.

  • -
-

I also suspect strongly based on my test that the following points -have an impact on your likelihood of being suspended over time:

-
    -
  • Not having friends

  • -
  • Not having interests and an “organic activity”

  • -
  • Not being in the contacts of any other user

  • -
  • Not being on other platforms (such as -Instagram/WhatsApp)

  • -
  • Restricting your profile privacy settings too soon after -signing-up

  • -
-

If your account gets suspended, you will need to appeal the decision -through a quite simple form that will require you to submit a “proof of -ID”. However, that proof of ID verification system is more lenient than -LinkedIn and will allow you to send various documents which require far -less Photoshop skills.

-

It is also possible that they ask you to take a selfie video or -picture-making certain gestures to prove your identity. If that is the -case, we are afraid it is a dead-end for now unless you use a deepfake -face swapping technique.

-

If you do file an appeal, you will have to wait for Facebook to -review it (I do not know whether this is automatic or human) and you -will have to wait and hope for them to unsuspend your account.

-

GitHub:

- -

GitHub is straightforward and requires no phone number.

-

Be sure to go into Settings > E-Mail and make your e-mail private -as well as block any push that would reveal your e-mail.

-

GitLab:

- -

GitLab is straightforward and requires no phone number.

-

Google:

-
    -
  • Is this against their ToS? No https://policies.google.com/terms [Archive.org]

  • -
  • Will they require a phone number? Yes, they will. There is no -escape here.

  • -
  • Can you create accounts through Tor? Yes, but expect some -captchas and your phone number will be required

  • -
-

Proton is good … but to appear less suspicious, it is simply better -to also have a mainstream Google Mail account.

-

As Proton, Google will also most likely require a phone number during -sign-up as part of their verification process. However contrary to -Proton, Google will store that phone number during the sign-up process -and will also limit the number of accounts that can be created during -the sign-up417418.

-

From my experience during my research, this count is limited to three -accounts/phone numbers. If you are unlucky with your number (if it was -previously used by another mobile user), it might be less.

-

You should therefore use again your online phone number OR your -burner phone and pre-paid SIM card to create the account. Do not forget -to use the identity details you made up earlier (birthdate). When the -account is created, please do take some time to do the following:

-
    -
  • (Trick) Log into Google Mail on desktop and go -into the Gmail Quick Settings > See all Setting > Forwarding and -POP/IMAP > Add a forwarding address > Verify (using Proton) > -Go back to Gmail and set the forwarding to forward and delete Google -copy > Save. This step will allow you to check your Google Mail using -Proton instead and will allow you to avoid triggering Google Security -checks by Logging in from various VPN/Tor exit IP addresses in the -future while storing your sensitive e-mail at Proton instead. This trick -will allow you to receive all the e-mails from your Gmail addresses on -your Proton (or other) address without needing to login into your Google -accounts (reducing risks of it being suspended, especially if you use -Tor).

  • -
  • Enable 2FA within the Google account settings. First, you will -have to enable 2FA using the phone number. Then you will see the option -appear to enable 2FA using an Authenticator app. Use that option and set -it up with a new KeePassXC TOTP entry. When it is done, remove the phone -2FA from the Google account. This will prevent someone from using that -phone number in the future (when you do not have it anymore) to -recover/gain access to that account.

  • -
  • Add Proton as a recovery e-mail address for the account.

  • -
  • Remove the phone number from the account details as a recovery -option.

  • -
  • Upload a Google profile picture you made earlier during the -identity creation step.

  • -
  • Review the Google Privacy settings to disable as much as you -can:

    -
      -
    • Activity logging

    • -
    • YouTube

    • -
  • -
  • Log out and do not touch it unless needed (as mentioned, you will -use Proton to check your Gmail).

  • -
-

Keep in mind that there are different algorithms in place to check -for weird activity. If you receive any mail (on Proton) prompting about -a Google Security Warning. Click it and click the button to say, “Yes it -was me”. It helps.

-

Do not use that account for “sign-up with Google” anywhere unless -necessary.

-

Be extremely careful if you decide to use the account for Google -activities (such as Google Maps reviews or YouTube Comments) as those -can easily trigger some checks (Negative reviews, Comments breaking -Community Guidelines on YouTube).

-

If your account gets suspended 419 (this can happen on -sign-up, after signing-up or after using it in some Google services), -you can still get it unsuspended by submitting420 -an appeal/verification (which will again require your Phone number and -possibly an e-mail contact with Google support with the reason). -Suspension of the account does not disable the e-mail -forwarding, but the suspended account will be deleted after a -while.

-

After suspension, if your Google account is restored, you should be -fine.

-

If your account gets banned, you will have no appeal and the -forwarding will be disabled. Your phone number will be flagged, and you -will not be able to use it to sign-up on a different account. Be careful -when using those to avoid losing them. They are precious.

-

It is also possible that Google will require an ID check through -indirect financial KYC or ID picture check if you try to access/publish -mature content on their platform421.

-

Instagram:

- -

You can’t impersonate others or provide inaccurate -information. You do not have to disclose your identity on Instagram, but -you must provide us with accurate and up-to-date information (including -registration information). Also, you may not -impersonate someone you are not, and you can’t create an account for -someone else unless you have their express permission”.

-

This one is a bit of an Oxymoron don’t you think? So, we are not sure -whether it is allowed or not.

-
    -
  • Will they require a phone number? Maybe but less likely over VPN -and very likely over Tor

  • -
  • Can you create accounts through Tor? Yes, but expect some -captchas and your phone number will be required

  • -
-

It is also possible that they ask you to take a selfie video or -picture-making certain gestures to prove your identity (within the app -or through an e-mail request). If that is the case, we are afraid it is -a dead-end for now.

-

It is no secret that Instagram is part of Facebook however it is more -lenient than Facebook when it comes to user verification. It is quite -unlikely you will get suspended or banned after signing up. But it could -help.

-

For instance, we noticed that you will face fewer issues creating a -Facebook account if you already have a valid Instagram account. You -should always create an Instagram account before trying Facebook.

-

Unfortunately, there are some limitations when using the web version -of Instagram. For instance, you will not be able to enable Authenticator -2FA from the web for a reason we do not know.

-

After sign-up, do the following:

-
    -
  • Upload a picture of your generated identity if you want.

  • -
  • Go into your Settings

  • -
  • Make the account private (initially at least)

  • -
  • Do not show activity status

  • -
  • Do not allow sharing

  • -
-

Jami:

-
    -
  • Is this against their ToS? No https://jami.net/privacy-policy/ [Archive.org]

  • -
  • Will they require a phone number? No, they do not even require an -e-mail

  • -
  • Can you create accounts through Tor? Nope it does not work for -some technical reason

  • -
-

Kraken:

- -

LinkedIn:

- -

“To use the Services, you agree that: (1) you must be the”Minimum -Age” (described below) or older; (2) you will only have one -LinkedIn account, which must be in your real name; and (3) you -are not already restricted by LinkedIn from using the Services. -Creating an account with false information is a violation of our -terms, including accounts registered on behalf of others or -persons under the age of sixteen. ”

-

But this clause of their ToS is illegal in Germany (see Requirements).

-
    -
  • Will they require a phone number? Yes, they will.

  • -
  • Can you create accounts through Tor? Yes, but expect some -captchas and your phone number will be required

  • -
-

LinkedIn is far less aggressive than twitter but will nonetheless -require a valid e-mail (preferably again your Gmail) and a phone number -in most cases (tho not always).

-

LinkedIn however is relying a lot on reports and user/customer -moderation. You should not create a profile with an occupation inside a -private corporation or a small startup company. The company employees -are monitoring LinkedIn activity and receive notifications when new -people join. They can then report your profile as fake, and your profile -will then be suspended or banned pending appeal.

-

LinkedIn will then require you to go through a verification process -that will, unfortunately, require you to send an ID proof (identity -card, passport, driver’s license). This ID verification is processed by -a company called Jumio422 that specializes in -ID proofing. This is most likely a dead end as this would force you to -develop some strong Photoshop skills.

-

Instead, you are far less likely to be reported if you just stay -vague (say you are a student/intern/freelance) or pretend you work for a -large public institution that is too large for anyone to care or -check.

-

As with Twitter and Google, you should do the following after signing -up:

-
    -
  • Disable ads

  • -
  • Disable notifications

  • -
  • Disable lookup by phone/e-mail

  • -
  • Upload a picture of your identity

  • -
-

MailFence:

-
    -
  • Is this against their ToS? No

  • -
  • Will they require a phone number? No, but they require an -e-mail

  • -
  • Can you create accounts through Tor? Maybe. From my tests, the -signing-up verification e-mails are not sent when using Tor to sign-up. -No issues however when using a VPN over Tor or a Proxy over -Tor.

  • -
-

Medium:

- -

Signing-in does require an e-mail every time.

-

Microsoft:

- -

“i. Creating an Account. You can create a Microsoft account by -signing up online. You agree not to use any false, inaccurate, -or misleading information when signing up for your Microsoft -account”.

-

But this clause of their ToS is illegal in Germany (see Requirements).

-
    -
  • Will they require a phone number? Likely but not always. -Depending on your luck with your Tor exit node, they may only require -e-mail verification. If you use a VPN over Tor, they will likely only -ask for an e-mail.

  • -
  • Can you create accounts through Tor? Yes, you can but expect -captchas, at least e-mail verification, and likely phone -verification.

  • -
-

So yes, it is still possible to create an MS account without a phone -number and using Tor or VPN, but you might have to cycle through a few -exit nodes to achieve this.

-

After signing up you should set up 2FA authentication within the -security options and using KeePassXC TOTP.

-

OnlyFans:

-
    -
  • Is this against their ToS? No, it looks fine https://onlyfans.com/terms [Archive.org]

  • -
  • Will they require a phone number? No, they do require an -e-mail

  • -
  • Can you create accounts through Tor? Yes, you can

  • -
-

Unfortunately, you will be extremely limited with that account and to -do anything you will need dot complete their verification process which -requires a KYC type financial transaction check. So, not very -useful.

-

Proton:

- -

You obviously need an e-mail for your online identity and disposable -e-mails are pretty much banned everywhere.

-

Proton is a free e-mail provider based in Switzerland that advocates -security and privacy.

-

They are recommended by Privacyguides.org423. Their only apparent issue is that -they do require (in most cases) a phone number or another e-mail address -for registration (when you try to register from a VPN or Tor at -least).

-

They claim they do not store/link the phone/e-mail associated with -the registration but only store a hash that is not linked to the -account424. If their claim is true and the -hash is not linked to your account, and that you followed my guide about -the phone number, you should be reasonably safe from tracking.

-

This e-mail account can be used for creating a Google/Gmail -account.

-

Reddit:

- -

Reddit is simple. All you need to register is a valid username and a -password. Normally they do not even require an e-mail (you can skip the -e-mail when registering, leaving it blank).

-

No issues whatsoever signing up over Tor or VPN besides the -occasional Captchas.

-

Consider reading this reddit post: https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/ -[Archive.org]

-

Slashdot:

- -

“8. Registration; Use of Secure Areas and Passwords

-

Some areas of the Sites may require you to register with us. When and -if you register, you agree to (a) provide accurate, current, and -complete information about yourself as prompted by our registration form -(including your e-mail address) and (b) to maintain and update your -information (including your e-mail address) to keep it accurate, -current, and complete. You acknowledge that should any information -provided by you be found to be untrue, inaccurate, not current, or -incomplete, we reserve the right to terminate this Agreement with you -and your current or future use of the Sites (or any portion -thereof)“.

-
    -
  • Will they require a phone number? No

  • -
  • Can you create accounts through Tor? Yes

  • -
-

Telegram:

-
    -
  • Is this against their ToS? No https://telegram.org/tos [Archive.org]

  • -
  • Will they require a phone number? Yes unfortunately

  • -
  • Can you create accounts through Tor? Yes, but sometimes you -randomly get banned without any reason

  • -
-

Telegram is quite straightforward, and you can download their -portable Windows app to sign-up and log in.

-

It will require a phone number (that can only be used once) and -nothing else.

-

In most cases, we had no issues whether it was over Tor or VPN, but -we had a few cases where our telegram account was just banned for -violating terms of services (not sure which one?). This again despite -not using them for anything.

-

They provide an appeal process through e-mail, but we had no success -with getting any answer.

-

Their appeal process is just sending an e-mail to [Archive.org] -stating your phone number and issue and hope they answer.

-

After signing up you should do the following:

-
    -
  • Go into Edit profile

  • -
  • Set a Username

  • -
  • Go into Settings (Desktop App)

  • -
  • Set the Phone Number visibility to Nobody

  • -
  • Set Last Seen & Online to Nobody

  • -
  • Set Forwarded Messages to Nobody

  • -
  • Set Profile photos to Contacts

  • -
  • Set Calls to Contacts

  • -
  • Set Group & Channels to Contacts

  • -
-

Tutanota:

-
    -
  • Is this against their ToS? No https://tutanota.com/terms/ [Archive.org]

  • -
  • Will they require a phone number? No, but they do require an -e-mail.

  • -
  • Can you create accounts through Tor? Not really, almost all Tor -Exit nodes are banned AFAIK

  • -
-

Twitter:

-
    -
  • Is this against their ToS? No https://twitter.com/en/tos

  • -
  • Will they require a phone number? Extremely likely, possibly now -a requirement in all cases.

  • -
  • Can you create accounts through Tor? Yes, but expect some -captchas and your phone number will be required after a while.

  • -
-

Twitter is extremely aggressive in preventing anonymity on its -network. You should sign-up using e-mail and password (not phone) and -not using “Sign-in with Google”. Use your Gmail as the e-mail -address.

-

More than likely, your account will be suspended immediately during -the sign-up process and will require you to complete a series of -automated tests to unlock. This will include a series of captchas, -confirmation of your e-mail and Twitter handle, or other information. In -some cases, it will also require your phone number.

-

In some cases, despite you selecting a text verification, the Twitter -verification system will call the phone no matter what. In that case, -you will have to pick up and hear the verification code. We suspect this -is another method of preventing automated systems and malicious users -from selling text receiving services over the internet.

-

Twitter will store all this information and link it to your account -including your IP, e-mail, and phone number. You will not be able that -phone number to create a different account.

-

Once the account is restored, you should take some time to do the -following:

-
    -
  • Upload the identity profile picture.

  • -
  • Enable 2FA from the security settings using a new KeePassXC TOTP -entry, save the security codes in KeePassXC as well.

  • -
  • Disable Photo tagging

  • -
  • Disable E-mail lookup

  • -
  • Disable Phone lookup

  • -
  • Disable all personalized advertising settings

  • -
  • Disable geolocation of tweets

  • -
  • Caution: Remove the phone number from the -account (at your own risk, this often leads to suspension of the -account)

  • -
  • Follow some people based

  • -
  • Log out and leave it be.

  • -
-

After about a week, you should check Twitter again and the chances -are quite high that it will be suspended again for “suspicious activity” -or “violating community guidelines” despite you not using it at all (not -even a single tweet/follow/like/retweet or DM) but this time by another -system. We call this the “Double-tap”.

-

This time you will need to submit an appeal using a form425, provide a good reason and wait -for the appeal to be processed by Twitter. During that process, you may -receive an e-mail (on Proton) asking you to reply to a customer service -ticket to prove that you do have access to your e-mail and that it is -you. This will be directed toward your Gmail address but will arrive on -your Proton.

-

Do not reply from Proton as this will raise suspicions, you must sign -in to Gmail (unfortunately) and compose a new mail from there -copy-pasting the E-Mail, Subject, and Content from Proton. As well as a -reply confirming you have access to that e-mail.

-

After a few days, your account should get unsuspended “for good”. No -issues after that but keep in mind they can still ban your account for -any reason if you violate the community guidelines. The phone number and -e-mail will then be flagged, and you will have no other option but to -get a new identity with a new number to sign-up again. Do not use this -account for trolling.

-

Twitch:

- -

Note that you will not be able to enable 2FA on Twitch using only -e-mail. This feature requires a phone number to enable.

-

WhatsApp:

- -

Registration. You must register for our Services -using accurate information, provide your current mobile -phone number, and, if you change it, update your mobile phone number -using our in-app change number feature. You agree to receive text -messages and phone calls (from us or our third-party providers) with -codes to register for our Services”.

-
    -
  • Will they require a phone number? Yes, they do.

  • -
  • Can you create accounts through Tor? No issues with that so -far.

  • -
-

4chan:

-
    -
  • Is this against their ToS? No

  • -
  • Will they require a phone number? No, they will not.

  • -
  • Can you post there with Tor or VPN? Not likely.

  • -
-

4chan is 4chan … This guide will not explain 4chan to you. They block -Tor exit nodes and known VPN IP ranges.

-

You are going to have to find a separate way to post there using at -least seven proxies426 that are not known by 4chan -blocking system (hint: Anonymous VPS using Monero is probably your best -option).

-
-image40 - -
-

Crypto Wallets:

-

Use any crypto wallet app within the Windows Virtual Machine. But be -careful not to transfer anything toward an Exchange or a known Wallet. -Crypto is in most cases NOT anonymous and can be traced back to you when -you buy/sell any (remember the Your Cryptocurrencies -transactions section).

-

If you really want to use Crypto, use Monero which is the -only one with reasonable privacy/anonymity.

-

Ideally, you should find a way to buy/sell crypto with cash from an -unknown person.

-

What about -those mobile-only apps (WhatsApp/Signal)?

-

There are only three ways of securely using those anonymously (that -we would recommend). Using a VPN on your phone is not one of those ways. -All of those are, unfortunately, “tedious” to say the least.

- -

There is no way to reliably set a decent multi-layered connectivity -approach easily on an Android phone (it is not even possible on IOS as -far as we know). By reliable, we mean being sure that the smartphone -will not leak anything such as geolocation or anything else from booting -up to shutting down.

-

Anything else:

-

You should use the same logic and security for any other -platform.

-

It should work in most cases with most platforms. The hardest -platform to use with full anonymity is Facebook.

-

This will obviously not work with banks and most financial platforms -(such as PayPal or Crypto Exchanges) requiring actual real official and -existing identification. This guide will not help you there as this -would be illegal in most places.

-

How to -share files privately and/or chat anonymously:

-

There are plenty of messaging apps everywhere. Some have excellent UI -and UX and terrible Security/Privacy. Some have excellent -Security/Privacy but terrible UI and UX. It is not easy to pick the ones -that you should use for sensitive activities. So, this section will help -you do that.

-

Before going further, there are also some key basic concepts you -should understand:

-

End-to-end Encryption:

-

End-to-end Encryption427 (aka e2ee) is a -rather simple concept. It just means only you and your destination know -each-others public encryption keys and no one in between that would be -eavesdropping would be able to decrypt the communication.

-

However, the term is often used differently depending on the -provider:

-
    -
  • Some providers will claim e2ee but forget to mention what is -covered by their protocols. For instance, is metadata also protected -within their e2ee protocol? Or is it just the content of the -messages?

  • -
  • Some providers do provide e2ee but only as an opt-in option -(disabled by default).

  • -
  • Some providers do offer e2ee with 1 to 1 messaging but not with -group messaging.

  • -
  • Some providers will claim the use of e2ee, but their proprietary -apps are closed source where no one can verify the claim and the -strength of the encryption used.

  • -
-

For these reasons, it is always important to check the claims of -various apps. Open-Source apps should always be preferred to verify what -kind of encryption they are using and if their claims are true. If not -open source, such apps should have an openly available independent (made -by a reputable third party) report confirming their claims.

-

Roll your own crypto:

-

See the Bad Cryptography section at -the start of this guide.

-

Always be cautious of apps rolling their own crypto until it -has been reviewed by many in the crypto community (or even better -published and peer-reviewed academically). Again, this is -harder to verify with closed-source proprietary apps.

-

It is not that rolling your own crypto is bad in essence, it is that -good cryptography needs real peer-reviewing, auditing, testing… And -since you are probably not a cryptanalyst (and we are not either), -chances are high we are not competent to assess the cryptography of some -apps.

-

Forward Secrecy:

-

Forward Secrecy428 (FS aka PFS for Perfect Forward -Secrecy) is a property of the key agreement protocol of some of those -messaging apps and is a companion feature of e2ee. This happens before -you establish communication with the destination. The “Forward” refers -to the future in time and means that every time you establish a new e2ee -communication, a new set of keys will be generated for that specific -session. The goal of forward secrecy is to maintain the secrecy of past -communications (sessions) even if the current one is compromised. If an -adversary manages to get hold of your current e2ee keys, that adversary -will then be limited to the content of the single session and will not -be able to easily decrypt past ones.

-

This has some user experience drawbacks like for instance, a new -device could not be able to conveniently access the remotely stored chat -history without additional steps.

-

So, in short, Forward Secrecy protects past sessions against -future compromises of keys or passwords.

-

More on this topic on this YouTube video: https://www.youtube.com/watch?v=zSQtyW_ywZc [Invidious]

-

Some providers and apps claiming to offer e2ee do not offer FS/PFS -sometimes for usability reasons (group messaging for instance is more -complex with PFS). It is therefore important to prefer open-source apps -providing forward secrecy to those that do not.

-

Zero-Access Encryption at -rest:

-

Zero-Access Encryption429 at rest is used when -you store data at some provider (let us say your chat history or chat -backups) but this history or backup is encrypted on your side and cannot -be read or decrypted by the provider hosting it.

-

Zero-Access encryption is an added feature/companion to e2ee but is -applied mainly to data at rest and not communications.

-

Examples of this issue would be iMessage and WhatsApp, see the Your Cloud backups/sync -services at the start of this guide.

-

So again, it is best to prefer Apps/Providers that do offer -Zero-Access Encryption at rest and cannot read/access any of your -data/metadata even at rest and not only limited to communications.

-

Such a feature would have prevented important hacks such as the -Cambridge Analytica scandal430 if it were -implemented.

-

Metadata Protection:

-

Remember the Your Metadata -including your Geo-Location section. End-to-end Encryption is one -thing, but it does not necessarily protect your metadata.

-

For Instance, WhatsApp might not know what you are saying but they -might know who you are talking to, how long and when you have been -talking to someone, who else is in groups with you, and if you -transferred data with them (such as large files).

-

End-to-end Encryption does not in itself protect an eavesdropper from -harvesting your metadata.

-

This data can also be protected/obfuscated by some protocols to make -metadata harvesting substantially harder for eavesdroppers. This is the -case for instance with the Signal Protocol which does offer some added -protection with features like:

-
    -
  • The Sealed Sender option431.

  • -
  • The Private Contact Discovery432.

  • -
  • The Private Group System433.

  • -
-

Other Apps like Briar or OnionShare will protect metadata by using -the Tor Network as a shield and storing everything locally on-device. -Nothing is stored remotely, and all communications are either direct -using proximity wi-fi/Bluetooth or remotely through the Tor network.

-

Most apps however and especially closed-source proprietary commercial -apps will collect and retain your metadata for various purposes. And -such metadata alone is enough to figure out a lot of things about your -communications.

-

Again, it is important to prefer open-source apps with privacy in -mind and various methods in place to protect not only the content of -communications but all the associated metadata.

-

Open-Source:

-

Finally, Open-Source apps should always be preferred because they -allow third parties to check actual capabilities and weaknesses vs -claims of marketing departments. Open-Source does not mean the app -should be free or non-commercial. It just means transparency.

-

Comparison:

- -------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-App0 - -e2ee1 - -Roll Your Own Crypto - -

-Perfect -

-

-Forward Secrecy -

-
-Zero-Access Encryption at-rest5 - -Metadata Protection (obfuscation, encryption…) - -Open-Source - -Default Privacy Settings - -Native Anonymous Sign-up (no e-mail or phone) - -Possible through Tor - -Privacy and Security Track Record *** - -De-centralized - -Additional notes -
-

-Berty -

-

-(avoid) -

-
-Yes - -No - -Yes - -Yes - -Yes - -Yes -13 - -Good - -Yes - -Yes - -Good - -Yes (peer to peer) - -Not sufficiently reviewed by this project, cannot recommend -
-Briar (preferred) - -Yes - -No -1 - -Yes - -Yes - -Yes (strong) - -Yes - -Good - -Yes - -Natively3 - -Good - -Yes (peer to peer) - -
-

-Cwtch -

-

-(preferred) -

-
-Yes - -No - -Yes - -Yes - -Yes (strong) - -Yes - -Good - -Yes - -Natively - -Good - -Yes (peer to peer) - -
-

-Discord -

-

-(avoid) -

-
-No - -Closed-source7 - -No - -No - -No - -No - -Bad - -E-Mail Required - -Virtualization - -Bad - -No - -
-Element / Matrix.org (preferred) - -Yes (opt-in) - -No - -Yes - -Yes - -Poor2 - -Yes - -Good - -Yes - -Via Proxy3 or Virtualization - -Good - -Partial (federated servers) - -
-Facebook Messenger (avoid) - -Partial (Only 1to1 / opt-in) - -Closed-source7 - -Yes - -No - -No - -No - -Bad - -E-Mail and Phone required - -Virtualization - -Bad - -No - -
-OnionShare (preferred) - -Yes - -No - -TBD8 - -TBD8 - -Yes (strong) - -Yes - -Good - -Yes - -Natively - -Good - -Yes (peer to peer) - -
-Apple Messages (aka iMessage) - -Yes - -Closed-source7 - -No - -Partial - -No - -No - -Good - -Apple device Required - -Maybe Virtualization using real Apple device ID - -Bad - -No - -
-IRC - -Yes (OTR plugins) - -No - -No - -No - -No - -Yes - -Bad - -Yes - -Via Proxy3 or Virtualization - -Good - -No - -
-

-Jami -

-

-(preferred) -

-
-Yes - -No3 - -Yes - -Yes - -Partial - -Yes - -Good - -Yes - -Via Proxy3 or Virtualization9 - -Good - -Partial - -Tor breaks some features -
-KakaoTalk (avoid) - -Yes - -Closed-source7 - -No4 - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-Keybase - -Yes - -No - -Partial (exploding message) - -No - -No - -Yes - -Good - -E-Mail Required - - - -No - -
-Kik (avoid) - -No - -Closed-source7 - -No - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-Line (avoid) - -Partial (opt-in) - -Closed-source7 - -No - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-Pidgin with OTR (avoid) - -Yes -(OTR5) - -No - -Yes - -No - -No - -Yes - -Bad - -Yes - -Via Proxy3 or Virtualization - -Bad6 - -No - -
-Tox (avoid) - -Yes - -No - -No - -No - -No - -Yes - -Good - -Yes - -Via Proxy3 or Virtualization - -Medium7 - -Yes - -Known cryptographic -weaknesses14 -
-

-Session -

-

-(Preferred only on iOS) -

-
-Yes - -No - -No - -Yes - -Yes - -Yes - -Good - -Yes - -Via Proxy3 or Virtualization10 - -Good - -Yes - -Lacks PFS, deniability -
-Signal - -Yes - -No - -Yes - -Yes - -Yes (moderate) - -Yes - -Good - -Phone Required - -Virtualization - -Good - -No - -Requires burner or anonymous VOIP number for anonymous usage -
-Skype (avoid) - -Partial (Only 1to1 / opt-in) - -Closed-source7 - -No - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-SnapChat (avoid) - -No - -Closed-source7 - -No - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -Deleted/expired messages are easily -recoverable15,16 -
-Teams (avoid) - -Yes - -Closed-source7 - -No - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-Telegram - -Partial (Only 1to1 / opt-in) - -Yes -(MTProto8) - -Partial (secret chats only) - -Yes - -No - -Partial5 - -Medium (e2ee off by default) - -Phone Required - -Via Proxy3 or Virtualization - -Medium9 - -No - -
-Viber (avoid) - -Partial (Only 1to1) - -Closed-source7 - -Yes - -No - -No - -No - -Bad - -No (but possible) - -Virtualization - -Bad - -No - -
-WeChat (avoid) - -No - -Closed-source7 - -No - -No - -No - -No - -Bad - -No - -Virtualization - -Bad - -No - -
-WhatsApp (avoid) - -Yes - -Closed-source7 - -Yes - -No - -No - -No - -Bad - -Phone Required - -Virtualization - -Bad - -No - -
-Wickr Me - -Partial (Only 1to1) - -No - -Yes - -No - -Yes (moderate) - -No - -Good - -Yes - -Virtualization - -Good - -No - -
-Gajim (XMPP) (preferred) - -Yes - -No - -Yes - -No - -No - -Yes - -Good - -Yes - -Via Proxy3 or Virtualization - -Good - -Partial - -
-Zoom -(avoid10) - -Disputed11 - -No - -TBD8 - -No - -No - -No - -Bad - -E-Mail Required - -Virtualization - -Bad12 - -No - -Malware -risk17 -
-Molly - -Yes - -No - -Yes - -Yes - -Yes (moderate) - -Yes - -Good - -Phone Required - -Virtualization - -Good - -No - -Requires phone number. Security hardened fork of Signal client. Security -may be delayed for up to a week -
-
-
-
    -
  1. -

    -Briar Documentation, Bramble Transport Protocol version 4 -https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md -[Archive.org]↩︎ -

    -
  2. -
  3. -

    -Serpentsec, Matrix -https://web.archive.org/web/https://serpentsec.1337.cx/matrix↩︎ -

    -
  4. -
  5. -

    -Wikipedia, GnuTLS, -https://en.wikipedia.org/wiki/GnuTLS -[Wikiless] -[Archive.org]↩︎ -

    -
  6. -
  7. -

    -KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A -Security and Privacy Audit of KakaoTalk’s End-to-End Encryption -www.diva-portal.org/smash/get/diva2:1046438/FULLTEXT01.pdf -[Archive.org]↩︎ -

    -
  8. -
  9. -

    -Wikipedia, OTR -https://en.wikipedia.org/wiki/Off-the-Record_Messaging -[Wikiless] -[Archive.org]↩︎ -

    -
  10. -
  11. -

    -Pidgin Security Advisories, -https://www.pidgin.im/about/security/advisories/ -[Archive.org]↩︎ -

    -
  12. -
  13. -

    -Whonix Forum, Tox Integration -https://forums.whonix.org/t/tox-qtox-whonix-integration/1219 -[Archive.org]↩︎ -

    -
  14. -
  15. -

    -Telegram Documentation, MTProto Mobile Protocol -https://core.telegram.org/mtproto -[Archive.org]↩︎ -

    -
  16. -
  17. -

    -Wikipedia, Telegram Security Breaches, -https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches -[Wikiless] -[Archive.org]↩︎ -

    -
  18. -
  19. -

    -TechCrunch, Maybe we shouldn’t use Zoom after all, -https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ -[Archive.org]↩︎ -

    -
  20. -
  21. -

    -The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite -Misleading Marketing -https://theintercept.com/2020/03/31/zoom-meeting-encryption/ -[Tor -Mirror] -[Archive.org]↩︎ -

    -
  22. -
  23. -

    -Serpentsec, Secure Messaging: Choosing a chat app -https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app↩︎ -

    -
  24. -
  25. -

    -Berty, Development, -https://berty.tech↩︎ -

    -
  26. -
  27. -

    -Tox Handshake Vulnerable to KCI, -https://github.com/TokTok/c-toxcore/issues/426↩︎ -

    -
  28. -
  29. -

    -The Guardian, Deleted Snapchat photos recovered ‘within days’ by -forensics company, -https://www.theguardian.com/technology/2013/may/09/snapchat-photos-not-deleted↩︎ -

    -
  30. -
  31. -

    -The Guardian, Snapchat’s expired snaps are not deleted, just hidden, -https://web.archive.org/web/20131115224243/https://www.theguardian.com/media-network/partner-zone-infosecurity/snapchat-photos-not-deleted-hidden↩︎ -

    -
  32. -
  33. -

    -The Guardian, ‘Zoom is malware’: why experts worry about the video -conferencing platform, -https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing↩︎ -

    -
  34. -
-
-

Legend:

-
    -
  1. The mention “preferred” or “avoid” refers to the use of those -apps for sensitive communications. This is just my opinion, and you can -make your own using the resources above and others. Remember “Trust but -verify”.

  2. -
  3. e2ee refers to “end-to-end encryption”

  4. -
  5. Additional steps might be needed for securing Tor -Connectivity

  6. -
  7. Their ability and willingness to fight for privacy and not -cooperate with various adversaries

  8. -
  9. Only the client apps are open-source, not the server-side -apps

  10. -
  11. This means the data is fully encrypted at rest (and not only -during transit) and unreadable by any third party without a key you only -know (including backups)

  12. -
  13. Unverifiable because it is proprietary closed source.

  14. -
  15. To Be Determined, unknown at the time of this writing

  16. -
  17. Jami will require you to enable DHTProxy in their options to work -and it will be limited to text only.

  18. -
  19. Session also uses their own Onion Routing solution called -LokiNet

  20. -
-

Some apps like Threema and Wire were excluded from this -comparison due to not being free and not accepting anonymous cash -methods such as Cash/Monero.

-

Conclusion:

-

Remember: Appendix -B1: Checklist of things to verify before sharing -information.

-

We will recommend these options in that order (as also recommend by -Privacyguides.org434435 -except for Session and Cwtch):

- -

** Note that these options (Briar, Cwtch, and OnionShare) do not -support multi-devices yet. Your information is strictly stored on the -device/OS where you are setting it up. Do not use those on a -non-persistent OS unless you want ephemeral use.

-

Any safe options for mobile devices? Yes, but these are not -endorsed/recommended except Briar on Android. Remember also that this -guide discourages the use of smartphones for sensitive activities in -general.

- -

Note that all the non-native Tor options must be used over -Tor for safety (from Tails or a guest OS running behind the Whonix -Gateway such as the Whonix Workstation or an Android-x86 -VM).

-

WhileWedo not recommend most of the messaging platforms for the -various reasons outlined above (phone number and e-mail requirements), -this does not mean it is not possible to use them anonymously if you -know what you are doing. You can use even Facebook Messenger anonymously -by taking the necessary precautions outlined in this guide -(virtualization behind a Tor Gateway on a non-persistent OS).

-

The ones that are preferred are recommended due to their stance on -privacy, their default settings, their crypto choices but also because -they allow convenient anonymous sign-up without going through the many -hassles of having a phone number/e-mail verification method and are open -source. Those should be privileged in most cases.

-

You can also consult the following external resources for more -comparisons (we do not necessarily endorse their -opinions):

- -

We do not endorse or recommend some mainstream platforms for -anonymity including the much-praised Signal which to this date still -requires a phone number to register and contact others. In the context -of this guide, we strongly recommend against using Signal if possible. -The same recommendation applies to popular forks of Signal such as Molly -(https://molly.im[Archive.org])

-

How to share files -publicly but anonymously:

-

Warning: before sharing anything publicly, make sure your -files are curated of any information that could compromise your -identity. See Appendix -B1: Checklist of things to verify before sharing -information.

-

Consider the following platforms:

-
    -
  • Cryptpad.fr (https://cryptpad.fr/): Free tier limited to 1GB total -and recommended by PrivacyGuides.org at https://privacyguides.org/cloud/ [Archive.org]

  • -
  • Proton Drive (https://proton.me/drive/): Paid. Requires users to have -“Proton Unlimited” or “Mail Plus”. Proton Drive is E2EE and recommended -by PrivacyGuides.org

    -
      -
    • Like Proton and Proton VPN, it’s not easy to sign up anonymously. -When you try to register through Tor, they request verification either -by phone number, or by providing a donation
    • -
  • -
  • Filen (https://filen.io/): free tier limited to 10GB -total

  • -
-

Consider the use of IPFS436:

- -

Redacting -Documents/Pictures/Videos/Audio safely:

-

You might want to self-publish some information safely and -anonymously in the form of writing, pictures, videos, …

-

For all these purposes here are a few recommendations:

-
    -
  • Ideally, you should not use proprietary software such as Adobe -Photoshop, Microsoft Office…

  • -
  • Preferably, you should use open-source software instead such as -LibreOffice, Gimp…

  • -
-

While the commercial alternatives are feature-rich, they are also -proprietary closed-source and often have various issues such as:

-
    -
  • Sending telemetry information back to the company.

  • -
  • Adding unnecessary metadata and sometimes watermarks to your -documents.

  • -
  • These apps are not free, and any leak of any metadata could be -traced back to you since you had to buy these somewhere.

  • -
-

It is possible to use commercial software for making sensitive -documents, but you should be extra careful with all the options in the -various Apps (commercial or free) to prevent any data leak from -revealing information about you.

-

Here is a comparative table of recommended/included software compiled -from various sources (PrivacyGuides.org, Whonix, Tails, Prism-Break.org, -and me). Keep in mind my recommendation considers the context of this -guide with only sporadic online presence on a need basis.

- -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Type - -Whonix - -Prism-Break.org - -PrivacyGuides.org - -Tails - -This guide -
-Offline Document Editing - -LibreOffice - -N/A - -LibreOffice* - -LibreOffice - -

-LibreOffice, -

-

-Notepad++ -

-
-Online Document Editing (collaboration) - -N/A - -Cryptpad.fr - -

-Cryptpad.fr, -

-

-Etherpad.org, -

-

-Privatebin.net -

-
-N/A - -

-Cryptpad.fr, -

-

-Etherpad.org, -

-

-Privatebin.net -

-
-Pictures Editing - -Flameshot (L) - -N/A - -N/A - -GIMP - -GIMP -
-Audio Editing - -Audacity - -N/A - -N/A - -Audacity - -Audacity -
-Video Editing - -Flowblade (L) - -N/A - -N/A - -N/A - -

-Flowblade (L) -

-

-Olive (?) -

-

-OpenShot (?) -

-

-ShotCut (?) -

-
-Screen Recorder - -Vokoscreen - -N/A - -N/A - -N/A - -Vokoscreen -
-Media Player - -VLC - -N/A - -N/A - -VLC - -VLC -
-PDF Viewer - -Ristretto (L) - -N/A - -N/A - -N/A - -Browser -
-PDF Redaction - -PDF-Redact Tools (L) - -N/A - -N/A - -PDF-Redact Tools (L) - -

-LibreOffice, -

-

-PDF-Redact Tools (L) -

-
-

Legend: * Not recommended but mentioned. N/A = Not -Included or absence of recommendation for that software type. (L)= Linux -Only but can maybe be used on Windows/macOS through other means -(HomeBrew, Virtualization, Cygwin). (?)= Not tested but open-source and -could be considered.

-

In all cases, we strongly recommend only using such -applications from within a VM or Tails to prevent as much leaking as -possible. If you do not, you will have to sanitize those documents -carefully before publishing (See Removing Metadata -from Files/Documents/Pictures).

-

Communicating -sensitive information to various known organizations:

-

You might be interested in communicating information to some -organization such as the press anonymously.

-

If you must do so, you should take some steps because you cannot -trust any organization to protect your anonymity437. See Appendix -B1: Checklist of things to verify before sharing information.

-

For this, we strongly recommend the use of SecureDrop438 -(https://securedrop.org/ [Archive.org]) -which is an open-source project from the Freedom of the Press -Foundation.

- -

If not SecureDrop is not available, you could consider any other -means of communication, but you should privilege those that are -encrypted end to end. Do not ever do this from your real -identity but only from a secure environment using an anonymous -identity.

-

Without SecureDrop you could consider:

- -

What you should avoid:

-
    -
  • Do not send physical materials using the post due to the risk of -leaving DNA/Fingerprints or other traceable information (see Cash-Paid VPN (preferred)).

  • -
  • Do not use methods linked to a phone number (even a burner one) -such as Signal/WhatsApp/Telegram.

  • -
  • Do not use any kind of voice/video communication.

  • -
  • Do not leak any clues about your real identity when exchanging -messages.

  • -
  • Do not meet people in real life unless you have absolutely no -other option (this is a last resort option).

  • -
-

If you intend to break your anonymity to protect your safety:

-
    -
  • Assess the risks very carefully first.

  • -
  • Inform yourself carefully on the legality/safety of your intent -and the consequences for you and others. Think about it -carefully.

  • -
  • Possibly reach out to a trusted lawyer before -doing so.

  • -
-

Maintenance tasks:

-
    -
  • You should sign-up carefully into your accounts from time to time -to keep them alive.

  • -
  • Check your e-mail regularly for security checks and any other -account notification.

  • -
  • Check regularly the eventual appearance of compromise of any of -your identities using https://haveibeenpwned.com/ [Archive.org] -(obviously from a safe environment).

  • -
-

Backing up your work -securely:

-

Do not ever upload encrypted file containers with plausible -deniability (hidden containers within them) to most cloud services -(iCloud, Google Drive, OneDrive, Dropbox) without safety precautions. -This is because most cloud services keep backups/versioning of your -files, and such backups/versioning of your encrypted containers can be -used for differential analysis to prove the existence of a hidden -container.

-

Instead, this guide will recommend other methods of backing up your -stuff safely.

-

Offline Backups:

-

These backups can be done on an external hard drive or a USB key. -Here are the various possibilities.

-

Selected Files Backups:

-

Requirements:

-

For these back-ups, you will need a USB key or an external hard drive -with enough storage capacity to store the files you want to back up.

-

Veracrypt:

-

For this purpose, we will recommend the use of Veracrypt on all -platforms (Linux/Windows/macOS) for convenience, security, and -portability.

-

Normal File containers:

-

The process is fairly simple and all you will need is to follow -Veracrypt tutorial here: https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html -[Archive.org]

-

In this container, you can then store sensitive data manually and or -use any backup utility you want to backup files from the OS to that -container.

-

You can then store this container anywhere safely.

-

Hidden File -containers with plausible deniability:

-

The process is also fairly simple and similar to the earlier tutorial -except for this time you will use the Veracrypt wizard to create a -Hidden Veracrypt Volume instead of a Standard Veracrypt Volume.

-

You can create a Hidden volume within an existing Standard Volume or -just use the wizard to create a new one.

-

Let us say you want a container of 8GB, the Wizard will first create -an “outer volume” where you will be able to store decoy information when -prompted. Some decoy files (somewhat sensible, plausible but not what -you want to hide) should be stored in the decoy volume.

-

Then Veracrypt will ask you to create a smaller hidden container (for -instance 2GB or 4GB) within the outer volume where you can store your -actual hidden files.

-

When you select the file for mounting in Veracrypt, depending on -which password you provide, it will mount the Outer decoy volume or the -Hidden volume.

-

You can then mount your hidden volume and use it to store sensitive -files normally.

-

Be careful when mounting the Outer decoy volume to update its -content. You should protect the hidden volume from being overwritten -when doing this as working in the decoy volume could overwrite data in -the hidden volume.

-

To do this, when mounting the Decoy Volume, select Mount Options and -Check the “Protect hidden volume” option and provide the hidden volume -password on the same screen. Then mount the decoy volume. This will -protect the hidden volume from being overwritten when changing the decoy -files. This is also explained here in Veracrypt documentation: https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html -[Archive.org]

-

Be extremely cautious with these file -containers:

-
    -
  • Do not store multiple versions of them or store them -anywhere where some versioning is being done (by the file system or the -storage system). These file containers should be identical everywhere -you store them. If you have a backup of such containers somewhere, it -needs to be absolutely identical to the one you are using. If you do not -take this precaution, an adversary could compare two different versions -of this container and prove the existence of hidden data. Follow -carefully the recommendations here https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html -[Archive.org]. -Remember the Local Data Leaks -and Forensics: section.

  • -
  • We strongly recommend storing such containers on external USB -keys that you will only mount from your guest VMs and never from your -Host OS. After each modification to the files, you should clean -the free space on the USB disk and make sure that any backup of such -containers is absolutely identical on each key and your computer. See -the How -to securely delete specific files/folders/data on your HDD/SSD and Thumb -drives section of this guide for help on doing -this.

  • -
  • If you have time, We will even recommend that you delete -wipe the keys completely before making any modification on such -containers on your computer (if you do not work from the USB key -directly). This is to prevent an adversary that would seize -your assets before you could update the keys from having multiple -versions of the containers that could lead to proving the existence of -hidden data using forensics techniques.

  • -
  • Do not ever store such containers on cloud storage -platforms that have backups and where you have no direct control over -permanent deletion. They might keep “old versions” of your files which -can then also be used by forensics to prove the existence of hidden -data.

  • -
  • If you are mounting the hidden volume from your Host OS -(not recommended), you should erase all traces of this -hidden volume everywhere after use. There could be traces in various -places (system logs, file systems journaling, recent documents in your -applications, indexing, registry entries…). Refer to the Some additional -measures against forensics section of this guide to remove such -artifacts. Especially on Windows. Instead, you should mount them on your -Guest VMs. With Virtualbox for instance, you could take a snapshot of -the VM before opening/working the hidden volume and then restore the -snapshot before opening/working on it after use. This should erase the -traces of its presence and mitigate the issue. Your Host OS might keep -logs of the USB key being inserted but not of the hidden volume usage. -Therefore, we do not recommend using these from your host OS.

  • -
  • Do not store these on external SSD drives if you are not sure you -can use Trim on them (see the Understanding HDD vs SSD -section).

  • -
-

Full Disk/System Backups:

-

TLDR version: Just use Clonezilla as it worked reliably and -consistently with all my tests on all operating systems except for Macs -where you should probably use native utilities (Time Machine/Disk -utility instead) to avoid compatibility issues and since you are using -Native macOS encryption. When using Windows, do not back up a partition -containing a hidden OS in case you use Plausible Deniability -(as explained before, this backup could allow an adversary to prove the -existence of the hidden OS by comparing the last backup to the current -system where data will have changed and defeat plausible deniability, -use file containers instead).

-

You will have two options here:

-
    -
  • (Not recommended) Doing your backup from the live operating -system using a backup utility (commercial utilities such as EaseUS Todo -Free, Macrium Reflect…) or native utilities like macOS Time Machine, -QubesOS Backup, Ubuntu Déjà Dup, or Windows Backup…).

    -
      -
    • This backup can be done while the Operating System is -running.

    • -
    • This backup will not be encrypted using the disk encryption but -using the Backup utility encryption algorithm (which you will have to -trust and cannot really control for most). Alternatively, you could -encrypt the backup media yourself separately (for instance with -Veracrypt). We are not aware of any free or non-free utility that -natively supports Veracrypt.

    • -
    • Some utilities will allow for differential/incremental backups -instead of full backups.

    • -
    • These backup utilities will not be able to restore your encrypted -drive as-is as they do not support those encrypted file systems -natively. And so, these will require more work to restore your system in -an encrypted state (re-encryption after restoring).

    • -
  • -
  • (Recommended) Doing it offline from a boot drive (such as with -the free open-source Clonezilla).

    -
      -
    • This backup can only be done while the Operating System is not -running.

    • -
    • This backup will back up the encrypted disk as-is and therefore -will be encrypted by default with the same mechanism (it is more like a -fire and forget solution). The restore will also restore the encryption -as-is and your system will immediately be ready to use after a -restore.

    • -
    • This method will not allow incremental/differential back-ups -(meaning you will have to re-do a full backup every time).

    • -
    • This method is the easiest to manage.

    • -
  • -
-

We made extensive testing using live backups utilities (Macrium -Reflect, EaseUS Todo Reflect, Déjà Dup…) and personally we do not think -it is worth it. Instead, we would recommend that you periodically back -up your system with a simple Clonezilla image. It is much easier to -perform, much easier to restore, and usually works reliably without -issues in all cases. And contrary to many beliefs, it is not that slow -with most backups taking about an hour depending on the speed of your -destination media.

-

For backing up single files while you work, we recommend using file -containers or encrypted media directly and manually as explained in the -earlier section.

-

Requirements:

-

You will need a separate external drive with at least the same or -more free space available than your source disk. If your laptop has a -250GB disk. You will need at least 250GB of free disk space for the full -image backup. Sometimes this will be reduced significantly with -compression by the backup utility but as a safety rule, you should have -at least the same or more space on your backup drive.

-

Some general warnings -and considerations:

-
    -
  • If you use Secure Boot, you will need a backup utility that -supports Secure Boot which includes Clonezilla AMD64 versions.

  • -
  • Consider the use of exFAT as the file system for your backup -drives as those will provide better compatibility between various OSes -(macOS, Linux, and Windows) vs NTFS/HFS/ext4…

  • -
-

Linux:

-
Ubuntu (or any other -distro of choice):
-

We will recommend the use of the open-source Clonezilla utility for -convenience and reliability but there are many other native Linux -utilities and methods you could use for this purpose.

-

So, you should follow the steps in Appendix E: Clonezilla

-
QubesOS:
-

Qubes OS recommends using their own utility for backups as documented -here https://www.qubes-os.org/doc/backup-restore/ [Archive.org]. -But it is just a hassle and provides limited added value unless you just -want to back up a single Qube. So instead, we are also recommending just -making a full image with Clonezilla which will remove all the hassle and -bring you back a working system in a few simple steps.

-

So, you should follow the steps in Appendix E: Clonezilla

-

Windows:

-

We will only recommend the use of the open-source and free Clonezilla -utility for this purpose. There are commercial utilities that offer the -same functionality, but we do not see any advantage in using any of them -vs Clonezilla.

-

Some warnings:

-
    -
  • If you use Bitlocker for encryption with TPM439 -enabled, you might need to save your Bitlocker Key (safely) somewhere as -well as this might be needed to restore your drive if your HDD/SSD or -other hardware parts changed. Another option would be to use Bitlocker -without the use of TPM which would not require this option. But again, -we do not recommend using Bitlocker at all.

  • -
  • You should always have a backup of your Veracrypt rescue disk at -hand somewhere to be able to resolve some issues that might still appear -after a restore. Remember this rescue disk does not contain your -passphrase or any sensitive information. You can store it as -is.

  • -
  • If you changed the HDD/SSD after a failure, Windows 10/11 may -refuse to boot if your hard drive ID is changed. You should also save -this ID before backing up as you might need to change the ID of the new -drive as Windows 10/11 might require a matching ID before booting. See -Appendix F: Diskpart

  • -
  • In case you are using Plausible Deniability on Windows. -DO NOT back up the hidden OS partition as this image could be used by -Forensics to prove the existence of the hidden volume as explained -earlier. It is okay to back up the Decoy OS partition without issues, -but you should never back up the partition containing the Hidden -OS.

  • -
-

Follow the steps in Appendix E: -Clonezilla

-

macOS:

-

we would recommend just using the native Time Machine backup with -encryption (and a strong passphrase that could be the same as your OS) -as per the guides provided at Apple: https://support.apple.com/en-ie/guide/mac-help/mh21241/mac -[Archive.org] -and https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0 -[Archive.org].

-

So, plug in an external drive and it should prompt you to use it as a -Time Machine backup.

-

You should however consider formatting this drive as exFAT so -that it is also usable by other OSes conveniently (Windows/Linux) -without added software using this guide: https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac -[Archive.org]

-

It is just simpler and will work online while you work. You will be -able to recover your data on any other Mac from the recovery options and -you will be also able to use this disk for backing up other devices.

-

It is possible to also use Clonezilla to clone your Mac Hard Drive, -but it could bring hardware compatibility issues and probably will not -add much in terms of security. So, for macOS, We are not specifically -recommending Clonezilla.

-

Online Backups:

-

Files:

-

This is a tricky one. The problem is that it depends on your threat -model.

-
    -
  • TLDR: Do not store file containers with plausible -deniability (Veracrypt) online. If you use containers with -plausible deniability, you should never store them on any platform where -you do not have full control over the deletion process as the platform -will most likely have backups of previous versions for some time. And -again, these previous versions could allow forensics to prove the -existence of hidden data and defeat plausible deniability. This includes -platforms like DropBox, Google Drive, OneDrive, or others. The only -acceptable online storage of those could be “cold storage” (meaning you -will never change those files again and just keep them away untouched -compared to any local version).

  • -
  • If you use normally encrypted backups without plausible -deniability, you could store them pretty much anywhere if they are -properly encrypted locally before uploading (for example with Veracrypt, -using strong passphrases and encryption). Do not ever trust the -encryption of any online provider. Only trust your own local encryption -(using Veracrypt for instance). For these cases, you could -store your backups pretty much anywhere in the accounts of your online -identities (iCloud, Google Drive, DropBox…) if they are strongly -encrypted locally before uploading. But you could also prefer privacy -caring services such as Cryptpad.fr (1GB).

  • -
-

Obviously do not ever do/access those backups from unsecured/unsafe -devices but only from the secure environments, you picked before.

-

Self-hosting:

-

Self-hosting (using Nextcloud for instance) is also a possibility -provided you do have an anonymous hosting

-

Please see Appendix A1: -Recommended VPS hosting providers.

-

Please also consider Appendix B2: Monero -Disclaimer.

-

Cloud-hosting:

-

For smaller files, consider:

- -

We are currently not aware of any online storage/hosting platform -accepting cash payments unlike providers mentioned before.

-

If you do intend to store sensitive data on “mainstream platforms” -(Dropbox, Google Drive, OneDrive…), remember not to ever store -plausible deniability containers on those and remember to encrypt and -check (for metadata…) anything locally before uploading there. -Either with software like Veracrypt or with a software like Cryptomator -(https://cryptomator.org/). Do not ever upload -non-encrypted files on those platforms and repeating myself, only access -them from a secure shielded VM.

-

Information:

-

If you just want to save information (text), we will recommend the -use of secure and private pastebins440. Mostly we will -stick to the ones recommended by PrivacyGuides.org (https://www.privacyguides.org/productivity/#paste-services -[Archive.org] -) :

- -

On these providers, you can just create a password-protected pad with -the information you want to store.

-

Just create a pad, protect it with a password and write your info in -it. Remember the address of the pad.

-

Synchronizing -your files between devices Online:

-

To that, the answer is very simple and a clear consensus for -everyone: https://syncthing.net/ [Archive.org]

-

Just use SyncThing, it is the safest and most secure way to -synchronize between devices, it is free and open-source, and it can -easily be used in a portable way without install from a container that -needs syncing.

-

Covering your tracks:

-

Understanding HDD vs SSD:

-
-image41 - -
-

If you intend to wipe your whole HDD laptop, the process is rather -straightforward. The data is written at a precise location on a magnetic -(hard) platter (why it is called a hard drive) and your OS knows -precisely where it is on the platter, where to delete it, and where to -overwrite it for secure deletion using simple processes (like just -overwriting that location over and over until no traces are left).

-

On the other hand, if you are using an SSD drive, the process is not -as simple as the drive uses several internal mechanisms to extend its -lifespan and performance. Three of those processes are of particular -interest when it comes to us in this guide. SSD drives are divided -themselves into two main categories:

-
    -
  • ATA Drives (usually SATA and usually 2.5” format as the image -above).

  • -
  • NVMe Drives (usually M.2 format as the illustration -below).

  • -
-

Here are examples of the most common formats:

-
-image42 - -
-

All of these are sold as internal and external drives within -enclosures.

-

The methods and utilities to manage/wipe them will vary depending on -the type of drive you are using. So, it is important you know which one -you have inside your laptop.

-

On most recent laptops, chances are high that it will be one -of the middle options (M.2 SATA or M.2 NVMe).

-

Wear-Leveling.

-

These drives use a technique called wear leveling441. At a high level, wear leveling -works as follows. The space on every disk is divided into blocks that -are themselves divided into pages, like the chapters in a book are made -of pages. When a file is written to disk, it is assigned to a certain -set of pages and blocks. If you wanted to overwrite the file in an HDD, -then all you would have to do is tell the disk to overwrite those -blocks. But in SSDs and USB drives, erasing and re-writing the same -block can wear it out. Each block can only be erased and rewritten a -limited number of times before that block just will not work anymore -(the same way if you keep writing and erasing with a pencil and paper, -eventually the paper might rip and be useless). To counteract this, SSDs -and USB drives will try to make sure that the number of times each block -has been erased and rewritten is about the same so that the drive will -last as long as possible (thus the term wear leveling). As a side -effect, sometimes instead of erasing and writing the block, a file was -originally stored on, the drive will instead leave that block alone, -mark it as invalid, and just write the modified file to a different -block. This is like leaving the chapter in the book unchanged, writing -the modified file on a different page, and then just updating the book’s -table of contents to point to the new location. All of this occurs at a -very low level in the electronics of the disk, so the operating system -does not even realize it has happened. This means, however, that even if -you try to overwrite a file, there is no guarantee the drive will -actually overwrite it, and that’s why secure deletion with SSDs is so -much harder.

-

Wear-leveling alone can therefore be a disadvantage for security and -an advantage for adversaries such as forensics examiners. This feature -makes classic “secure deletion” counter-productive and useless and is -why this feature was removed on some Operating Systems like macOS (as -from version 10.11 El Capitan) where you could enable it before on the -Recycle Bin.

-

Most of those old secure deletion utilities were written with HDD in -mind and have no control over wear-leveling and are completely pointless -when using an SSD. Avoid them on an SSD drive.

-

Trim Operations:

-

So, what now? Well here comes the Trim442 -operation. When you delete data on your SSD, your OS should support what -is called a Trim operation command and could (should) -issue this Trim command to the SSD drive periodically (daily, weekly, -monthly…). This Trim command will then let know the SSD drive controller -that there are pages within blocks containing data that are now free to -be really deleted without deleting anything itself.

-

Trim should be enabled by default on all modern Operating Systems -detecting an SSD drive covered in this guide (macOS, Windows 10/11, -Ubuntu, Qubes OS 4.1.x …).

-

If Trim operations are not done regularly (or at all), then the data -is never deleted pro-actively and at some point, all the blocks and -pages will be occupied by data. Your OS will not see this and will just -see free space as you delete files, but your SSD controller will not -(this is called Write Amplification443). This will then -force the SSD controller to erase those pages and blocks on the fly -which will reduce the write performance. This is because while your -OS/SSD can write data to any free page in any bock, erasure is only -possible on entire blocks, therefore, forcing your SSD to perform many -operations to write new data. Overwriting is just not possible. This -will defeat the wear-leveling system and cause performance degradation -of your SSD over time. Every time you delete a file on an SSD, your OS -should issue a Trim command along with the deletion to let the SSD -controller know the pages containing the file data are now free for -deletion.

-

So, Trim itself does not delete any data but just marks it -for deletion. Data deleted without using Trim (if Trim has been -disabled/blocked/delayed for instance) will still be deleted at some -point by the SSD garbage collection or if you want to overwrite what the -OS sees at free space. But it might stick around for a bit longer than -if you use Trim.

-

Here is an illustration from Wikipedia showing how it works on an SSD -drive:

-
-image43 - -
-

As you can see in the above illustration, data (from a file) will be -written to the four first pages of Block X. Later new data will be -written to the remaining pages and the data from the first files will be -marked as invalid (for instance by a Trim operation when deleting a -file). As explained on https://en.wikipedia.org/wiki/Trim_(computing) [Wikiless] -[Archive.org]; -the erase operation can only be done on entire blocks (and not on single -pages).

-

In addition to marking files for deletion (on reputable SSD drives), -Trim usually makes those unreadable using a method called “Deterministic -Read After Trim” or “Deterministic Zeroes After Trim”. This means that -if an adversary tries to read data from a trimmed page/block and somehow -manages to disable garbage collection, the controller will not return -any meaningful data.

-

Trim is your ally and should always be enabled when using an -SSD drive and should offer sufficient reasonable protection. -And this is also the reason you should not use Veracrypt Plausible -deniability on a Trim enabled SSD as this feature is incompatible with -Trim444.

-

Garbage Collection:

-

Garbage collection445 is an internal process running -within your SSD drive that looks for data marked for erasure. This -process is done by the SSD controller, and you have no control over it. -If you go back to the illustration above, you will see that Garbage -collection is the last step and will notice that some pages are marked -for deletion in a specific block, then copy the valid pages (not marked -for deletion) to a different free destination block and then will be -able to erase the source block entirely.

-

Garbage collection in itself does NOT require Trim to function, but -it will be much faster and more efficient if Trim is performed. Garbage -collection is one of the processes that will actually erase data from -your SSD drive permanently.

-

Conclusion:

-

So, the fact is that it is very unlikely446447 -and difficult for a forensic examiner to be able to recover data from a -Trimmed SSD but it is not completely impossible either448449450 -if they are fast enough and have access to extensive equipment, skills, -and motivation451.

-

Within the context of this guide which also uses full disk -encryption. Deletion and Trim should be reasonably secure enough on any -SSD drive and will be recommended as the standard method of -deletion.

-

How -to securely wipe your whole Laptop/Drives if you want to erase -everything:

-
-image44 - -
-

So, you want to be sure. To achieve 100% secure deletion on an SSD -drive, you will need to use specific SSD techniques (If you are using an -HDD drive, skip this part and go to your OS of choice):

-
    -
  • Easy options for less experienced users:

    -
      -
    • If available, just use the Secure Erase option available from -your BIOS/UEFI (ATA/NVME Secure Erase or Sanitize).

      -
        -
      • It’s worth noting that this relies on your drive’s firmware. Some -drive manufacturers have messed up the implementation, causing data to -still be recoverable.
      • -
    • -
    • Just re-install a fresh operating system (delete/quick format the -drive) and re-encrypt it. The full disk encryption process should erase -all previous data from the disk.

    • -
    • Buy PartedMagic452 for 11$ and use it -to erase any disk.

    • -
  • -
  • Technical options for more advanced users:

    -
      -
    • Overwrite the entire drive’s contents

      -
        -
      • HDDs: -
          -
        • Overwrite the drive’s contents using a tool like srm, -wipe, shred, -etc.. Ideally you want to use the Gutmann method, which was created -for most effective data erasure on all drives. This method also works on -SSDs, although it is overkill.
        • -
        • Simply overwriting the drive’s contents is not always enough. -Dedicated secure deletion tools are designed to perform multiple passes -to more effectively wipe data. This is expecially important on older -drives. we recommend using either wipe or srm. -
            -
          • If using wipe, just use its default options -(wipe /dev/sdX), as the defaults are tuned to most -effectively wipe data on HDDs.
          • -
          • If using srm, make sure to manually specify that it -should perform a Gutmann wipe (srm -G /dev/sdX).
          • -
        • -
      • -
      • SSDs: -
          -
        • Overwrite the drive’s contents. Tools like wipe or shred are often -overkill, as they perform up to 35 passes. While they work, most SSDs -require no more than a couple passes.
        • -
        • Use wipe with only a couple passes: -wipe -qQ2 /dev/sdX. -
            -
          • -qQ2 means 2 passes. Replace 2 with the -desired number of passes.
          • -
        • -
        • Use srm with a 3-pass overwrite: -srm -P /dev/sdX.
        • -
        • Use dd: -dd if=/dev/urandom of=/dev/sdX bs=8M status=progress conv=fsync. -This command will overwrite the drive with random data. To perform -multiple passes (I recommend at least 2), simply run the command again -until you’re satisfied. -
            -
          • The reason you run it twice is because SSDs have hidden -(“overprovisioned”) storage which can contain remnants of deleted data. -Wiping twice forces the drive to wipe its overprovisioned storage. This -is only guaranteed to work if each pass writes different data (which is -why we wipe with random data on each pass).
          • -
          • bs=8M writes 8MiB blocks at a time. This doesn’t affect -the quality of the data deletion, but adjusting it could affect how long -it takes to wipe the drive.
          • -
        • -
      • -
    • -
    • ATA/NVMe Secure Erase: This method will remove the mapping table -that keeps track of allocated data on the storage Blocks but does not -destroy the actual data.

    • -
    • ATA/NVMe Sanitize Crypto Scramble (aka Instant Secure Erase, -Crypto Erase), which applies to self-encrypting SSD drives: This method -will change the encryption key of the self-encrypting SSD drive and -render all the data stored in it unreadable.

    • -
    • ATA/NVMe Sanitize Block Erase: This method performs an actual -block erase on every storage block and will destroy the data and change -the encryption key if present.

    • -
    • ATA/NVMe Sanitize Overwrite (terribly slow, could be -dangerous and not recommended): This method performs a block -erase and then overwrite every storage block (it is the same as Block -Erase but will overwrite data in addition). This method is overkill and -not necessary.

    • -
  • -
  • Physical Destruction:

    -
      -
    • HDDs:

      -
        -
      1. Open the drive (with a screwdriver, usually Torx T8)

      2. -
      3. Remove platters (with a screwdriver, usually Torx T6)

      4. -
      5. Rub the platters with a rare earth magnet

      6. -
      7. Break/Deform/Crush the platters

      8. -
      9. Burn the platters or cook them in an oven (do -not skip this step)

      10. -
      11. Separate the debris

      12. -
      13. Throw away in separate places

      14. -
    • -
    • SSDs:

      -
        -
      • Ideally you should wipe the drive through other means first, as this -method alone is not known to be secure against all attackers
      • -
      -
        -
      1. Open the drive

      2. -
      3. Break/Crush the board and memory cells

      4. -
      5. Burn them

      6. -
      7. Separate the debris

      8. -
      9. Throw away in separate places

      10. -
    • -
    • Bonus: See https://www.youtube.com/watch?v=-bpX8YvNg6Y [Invidious]

    • -
  • -
-

For maximum overkill paranoia security, Sanitize Block Erase option -should be preferred but Secure Erase is probably more than enough when -considering your drive is already encrypted. Unfortunately, are no -free easy (bootable with a graphical menu) all-in-one -tools available and you will be left with either going with drive -manufacturers provided tools, the free manual hdparm453 -, and nvme-cli454 utilities or going with a -commercial tool such as PartedMagic.

-

This guide will therefore recommend the use of the free utilities -hdparm and nvme-cli using a Live System Rescue system.

-

If you can afford it, just buy Parted Magic for 11$ which provides an -easy-to-use graphical tool for wiping SSD drives using the option of -your choice455456.

-

Note: Again, before proceeding, you should -check your BIOS as some will offer a built-in tool to securely erase -your drive (ATA/NVMe Secure Erase or ATA/NVMe Sanitize). If this is -available, you should use that, and the following steps will not be -necessary. Check this before going ahead to avoid the hassle, see Appendix -M: BIOS/UEFI options to wipe disks in various Brands).

-

Linux (all versions -including Qubes OS):

-

System/Internal SSD:

-
    -
  • Option A: Check if your BIOS/UEFI has a built-in option to do so -and if it does, use the correct option (“ATA/NVMe Secure Erase” or -“ATA/NVMe Sanitize”). Do not use wipe with passes on an SSD -drive.

  • -
  • Option B: See Appendix -D: Using System Rescue to securely wipe an SSD drive

  • -
  • Option C: Wipe your disk and re-install Linux with new full disk -encryption to overwrite all sectors with new encrypted data. -This method will be terribly slow compared to Option A and B as -it will slowly overwrite your whole SSD. Also, note that this might not -be the default behavior when using LUKS. You might have to check the -option to also encrypt the empty space for this effectively wipe the -drive.

  • -
-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

External SSD:

-

First please see Appendix -K: Considerations for using external SSD drives

-

Trim should be sufficient in most cases and you could just use the -blkdiscard command to force an entire device trim as explained here: https://wiki.archlinux.org/index.php/Solid_state_drive#Trim_an_entire_device -[Archive.org]

-

If your USB controller and USB SSD disk support Trim and ATA/NVMe -secure erase, you could wipe them cautiously using hdparm using the same -method as the System Disk above except you will not install Linux on it -obviously. Keep in mind tho that this is not recommended (see -Considerations above).

-

If it does not support Trim and/or ATA secure erase, you could (not -securely) wipe the drive normally (without passes like an HDD) and -re-encrypt it completely using your utility of choice (LUKS or Veracrypt -for instance). The full disk decryption and re-encryption process will -overwrite the entirety of the SSD disk and should ensure a secure -wipe.

-

Alternatively, you could also (not securely) wipe the disk normally -and then fill it completely with pseudorandom data which should also -ensure secure deletion (this can be done with BleachBit https://www.bleachbit.org/download/linux [Archive.org] -or from the command line using secure-delete using this tutorial https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux -[Archive.org]).

-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Internal/System HDD:

-
    -
  • Option A: Check if your BIOS/UEFI has a built-in option and use -them and if it does, use the correct option (Wipe + Passes in the case -of an HDD).

  • -
  • Option B: See Appendix -I: Using ShredOS to securely wipe an HDD drive

  • -
  • Option C: Wipe your disk and re-install Linux with new full disk -encryption to overwrite all sectors with new encrypted data. -This method will be terribly slow compared to Option A and B as -it will slowly overwrite your whole HDD.

  • -
-

External/Secondary HDD -and Thumb Drives:

- -

I recommend using dd or shred for this purpose.

- -

Windows:

-

Unfortunately, you will not be able to wipe your Host OS using the -Microsoft built-in tools within the settings. This is because your -bootloader was modified with Veracrypt and will make the operation fail. -In addition, this method would not be effective with an SSD drive.

-

System/Internal SSD:

-
    -
  • Option A: Check if your BIOS/UEFI has a built-in option to do so -and if it does, use the correct option (“ATA/NVMe Secure Erase” or -“ATA/NVMe Sanitize”). Do not use wipe with passes on an SSD -drive.

  • -
  • Option B: Check Appendix -J: Manufacturer tools for Wiping HDD and SSD drives.

  • -
  • Option C: See Appendix -D: Using System Rescue to securely wipe an SSD drive

  • -
  • Option D: Wipe your disk and re-install Windows before performing -new full disk encryption (using Veracrypt or Bitlocker) to overwrite all -sectors with new encrypted data. This method will be slower -compared to Option A and B as it will overwrite your whole -SSD.

  • -
-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

External SSD:

-

First please see Appendix -K: Considerations for using external SSD drives

-

Use the manufacturer-provided tools if possible. Those tools should -provide support for safe secure erase or sanitize over USB and are -available for most brands: See Appendix -J: Manufacturer tools for Wiping HDD and SSD drives.

-

If you are not sure about the Trim support on your USB disk, (not -securely) wipe it normally (simple quick format will do) and then -encrypt the disk again using Veracrypt or Bitlocker. The full disk -decryption and re-encryption process will overwrite the entirety of the -SSD disk and should ensure a secure wipe.

-

Alternatively, you could also (not securely) wipe the disk normally -and then fill it completely with pseudorandom data which should also -ensure secure deletion (this can be done with BleachBit or PrivaZer free -space erase options). See Extra Tools -Cleaning.

-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Internal/System HDD:

- -

External/Secondary HDD -and Thumb Drives:

- -

macOS:

-

System/Internal SSD:

-

Unfortunately, the macOS Recovery disk utility will not be able to -perform a secure erase of your SSD drive as stated in Apple -documentation https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac -[Archive.org].

-

In most cases, if your disk was encrypted with Filevault and you just -perform a normal erase, it should be “enough” according to them. It is -not according to me, so you have no option besides re-installing macOS -again and re-encrypt it with Filevault again after re-installing. This -should perform a “crypto erase” by overwriting your earlier install and -encryption. This method will be quite slow, unfortunately.

-

If you want to do a faster secure erase (or have no time to perform a -re-install and re-encryption), you can try using the method described in -Appendix -D: Using System Rescue to securely wipe an SSD drive (This -will not work on M1 Macs). Be careful tho as this will -also erase your recovery partition which is needed to reinstall -macOS.

-

External SSD:

-

First please see Appendix -K: Considerations for using external SSD drives

-

If your USB controller and USB SSD disk support Trim and ATA secure -erase, and if Trim is enabled on the disk by macOS, you can just wipe -the whole disk normally and data should not be recoverable on recent -disks.

-

If you are not sure about Trim support or want more certainty, you -can (not securely) wipe it using macOS disk utility before fully -re-encrypting them again using these two tutorials from Apple:

- -

The full disk re-encryption process will overwrite the entirety of -the SSD disk and should ensure a secure wipe.

-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

External HDD and Thumb -Drives:

-

Follow this tutorial: https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac -[Archive.org] -and use the secure erase option from Disk Utility which should work fine -on HDD and Thumb drives.

-

How -to securely delete specific files/folders/data on your HDD/SSD and Thumb -drives:

-

The same principles from the earlier chapters apply to this one. The -same issues arise too.

-

With an HDD drive, you can securely delete files by just deleting -them and then apply one or more “passes” to overwrite the data in -question. This can be done with many utilities on all OSes.

-

With an SSD drive, however, again everything becomes a bit -complicated because you are never sure anything is really deleted due to -wear leveling, reliance on the Trim operation, and garbage collection of -the drive. An adversary that has the decryption key of your SSD (whether -it is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your -drive and then attempt a recovery using classic recovery utilities457 and could succeed if the data were -not trimmed properly. But this is again highly unlikely.

-

Since the Trim operation is not continuous on most recent hard drives -but scheduled, simply forcing a Trim operation should be enough. But -again, the only way to be 100% sure a file is securely deleted from your -unlocked encrypted SSD is to again overwrite all the free space after -deletion of the files in question or to decrypt/re-encrypt the drive. -But this is overkill and not necessary. A simple disk-wide Trim should -be sufficient.

-

Remember tho that no matter the deletion method you use for -any file on any medium (HDD drive, SSD, USB Thumb drive). It will -probably leave other traces (logs, indexing, shellbags …) within your -system and those traces will also need to be cleaned. Also, remember -that your drives should be fully encrypted and so this is most likely an -extra measure. More on that later in the Some additional -measures against forensics section.

-

Windows:

-

Remember you cannot use Trim at all if you are using -Plausible Deniability on an SSD drive against all -recommendations.

-

System/Internal SSD drive:

-

At this stage, and just delete the file permanently (empty the -recycle bin) and trim/garbage collection will do the rest. This should -be sufficient.

-

If you do not want to wait for the periodic Trim (set to Weekly by -default in Windows 10/11), you could also force a disk-wide Trim using -the Windows native Optimize tool (see Appendix H: Windows Cleaning -Tools).

-

If data were deleted by some utility (for instance by Virtualbox when -reverting a snapshot), you could also issue a disk-wide Trim to clean -anything remaining using the same Optimize tool.

-

Just open Windows Explorer, Right Click on your System Drive and -click Properties. Select Tools. Click Optimize and then Optimize again -to force a Trim. You are done. That is probably enough in my -opinion.

-
-image45 - -
-

If you want more security and do not trust the Trim operation, then -you will have no option but to either:

-
    -
  • Decrypt and re-encrypt (using Veracrypt or Bitlocker) the whole -drive to overwrite all free space after data deletion. This will ensure -overwriting of all the free space.

  • -
  • Trim and then fill up the entire free space of the disk using a -utility such as BleachBit or PrivaZer.

  • -
-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Internal/External HDD -or a USB Thumb Drive:

-

Please refer to Appendix -H: Windows Cleaning Tools and pick a utility before going ahead.

-

The process is quite simple depending on the tool you picked from the -Appendix:

- -

In the case of USB thumb drives, consider wiping free space using one -of the above utilities after file deletion or wiping them completely -using Eraser / KillDisk as instructed previously.

-

External SSD drive:

-

First please see Appendix -K: Considerations for using external SSD drives

-

If Trim is supported and enabled by Windows for your external SSD -drive. There should be no issue in securely deleting data normally just -with normal delete commands. Additionally, you could also force a Trim -using the Windows native Optimize tool (see Appendix H: Windows Cleaning -Tools):

-

Just open Windows Explorer, Right Click on your System Drive and -click Properties. Select Tools. Click Optimize and then Optimize again -to force a Trim. You are done. That is probably enough in my -opinion.

-

If Trim is not supported or you are not sure, you might have to -ensure secure data deletion by:

-
    -
  • Filling up all the free space after any deletion (using BleachBit -or PrivaZer for instance).

  • -
  • Decrypt and Re-encrypt the disk with a different key after each -deletion (using Veracrypt or Bitlocker).

  • -
-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Linux (non-Qubes OS):

-

System/Internal SSD drive:

-

Just permanently delete the file (and empty recycle bin) and it -should be unrecoverable due to Trim operations and garbage -collection.

-

If you do not want to wait for the periodic Trim (set to Weekly by -default in Ubuntu), you could also force a disk-wide Trim by running -fstrim --all from a terminal. This will issue an immediate -trim and should ensure sufficient security. This utility is part of the -util-linux package on Debian/Ubuntu and should be installed -by default on Fedora.

-

If you want more security and do not trust the Trim operation, then -you will have no option but to either:

- -

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Internal/External -HDD drive or a Thumb Drive:

- -

External SSD drive:

-

First please see Appendix -K: Considerations for using external SSD drives

-

If Trim is supported and enabled by your Linux Distribution for your -external SSD drive. There should be no issue in securely deleting data -normally and just issue an fstrim --all from the terminal -to trim the drive. This utility is part of the “util-linux” package on -Debian/Ubuntu and should be installed by default on Fedora.

-

If Trim is not supported or you want to be sure, you might have to -ensure secure data deletion by filling up the entire free space of the -disk using a utility such as:

- -

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Linux (Qubes OS):

-

System/Internal SSD drive:

-

As with other Linux distros, normal deletion and trim should be -sufficient on most SSD drives. So just permanently delete the file (and -empty any recycle bin) and it should be unrecoverable due to periodic -Trim operations and garbage collection.

-

Please follow this documentation to Trim within Qubes OS: https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md -[Archive.org]

-

As with other Linux Systems, if you want more security and do not -trust the Trim operation then you will have no option but to either:

- -

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

Internal/External -HDD drive or a Thumb Drive:

-

Use the same method as Linux from a Qube connected to that specific -USB device

- -

External SSD drive:

-

First please see Appendix -K: Considerations for using external SSD drives

-

If Trim is supported and enabled by your Linux Distribution for your -external SSD drive. There should be no issue in securely deleting data -normally and just issue a “fstrim –all” from the terminal to trim the -drive. Refer to this Documentation (https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md -[Archive.org]) -to enable trim on a drive.

-

If Trim is not supported or you want to be sure, you might have to -ensure secure data deletion by filling up the entire free space of the -disk using a utility from a Qube connected to the USB device in -question:

- -

Repeat these steps on any other partition if there are separate -partitions on the same SSD drive before deleting the files.

-
    -
  • sync ; sleep 60 ; sync

  • -
  • rm zero.small.file

  • -
  • rm zero.file

  • -
-

Repeat these steps on any other partition if there are separate -partitions on the same SSD drive.

-

Keep in mind all these options need to be applied on the -entire physical drive and not on a specific partition/volume. If you do -not, wear-leveling mechanisms might prevent this from working -properly.

-

macOS:

-

System/Internal SSD drive:

-

Just permanently delete the file (and empty recycle bin) and it -should be unrecoverable due to trim operations and garbage -collection.

-
    -
  • If your file system is APFS, you do not need to worry about Trim, it -happens asynchronously as the OS writes data458 -according to their documentation.
  • -
-

“Does Apple File System support TRIM operations?

-

Yes. TRIM operations are issued asynchronously from when files are -deleted or free space is reclaimed, which ensures that these operations -are performed only after metadata changes are persisted to stable -storage”.

- -
-image46 - -
-

System/Internal, -External HDD drive or a Thumb Drive:

-

Unfortunately, Apple has removed the secure erase options from the -trash bin even for HDD drives459. So, you are left -with using other tools:

- -

In the case of USB thumb drives, consider wiping them completely -using Disk Utility as instructed previously.

-

External SSD drive:

-

First please see Appendix -K: Considerations for using external SSD drives

-

If Trim is supported and enabled by macOS for your external SSD -drive. There should be no issue in securely deleting data.

-

If Trim is not supported, you might have to ensure secure data -deletion by:

-
    -
  • Filling up all the free space after any deletion using the Linux -Method above (dd).

  • -
  • Decrypt and Re-encrypt the disk with a different key after each -deletion (using Disk Utility or Veracrypt).

  • -
-

Some additional -measures against forensics:

-

Note that the same SSD issue discussed in the earlier section will -arise here. You can never really be 100% sure your SSD data is deleted -when you ask it to do so unless you wipe the whole drive using specific -methods above.

-

We are not aware of any 100% reliable method to delete single files -selectively and securely on SSD drives unless overwriting ALL the free -space (which might reduce the lifespan of your SSD) after Deletion + -Trim of these files. Without doing that, you will have to trust the SSD -Trim operation which in my opinion is enough. -It is reasonable and again very unlikely that forensics will be -able to restore your files after a Deletion with Trim.

-

In addition, most of these measures here should not be needed since -your whole drive should be encrypted and therefore your data should not -be accessible for forensic analysis through SSD/HDD examination anyway. -So, these are just “bonus measures” for weak/unskilled adversaries.

-

Consider also reading this documentation if you’re going with Whonix -https://www.whonix.org/wiki/Anti-Forensics_Precautions -[Archive.org] -as well as their general hardening tutorial for all platforms here https://www.whonix.org/wiki/System_Hardening_Checklist -[Archive.org]

-

Removing Metadata -from Files/Documents/Pictures:

-

Pictures and videos:

-

On Windows, macOS, and Linux we would recommend ExifTool (https://exiftool.org/ -[Archive.org]) -and/or ExifCleaner (https://exifcleaner.com/ [Archive.org]) -that allows viewing and/or removing those properties.

-

ExifTool is natively available on Tails and Whonix -Workstation.

-
ExifCleaner:
-

Just install it from https://exifcleaner.com/ [Archive.org], -run and drag and drop the files into the GUI.

-
ExifTool:
-

It is actually simple, just install exiftool and run:

-
    -
  • To display metadata: exiftool filename.jpg

  • -
  • To remove all metadata: -exiftool -All= filename.jpg

  • -
-

Remember that ExifTool is natively available on Tails and -Whonix Workstation.

-
Windows Native tool:
-

Here is a tutorial to remove metadata from a Picture using OS -provided tools: https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos -[Archive.org]

-
Cloaking/Obfuscating -to prevent picture recognition:
-

Consider the use of Fawkes https://sandlab.cs.uchicago.edu/fawkes/ [Archive.org] -(https://github.com/Shawn-Shan/fawkes [Archive.org]) -to cloak the images from picture recognition tech on various -platforms.

-

Or if you want online versions, consider:

- -

PDF Documents:

-
PDFParanoia -(Linux/Windows/macOS/QubesOS):
-

Consider using https://github.com/kanzure/pdfparanoia [Archive.org] -which will remove metadata and watermarks on any PDF.

-
ExifCleaner -(Linux/Windows/macOS/QubesOS):
-

Just install it from https://exifcleaner.com/ [Archive.org], -run and drag and drop the files into the GUI.

-
ExifTool -(Linux/Windows/macOS/QubesOS):
-

It is actually simple, just install exiftool and run:

-
    -
  • To display metadata: exiftool filename.pdf

  • -
  • To remove all metadata: -exiftool -All= filename.pdf

  • -
-

MS Office Documents:

-

First, here is a tutorial to remove metadata from Office documents: -https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f -[Archive.org]. -Make sure however that you do use the latest version of Office with the -latest security updates.

-

Alternatively, on Windows, macOS, Qubes OS, and Linux we would -recommend ExifTool (https://exiftool.org/ [Archive.org]) -and/or ExifCleaner (https://exifcleaner.com/ [Archive.org]) -that allows viewing and/or removing those properties

-
ExifCleaner:
-

Just install it from https://exifcleaner.com/ [Archive.org], -run and drag and drop the files into the GUI.

-
ExifTool:
-

It is actually simple, just install exiftool and run:

-
    -
  • To display metadata: exiftool filename.docx

  • -
  • To remove all metadata: -exiftool -All= filename.docx

  • -
-

LibreOffice Documents:

-
    -
  • select Files in the upper menu

    -
      -
    • Select Properties

    • -
    • Uncheck “Apply User Data”

    • -
    • Uncheck “Save Preview image with the Document”

    • -
    • Click “Reset Properties”

    • -
    • Make sure there is nothing on the Description and Custom -Properties tabs

    • -
  • -
  • Select Tools in the upper menu

    -
      -
    • Select Options

    • -
    • Select Security

    • -
    • Click “Security Options and Warning”

    • -
    • Check:

      -
        -
      • “When printing”

      • -
      • “When saving or sending”

      • -
      • “When creating PDF files”

      • -
      • “Remove personal information on saving”

      • -
    • -
  • -
-

In addition, on Windows, macOS, Qubes OS, and Linux we would -recommend ExifTool (https://exiftool.org/ [Archive.org]) -and/or ExifCleaner (https://exifcleaner.com/ [Archive.org]) -that allows viewing and/or removing additional properties

-
ExifCleaner:
-

Just install it from https://exifcleaner.com/ [Archive.org], -run and drag and drop the files into the GUI.

-
ExifTool:
-

It is actually simple, jut install exiftool and run:

-
    -
  • To display metadata: exiftool filename.odt

  • -
  • To remove all metadata: -exiftool -All= filename.odt

  • -
-

All-in-one Tool:

-

Another option good tool to remove metadata from various documents is -the open-source mat2 recommended by privacyguides.org460 -(https://0xacab.org/jvoisin/mat2 [Archive.org]) -which you can use on Linux quite easily. I never managed to make it work -properly within Windows due to various dependencies issues despite the -provided instructions. It is however very straightforward to install and -use on Linux.

-

So, we would suggest creating a small Debian VM within Virtualbox -(behind your Whonix Gateway) which you can then use from your other VMs -to analyze various files from a convenient web interface. For this see -Appendix -L: Creating a mat2-web guest VM for removing metadata from files

-
-image47 - -
-

Mat2 is also pre-installed on the Whonix Workstation VM461 and available on Tails by -default462.

-

Tails:

-

Tails is great for this; you have nothing to worry about even if you -use an SSD drive. Shut it down and it is all gone as soon as the memory -decays.

-

Whonix:

-

Note that it’s possible to run Whonix in Live mode leaving no traces -when you shut down the VMs, consider reading their documentation here https://www.whonix.org/wiki/VM_Live_Mode [Archive.org] -and here https://www.whonix.org/wiki/Warning#Whonix_.E2.84.A2_Persistence_vs_Live_vs_Amnesic -[Archive.org].

-

macOS:

-

Guest OS:

-

Revert to an earlier snapshot on Virtualbox (or any other VM software -you are using) and perform a Trim command on your Mac using Disk Utility -by executing a first-aid on the Host OS again as explained at the end of -the next section.

-

Host OS:

-

Most of the info from this section can also be found at this nice -guide https://github.com/drduh/macOS-Security-and-Privacy-Guide -[Archive.org]

-
Quarantine -Database (used by Gatekeeper and XProtect):
-

macOS (up to and including Big Sur) keeps a Quarantine SQL Database -of all the files you ever downloaded from a Browser. This database is -located at -~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2.

-

You can query it yourself by running the following command from -terminal: -sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 "select * from LSQuarantineEvent"

-

This is a goldmine for forensics, and you should disable this:

-
    -
  • Run the following command to clear the database completely: -:>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

  • -
  • Run the following command to lock the file and prevent further -download history from being written there: -sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2

  • -
-

Lastly, you can also disable Gatekeeper altogether by issuing the -following command in the terminal463:

-
    -
  • sudo spctl --master-disable
  • -
-

Refer to this section of this guide for further information https://github.com/drduh/macOS-Security-and-Privacy-Guide#gatekeeper-and-xprotect -[Archive.org]

-

In addition to this convenient database, each saved file will also -carry detailed file system HFS+/APFS attributes showing for instance -when it was downloaded, with what, and from where.

-

You can view these just by opening a terminal and typing -mdls filename and xattr -l filename on any -downloaded file from any browser.

-

To remove such attributes, you will have to do it manually from the -terminal:

-
    -
  • Run -xattr -d com.apple.metadata:kMDItemWhereFroms filename to -remove the origin

    -
      -
    • You can also just use -dr to do it recursively on a whole -folder/disk
    • -
  • -
  • Run xattr -d com.apple.quarantine filename to remove -the quarantine reference

    -
      -
    • You can also just use -dr to do it recursively on a whole -folder/disk
    • -
  • -
  • Verify by running xattr --l filename and there -should be no output

  • -
-

(Note that Apple has removed the convenient xattr –c option that -would just remove all attributes at once so you will have to do this for -each attribute on each file)

-

These attributes and entries will stick even if you clear -your browser history, and this is obviously bad for privacy (right?), -and we are not aware of any convenient tool that will deal with those at -the moment.

-

Fortunately, there are some mitigations for avoiding this issue in -the first place as these attributes and entries are set by the browsers. -So, we tested various browsers (On macOS Catalina, Big Sur, and -Monterey), and here are the results as of the date of this guide:

- ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
BrowserQuarantine DB EntryQuarantine File AttributeOrigin File Attribute
Safari (Normal)YesYesYes
Safari (Private Window)NoNoNo
Firefox (Normal)YesYesYes
Firefox (Private Window)NoNoNo
Chrome (Normal)YesYesYes
Chrome (Private Window)Partial (timestamp only)NoNo
Brave (Normal)Partial (timestamp only)NoNo
Brave (Private Window)Partial (timestamp only)NoNo
Brave (Tor Window)Partial (timestamp only)NoNo
Tor BrowserNoNoNo
-

As you can see for yourself the easiest mitigation is to just use -Private Windows. These do not write those origin/quarantine attributes -and do not store the entries in the QuarantineEventsV2 database.

-

Clearing the QuarantineEventsV2 is easy as explained above. Removing -the attributes takes some work. Brave is the only tested browser -that will not store those attributes by default in normal -operations.

-
Various Artifacts:
-

In addition, macOS keeps various logs of mounted devices, connected -devices, known networks, analytics, documents revisions…

-

See this section of this guide for guidance on where to find and how -to delete such artifacts: https://github.com/drduh/macOS-Security-and-Privacy-Guide#metadata-and-artifacts -[Archive.org]

-

Many of those can be deleted using various commercial third-party -tools but we would personally recommend using the free and well-known -Onyx which you can find here: https://www.titanium-software.fr/en/onyx.html [Archive.org]. -Unfortunately, it is closed-source, but it is notarized, signed, and has -been trusted for many years.

-
Force a Trim operation -after cleaning:
-
    -
  • If your file system is APFS, you do not need to worry about Trim, -it happens asynchronously as the OS writes data.

  • -
  • If your file system is HFS+ (or any other than APFS), you could -run First Aid on your System Drive from the Disk Utility which should -perform a Trim operation in the details (https://support.apple.com/en-us/HT210898 [Archive.org]).

  • -
-
-image46 - -
-

Linux (Qubes OS):

-

Please consider their guidelines https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md -[Archive.org]

-

If you are using Whonix on Qubes OS, please consider following some -of their guides:

- -

Linux (non-Qubes):

-

Guest OS:

-

Revert to an earlier snapshot of the Guest VM on Virtualbox (or any -other VM software you are using) and perform a trim command on your -laptop using fstrim --all. This utility is part of the -util-linux package on Debian/Ubuntu and should be installed -by default on Fedora. Then switch to the next section.

-

Host OS:

-

Normally you should not have traces to clean within the Host OS since -you are doing everything from a VM if you follow this guide.

-

Nevertheless, you might want to clean some logs. Consider having a -look this convenient (but unfortunately unmaintained) tool: https://github.com/sundowndev/covermyass [Archive.org]

-

After cleaning up, make sure you have the fstrim utility installed -(should be by default on Fedora) and part of the util-linux -package on Debian/Ubuntu. Then just run fstrim --all on the -Host OS. This should be sufficient on SSD drives as explained -earlier.

-

Consider the use of Linux Kernel Guard as an added measure https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG -[Archive.org]

-

Windows:

-

Guest OS:

-

Revert to an earlier snapshot on Virtualbox (or any other VM software -you are using) and perform a trim command on your Windows using the -Optimize as explained at the end of the next section

-

Host OS:

-

Now that you had a bunch of activities with your VMs or Host OS, you -should take a moment to cover your tracks. Most of these steps -should not be undertaken on the Decoy OS in case of the use of plausible -deniability. This is because you want to keep decoy/plausible traces of -sensible but not secret activities available for your adversary. If -everything is clean, then you might raise suspicion.

-
Diagnostic Data and -Telemetry:
-

First, let us get rid of any diagnostic data that could still be -there:

-
    -
  • After each use of your Windows devices, go into Settings, Privacy, -Diagnostic & Feedback, and Click Delete.
  • -
-

Then let us re-randomize the MAC addresses of your Virtual Machines -and the Bluetooth Address of your Host OS.

-
    -
  • After each shutdown of your Windows VM, change its MAC address -for next time by going into Virtualbox > Select the VM > Settings -> Network > Advanced > Refresh the MAC address.

  • -
  • After each use of your Host OS Windows (your VM should not have -Bluetooth at all), Go into the Device Manager, Select Bluetooth, Disable -the Device and Re-Enable the device (this will force a randomization of -the Bluetooth Address).

  • -
-
Event logs:
-

Windows Event logs will keep many various pieces of information that -could contain traces of your activities such as the devices that were -mounted (including Veracrypt NTFS volumes for instance464), your network connections, app -crash information, and various errors. It is always best to clean those -up regularly. Do not do this on the Decoy OS.

-
    -
  • Start, search for Event Viewer, and launch Event Viewer:

    -
      -
    • Go into Windows logs.

    • -
    • Select and clear all five logs using a right-click.

    • -
  • -
-
Veracrypt History:
-

By default, Veracrypt saves a history of recently mounted volumes and -files. You should make sure Veracrypt never saves History. Again, do not -do this on the Decoy OS if you are using plausible deniability for the -OS. We need to keep the history of mounting the decoy Volume as part of -the plausible deniability:

-
    -
  • Launch Veracrypt

  • -
  • Make sure the “Never saves history” checkbox is checked (this -should not be checked on the Decoy OS)

  • -
-

Now you should clean the history within any app that you used -including Browser history, Cookies, Saved Passwords, Sessions, and Form -History.

-
Browser History:
-
    -
  • Brave (in case you did not enable cleaning on exit)

    -
      -
    • Go into Settings

    • -
    • Go into Shields

    • -
    • Go into Clear Browsing Data

    • -
    • Select Advanced

    • -
    • Select “All Time”

    • -
    • Check all the options

    • -
    • Clear Data

    • -
  • -
  • Tor Browser

    -
      -
    • Just close the Browser and everything is cleaned
    • -
  • -
-
Wi-Fi History:
-

Now it is time to clear the history of the Wi-Fi you connect to. -Unfortunately, Windows keeps storing a list of past Networks in the -registry even if you “forgot” those in the Wi-Fi settings. As far as we -know, no utilities clean those yet (BleachBit or PrivaZer for instance) -so you will have to do it the manual way:

- -
Shellbags:
-

As explained earlier, Shellbags are basically histories of accessed -volumes/files on your computer. Remember that shellbags are -exceptionally useful sources of information for forensics465 and you need to clean those. -Especially if you mounted any “hidden volume” anywhere. Again, you -should not do this on the Decoy OS:

- -
Extra Tools Cleaning:
-

After cleaning those earlier traces, you should also use third-party -utilities that can be used to clean various traces. These include the -traces of the files/folders you deleted.

-

Please refer to Appendix -H: Windows Cleaning Tools before continuing.

-
PrivaZer:
-

Here are the steps for PrivaZer:

-
    -
  • Download and install PrivaZer from https://privazer.com/en/download.php [Archive.org]

    -
      -
    • Run PrivaZer after install

    • -
    • Do not use their Wizard

    • -
    • Select Advanced User

    • -
    • Select Scan in Depth and pick your Target

    • -
    • Select Everything you want to Scan and push Scan

    • -
    • Select What you want to be cleaned (skip the shell bag part since -you used the other utility for that)

      -
        -
      • You should just skip the free space cleaning part if using -an SSD and instead just use the native Windows Optimize function (see -below) which should be more than enough. We would only use this on an -HDD drive.
      • -
    • -
    • (If you did select Free Space cleaning) Select Clean Options and -make sure your type of Storage is well detected (HDD vs SSD).

    • -
    • (If you did select Free Space cleaning) Within Clean Options -(Be careful with this option as it will erase all the free space -on the selected partition, especially if you are running the decoy OS. -Do not erase the free space or anything else on the second partition as -you risk destroying your Hidden OS)

      -
        -
      • If you have an SSD drive:

        -
          -
        • Secure Overwriting Tab: We would just pick Normal Deletion + Trim -(Trim itself should be enough466). Secure Deletion -with Trim467 (1 pass) might be redundant and -overkill here if you intend to overwrite the free space anyway.

        • -
        • Free Space Tab: Personally, and again “just to be sure”, we would -select Normal Cleanup which will fill the entire free space with Data. -We do not really trust Smart Cleanup as it does not actually fill all -the free space of the SSD with Data. But again, this is probably not -needed and overkill in most cases.

        • -
      • -
      • If you have an HDD drive:

        -
          -
        • Secure Overwriting Tab: We would just pick Secure Deletion (1 -pass).

        • -
        • Free Space: We would just pick Smart Cleanup as there is no -reason to overwrite sectors without data on an HDD drive.

        • -
      • -
    • -
    • Select Clean and Pick your flavor:

      -
        -
      • Turbo Cleanup will only do normal deletion (on HDD/SSD) and will -not clean free space. It is not secure on an HDD nor an SSD.

      • -
      • Quick Cleanup will do secure deletion (on HDD) and normal -deletion + trim (on SSD) but will not clean free space. This is secure -enough for SSD but not for HDD.

      • -
      • Normal Cleanup will do secure deletion (on HDD) and normal -deletion + trim (on SSD) and will then clean the whole free space (Smart -Cleanup on HDD and Full Cleanup on SSD) and should be secure. This -option is the best for HDD but completely overkill for SSD.

      • -
    • -
    • Click Clean and wait for cleaning to finish. Could take a while -and will fill your whole free space with data.

    • -
  • -
-
BleachBit:
-

Here are the steps for BleachBit:

-
    -
  • Get and install the latest version from BleachBit here https://www.bleachbit.org/download [Archive.org]

  • -
  • Run BleachBit

  • -
  • Clean at least everything within those sections:

    -
      -
    • Deep Scan

    • -
    • Windows Defender

    • -
    • Windows Explorer (including Shellbags)

    • -
    • System

    • -
    • Select any other traces you want to remove from their list

      -
        -
      • Again, as with the earlier utility, we would not clean the free -space on an SSD drive because we think the Windows native “optimize” -utility is enough (see below) and that filling up the free space on a -trim enabled SSD is just completely overkill and unnecessary.
      • -
    • -
    • Click Clean and wait. This will take a while and will fill your -whole free space with data on both HDD and SSD drives.

    • -
  • -
-
Force a Trim -with Windows Optimize (for SSD drives):
-

With this Native Windows 10/11 utility, you can just trigger a Trim -on your SSD which should be more than enough to securely clean all -deleted files that somehow would have escaped Trim when deleting -them.

-

Just open Windows Explorer, Right Click on your System Drive and -click Properties. Select Tools. Click Optimize and Defragment. You are -done as this will not defragment but only optimize. Meaning it will -initiate a Trim operation (https://en.wikipedia.org/wiki/Trim_(computing) [Wikiless] -[Archive.org]).

-
-image45 - -
-

Removing -some traces of your identities on search engines and various -platforms:

-

Chances are your actions (such as posts on various platforms, your -profiles) will be indexed (and cached) by many search engines.

-

Contrary to widespread belief, it is possible to have some but not -all this information removed by following some steps. While this might -not remove the information on the websites themselves, it will make it -harder for people to find it using search engines:

-
    -
  • First, you will have to delete your identities from the platform -themselves if you can. Most will allow this but not all. For some, you -might have to contact their support/moderators and for others, there -will be readily available forms to do so.

  • -
  • If they do not allow the removal/deletion of profiles, there -might be a possibility for you to rename your identity. Change the -username if you can and all account information with bogus information -including the e-mail.

  • -
  • If allowed, you can also sometimes edit past posts to remove the -information within those.

  • -
-

You can check some useful information about how to and get delete -various accounts on these websites:

- -

When you are done with this part, you should now handle search -engines and while you may not be able to have the information deleted, -you can ask them to update/remove outdated information which could then -remove some cached information.

-

Google:

-

Unfortunately, this will require you to have a Google account -to request the update/removal (however this can be done with any Google -account from anyone). There is no way around this except -waiting.

-

Go to their “Remove outdated content from Google Search” page here: -https://search.google.com/search-console/remove-outdated-content -[Archive.org] -and submit a request accordingly.

-

If your profile/username was deleted/changed, they should re-index -the content and update accordingly, and remove these traces.

-

These requests might take several days to process. Be patient.

-

Bing:

-

Unfortunately, this will require you to have a Microsoft -account to request the update/removal (however this can be done with any -Microsoft account from any identity). There is no way around this except -waiting.

-

Go to their “Content Removal” page here: https://www.bing.com/webmasters/tools/contentremoval -[Archive.org] -and submit a request accordingly.

-

If your profile/username was deleted/changed, they should re-index -the content and update accordingly, and remove these traces.

-

This might take several days to process. Be patient.

-

DuckDuckGo:

-

DuckDuckGo does not store a cached version of pages468 -and will instead forward you to a Google/Bing cached version if -available.

-

In addition, DuckDuckGo source most of their searches from Bing (and -not Google)469 and therefore removing the content -from Bing should in time have it removed it from DuckDuckGo too.

-

Yandex:

-

Unfortunately, this will require you to have a Yandex account -to request removals (however this can be done with any Yandex account -from any identity). There is no way around this except -waiting.

-

Once have your Yandex account, head to the Yandex Webmaster tools https://webmaster.yandex.com [Archive.org] -and then select Tools and Delete URL https://webmaster.yandex.com/tools/del-url/ [Archive.org]

-

There you could input the URL that does not exist anymore if you had -them deleted.

-

This will only work with pages that have been deleted and therefore -will not work with removing the cache of existing records. For that -unfortunately there is no tool available to force a cache update, but -you can still try their feedback tool:

-

Search for the page that was changed (where your profile was -deleted/changed) and click the arrow next to the result. Select -Complain. And submit a complaint about the page not matching the search -result. Hopefully, this will force Yandex to re-crawl the page and -re-index it after some time. This could take days or weeks.

-

Qwant:

-

As far as we know, there is no readily available tool to force this, -and you will have to wait for the results to get updated if there is -any. If you know a way, please report this to us through the GitHub -issues.

- -

Yes, Yahoo Search still exists but as per their help page https://help.yahoo.com/kb/SLN4530.html [Archive.org], -there is no way to remove information or refresh information besides -waiting. This could take 6 to 8 weeks.

-

Baidu:

-

As far asWeknow, there is no readily available tool to force this -unless you control the website (and do it through their webmaster -tools). Therefore, you will have to wait for the results to get updated -if there is any. If you know a way, please report this to me through the -GitHub issues.

-

Wikipedia:

-

As far asWeknow, there is no way to remove information from Wikipedia -articles themselves but if you just want to remove traces of your -username from it (as a user that contributed), you can do so by -following these steps: https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing -[Wikiless] -[Archive.org]

-

This will not remove any information about your online identities -that could appear in other articles but only your own identity on -Wikipedia as a user.

-

Archive.today:

-

Some information can sometimes be removed on demand (sensitive -information for example) as you can see many examples here: https://blog.archive.today/archive

-

This is done through their “ask” page here: https://blog.archive.today/ask

-

Internet Archive:

-

You can remove pages from internet archives but only if you -own the website in question and contact them about it. Most -likely you will not be able to remove archives from say “Reddit posts” -or anything alike. But you could still ask and see what they answer.

-

As per their help page https://help.archive.org/hc/en-us/articles/360004651732-Using-The-Wayback-Machine

-

“How can we exclude or remove my site’s pages from the Wayback -Machine?

-

You can send an e-mail request for us to review to info@archive.org -with the URL (web address) in the text of your message”.

-

Others:

-

Have a look at those websites:

- -

Some low-tech old-school -tricks:

-

Hidden communications in -plain sight:

-

You must keep in mind that using all those security measures -(encryption, plausible deniability, VPN, tor, secure operating systems -…) can make you suspicious just by using them. Using could be the -equivalent of stating openly “I something to hide” to an observer which -could then motivate some adversaries to investigate/survey you -further.

-

So, there are other ways you could exchange or send messages online -to others in case of need without disclosing your identity or -establishing direct communication with them. These have been in use by -various organizations for decades and can be of help if you do not want -to attract attention by using secure tech while still communicating some -sensitive information without attracting attention.

-

A commonly used technique that combines the idea of a Dead Drop470 and Secure Communication -Obfuscation471 through Steganography472 and/or Kleptography473 and has many names such as -Koalang474 or “Talking Around” or even -“Social Steganography”. This technique is very old and still widely used -nowadays by teenagers to bypass parental control. It is hiding in plain -sight.

-

Here is one example if you want to let someone know something is -wrong and they should go dark? That they should immediately wipe all -their data, get rid of their burner phones and sensitive -information?

-

What if you want to let someone you trust (friends, family, lawyers, -journalists …) know that you are in trouble, and they should look out -for you?

-

All this without revealing the identity of the person you are sending -the message to nor disclosing the content of that message to any third -party and without raising suspicions and without using any of the secure -methods mentioned above.

-

Well, you could just use any online public platform for this -(Instagram, Twitter, Reddit, any forum, YouTube …) by using in-context -(of the chosen platform/media) agreed upon (between you and your -contact) coded messages that only your contact would understand.

-

This could be a set of specific emojis or a specifically worded -mundane comment. Or even just a like on a specific post from a known -influencer you usually watch and like. While this would look completely -normal to anyone, this could mean a lot to a knowledgeable reader who -could then take appropriate agreed-upon actions. You could also hide the -message using Steganography using for instance https://stegcloak.surge.sh/.

-

You do not even have to go that far. A simple “Last seen” time on a -specific account could be enough to trigger a message agreed upon. If -your interlocutor sees that this account was online. It could mean there -is an issue.

-

How to -spot if someone has been searching your stuff:

-

There are some old tricks that you can use to spot if people have -been messing with your stuff while you were away.

-

One trick for instance is quite simple and just requires a -wire/cable. Simply lay objects on your desk/night table or in your -drawers following a straight line. You can use a simple USB cable as a -tool to align them.

-

Make a line with your cable and place objects along the line. When -you are back, just check those places and check if the objects are still -placed along the line. This allows you not to remember precisely where -your things were without taking pictures.

-

Fortunately, modern technology has made this even simpler. If you -suspect someone might be looking through your stuff while you are away, -you can just take a picture of the area with your phone before leaving. -When you are back, just compare the areas with your pictures and -everything should be exactly where you left it. If anything moved, then -someone was there.

-

It will be extremely hard and time-consuming for an adversary to -search through your stuff and then replace it exactly as you left it -with complete precision.

-

What if it is a printed document or book and you want to know if -someone read it? Even simpler. Just carefully make a note within the -document with a pencil. And then erase it with any pencil eraser as if -you wanted to correct it. The trick is to carefully leave the eraser -traces/residues on the area you erased/pencil written areas and close -the document. You could also take a picture of the residues before -closing the document.

-

Most likely if someone went through your document to read it and -re-placed it carefully, this residue will fall off or be moved -significantly. It is a simple old-school trick that could tell you -someone searched a document you had.

-

Some last OPSEC thoughts:

-

Wait, what is OPSEC? Well, OPSEC means Operations Security475. The basic definition is: “OPSEC -is the process of protecting individual pieces of data that could be -grouped together to give the bigger picture.”

-

The important step here, and probably the easiest one, is a lesson -you can take from the movie Fight Club: the first rule is that you -do not talk about Fight Club. This applies to many -aspects of your online operational security or OPSEC. Taking your time -to go through this guide will reward you with the tools and knowledge to -embrace a fuller, more secure experience on the internet. Rest assured -that this guide will reveal things to you that will frustrate your -enemy. You will learn how to protect your operating systems and lockdown -your critical information and ensure mission success. But the one thing -you must adhere to is this rule of thumb - do not talk about operation -details. The biggest adversarial threat to you is OSINT (discussed below -and throughout the document). The enemy will gather information on you -based on what they observe about you and your activities online and in -real life.

-

Adversaries take many forms. To some, they are actors of a foreign -government, while to others they may be simply a rival company’s -employee looking to find disgruntled workers to target for further -pressuring. To most, the general task of OPSEC is that this is your ship -- you must not do anything or say anything to sink your own ship. Simply -expressing your frustration with your boss or your work conditions or -your equipment, might be enough to generate not only a behavior profile -but also a vector of attack. A disgruntled employee, in this example, is -what generally provides enough information to warrant pressuring of that -employee for further information and possibly even extortion, blackmail, -or worse. Failure to implement basic OPSEC can lead to failure at -various points. It can lead to serious injury or even death if your -threat model is a determined attacker, foreign actor, and so on.

-

You must live by the simple rule that “loose lips sink ships” - but -also that they are usually your lips which will do the sinking. OPSEC is -often just applying common sense and being cautious about your -activities including in the physical world:

-

Digital and Online OPSEC

-
    -
  • Remember to use passphrases or suits of words instead of -short passwords and use a different one for each service. See Appendix -A2: Guidelines for passwords and passphrases.

  • -
  • Make sure you are not keeping a copy of this guide anywhere -unsafe after. The sole presence of this guide will most likely defeat -all your plausible deniability possibilities.

  • -
  • OSINT “yourself” and your identities from time to time by looking -for them yourself online using various search engines to monitor your -online identities. You can even automate the process somewhat using -various tools such as Google Alerts https://www.google.com/alerts [Archive.org].

  • -
  • Do not ever use biometrics alone to safeguard your secrets. -Biometrics can be used without your consent.

  • -
  • Do check the signatures and hashes of software and documents you -download before installing/viewing them.

  • -
  • Do not have the same behavior such as visiting the same links on -the clearnet then visit the same with the your anoynous online identity. -Watch this DEF CON 25 presentation if you didn’t before: DEF CON 25 - Svea -Eckert, Andreas Dewes - Dark Data [Invidious].

  • -
  • Encrypt everything but do not take it for granted. Remember the -5$ wrench.

  • -
-

Physical and IRL OPSEC

- -

It is recommended that you learn about the common ways people mess up -OPSEC https://dan-kir.github.io/2022/05/26/OPSEC-notes.html -[Archive.org]. -Whatever you do, take OPSEC seriously, and Don’t Fuck It -Up!

-

FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES -COMPLETELY SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO -NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL -IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY -LEVEL. MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING -INFORMATION RATHER THAN TECHNICAL FAILURES.

-

What to do if -you detected tampering or searching ?

-
    -
  • In the case of a laptop, they likely placed a key-logger, and -possible network and gps capabilities. We recommend to open your laptop -take the drive (which should be fully encrypted) and leave for a safe -place and abandonning the laptop. Do not try to remove the “bug” as this -could put you in physical danger.

  • -
  • If you detected searching of your room, home… Again we recommend -leaving for a safe place while abandoning everything in the room that -could also be “bugged”.

  • -
  • Do your best to not let your adversary suspect or know you -detected the search and/or the tampering. Be creative. Call a friend for -example just to tell you’re gonna go to the supermarket to buy -food.

  • -
-

If you think you got -burned:

-

If you have some time:

-
    -
  • Don’t Panic.

  • -
  • Delete everything you can from the internet related to that -specific identity (accounts, comments …).

  • -
  • Delete everything offline you have related to that identity -including the backups.

  • -
  • (If using a physical SIM) Destroy the SIM card and trash it in a -random trash can somewhere.

  • -
  • (If using a physical Burner Phone) Erase then destroy the Burner -phone and trash it in a random trashcan somewhere.

  • -
  • Securely erase the laptop hard drive and then ideally proceed to -physically destroy the HDD/SSD/Laptop and trash it somewhere.

  • -
  • Do the same with your backups.

  • -
  • Keep the details of your lawyer nearby or if needed, call them in -advance to prepare your case if needed.

  • -
  • Return to your normal activities and hope for the best.

  • -
-

If you have no time:

-
    -
  • Don’t Panic.

  • -
  • Try to shut down/hibernate the laptop as soon as possible and -hope for the best. If you are fast enough, your memory should decay or -be cleaned, and your data should be mostly safe for the time -being.

  • -
  • Contact a lawyer if possible and hope for the best and if you -cannot contact one (yet), try to remain silent (if your country -allows it) until you have a lawyer to help you and if your law allows -you to remain silent.

  • -
-

Keep in mind that many countries have specific laws to compel you to -reveal your passwords that could override your “right to remain silent”. -See this Wikipedia article: https://en.wikipedia.org/wiki/Key_disclosure_law [Wikiless] -[Archive.org] -and this other visual resource with law references https://www.gp-digital.org/world-map-of-encryption/ -[Archive.org].

-

A small final editorial note:

-

After reading this whole guide, we hope you will have gained some -additional beneficial insight about privacy and anonymity. It is clear -now, in my humble opinion, that the world we live in has only a few safe -harbors remaining where one could have a reasonable expectation of -privacy and even less so anonymity. Many will often say that 1984 by -George Orwell was not meant to be an instruction book. Yet today this -guide and its many references should, we hope, reveal to you how far -down we are in the rabbit hole.

-

You should also know that most of the digital information described -in length in this guide can be forged or tampered with by a motivated -adversary for any purpose. Even if you do manage to keep secrets from -prying eyes, anyone can fabricate anything to fit their narrative:

-
    -
  • IP logs, DNS logs, Geolocation logs, and Connection logs can be -forged or tampered with by anyone using a simple text editor without -leaving traces.

  • -
  • Files and their properties can be created, altered, and -timestamped by anyone using simple utilities without leaving -traces.

  • -
  • EXIF information of pictures and videos can be altered by anyone -using simple utilities without leaving traces.

  • -
  • Digital Evidence (Pictures, Videos, Voice Recordings, E-Mails, -Documents…) be crafted, placed, removed, or destroyed with ease without -leaving traces.

  • -
-

You should not hesitate to question this type of information from any -source in this age of disinformation.

-

“A lie can travel halfway around the world while the truth is -putting on its shoes”476

-

Please keep thinking for yourself, use critical thinking, and keep an -open mind. “Sapere Aude” (Dare to know!).

-

“In the end the Party would announce that two and two made -five, and you would have to believe it” – George Orwell, 1984, Book One, -Chapter Seven.

-

Consider helping others (see Helping others staying -anonymous)

-

Donations:

-

This project has no funding or sponsoring, and donations are -more than welcome.

-

See: https://anonymousplanet.org/donations.html

-

(Please do verify the checksum and GPG signature of this file -for authenticity, this is explained in the README of the repository if -you do not know how to do that).

-

Helping others staying -anonymous:

-

If you want to give a hand to users facing censorship and oppression, -please consider helping them by helping the Tor Network. You can do so -in several ways:

- -

If you want a bit more challenge, you can also run a Tor Exit node -anonymously using the recommended VPS providers above.

-

For this, see https://blog.torproject.org/tips-running-exit-node -[Archive.org]

-

This project for instance is running several Tor Exit nodes using -donations to fund. You can see them here: https://metrics.torproject.org/rs.html#search/family:970814F267BF3DE9DFF2A0F8D4019F80C68AEE26

-

Acknowledgments:

-
    -
  • Very Special Thanks to Edward Snowden and who inspired me -to write this guide (buy and read his book please https://en.wikipedia.org/wiki/Permanent_Record_(autobiography) -[Wikiless] -[Archive.org])

  • -
  • Huge thanks to the people who donated to this project -anonymously

  • -
  • Special Thanks to LiJu09 for helping with the Light theme -of the website (https://github.com/LiJu09)

  • -
  • Special Thanks to Simplelogin.io people for providing a -free lifetime premium access to their service

  • -
  • Thanks to GitHub for hosting this project and the many people who -starred it

  • -
  • Thanks to Njal.la for providing a domain name and VPS hosting -anonymously

  • -
  • Thanks to 1984.is for providing VPS hosting anonymously

  • -
  • Thanks to all the people who contributed and shared this guide -with others

  • -
  • Thanks to the people at the Internet Archive and Archive.today -projects

  • -
  • Thanks to the people at the Monero project

  • -
  • Thanks to the people at the Zcash project

  • -
  • Thanks to the people at the Wikipedia project

  • -
  • Thanks to the people at the Tails project

  • -
  • Thanks to the people at the HiddenVM project

  • -
  • Thanks to the people at the Whonix project

  • -
  • Thanks to the people at the Qubes OS project

  • -
  • Thanks to the people at the Veracrypt project

  • -
  • Thanks to the people at the Tor and OONI Projects

  • -
  • Thanks to the people at the Briar project

  • -
  • Thanks to the people at the OnionShare project

  • -
  • Thanks to the people at the Element/Matrix project

  • -
  • Thanks to the people at the Jami project

  • -
  • Thanks to the people at the KeePass and KeePassXC -projects

  • -
  • Thanks to the people at the Fawkes project

  • -
  • Thanks to the people at the VirtualBox project

  • -
  • Thanks to the people at the ExifCleaner, Mat2, and ExifTool -projects

  • -
  • Thanks to the people at the Go Incognito Project from -Techlore

  • -
  • Thanks to Didier Stevens for his pdf-tools

  • -
  • Thanks to the people at the EFF

  • -
  • Thanks to the people at the SANS

  • -
  • Thanks to the people at the OWASP Project

  • -
  • Thanks to the people at the Privacyguides.org project

  • -
  • Thanks to the people at BlackHat, DEF CON, and CCC

  • -
  • Thanks to the people at Bellingcat and other OSINT/Forensics -researchers (and sorry for making their life more difficult with -this guide)

  • -
  • Thanks to the makers of the Social Dilemma documentary -(go watch it if you did not yet)

  • -
  • Thanks to Michael Bazzell and his great OSINT books which we -recommend you buy at https://inteltechniques.com

  • -
  • Thanks to Randall Munroe at XKCD for his great and insightful -webcomics.

  • -
  • Thanks to the people at the various few commercial entities who -do take privacy seriously

  • -
  • Thanks to the whole open-source community and especially the -Linux community

  • -
  • Thanks to the many researchers, journalists, lawyers, and -individuals referenced in this guide for their various research and -projects

  • -
  • Thanks to the following individuals for their input and help:

    -
  • -
-

Appendix A: Windows -Installation

-

This is the Windows 10/11 installation process that should be valid -for any Windows 10/11 install within this guide.

-

Windows 10 (See below for -Windows 11)

-

Installation:

-

DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS -(This will allow us to create a Local Account and not use a Microsoft -account and it will also prevent any telemetry from being sent out -during the install process).

-
    -
  • (Only for VirtualBox VM Install) Go into the VirtualBox Machine -Settings menu. Select network. Unplug the cable.

  • -
  • Click “Install Now”

  • -
  • Select “I don’t have a product key”

  • -
  • Select the flavor you want:

    -
      -
    • Host OS: Use

      -
        -
      • You intend to use Plausible Deniability: Windows Home

      • -
      • You do not intend to use Plausible Deniability: Windows -Pro

      • -
    • -
    • VM OS: Use Windows Pro or Windows Pro N

    • -
  • -
  • Select Custom

  • -
  • Storage:

    -
      -
    • If this is a simple OS installation (Host OS with Simple -Encryption) or VM without encryption, select the whole -disk and proceed with the installation (skip the next -step).

    • -
    • If this is part of a plausible deniability encryption set up on -the Host OS:

      -
        -
      • If you are installing Windows for the first time (Hidden OS):

        -
          -
        • Delete the current partitions

        • -
        • Create the First partition with at least 50GB of disk space -(about a third of the total disk space).

        • -
        • Create a second partition with the remaining two-thirds of the -total disk space.

        • -
      • -
      • If you are installing Windows for the second time (Decoy OS):

        -
          -
        • Do not Delete the current partitions

        • -
        • Install Windows on the first partition you created during the -first install.

        • -
      • -
      • Proceed with the install in the first partition

      • -
    • -
  • -
  • Start the install process

  • -
  • Select the Region “United States”

  • -
  • Skip the additional Keyboard Layout

  • -
  • Select “I don’t have internet”

  • -
  • Select “Continue with limited setup”

  • -
  • Create a username of your choice.

  • -
  • Use a password of your choice.

  • -
  • Select all three security questions and answer whatever you want -(not real data).

  • -
  • Do not use Online Speech Recognition

  • -
  • Do not let the app use your location

  • -
  • Do not enable “find my device”

  • -
  • Only send “required diagnostic data”

  • -
  • Do not improve Inking and Typing

  • -
  • Do not get any improved tailored experience.

  • -
  • Do not let apps use Advertising ID

  • -
  • Select “Now” at the Cortana prompt

  • -
-

Privacy Settings:

-
    -
  • When the install is finished, get into Settings > Go on the -top left menu icon and sekect Privacy and Security

    -
      -
    • When the install is finished, get into Settings > Privacy and -do the following:

    • -
    • General: All Off

    • -
    • Speech: Off

    • -
    • Inking and Typing: Off

    • -
    • Diagnostic: Required level at off, options on OFF, Delete -your data, frequency set to Never

    • -
    • Activity History: all Off and Clear the history

    • -
    • Location, all Off (change button) and clear it

    • -
    • Camera: Disable it (change button)

    • -
    • Microphone: Disable it (change button)

    • -
    • Voice Activation: All Off

    • -
    • Notification: Disable it (change button)

    • -
    • Account info: Disable it (change button)

    • -
    • Contact info: Disable it (change button)

    • -
    • Calendar access: Disable it (change button)

    • -
    • Phone calls: Disable it (change button)

    • -
    • Call History: Disable it (change button)

    • -
    • E-mail: Disable it (change button)

    • -
    • Tasks: Disable it (change button)

    • -
    • Messaging: Disable it (change button)

    • -
    • Radios: Disable it (change button)

    • -
    • Other devices: Set to Off

    • -
    • Background Apps: Disable it (change button)

    • -
    • App Diagnostics: Disable it (change button)

    • -
    • Automatic file download disabled

    • -
    • Documents: Disable it (change button)

    • -
    • Pictures: Disable it (change button)

    • -
    • Videos: Disable it (change button) and set to off

    • -
    • File system: Disable it (change button)

    • -
    • Disable File Indexing by going into the “Indexing Options” (Go -into Windows 11 Control Panel, Switch the view to “Large Icons” and -select Indexing Options.

    • -
    • Modify the list and remove all locations.

    • -
    • Go into Advanced and click Rebuild.

    • -
    • (Host OS only) Disable Bluetooth in the settings:

    • -
    • Go into Settings

    • -
    • Go into Devices

    • -
    • Select Bluetooth and turn it off

    • -
  • -
  • (Host OS Only) Tape the Webcam and Microphone anyway for extra -paranoia.

  • -
  • (Host OS Only) Go into Settings > Network & Internet > -Wi-Fi and Enable Random Hardware Address.

  • -
-

Windows 11

-

Installation:

-

DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS -(This will allow us to create a Local Account and not use a Microsoft -account and it will also prevent any telemetry from being sent out -during the install process).

-
    -
  • (Only for VirtualBox VM Install) Go into the VirtualBox Machine -Settings menu. Select network. Unplug the cable. For this task, you can -also follow this excellent tutorial by Oracle https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox -[Archive.org]

  • -
  • Select your language, currency and keyboard layout

  • -
  • Click “Install Now”

  • -
  • (Only for VirtualBox VM Install) Push Shift and F10 at the same -time

  • -
  • (Only for VirtualBox VM Install) Launch “regedit” in the command -prompt

  • -
  • (Only for VirtualBox VM Install) When the Registry Editor opens, -navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup, right-click on -the “Setup” key and select “New => Key”. When prompted to name the -key, enter “LabConfig” and press enter.

  • -
  • (Only for VirtualBox VM Install) Now right-click on the -“LabConfig” key and select “New => DWORD (32-bit)” value and create a -value named “BypassTPMCheck”, and set its data to “1”. With the same -steps create the “BypassRAMCheck” and “BypassSecureBootCheck”

  • -
  • Select “I don’t have a product key”

  • -
  • Accept the agreement

  • -
  • Select the flavor you want:

    -
      -
    • Host OS: Use

      -
        -
      • You intend to use Plausible Deniability: Windows Home

      • -
      • You do not intend to use Plausible Deniability: Windows -Pro

      • -
    • -
    • VM OS: Use Windows Pro or Windows Pro N

    • -
  • -
  • Select Custom Install

  • -
  • Storage:

    -
      -
    • If this is a simple OS installation (Host OS with Simple -Encryption) or VM without encryption, select the whole -disk and proceed with the installation (skip the next -step).

    • -
    • If this is part of a plausible deniability encryption set up on -the Host OS:

      -
        -
      • If you are installing Windows for the first time (Hidden OS):

        -
          -
        • Delete the current partitions

        • -
        • Create the First partition with at least 50GB of disk space -(about a third of the total disk space).

        • -
        • Create a second partition with the remaining two-thirds of the -total disk space.

        • -
      • -
      • If you are installing Windows for the second time (Decoy OS):

        -
          -
        • Do not Delete the current partitions

        • -
        • Install Windows on the first partition you created during the -first install.

        • -
      • -
      • Proceed with the install in the first partition

      • -
    • -
  • -
  • Start the install process

  • -
  • Select the Region “United States”

  • -
  • Select the Keyboard Layout and skip a second layout

  • -
  • Select “I don’t have internet”

  • -
  • Select “Continue with limited setup”

  • -
  • Create a username of your choice.

  • -
  • Use a password of your choice.

  • -
  • Select all three security questions and answer whatever you want -(not real data).

  • -
  • Ddisable Location

  • -
  • Disable find my device

  • -
  • Disable optional diagnostic data

  • -
  • Only send “required diagnostic data”

  • -
  • Do not improve Inking and Typing

  • -
  • Disable the tailored experience.

  • -
  • Disable the Advertising ID

  • -
  • Click Accept

  • -
-

Privacy Settings:

-
    -
  • When the install is finished, get into Settings > Privacy and -do the following:

    -
      -
    • General: All Off

    • -
    • Speech: Off

    • -
    • Inking and Typing: Off

    • -
    • Diagnostic: Required level at off, options on OFF, Delete -your data, frequency set to Never

    • -
    • Activity History: all Off and Clear the history

    • -
    • Location, all Off (change button) and clear it

    • -
    • Camera: Disable it (change button)

    • -
    • Microphone: Disable it (change button)

    • -
    • Voice Activation: All Off

    • -
    • Notification: Disable it (change button)

    • -
    • Account info: Disable it (change button)

    • -
    • Contact info: Disable it (change button)

    • -
    • Calendar access: Disable it (change button)

    • -
    • Phone calls: Disable it (change button)

    • -
    • Call History: Disable it (change button)

    • -
    • E-mail: Disable it (change button)

    • -
    • Tasks: Disable it (change button)

    • -
    • Messaging: Disable it (change button)

    • -
    • Radios: Disable it (change button)

    • -
    • Other devices: Set to Off

    • -
    • Background Apps: Disable it (change button)

    • -
    • App Diagnostics: Disable it (change button)

    • -
    • Automatic file download disabled

    • -
    • Documents: Disable it (change button)

    • -
    • Music Library: Disable it (change button)

    • -
    • Pictures: Disable it (change button)

    • -
    • Videos: Disable it (change button) and set to off

    • -
    • File system: Disable it (change button)

    • -
    • Disable File Indexing by going into the “Indexing Options” (Go -into Windows 11 Control Panel, Switch the view to “Large Icons” and -select Indexing Options.

    • -
    • Modify the list and remove all locations.

    • -
    • Go into Advanced and click Rebuild.

    • -
    • (Host OS only) Disable Bluetooth in the settings:

    • -
    • Go into Settings

    • -
    • Go into Devices

    • -
    • Select Bluetooth and turn it off

    • -
  • -
  • (Host OS Only) Tape the Webcam and Microphone anyway for extra -paranoia.

  • -
  • (Host OS Only) Go into Settings > Network & Internet > -Wi-Fi and Enable Random Hardware Address.

  • -
-

Appendix B: -Windows Additional Privacy Settings

-

As written earlier in this guide and as noted by PrivacyGuides.org477, Windows 10/11 is a privacy -nightmare. And disabling everything during and after the installation -using the settings available to you is not enough. The amount of -telemetry data collected by Microsoft is staggering and could defeat -your attempts at keeping secrets. You will need to download and use a -couple of utilities to (hopefully) force Windows 10/11 into not sending -data back to Microsoft.

-

Here are the steps in detail:

-
    -
  • DO NOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you -are, you should be re-installing this Windows Machine without connecting -to a network and use a local account instead.

  • -
  • Do these steps from a different computer. Do not connect Windows -10/11 to the internet before those settings are applied. You can -download and copy those to the USB key (for transfer onto a Windows -10/11 fresh installation) or if it is a VM, you can transfer them to the -VM within Virtualbox (VM Settings > General > Advanced > Drag n -Drop > Enable Host to Guest).

  • -
  • (For more advanced users) Download and install W10Privacy from https://www.w10privacy.de/english-home/ [Archive.org]

    -
      -
    • Open the app as Administrator (right-click > more > run as -administrator)
    • -
    • Check all the recommended (Green) settings and save.
    • -
    • Optional but recommended (but could break things, use at your own -risk), also check the orange/red settings, and save.
    • -
    • Reboot
    • -
  • -
  • Download and run WindowsSpyBlocker from https://crazymax.dev/WindowsSpyBlocker/download/ [Archive.org]

    -
      -
    • Type 1 and go into Telemetry
    • -
    • Type 1 and go into Firewall
    • -
    • Type 2 and add Spy Rules
    • -
    • Reboot
    • -
  • -
  • Also, consider using ShutUp10++ from https://www.oo-software.com/en/shutup10 [Archive.org]

    -
      -
    • Enable at least all the recommended settings
    • -
  • -
  • Finally, again for users with moderate skills, consider -installing Safing Portmaster from https://safing.io/portmaster/ [Archive.org] -(Warning: there might be issues with some VPN clients. See: https://docs.safing.io/portmaster/install/status/vpn-compatibility -[Archive.org]

  • -
  • Go back one last time to the settings to delete Diagnostic and -Delete all Data.

  • -
-

These measures added to the settings during installation should be -hopefully sufficient to prevent Microsoft from snooping on your OS.

-

You will need to update and re-run those utilities frequently -and after any Windows major update as they tend to silently re-enable -telemetry using those updates.

-

As a bonus, it could be interesting to also consider -Hardening your Windows Host OS somewhat. See https://github.com/beerisgood/windows10_hardening -[Archive.org] -(This is a security guide, not a privacy guide. If you use this guide, -do not enable Hyper-V as it does not play well with Virtualbox, and do -not enable features that were specifically disabled for privacy reasons -earlier. Such as SmartScreen, cloud protection…)

-

Appendix -C: Windows Installation Media Creation (Windows 10) or Download (Windows -11)

-

Windows 10

-

These are the steps to create a Windows 10 (21H1) Installation Media -using this tool and instructions:

-

https://www.microsoft.com/en-us/software-download/windows10 -[Archive.org]

-
    -
  • Download the tool and execute it from your Download -folder.

  • -
  • Agree to the terms

  • -
  • Select the process to Create an installation Media.

  • -
  • Select Windows 10 64 Bits edition with the language of your -choice.

  • -
  • Pick which process you want:

    -
      -
    • If installing on a physical computer: Select USB Flash -Drive.

    • -
    • If installing on a Virtual Machine: Select ISO file and save -it.

    • -
  • -
  • Proceed

  • -
-

Windows 11

-
    -
  • Go to https://www.microsoft.com/software-download/windows11 and -download the ISO.
  • -
-

Appendix -D: Using System Rescue to securely wipe an SSD drive

-

These instructions are valid for all Operating Systems:

- -

Appendix E: Clonezilla

- -

Each backup could take a while depending on the speed of your laptop -and the speed of your external drive. In my experience, expect about 1 -hour per backup depending on the drive size and the write speed of your -backup media (my tests were done backing up 256GB SSDs on a USB 3.0 -7200rpm HDD).

-

Appendix F: Diskpart

-

Diskpart is a Windows utility that can be used to perform various -operations on your hard drive. In this case, You will use Diskpart to -show the Disk ID but also change it if necessary.

-

This could be needed if you restore a backup on a new HDD/SSD that -has an ID that differs from the one backed up and Windows could refuse -to boot.

-

Diskpart can be run from any Windows environment using a command -prompt. This includes recovery disks created by utilities such as -Macrium Reflect, any Windows Installation media, EaseUS Todo Free rescue -disks.

-
    -
  • Displaying the disk ID

    -
      -
    • Run Diskpart to enter the Diskpart utility

    • -
    • Issue the list disk command to list the -disks

    • -
    • Issue the sel disk x (replace x with your system -disk) to select your system disk

    • -
    • Issue the detail disk to show the details of this -disk

    • -
    • Take note of the disk ID (this should be done BEFORE backing up -your disks).

    • -
  • -
  • Changing the disk ID

    -
      -
    • This step should only be done if, after restoring a full disk -backup to a new hard drive, Windows refuses to boot

    • -
    • Issue the same commands as above on the target new disk

    • -
    • Issue, in addition, the command -uniqueid disk id=02345678 (where you replace the id by the -one you noted before)

    • -
  • -
-

Appendix G: Safe Browser -on the Host OS

-

If you can use Tor:

-

This guide will only recommend using Tor Browser -within the host OS because it has the best protection by default. The -only other acceptable option in my opinion would be to use Brave Browser -with a Tor tab but keep in mind that Brave themselves recommend -the use of Tor Browser if you feel your safety depends on being -anonymous [Archive.org]: -“If your personal safety depends on remaining anonymous, we highly -recommend using Tor Browser instead of Brave Tor windows.”.

-

This Browser on the host OS will only be used to download various -utilities and will never be used for actual sensitive activities.

-

Refer to Appendix Y: -Installing and using desktop Tor Browser.

-

If you are experiencing issues connecting to Tor due to Censorship or -Blocking, you might consider using Tor bridges as explained here: https://bridges.torproject.org/ [Archive.org]

-

Use this browser for all the next steps within the host OS -unless instructed otherwise.

-

If you cannot use Tor:

-

Because it is too dangerous/risky/suspicious. We would recommend as a -last resort using Firefox, or Brave only using Private Windows for -now.

-

See Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option before continuing.

-

Only do this from a different safe public Wi-Fi every time (See Find some safe -places with decent public Wi-Fi) and using a long-range connection -(See Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance:).

-

Clean all the data from the browser after each use.

-

Use this method for all the next steps within the host OS -unless instructed otherwise.

-

Appendix H: Windows Cleaning -Tools

-

In this guide we will recommend two-third native tools and two -third-party tools:

- -
-

This tool will clean up a bunch of things natively. It is not enough, -and we instead recommend using the third-party tools below to clean more -stuff. PrivaZer for instance will use the disk cleanup utility directly -itself and BleachBit will use its own mechanisms.

-
- -
-

For security, this tool is particularly useful on SSD drives at this -“Optimize” function will in fact force a Disk wide Trim operation to -occur. This will most likely be more than enough to make sure any -deleted data that was not trimmed before for any reason will be this -time. Deleted data with Trim is very unlikely to be recovered as -explained before in this guide.

-
- -

I prefer PrivaZer because it has more customization and smarter -features, but we would understand if you do not trust them and prefer -open-source software in which case we would recommend BleachBit which -offers a bit less customization but similar functionalities.

-

Both these tools can be used for cleaning many things such as:

-
    -
  • The Windows USN journal which stores plenty of -information.

  • -
  • The Windows System Resource Usage Monitor (SRUM)478.

  • -
  • Various histories of various programs (such as the recent -lists).

  • -
  • Various logs

  • -
  • The free (unallocated) space of your hard drive]479.

  • -
  • Secure deletion of files

  • -
  • Secure wiping of USB drives

  • -
-

Both these utilities can delete files and can overwrite the free -space after deletion to improve secure deletion even on SSD drives. -Remember this can reduce the lifespan of your SSD drives a bit.

-

Appendix -I: Using ShredOS to securely wipe an HDD drive:

-

Several utilities are recommended (like the old unmaintained DBAN480 or System Rescue CD (https://www.system-rescue.org/ [Archive.org])) -for this but we will recommend the use of ShredOS.

-

Feel free to go with DBAN instead if you want (using this tutorial: -https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148 -[Archive.org]), -the process is basically the same but will not work out of the box with -UEFI laptops.

-

If you want to go with System-Rescue, just head to their website and -follow the instructions.

-

Windows:

- -

Linux:

- -

Appendix -J: Manufacturer tools for Wiping HDD and SSD drives:

-

Always check your laptop BIOS/UEFI for native utilities -first.

-

Be sure to use the right wipe mode for the right disk. Wipe -and Passes are for HDD drives. There are specific options for SSD drives -(such as ATA Secure Erase or Sanitize).

-

Unfortunately, most of these tools are Windows only.

-

Tools that -provide a boot disk for wiping from boot:

- -

Tools -that provide only support from running OS (for external drives).

- -

Appendix K: -Considerations for using external SSD drives

-

I do not recommend using external SSDs due to the uncertainty -about their support for Trim, ATA Secure Erase, and Sanitize options -through USB controllers. Instead, we recommend using external HDD disks -which can be cleaned/wiped safely and securely without hassle (albeit -much slower than SSD drives).

-

Please do not buy or use gimmicky self-encrypting devices such as -these: https://syscall.eu/blog/2018/03/12/aigo_part1/ [Archive.org]

-

Some might be very efficient481 but many are -gimmicky gadgets.

-

If you want to use an external SSD drive for sensitive storage:

-
    -
  • Please consider the support for:

    -
      -
    • Trim operations and ATA/NVMe secure erase operations from your -Laptop USB controller.

    • -
    • Trim operations and ATA/NVMe secure erase operations from your -USB SSD disk itself.

    • -
  • -
  • Always use full disk encryption on those disks

  • -
  • Use the manufacturer-provided tools to securely erase -them if possible.

  • -
  • Consider manually wiping data on them after use by doing a full -decryption/encryption or filling them completely with random -data.

  • -
-

So how to check if your external USB SSD supports Trim and other -ATA/NVMe operations from your Host OS?

-

Windows:

-

Trim Support:

-

It is possible Windows will detect your external SSD properly and -enable Trim by default. Check if Optimize Works using the Windows Native -disk utility as explained in the internal SSD section of Windows.

-

ATA/NVMe Operations -(Secure Erase/Sanitize):

-

Use the manufacturer-provided tools to check and perform -these operations … It is pretty much the only way to be sure it -is not only supported but actually works. Some utilities can tell you -whether it is supported or not like CrystalDiskInfo [Archive.org] -but will not actually check if it is working. See Appendix -J: Manufacturer tools for Wiping HDD and SSD drives.

-

If it does not work. Just decrypt and re-encrypt the whole drive or -fill up the free space as instructed in the guide. There is no other way -AFAIK. Besides booting up a System Rescue Linux CD and see the next -section.

-

Linux:

-

Trim Support:

-

Follow this good tutorial: https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux -[Archive.org]

-

ATA/NVMe Operations -(Secure Erase/Sanitize):

-

It is not “recommended”. Please read the disclaimers here https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase -[Archive.org] -and here https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing -[Archive.org]

-

But this seems to be based on anecdotal experiences. So, if you are -sure your external SSD supports Trim (see vendor documentation). You -could just try at your own risk to use nvme-cli or -hdparm to issue secure erases.

-

See also this tutorial https://code.mendhak.com/securely-wipe-ssd/ [Archive.org]

-

Your mileage may vary. Use at your own risk.

-

macOS:

-

Trim Support:

-

According to Apple Documentation482, Trim is supported -on APFS (asynchronously) and HFS+ (through period trim or -first-aid).

-

So, if it is supported (and enabled on your external SSD), you should -be able to issue a Trim on a non-APFS drive using Disk Utility and First -Aid which should issue a Trim.

-

If your disk supports it but it is not enabled in macOS. You could -try issuing a “sudo trimforce enable” command from the Terminal and see -if it enables Trim on your external SSD. And then again check the first -aid command if it is not APFS (see this Tutorial for info https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789 -[Archive.org])

-

If it does not work, we are not aware of any reliable method to -enable TRIM besides the commercial utility Trim Enabler here https://cindori.org/trimenabler/ [Archive.org] -which claims support for external drives.

-

ATA/NVMe Operations -(Secure Erase/Sanitize):

-

We are not aware of any method of doing so reliably and safely on -macOS. So, you will have to try one of these options:

-
    -
  • Use a bootable System Rescue USB Linux to do it

  • -
  • Just decrypt and re-encrypt the drive using Disk Utility or -Veracrypt

  • -
  • Fill up the free space of the disk using the Linux method -(dd)

  • -
-

Appendix -L: Creating a mat2-web guest VM for removing metadata from files

-

Download the latest Debian testing amd64 netinst ISO from https://www.debian.org/CD/netinst/ [Archive.org]

-

(Get testing to get the latest mat2 release, stable is a few -versions back)

-

This is very lightweight, and we recommend doing it from a VM (VM -inside a VM) to benefit from Whonix Tor Gateway. While it is possible to -put this VM directly behind a Whonix Gateway, Whonix will not easily -allow communications between VMs on its network by default. You could -also just leave it on Clearnet during the install process and then leave -it on the Host-Only network later, or install it from a VM within a VM -then move it to host OS for Host-Only usage like we show below:

-
    -
  1. Create a new machine with any name like Mat2.
  2. -
  3. Select Linux for the Type.
  4. -
  5. Select Debian (64-bit) as the Version.
  6. -
  7. Leave the default options and click Create.
  8. -
  9. Select the VM and click Settings.
  10. -
  11. Select System and disable the Floppy -disk on the Motherboard tab.
  12. -
  13. Select the Processor tab and enable PAE/NX.
  14. -
  15. Select Audio and disable -Audio.
  16. -
  17. Select USB and disable the USB -controller.
  18. -
  19. Select Storage and select the CD drive to mount the -Debian Netinst ISO.
  20. -
  21. Select Network and Attach to -NAT.
  22. -
  23. Launch the VM.
  24. -
  25. Select Install (not Graphical install).
  26. -
  27. Select Language, Location, and -Keyboard layout as you wish.
  28. -
  29. Wait for the network to configure (automatic DHCP). This takes a few -seconds.
  30. -
  31. Pick a name like Mat2.
  32. -
  33. Leave the domain empty.
  34. -
  35. Set a root password as you wish (preferably a good -one).
  36. -
  37. Create a new user and password as -you wish (preferably a good one).
  38. -
  39. Select the Time Zone of your choice.
  40. -
  41. Select Guided - Use the entire disk.
  42. -
  43. Select the only disk available (/dev/sda in our -case).
  44. -
  45. Select All files in one partition.
  46. -
  47. Confirm and write changes to the disk.
  48. -
  49. Select No to scan any other CD or DVD.
  50. -
  51. Select any region and any mirror of your choice and leave -proxy blank.
  52. -
  53. Select No to take part in any survey.
  54. -
  55. Select only System Standard Utilities. Uncheck -everything else using space.
  56. -
  57. Select Yes to install GRUB bootloader.
  58. -
  59. Select /dev/sda and continue.
  60. -
  61. Complete the install and reboot.
  62. -
  63. Log in with your user or root. You -should never use root directly as a best security practice but in this -case, it is okay.
  64. -
  65. Update your install by running apt upgrade. It should -be upgraded since it is a net install, but we’re double checking.
  66. -
  67. Install the necessary packages for mat2 by running -apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi.
  68. -
  69. Go to the /var/www directory by running -cd /var/www/.
  70. -
  71. Clone mat2-web from the mat2-web repository by -issuing -git clone https://0xacab.org/jvoisin/mat2-web.git.
  72. -
  73. Create a directory for uploads by running -mkdir ./mat2-web/uploads/.
  74. -
  75. Give permissions to Apache2 to read the files by -running chown -R www-data:www-data ./mat2-web.
  76. -
  77. Enable apache2 uwsgi proxy by running -/usr/sbin/a2enmod proxy_uwsgi.
  78. -
  79. Upgrade pip by running -python3 -m pip install pip --upgrade.
  80. -
  81. Install these Python modules by running -python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2.
  82. -
  83. Move to the config directory of mat2 by running -cd /var/www/mat2-web/config/.
  84. -
  85. Copy the apache2 config file to -/etc by running -cp apache2.config /etc/apache2/sites-enabled/apache2.conf.
  86. -
  87. Remove the default config file by running -rm /etc/apache2/sites-enabled/000-default.conf.
  88. -
  89. Edit the apache2 config file provided by mat2-web -by running -nano /etc/apache2/sites-enabled/apache2.conf.
  90. -
  91. Remove the first line Listen 80 by -typing Ctrl+K to cut the line.
  92. -
  93. Change the uwsgi path from -/var/www/mat2-web/mat2-web.sock to -/run/uwsgi/uwsgi.sock and type Ctrl+X to -exit, followed by Y then Enter.
  94. -
  95. Copy the uwsgi config file to /etc -by running -cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini.
  96. -
  97. Edit the uwsgi config file by typing -nano /etc/uwsgi/apps-enabled/uwsgi.ini and change -uid and guid to nobody -and nogroup respectively. Save and exit with -Ctrl+X, followed by Y, then -Enter.
  98. -
  99. Run chown -R 777 /var/www/mat2-web to change ownership -to mat2-web.
  100. -
  101. Restart uwsgi by running -systemctl restart uwsgi. There should be no errors.
  102. -
  103. Restart apache2 by running -systemctl restart apache2. There should be no errors.
  104. -
  105. Now navigate to Settings > -Network > Attached to and -select Host-only Adapter. Click OK to -save.
  106. -
  107. Reboot the VM via Machine > -Reset. Confirm the reset.
  108. -
  109. Log into the VM as the user from Step -19 and type ip a. Note the IP address it was -assigned under link/ether, the one that has -192.168.*.*.
  110. -
  111. From the VM Host OS, open a Browser and navigate to -the IP of your Debian VM. It will be something like: -http://192.168.1.55.
  112. -
  113. You should now see a Mat2-Web website running smoothly.
  114. -
  115. Shutdown the Mat2 guest VM by running -shutdown -h now to halt the machine.
  116. -
  117. Take a snapshot of the VM within Virtualbox while -the guest VM is shutdown.
  118. -
-

Restart the Mat2 VM* and you are ready to use Mat2-web to -remove metadata from most files!

-

After use, shut down the VM and revert to the snapshot to remove -traces of the uploaded files. This VM does not require any internet -access unless you want to update it, in which case, you need to place it -back on the NAT network and do the next steps.

-

For updates of Debian, start the VM and run -apt update followed by apt upgrade.

-

For updates of mat2-web, type cd /var/www/mat2-web and -run git pull.

-

After updates, shutdown, change to the Host-only -Adapter, take a new snapshot, remove the earlier one.

-

You are done.

-

Now you can just start this small Mat2 VM when needed. Browse to it -from your Guest VM and use the interface to remove any metadata from -most files. After each use of this VM, you should revert to the Snapshot -to erase all traces.

-

Do not ever expose this VM to any network unless temporarily -for updates. This web interface is not suitable for any direct external -access.

-

Appendix -M: BIOS/UEFI options to wipe disks in various Brands

-

Here are some links on how to securely wipe your drive (HDD/SSD) from -the BIOS for various brands:

- -

Appendix -N: Warning about smartphones and smart devices

-

When conducting sensitive activities, remember that:

-
    -
  • You should not bring your real smartphone or smart -devices with you (even turned off). Correlation attacks are -possible on the Cell Networks to find which phone “turned off” before -your burner phone “turned on”. While this might not work the first time, -after a few times, the net will tighten, and you will get compromised. -It is better to leave your main smartphone at home online (see this -article (Russian, use Google Translate link): https://biboroda.livejournal.com/4894724.html [Google -Translate] [Archive.org])

  • -
  • Again, do not take them with you unless it is absolutely -necessary. If you really must, you could -consider powering it off and removing the battery or, if not possible, -the use of a faraday cage483 bag to store your -devices. There are many such faraday “signal blocking” bags available -for sale and some of these have been studied484 -for their effectiveness. If you cannot afford such bags, you can -probably achieve a “decent result” with one or several sheets of -aluminum foil (as shown in the previously linked study).

    -
      -
    • Warning: consider that sensor data itself can also be reliably -used to track you485486.

    • -
    • Consider leaving your smart devices at home online and doing -something (watching YouTube/Netflix or something similar) instead of -taking them with you powered off. This will mitigate tracking efforts -but also create digital traces that could indicate you were at -home.

    • -
    • This could also include your car which could for example -have a cell network device (including at least an IMEI) and a -functionality to call emergency services

    • -
  • -
-

Additionally, if using a smartphone as a burner, know that they send -a lot of diagnostics by default. Enough to potentially identify you -based on your device usage patterns (a technique known as biometric -profiling). You should avoid using your burner unless absolutely -necessary, to minimize the information that can be collected and used to -identify you.

-

Lastly, you should also consider this useful sheet from the -NSA about Smartphone security: https://web.archive.org/web/20210728204533/https://s3.documentcloud.org/documents/21018353/nsa-mobile-device-best-practices.pdf.

-

Note: Please do not consider commercial gimmicky all-in -devices for anonymity. The only way to achieve proper OPSEC is by doing -it yourself. See those examples to see why it is not a clever -idea:

- -

You should never rely on an external commercial service to -ensure your first line of anonymity. But you will see that paid services -can still be used later from an already anonymous identity if bought -anonymously while observing good operational security.

-

Appendix O: Getting an -anonymous VPN/Proxy

-

If you follow our advice, you will also need a VPN subscription but -this time you will need an anonymous one that cannot be tied to you by -the financial system. Meaning you will need to buy a VPN subscription -with cash or a reasonably private cryptocurrency (for example Monero). -You will later be able to use this VPN to connect to various services -anonymously but never directly from your IP. This VPN -can never be used in any other non-anonymous context without jeopardzing -your anonymity.

-

There are, two viable options:

-

Cash/Monero-Paid VPN:

-

There are three VPN companies recommended by PrivacyGuides.org (https://www.privacyguides.org/vpn/ [Archive.org]) -that accept cash payments: Mullvad, iVPN, and Proton VPN.

-

Here are their logging policies:

- -

In addition, we will also mention a newcomer to watch: Safing SPN https://safing.io/spn/ -[Archive.org]) -which also accepts cash and has a very distinct new concept for a VPN -which provides benefits similar to Tor Stream isolation with their -“SPN”. This possibility is “provisional” and at your own risk. Note that -Safing SPN is not available on macOS at the moment, nor is it free, but -we think was worth mentioning.

-

We are not affiliated with any brands as pointed out in our Constitution. Personally, for now, we -would recommend Mullvad due to personal experience.

-

We would not recommend Proton VPN as much because they do -require an e-mail for registration unlike Mullvad, iVPN, and Safing. -Proton also has a tendency to require phone number verification for -users who register over Tor.

-

How does this work?

-
    -
  • Access the VPN website with a Safe Browser (see Appendix G: Safe -Browser)

  • -
  • Go to iVPN, Mullvad, or Safing website and create a new Account -ID (on the login page).

  • -
  • This page will give you an account ID, a token ID (for payment -reference), and the details of where to send the money by post.

  • -
  • Send the required cash amount for the subscription you want in a -sealed postal envelope to their offices, including a paper with the -Token ID without a return address, or pay with Monero if available. If -they do not accept Monero but do accept BTC, consider Appendix Z: -Paying anonymously online with BTC

  • -
  • Wait for them to receive the payment and enable your account -(this can take a while).

  • -
  • Open Tor Browser.

  • -
  • Check your account status and proceed when your account is -active.

  • -
-

For extra-security consider:

-
    -
  • Wearing gloves while manipulating anything to avoid leaving -fingerprints487 and touch DNA488.

  • -
  • A less-obvious alternative could be to put super glue on your -fingertips, to avoid making it obvious you’re wearing gloves. However, -this can prevent effective use of touchscreens, as well as failing to as -effectively prevent you from touch DNA. Also, if spotted, it can be -quite suspicious to be caught with super glue on your fingers.

  • -
  • Do not use any material/currency that was manipulated by someone -that can be related to you in any way.

  • -
  • Do not use the currency you just got from an ATM that could -record dispensed bills serial numbers.

  • -
  • Be careful if you print anything that it is not watermarked by -your printer (See Printing -Watermarking).

  • -
  • Do not lick the envelope or the stamps489 -if you use them to avoid leaving DNA traces.

  • -
  • Make sure there are no obvious DNA traces in or on the materials -(like hairs).

  • -
  • Consider doing the whole operation outdoor to reduce the risks of -residual DNA traces from your environment or you contaminating the -materials.

  • -
  • The more people frequent a space, the lower the risk, as your DNA -will be obscured by the DNA of other people as they pass -through

  • -
  • Security cameras can be a risk. Try to cover your face. Also, -gait recognition may be a concern. See Gait -Recognition and Other Long-Range Biometrics

  • -
-

Do not in any circumstance use this new VPN account unless -instructed or connect to that new VPN account using your known -connections. This VPN will only be used later in a secure way as we do -not trust VPN providers’ “no-logging policies”. This VPN provider should -ideally never know your real origin IP (your home/work one for -instance).

-

Self-hosted -VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with -Linux):

-

The other alternative is setting up your own VPN/Proxy using a VPS -(Virtual Private Server) on a hosting platform that accepts Monero -(recommended).

-

This will offer some advantages as the chances of your IP -being block-listed somewhere are lower than known VPN -providers.

-

This does also offer some disadvantages as Monero is not perfect as -explained earlier in this guide and some global adversaries could maybe -still track you. You will need to get Monero from an Exchange using the -normal financial system and then pick a hosting (list here https://www.getmonero.org/community/merchants/#exchanges -[Archive.org]) -or from a local reseller using cash from https://localmonero.co.

-

Do not in any circumstance use this new VPS/VPN/Proxy using -your known connections. Only access it through Tor using Whonix -Workstation for instance (this is explained later). This VPN will only -be used later within a Virtual Machin over the Tor Network in a secure -way as we do not trust VPN providers’ “no-logging policies”. This VPN -provider should never know your real origin IP.

-

Please see Appendix A1: -Recommended VPS hosting providers

-

VPN VPS:

-

There are plenty of tutorials on how to do this like this one https://proprivacy.com/vpn/guides/create-your-own-vpn-server -[Archive.org]

-

Socks Proxy VPS:

-

This is also an option obviously if you prefer to skip the VPN -part.

-

It is probably the easiest thing to set up since you will just use -the SSH connection you have to your VPS and no further configuration -should be required besides setting the browser of your guest VM to use -the proxy in question.

-

Here are a few tutorials on how to do this very quickly:

- -

Here is my basic tutorial:

-

Linux/macOS:

-

Here are the steps:

-
    -
  • Get your anonymous VPS set-up

  • -
  • From a terminal, SSH to your server by running: -ssh -i ~/.ssh/id_rsa -D 8080 -f -C -q -N username@ip_of_your_server

  • -
  • Configure your browser to use localhost:8080 as a Socks Proxy for -Browsing

  • -
  • Done!

  • -
-

Explanation of arguments:

-
    -
  • -i: The path to the SSH key to be used to connect to the -host

  • -
  • -D: Tells SSH that we want a SOCKS tunnel on the specified port -number (you can choose a number between 1025 and 65536)

  • -
  • -f: Forks the process to the background

  • -
  • -C: Compresses the data before sending it

  • -
  • -q: Uses quiet mode

  • -
  • -N: Tells SSH that no command will be sent once the tunnel is -up

  • -
-

Windows:

-

Here are the steps:

- -
-image51 - -
-
    -
  • Connect to your VPS using those settings

  • -
  • Configure your Browser to use localhost:8080 as a Socks -Proxy

  • -
  • Done!

  • -
-

Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-

USE EXTREME CAUTION: THIS IS HIGHLY RISKY.

-

There might be worst-case situations where using Tor and VPNs are not -possible due to extensive active censorship or blocking. Even when using -Tor Bridges (see Appendix X: -Using Tor bridges in hostile environments)

-

Now, there might also be situations where simply using Tor or a VPN -alone could be suspicious and could be dangerous for your safety. If -this is the case, you could be in a very hostile environment where -surveillance and control are high.

-

But you still want to do something anonymously without -disclosing/leaking any information.

-

In that case, my last resort recommendation is to connect safely -from a distance to a Public Wi-Fi (See Find some safe -places with decent public Wi-Fi) using your laptop and Tails “unsafe -browser”. See https://tails.boum.org/contribute/design/Unsafe_Browser/ -[Archive.org].

-

If Tor usage alone is suspicious or risky, you should NOT -allow Tails to try establishing a Tor connection at start-up by doing -the following:

-
    -
  • At startup open the Additional Settings.

  • -
  • Enable Unsafe Browser.

  • -
  • Change the Connection from Direct to “Configure a Tor Bridge or -Local Proxy”

  • -
  • After Start-up, Connect to a safe Network

  • -
  • When prompted, just quit the Tor Connection Wizard (to not -establish a Tor connection)

  • -
  • Start and use the Unsafe Browser

  • -
-

We would strongly recommend the use of a long-range “Yagi” -type directional Antenna with a suitable USB Wi-Fi Adapter. At least -this will allow you to connect to public Wi-Fis from a “safe distance” -but keep in mind that triangulation by a motivated adversary is still -possible with the right equipment. So, this option should not be used -during an extended period (minutes at best). See Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance.

-

Using Tails should prevent local data leaks (such as MAC addresses or -telemetry) and allow you to use a Browser to get what you want -(utilities, VPN account) before leaving that place as fast as -possible.

-

You could also use the other routes (Whonix and Qubes OS without -using Tor/VPN) instead of Tails in such hostile environments if you want -data persistence but this might be riskier. We would not risk it -personally unless there was absolutely no other option. If you go for -this option, you will only do sensitive activities from a -reversible/disposable VM in all cases. Never from the Host OS.

-

If you resort to this, please keep your online time as short -as possible (minutes and not hours).

-

Be safe and extremely cautious. This is entirely at your own -risk.

-

Consider reading this older but still relevant guide https://archive.flossmanuals.net/bypassing-censorship/index.html -[Archive.org]

-

Appendix -Q: Using long-range Antenna to connect to Public Wi-Fis from a safe -distance:

-

It is possible to access/connect to remote distant Public Wi-Fis from -a distance using a cheap directional Antenna that looks like this:

-
-image52 - -
-

These antennas are widely available on various online shops for a -cheap price (Amazon, AliExpress, Banggood …). The only issue is that -they are not discrete, and you might have to find a way to hide it (for -instance in a Poster cardboard container in a Backpack). Or in a large -enough Bag. Optionally (but riskier) you could even consider using it -from your home if you have a nice Window view to various places where -some Public Wi-Fi is available.

-

Such antennas need to be combined with specific USB adapters that -have an external Antenna plug and sufficiently high power to use -them.

-

We would recommend the AWUS036 series in the Alfa brand of -adapters (see https://www.alfa.com.tw/ [Archive.org]). -But you could also go with some other brands if you want such as the -TP-Link TL-WN722 (see https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/ -[Archive.org]).

-

See this post for a comparison of various adapters: https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html -[Archive.org] -(Usually those antennas are used by Penetration Testers to probe Wi-Fis -from a distance and are often discussed within the scope of the Kali -Linux distribution).

-

The process is simple:

-
    -
  • Plugin and install your USB adapter on your Host OS.

  • -
  • Do not forget to randomize your MAC Address in case you -bought this adapter online to prevent traceability (this is enabled by -default in Tails).

  • -
  • Connect the Long-Range Antenna to the USB adapter (in place of -the supplied one).

  • -
  • Get to a convenient spot where you have a distant view of a place -with Public Wi-Fi available (this can be a rooftop for instance), but -you could also imagine hiding the Antenna in some bag and just sit on a -bench somewhere.

  • -
  • Point the Directional Antenna in the direction of the Public -Wi-Fi.

  • -
  • Connect to the Wi-Fi of your choice.

  • -
-

Do not forget tho that this will only delay a motivated -adversary. Your signal can be triangulated easily by a motivated -adversary in a matter of minutes once they reach the physical location -of the Wi-Fi you’re connecting to (for instance using a device such as -AirCheck https://www.youtube.com/watch?v=8FV2QZ1BPnw -[Invidious], -also see their other products here https://www.netally.com/products/ [Archive.org]). -These products can easily be deployed on mobile units (in a Car for -instance) and pinpoint your location in a matter of -minutes.

-

Ideally, this should “not be an issue” since this guide provides -multiple ways of hiding your origin IP using VPNs and Tor. But if you -are in a situation where VPN and Tor are not an option, then this could -be your only security.

-

Appendix R: -Installing a VPN on your VM or Host OS

-

Download the VPN client installer of your cash paid VPN service and -install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of -your choice (VPN over Tor):

- -

Important note: Tor does not support UDP, and you should use -TCP instead with the VPN client in the Tor over VPN cases (on the -VMs).

-

In all cases, you should set the VPN to start from boot and enable -the “kill switch” if you can. This is an extra step since this guide -proposes solutions that all fall back on the Tor network in case of VPN -failure.

-

Here are some guides provided by the recommended VPN providers in -this guide:

- -

Appendix -S: Check your network for surveillance/censorship using OONI

-

So, what is OONI? OONI stands for Open Observatory of Network -Interference and is a sub-project of the Tor Project490.

-

First OONI will allow you to check online for surveillance/censorship -in your country just by looking at their Explorer that features test -results from other people. This can be done here: https://explorer.ooni.org/

-

But these tests are limited and could not apply to your personal -situation. If that is the case, you could consider running the OONI -Probe yourself and running the tests yourself.

-

The problem is that your network providers will be able to see those -tests and your attempts at connecting to various services if the network -is monitored. The other issue is that there are solutions to prevent -OONI from working properly491.

-

While this might not be important in a normal environment, this could -put you at risk in a hostile environment. So, running these -tests can be risky.

-

If you are in such a hostile environment where you suspect -network activity is actively monitored and the simple fact of trying to -access some resources can put you at risk, you should take some -precautions before even attempting this:

-
    -
  • Do not run the tests from your home/work -network.

  • -
  • Do not run these tests from a known device or a -smartphone but only for a secured OS on an ideally dedicated -laptop.

    -
      -
    • You will not be able to do this from Tails as Tails will -try to connect to Tor by default

    • -
    • You should only do this with the Qubes OS route or the -Whonix Route of this guide after completing one of the -routes.

    • -
  • -
  • Only consider running these tests quickly from a Public -Wi-Fi from a safe distance (see Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option).

  • -
-

The probe can be found here: https://ooni.org/install/ [Archive.org] -for various platforms (iOS, Android, Windows, macOS, and Linux).

-

Appendix T: Checking -files for malware

-

Integrity (if available):

-

Usually, integrity checks492 are done using -hashes of files (usually stored within checksum files). Older files -could use CRC493, more recently MD5494 -but those present several weaknesses (CRC, MD5 495 -that make them unreliable for file integrity checks (which does not mean -they are not still widely used in other contexts).

-

This is because they do not prevent Collision496 -well enough and could allow an adversary to create a similar but -malicious file that would still produce in the same CRC or MD5 hash -despite having different content.

-

For this reason, it is usually recommended to use SHA-based 497 hashes and the most used is -probably the SHA-2498 based SHA-256 for verifying file -integrity. SHA is much more resistant to collisions499 -than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and -hard to compute for an adversary.

-

If a SHA-256 checksum is available from the source of the file, you -should not hesitate to use it to confirm the integrity of the file. Note -that SHA-1 is not recommended, but is better than not having a hash to -compare.

-

This checksum should itself be authenticated/trusted and should be -available from an authenticated/trusted source (obviously you should not -trust a file just because it has a checksum attached to it alone).

-

In the case of this guide, the SHA-256 checksums are available for -each file including the PDFs but are also authenticated using a GPG -signature allowing you to verify the authenticity of the checksum. This -will bring us to the next section about authenticity.

-

So how to check checksums? (In this case SHA-256 but you could change -to SHA-512

-
    -
  • Windows500:

    -
      -
    • Open a Command Prompt

    • -
    • Run certutil -hashfile filename.txt sha256 (replace -sha256 by sha1 or sha512 or md5)

    • -
    • Compare your result to one from a source you trust for that -file

    • -
  • -
  • macOS :

    -
      -
    • Open a Terminal

    • -
    • SHA: Run shasum -a 256 /full/path/to/your/file -(replace 256 by 512 or 1 for SHA-1)

    • -
    • MD5: Run md5 /full/path/to/your/file

    • -
    • Compare your result to one from a source you trust for that -file

    • -
  • -
  • Linux:

    -
      -
    • Open a Terminal

    • -
    • Run shasum /full/path/to/your/file (replace shasum -by sha256sum, sha512sum or md5sum)

    • -
    • Compare your result to one from a source you trust for that -file

    • -
  • -
-

Remember that checksums are just checksums. Having a matching -checksum does not mean the file is safe.

-

Authenticity (if available):

-

Integrity is one thing. Authenticity is another thing. This is a -process where you can verify some information is authentic and from the -expected source. This is usually done by signing information (using -GPG501 for instance) using public-key -cryptography502.

-

Signing can serve both purposes and allow you to check for both -integrity and authenticity.

-

If available, you should always verify the signatures of files to -confirm their authenticity.

-

In essence:

-
    -
  • Install GPG for your OS:

    -
  • -
  • Download the Signature key from a trusted source. If someone is -not giving you a key directly, you should check for multiple versions on -other websites to confirm you are using the right key (GitHub, GitLab, -Twitter, Keybase, Public Keys Servers…).

  • -
  • Import the trusted key (replace keyfile.asc by the filename of -the trusted key):

    -
      -
    • Windows:

      -
        -
      • From a Command Prompt, Run -gpg --import keyfile.asc
      • -
    • -
    • macOS:

      -
        -
      • From a Terminal, Run gpg --import keyfile.asc
      • -
    • -
    • Linux:

      -
        -
      • From a Terminal, Run gpg --import keyfile.asc
      • -
    • -
  • -
  • Verify the file signature against the imported (trusted) -signature (replace filetoverify.asc by the signature file that was -associated with the file, replace filetoverify.txt by the actual file to -verify):

    -
      -
    • Windows:

      -
        -
      • Run -gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt

      • -
      • The result should show the signature is good and match the -trusted signature you imported earlier.

      • -
    • -
    • macOS:

      -
        -
      • Run -gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt

      • -
      • The result should show the signature is good and match the -trusted signature you imported earlier.

      • -
    • -
    • Linux:

      -
        -
      • Run -gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt

      • -
      • The result should show the signature is good and match the -trusted signature you imported earlier.

      • -
    • -
  • -
-

For some other tutorials, please see:

- -

All these guides should also apply to any other file with any other -key.

-

Security (checking for -actual malware):

-

Every check should ideally happen in sandboxed/hardened -Virtual Machines. This is to mitigate the possibilities for malware to -access your Host computer.

-

Anti-Virus Software:

-

You might be asking yourself, what about Anti-Virus solutions? Well, -no … these are not perfect solutions against many modern malware and -viruses using polymorphic code503. But it does not -mean they cannot help against less sophisticated and known attacks. It -depends on how to use them as AV software can become an attack vector in -itself.

-

Again, this is all a matter of threat modeling. Can AV software help -you against the NSA? Probably not. Can it help you against less -resourceful adversaries using known malware? Probably.

-

Some will just argue against them broadly like Whonix504 -but this topic is being discussed and disputed even at Whonix505 by other members of their -community.

-

Contrary to popular myths perpetuating the idea that only Windows is -subject to malware and that detection tools are useless on Linux and -macOS:

- -

My take on the matter is on the pragmatic side. There is still room -for some AV software for some selective and limited use. But it depends -on which one and how you use them:

- -

“When you submit Samples to the Services, if you submit Samples to -the Services, You will collect all of the information in the Sample -itself and information about the act of submitting it”.

-

So, remember that any document you submit to them will be -kept, shared, and used commercially including the content. So, you -should not do that with sensitive information and rely on various local -AV scanners (that do not send samples online).

-

So, if you are in doubt:

-
    -
  • For non-sensitive files, we do encourage you to check any -documents/images/videos/archives/programs you intend to open with -VirusTotal (or other similar tools) because … Why not? (Either by -uploading or checking hashes).

  • -
  • For sensitive files, we would recommend at least an offline -unprivileged ClamAV scan of the files.

  • -
-

For instance, this guide’s PDF files were submitted to VirusTotal -because it is meant to be public knowledge and we see no valid argument -against it. It does not guarantee the absence of malware, but it does -not hurt to add this check.

-

Manual Reviews:

-

You can also try to check various files for malware using various -tools. This can be done as an extra measure and is especially useful -with documents rather than apps and various executables.

-

These methods require more tinkering but can be useful if you want to -go the extra length.

-

PDF files:

-

Again, regarding the PDFs of this guide and as explained in the -README of my repository, you could check for anomalies using PDFID which -you can download at https://blog.didierstevens.com/programs/pdf-tools/ -[Archive.org]:

-
    -
  • Install Python 3 (on Windows/Linux/macOS/Qubes OS)

  • -
  • Download PDFID and Extract the files

  • -
  • Run “python pdfid.py file-to-check.pdf” and you should see these -at 0 in the case of the PDF files in this repository:

  • -
-

-/JS 0 #This indicates the presence of Javascript
-
-/JavaScript 0 #This indicates the presence of Javascript
-
-/AA 0 #This indicates the presence of automatic action on opening
-
-/OpenAction 0 #This indicates the presence of automatic action on opening
-
-/AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript
-
-/JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content
-
-/RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash
-
-/Launch 0 #This counts the launch actions
-
-/EmbeddedFile 0 #This indicates there are embedded files within the PDF
-
-/XFA 0 #This indicates the presence of XML Forms within the PDF
-
-

Now, what if you think the PDF is still suspicious? Fear not … there -are more things you can do to ensure it is not malicious:

-
    -
  • Qubes OS: Consider using https://github.com/QubesOS/qubes-app-linux-pdf-converter -[Archive.org] -which will convert your PDF into a flattened image file. This should -theoretically remove any malicious code in it. Note that this will also -render the PDF formatting useless (such as links, headings, bookmarks, -and references).

  • -
  • (Deprecated) Linux/Qubes OS (or possibly macOS -through Homebrew or Windows through Cygwin): Consider not using https://github.com/firstlookmedia/pdf-redact-tools -[Archive.org] -which will also turn your PDF into a flattened image file. Again, this -should theoretically remove any malicious code in it. Again, this will -also render the PDF formatting useless (such as links, headings, -bookmarks, and references). Note that this tool is deprecated -and relies on a library called “ImageMagick” which is known for several -security issues516. You should -not use this tool even if it is recommended in some other -guides.

  • -
  • Windows/Linux/Qubes/OS/macOS: Consider using https://github.com/firstlookmedia/dangerzone [Archive.org] -which was inspired by Qubes PDF Converted above and does the same but is -well maintained and works on all OSes. This tool also works with Images, -ODF files, and Office files (Warning: On Windows, this tool requires -Docker-Desktop installed and this might (will) interfere with Virtualbox -and other Virtualization software because it requires enabling Hyper-V. -VirtualBox and Hyper-V do not play nice together517. Consider installing this within a -Linux VM for convenience instead of a Windows OS).

  • -
-

Other types of files:

-

Here are some various resources for this purpose where you will find -what tool to use for what type:

- -

Even with all those resources, keep in mind you might still -get advanced malware if those are not detected by those various tools. -Be careful and remember to handle these files within isolated Virtual -Machines, if possible, to limit the attack surface and -vectors.

-

Appendix -U: How to bypass (some) local restrictions on supervised computers

-

There might be situations where the only device you have at your -disposal is not really yours such as:

-
    -
  • Using a Work computer with restrictions in place on what you can -do/run.

  • -
  • Misuse of Parental control features to monitor your computer -usage (despite you being a non-consenting Adult).

  • -
  • Misuse of various monitoring apps to monitor your computer usage -against your will.

  • -
-

The situation might look desperate, but it is not necessarily the -case as there are some safe ways to bypass these depending on how well -your adversaries did their job securing your computer.

-

Portable Apps:

-

There are plenty of methods you could use to bypass those -restrictions locally. One of them would be to use portable apps520. Those apps do not require -installation on your system and can be run from a USB key or anywhere -else.

-

But this is not a method we would recommend.

-

This is because those portable apps will not necessarily hide -themselves (or be able to hide themselves) from the usage reports and -forensic examination. This method is just too risky and will probably -arise issues if noticed if you are in such a hostile environment.

-

Even the most basic controls (supervision or parental) will send out -detailed app usage to your adversary.

-

Bootable Live Systems:

-

This method is the one we would recommend in those cases.

-

It is relatively easy for your adversary to prevent this by setting -up firmware BIOS/UEFI (see Bios/UEFI/Firmware -Settings of your laptop) controls but usually most adversaries will -overlook this possibility which requires more technical knowledge than -just relying on Software.

-

This method could even decrease suspicion and increase your plausible -deniability as your adversaries think they have things under control and -that everything appears normal in their reports.

-

This method only depends on one security feature (that they probably -did not turn on in most cases): Boot Security.

-

Boot Security is divided into several types:

-
    -
  • Simple BIOS/UEFI password preventing the change of the boot -order. This means you cannot start such a live system in place of your -supervised OS without providing the BIOS/UEFI password.

  • -
  • Secure Boot. This is a “standard” feature preventing you from -starting unsigned systems from your computer. While this feature could -be configured to only allow your supervised system, usually by default -it will allow running an entire range of signed systems (signed by -Microsoft or the Manufacturer for instance).

  • -
-

Secure Boot is relatively easy to bypass as there are plenty of Live -Systems that are now Secure Boot compliant (meaning they are signed) and -will be allowed by your laptop.

-

The BIOS/UEFI password on the other hand is much harder to bypass -without risks. In that case, you are left with two options:

-
    -
  • Guess/Know the password so that you can change the boot order of -your laptop without raising suspicions

  • -
  • Reset the password using various methods to remove the password. -we would not recommend doing this because if your adversaries -went the extra length of enabling this security feature, they probably -will be suspicious if it were disabled, and this might increase -suspicion and decrease your plausible deniability -considerably.

  • -
-

Again, this feature is usually overlooked by most unskilled/lazy -adversaries and in my experience left disabled.

-

This is your best chance into bypassing local controls -without traces.

-

The reason is that most of the controls are within your main -Operating System software and only monitor what happens within the -Operating System. Those measures will not be able to monitor what -happened at the Hardware/Firmware level before the Operating System -loads.

-

Precautions:

-

While you might be able to bypass local restrictions easily using a -Live System such as Tails, remember that your network might also be -monitored for unusual activities.

-

Unusual network activities showing up from a computer at the same -time your computer is seemingly powered off might raise suspicions.

-

If you are to resort to this, you should never do so from a -monitored/known network but only from a safe different network. Ideally -a safe public wi-fi (See Find some safe -places with decent public Wi-Fi).

-

Do not use a live system on a Software supervised/monitored -device on a known network.

-

Refer to the Tails route to achieve this. See The Tails route and Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option sections.

-

Appendix -V: What browser to use in your Guest VM/Disposable VM

-

Temporary Important Warning: Please see Microarchitectural -Side-channel Deanonymization Attacks: for all browsers except Tor -Browser.

-

There are 6 possibilities of browser to use on your guest/disposable -VM:

-
    -
  • Brave (Chromium-based)

  • -
  • Edge (Chromium-based, Windows Only)

  • -
  • Firefox

  • -
  • Safari (macOS VM only)

  • -
  • Tor Browser

  • -
-

Here is a comparison table of one fingerprinting test of various -browsers with their native settings (but Javascript enabled for -usability, except for Tor Safest mode).

-

Disclaimer: these tests while nice are not conclusive of the -real fingerprinting resistance. But they can help compare browsers -between each other.

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Browser - -

-https://coveryourtracks.eff.org/ -

-

-Fingerprinting Test with real Ad -

-
-Safari (Normal)* - -Fail (Unique) -
-Safari (Private Window) * - -Fail (Unique) -
-Edge (Normal)** - -Fail (Unique) -
-Edge (Private Window) ** - -Fail (Unique) -
-Firefox (Normal) - -Fail (Unique) -
-Firefox (Private Window) - -Fail (Unique) -
-Chrome (Normal) - -Fail (Unique) -
-Chrome (Private Window) - -Fail (Unique) -
-Brave (Normal) - -Passed (Randomized) -
-Brave (Private Window) - -Passed (Randomized) -
-Brave (Tor Window) - -Passed (Randomized) -
-Tor Browser (Normal mode) - -Partial -
-Tor Browser (Safer mode) - -Partial -
-Tor Browser (Safest mode) - -Unknown (Result did not load) -
-
    -
  • *: macOS only. **: Windows only.
  • -
-

Another useful resource to be considered for comparing browsers is: -https://privacytests.org/ [Archive.org]

-

Brave:

-

This is my recommended/preferred choice for a Browser within -your guest VMs. This is not my recommended choice for a Browser within -your Host OS where we strictly recommend Tor Browser as they recommend -it themselves521.

-

Why Brave despite the controversies522?

-
    -
  • You will encounter fewer issues later with account creations -(captchas …). This is based on my experiences trying to create plenty of -online identities using various browsers. You will have to trust me on -that.

  • -
  • You will enjoy native ad-blocking where none is available in -others by default without adding extensions523.

  • -
  • Performance is arguably better than Firefox524.

  • -
  • Brave is arguably better at fingerprinting resistance than -others525.

  • -
  • Security of Chromium-based Browser is arguably better and more -secure than Firefox526527. Within the context of this guide, -security should be privileged to prevent any vulnerability or exploit -from gaining access to the VM.

  • -
  • Comparison of both by Mozilla: https://www.mozilla.org/en-US/firefox/browsers/compare/brave/ -[Archive.org]

  • -
  • Comparison of both by Techlore: https://www.youtube.com/watch?v=qkJGF3syQy4 [Invidious]

  • -
  • The whole traffic will be routed over a VPN over Tor anyway. So -even if you mistakenly opt-in for some telemetry, it is not so -important. Remember that in this anonymity threat model, we are mostly -after anonymity and security. The privacy of our online identities does -not matter that much unless the privacy issue is also a security issue -that could help deanonymize you.

  • -
  • Brave was found to be sending no identifiable telemetry compared -to other browsers528.

  • -
-

Ungoogled-Chromium:

-

This browser is considered a security liability due to their -systemic lagging on security patches529.

-

It is strongly advised not to use -Ungoogled-Chromium.

-

Edge:

-

This is for Windows users only. Edge is a solid choice too.

-
    -
  • You will encounter fewer issues later with account creations -(captchas …). This is based on my experiences trying to create plenty of -online identities using various browsers. You will have to trust me on -that.

  • -
  • Better Security than Firefox as it is Chromium-based530531.

  • -
  • Better Performance than Firefox.

  • -
  • The whole traffic will be router through Tor anyway.

  • -
  • Can benefit from additional security using Microsoft Defender -Application Guard (MDAG)532. Note that this -feature cannot be enabled in a Virtualbox VM unfortunately.

  • -
  • Native tracker blocking (Similar to Brave Shields).

  • -
-

Cons:

-
    -
  • You will have to disable some telemetry within the Browser
  • -
-

Safari:

-

The macOS default browser.

-

Pros:

-
    -
  • It is a Browser with decent security and sandboxing -capabilities.
  • -
-

Cons:

-
    -
  • It is macOS only (obviously)

  • -
  • It requires signing-in into the App Store to install extensions -(impossible within the scope of this guide since it is a VM)

  • -
  • Even if you could, it lacks the best Extensions available for -Firefox and Chrome.

  • -
-

Overall, we would not recommend using Safari on a macOS VM but -instead, go for another Browser such as Brave or Firefox.

-

Firefox:

-

And of course, lastly, you could go with Firefox,

-

Pros:

-
    -
  • Well, it is out of the “Chromium” world and not taking part in -expanding Chromium market share

  • -
  • In addition to being out of the Chromium world, it is also -completely out of the Google world (despite the Mozilla Foundation being -almost entirely funded by Google533).

  • -
  • An impressive amount of customization through extensions for -every possible need.

  • -
  • Firefox can be severely hardened to almost match the security of -Chromium-based browsers.

  • -
-

Cons:

-
    -
  • Poorer performance compared to Chromium.
  • -
-

Security (especially sandboxing) of Firefox is arguably weaker than -Chromium-based browsers534.

-
    -
  • You will experience more captchas (this is based on my tests).
  • -
-

Tor Browser:

-

If you are extra paranoid and want to use Tor Browser and have “Tor -over VPN over Tor”, you could go with Tor Browser within the VM as well. -This is completely pointless/useless.

-

We would not recommend this option. It is just silly.

-

Appendix V1: Hardening your -Browsers:

-

In this section, we’ll discuss hardening your browsers. This has a -heavy focus on the difference between Tracking Reduction and Tracking -Evasion, and the pros and cons of either. First, let’s define what they -are as -described by Rohan Kumar:

-
    -
  • Tracking reduction (TR) -
      -
    • TR aims to reduce the amount of data collected about an exposed -user. It reduces a footprint’s spread primarily by blocking trackers. -Sometimes this can increase the size of a footprint.
    • -
  • -
  • Tracking evasion (TE) -
      -
    • TE reduces the amount of data exposed by a user. Rather than -eliminating data collection itself, TE prevents useful data from being -made available in the first place. In other words, it reduces a -footprint’s size.
    • -
  • -
-

Browsers that provide Tracking Reduction are to be used for a more -casual Threat Model -whereas Tracking Evasion is more complex. But both need to be explored. -Tracking Reduction focuses on browsing with less tracking. It involves -things like content-blocking, firewalls, opt-outs, flipping telemetry -buttons, etc. If you’re this far into the guide, you likely have a very -good understanding of this already. Tracking Evasion, however, involves -techniques like using the portable Tor Browser Bundle to anonymize your -footprint and online identity, avoiding identifiable extensions, and -using randomized keystroke delays. It’s more about minimizing your -online footprint, to give you a less fingerprintable browsing -environment and internet usage.

-

A brief mention of this is necessary in determining operation needs -for both. You need a certain level of understanding in both to achieve -good standards and develop better browsing habits. This can and will -overall provide you with a more viable solution to public trackers, -government organizations looking to trace/track your browsing habits -back to you, even just trolls attempting to doxx you.

-

The following are the recommended safest routes for each browser -according to the current versions of their respective software and the -ability each one has to become more secure. In the guide we will provide -both Tracking Reduction & Evasion and it will not require you to -write even a single line of code.

-

Brave:

-
    -
  • Download and install Brave browser from https://brave.com/download/ [Archive.org]

  • -
  • Open Brave Browser

  • -
  • Go into Settings > -Appearances -(brave://settings/appearance)

    -
      -
    • (optional) Disable “Show autocomplete -suggestions in address bar”

    • -
    • Disable “Show Brave Suggested Sites”

    • -
    • Disable “Show Brave Rewards icon in address -bar”

    • -
    • Enable “Always show full URLs”

    • -
  • -
  • Go into Settings > Shields -(brave://settings/shields)

    -
      -
    • Set Shields to Advanced

    • -
    • Set “Trackers and Ads blocking” to -Aggressive

    • -
    • Set “Upgrade connections to HTTPS” to -Strict

    • -
    • Enable “Block scripts”

    • -
    • Set “Block fingerprinting” to Standard or -Strict, may break sites

    • -
    • Set “Block cookies” to Only cross-site

    • -
  • -
  • Go into Settings > Social media -blocking (brave://settings/socialBlocking)

    -
      -
    • Uncheck the Facebook, Twitter, and LinkedIn -embeds
    • -
  • -
  • Go to Settings > Search -engine (brave://settings/search)

    -
      -
    • Set “Normal Window” and “Private Window” to use a more private -and trackerless search engine

      -
    • -
    • Disable “Web Discovery Project”

    • -
    • Disable “Index other search engines”

    • -
  • -
  • Go into Settings > -Extensions -(brave://settings/extensions)

    -
      -
    • Disable everything
    • -
  • -
  • Go into Settings > Wallet -(brave://settings/wallet)

    -
      -
    • Disable “Show Brave Wallet icon on -toolbar”

    • -
    • Set Default Ethereum wallet to “None”

    • -
    • Set Default Solana wallet to “None”

    • -
  • -
  • Go into Settings > Privacy and -Security (brave://settings/privacy)

    -
      -
    • Disable everything except “Private window with -Tor”

      -
        -
      • (optional) Turn on Automatically redirect .onion -sites
      • -
    • -
    • Set WebRTC handling policy to “Disable -non-proxied UDP”

    • -
    • Go into Clear Browsing Data -(brave://settings/clearBrowserData)

      -
        -
      • Select On Exit

      • -
      • Check all options

      • -
      • Click “Save”

      • -
    • -
    • Go into Cookies and other site data -(brave://settings/cookies)

      -
        -
      • Check “Block third-party cookies” or “Block all -cookies” (not recommended)

      • -
      • Enable “Clear cookies and site data when you -close all windows”

      • -
      • Under “Sites that can always use cookies”, check that you need -any of these

      • -
    • -
  • -
  • Open a new Tab

  • -
  • Click “Customize” in the lower right corner

    -
      -
    • Disable everything in Customize Dashboard except -maybe the clock
    • -
  • -
  • Go into Settings > Shields -> Content filtering -(brave://settings/shields/filters)

    -
      -
    • Select any additional adblocking filter you want

      -
        -
      • Recommended: CJX’s Annoyance, -Easylist-Cookie, Fanboy’s Annoyances, -Fanboy’s Social, Fanboy’s Mobile -Notifications, and uBlock Annoyances
      • -
    • -
    • Add custom filter lists

      -
    • -
    • To keep all applied filters, click -“Save”

    • -
  • -
  • Do not ever enable Brave Rewards (button should now be hidden on -all sites)

  • -
-

Addons to consider on Brave if you want additional protections:

- -

That’s it and you should be pretty much covered. For full paranoia, -you can also just “Block Scripts” to disable Javascript. Note that even -disabling Javascript might not protect you fully535. If you choose to disable JS, use -the NoScript extension, not the Brave setting.

-

Ungoogled-Chromium:

-

This browser is considered a security liability due to their -systemic lagging on security patches536.

-

It is strongly advised not to use -Ungoogled-Chromium.

-

Edge:

-

Windows only:

-
    -
  • Open Edge

  • -
  • Go into Settings

  • -
  • Go to Profiles and make sure everything is unchecked in every -section (Personal Info, Passwords, Payment info, Profile -preferences)

  • -
  • Go to Privacy, search, and services:

    -
      -
    • Go to Tracking Prevention:

      -
        -
      • Set to Strict or at least Balanced

      • -
      • Set to always use Strict with InPrivate Windows

      • -
    • -
    • Go to Privacy:

      -
        -
      • Enable send Do Not Track

      • -
      • Disable the options for the website to check your payment -methods

      • -
    • -
    • Go to Optional Diagnostic Data:

      -
        -
      • Disable it
      • -
    • -
    • Go to Personalize your Web Experience:

      -
        -
      • Disable it
      • -
    • -
    • Go to Security

      -
        -
      • Disable everything
      • -
    • -
    • Go to Services

      -
        -
      • Disable everything

      • -
      • In Address Bar and Search:

        -
      • -
    • -
    • Go to Cookies and Sites Permissions:

      -
        -
      • Within All Permissions:

        -
          -
        • Within Cookies, make sure “Block Third-Party Cookies” is -checked

        • -
        • Block everything except:

          -
            -
          • Javascript

          • -
          • Images

          • -
        • -
      • -
    • -
  • -
-

Enable Application Guard for Edge (only on Host OS, not possible -within a VirtualBox VM):

-

Skip if this is a VM

-
    -
  • Open Control Panel.

  • -
  • Click on Programs

  • -
  • Click on Turn Windows features on or off link

  • -
  • Check the Windows Defender Application Guard option

  • -
  • Click OK.

  • -
  • Click Restart.

  • -
  • Now you can open Edge and open a new “Application Guard” -Window.

  • -
-

That’s about it for Edge but you are also free to add extensions from -the Chrome Store such as:

- -

Safari:

-

macOS Only:

-
    -
  • Open Safari

  • -
  • Click the Safari top left Menu

  • -
  • Click Preferences

    -
      -
    • On the General Tab:

      -
        -
      • Change New Windows to “Empty Page”

      • -
      • Change New Tabs to “Empty page”

      • -
      • Change the Remove History after to “1 day”

      • -
      • Change the Remove Download list items to “When Safari Quits” or -“When Successful Download”

      • -
      • Uncheck “Open Safe Files After Downloading”

      • -
    • -
    • On the Security Tab:

      -
        -
      • Disable “Warn when visiting a Fraudulent Website” (this sends the -URLs your visit to Google for screening)
      • -
    • -
    • On the Privacy Tab:

      -
        -
      • Uncheck “Web Advertising”
      • -
    • -
    • On the Advanced Tab:

      -
        -
      • Check the “Show full website address”
      • -
    • -
  • -
-

Consider Appendix -A5: Additional browser precautions with JavaScript enabled

-

That’s about it. Unfortunately, you will not be able to add -extensions as those will require you to sign in into the App Store which -you cannot do from a macOS VM. Again, we would not recommend sticking to -Safari in a macOS VM but instead switching to Brave or Firefox.

-

Firefox:

-

Normal settings:

-
    -
  • Open Firefox

  • -
  • On the Firefox Home Page:

    -
      -
    • Click Personalize

    • -
    • Uncheck/Disable Everything

    • -
  • -
  • Open Settings:

    -
      -
    • Go into Search

      -
    • -
    • Go into Privacy & Security

      -
        -
      • Set to Custom

        -
          -
        • Cookies: Select All Third-Party Cookies

        • -
        • Tracking Content: In all Windows

        • -
        • Check Cryptominers

        • -
        • Check Fingerprinters

        • -
      • -
      • Set always send “Do Not Track”

      • -
    • -
    • Go to Logins and Passwords

      -
        -
      • Uncheck “Ask to save logins and passwords for websites”
      • -
    • -
    • Go to Permissions

      -
        -
      • Location: check block new requests

      • -
      • Camera: check block new requests

      • -
      • Microphone: check block new requests

      • -
      • Notifications: check block new requests

      • -
      • Autoplay: select Disable Audio and Video

      • -
      • Virtual Reality: check block new requests

      • -
      • Check Block Pop-ups

      • -
      • Check Warn when websites try to install add-ons

      • -
    • -
    • Go to Firefox Data Collection and Use

      -
        -
      • Disable everything
      • -
    • -
    • Go to HTTPS-Only Mode

      -
        -
      • Enable it on all Windows
      • -
    • -
  • -
-

Advanced settings:

-

Consider Arkenfox/user.js, a -heavily maintained and very easy to use browser config which uses a -“user.js” to set all the privacy settings and disk avoidance values. -Below we recommend that if you are not setting the Arkenfox config, at -least setting the about:config values below. Arkenfox -applies many others but these are the bare minimum for your protection -while browsing. Remember: doing nothing and using a browser with its -defaults will already be leaking many identifiable and trackable -characteristics which are unique to you. See Browser and Device -Fingerprinting for more details on why default settings in browsers -are unsafe.

-

Those settings are explained on the following resources in order of -recommendation if you want more details about what each setting -does:

-
    -
  1. https://wiki.archlinux.org/title/Firefox/Privacy [Archive.org] -(most recommended)

  2. -
  3. https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide -[Archive.org]

  4. -
-

Here are most of the steps combined from the sources above (some have -been omitted due to the extensions recommended later below):

-
    -
  • Navigate to “about:config” in the URL bar

  • -
  • Click Accept the Risk and Continue

    -
      -
    • Safe Settings (should not break anything)

      -
        -
      • Disable Firefox Pocket

        -
          -
        • Set “extensions.pocket.enabled” to false
        • -
      • -
      • Disable All Telemetry

        -
          -
        • Set “browser.newtabpage.activity-stream.feeds.telemetry” to -false

        • -
        • Set “browser.ping-centre.telemetry” to false

        • -
        • Set “browser.tabs.crashReporting.sendReport” to false

        • -
        • Set “devtools.onboarding.telemetry.logged” to false

        • -
        • Set “toolkit.telemetry.enabled” to false

        • -
        • Search for “toolkit.telemetry.server” and clear it

        • -
        • Set “toolkit.telemetry.unified” to false

        • -
        • Set “beacon.enabled” to false

        • -
      • -
      • Disable Pre-Fetching

        -
          -
        • Set “network.dns.disablePrefetch” to true

        • -
        • Set “network.dns.disablePrefetchFromHTTPS” to true

        • -
        • Set “network.predictor.enabled” to false

        • -
        • Set “network.predictor.enable-prefetch” to false

        • -
        • Set “network.prefetch-next” to false

        • -
        • Set “browser.urlbar.speculativeConnect.enabled” to false

        • -
      • -
      • Disable Javascript in PDFs

        -
          -
        • Set “pdfjs.enableScripting” to false
        • -
      • -
      • Disable obsolete SSL encryption

        -
          -
        • Set “security.ssl3.rsa_des_ede3_sha” to false

        • -
        • Set “security.ssl.require_safe_negotiation” to true

        • -
      • -
      • Disable Firefox Accounts

        -
          -
        • Set “identity.fxaccounts.enabled” to false
        • -
      • -
      • Disable Geolocation

        -
          -
        • Set “geo.enabled” to false
        • -
      • -
      • Disable Web Notifications

        -
          -
        • Set “dom.webnotifications.enabled” to false
        • -
      • -
      • Disable Copy/Paste Notifications

        -
          -
        • Set “dom.event.clipboardevents.enabled” to false
        • -
      • -
      • Disable Microphone/Camera status fetching

        -
          -
        • Set “media.navigator.enabled” to false
        • -
      • -
      • Enable “Do Not Track”

        -
          -
        • Set “privacy.donottrackheader.enabled” to true
        • -
      • -
      • Disable SafeBrowsing

        -
          -
        • Set “browser.safebrowsing.malware.enabled” to false

        • -
        • Set “browser.safebrowsing.phishing.enabled” to false

        • -
        • Set “browser.safebrowsing.downloads.remote.enabled” to -false

        • -
      • -
    • -
    • Moderate Settings (could break some websites)

      -
        -
      • Disable WebRTC (this will break all websites with video/audio -communications)

        -
          -
        • Set “media.peerconnection.enabled” to false

        • -
        • Set “media.navigator.enabled” to false

        • -
      • -
      • Disable WebGL (this will break some media intensive websites)

        -
          -
        • Set “webgl.disabled” to true
        • -
      • -
      • Disable DRM

        -
          -
        • Set “media.eme.enabled” to false

        • -
        • Set “media.gmp-widevinecdm.enabled” to false

        • -
      • -
      • Set Cookiies Behavior

        -
          -
        • Set “network.cookie.cookieBehavior” to 1

        • -
        • Set “network.http.referer.XOriginPolicy” to 2

        • -
      • -
      • Change referer policy

        -
          -
        • Set “network.http.referer.XOriginTrimmingPolicy” to 2
        • -
      • -
      • Change Session Storage behavior

        -
          -
        • Set “browser.sessionstore.privacy_level” to 2
        • -
      • -
      • Disable Connection Tests for Captive Portals

        -
          -
        • Set “network.captive-portal-service.enabled” to false
        • -
      • -
      • Disable “Trusted Recursive Resolver”

        -
          -
        • Set/Create “network.trr.mode” and set it to 5
        • -
      • -
    • -
    • Advanced (this will break some websites)

      -
        -
      • Set “privacy.resistFingerprinting” to true

      • -
      • Set “privacy.trackingprotection.fingerprinting.enabled” to -true

      • -
      • Set “privacy.trackingprotection.cryptomining.enabled” to -true

      • -
      • Set “privacy.trackingprotection.enabled” to true

      • -
      • Set “browser.send_pings” to false

      • -
      • Set “change privacy.firstparty.isolate” to true

      • -
      • Set “network.http.referer.XOriginPolicy” to “2” or use -Smart Referer below

      • -
      • Set “change network.cookie.lifetimePolicy” to 2 (this deletes all -cookies after each session)

      • -
    • -
  • -
-

Addons to install/consider:

- -

Bonus resources:

-

Here are also two recent guides to harden Firefox:

- -

Appendix W: Virtualization

-

So, you might ask yourself, what is Virtualization537?

-

Basically, it is like the Inception movie with computers. You have -emulated software computers called Virtual Machines running on a -physical computer. And you can even have Virtual Machines running within -Virtual machines if you want to (but this will require a more powerful -laptop in some cases).

-

Here is a little basic illustration of what Virtualization is:

-
-image53 - -
-

Each Virtual Machine is a sandbox. Remember the reasons for using -them are to prevent the following risks:

-
    -
  • Mitigate local data leaks and easier clean-up in case something -gets messed up or it is suspected to be compromised.

  • -
  • Reduce malware/exploit attack surfaces (if your VM is -compromised, the adversary still must figure out he is in a VM and then -gain access to the Host OS which is not so trivial).

  • -
  • Mitigate online data leaks by being able to enforce strict -network rules on Virtual Machines for accessing the network (such as -passing through the Tor Network).

  • -
-

Nested virtualization risks

-

There is an inherently larger attack surface when nesting -virtualization.

-

Here’s some host information that can be leaked through the Virtual -Machine:

-
    -
  • Organizationally unique identifier or OUI - the unique identifier -assigned to VMWare Guest VMs;

  • -
  • Virtual Windows registry keys like ProductID might -show the Host Machine’s environment:
    -HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProductId XXXXX-123-1234567-12345

  • -
  • HDD, GPU, and mouse drivers can be exposed through: -HKEY_LOCAL_MACHINE\System\CurrentControlSet\

  • -
  • Registry entries will show that this is a virtual mouse: -%WINDIR%\system32\drivers\vmmouse.sys

  • -
  • Descriptor Table Registers: https://stackoverflow.com/questions/52505313/what-are-descriptor-registers/52505743#52505743

    -
      -
    • Since it’s a Virtual Machine using the same CPU cores, the -descriptor values are relocated due to there only being space for one of -each identifier per CPU. This is a dead giveaway and is used in -detection by advanced malware. It’s employed by malware architects to -tell when the program is being ran in a forensics environment (e.g., -Remnux or Flare VM) - popular tools/OS that are used by experts to -analyze malware.
    • -
  • -
  • Guest VMs also indirectly access the same hardware as the Host -OS.

  • -
-

See https://www.malwarebytes.com/blog/news/2014/02/a-look-at-malware-with-virtual-machine-detection -for more techniques used by malware to detect virtualization. These -techniques are mostly prevented by appending some settings to your VM -config file (.vmx). https://blog.talosintelligence.com/2009/10/how-does-malware-know-difference.html

-

Appendix -X: Using Tor bridges in hostile environments

-

In some environments, your ISPs might be trying to prevent you from -accessing Tor. Or accessing Tor openly might be a safety risk.

-

In those cases, it might be necessary to use Tor bridges to connect -to the Tor network (see Tor Documentation https://2019.www.torproject.org/docs/bridges [Archive.org] -and Whonix Documentation https://www.whonix.org/wiki/Bridges [Archive.org]). -Optionally, if you are able, you should (seriously!) consider running a -bridge https://blog.torproject.org/run-tor-bridges-defend-open-internet/ -[Archive.org] -yourself, as this would greatly help reduce the amount of censorship in -the world.

-

Bridges are special Tor entry nodes that are not listed on the Tor -public directory. Some of those are running on people running the -Snowflake Browser extension538 while others are -running on various servers around the world. Most of those bridges are -running some type of obfuscation method called obfs4539.

-

Only available for Desktop Tor users: Recently, the Tor Project -has made it incredibly simple to access Bridges with Connection -Assist, and it is now automatically done in hostile or censored -regions. Simply open the Tor Browser and the connection will be -configured based on your needs on any hostile network. Previously, we -had a list of options below this paragraph which were necessary to -enable and configure bridges, but now that this is done automatically -using moat. -[Archive.org]

-

Here is the definition from the Tor Browser Manual540: “obfs4 makes Tor traffic look -random and prevents censors from finding bridges by Internet scanning. -obfs4 bridges are less likely to be blocked than its predecessor, obfs3 -bridges”.

-

Some of those are called “Meek” bridges and are using a technique -called “Domain Fronting” where your Tor client (Tails, Tor Browser, -Whonix Gateway) will connect to a common CDN used by other services. To -a censor, it would appear you are connecting to a normal website such as -Microsoft.com. See https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek -for more information.

-

As per their definition from their manual: “meek transports make it -look like you are browsing a major web site instead of using Tor. -meek-azure makes it look like you are using a Microsoft web site”. -Snowflake bridges make it appear like your connections are phone calls -to random internet users. This is a type of “domain fronting” 541. See “domain -fronting” from the link in the previous paragraph for a detailed -explanation of these types of secret “bridges”.

-

Lastly, there are also bridges called Snowflake bridges that rely on -users running the snowflake extension in their browser to become -themselves entry nodes. See https://snowflake.torproject.org/ [Archive.org].

-

First, you should proceed with the following checklist to make sure -you cannot circumvent Tor Blocking (double-check) and try to use Tor -Bridges (https://bridges.torproject.org/ [Archive.org]):

-
    -
  • (Recommended if blocked but safe) Try to get an -obfs4 bridge in the Tor connection options.

  • -
  • (Recommended if blocked but safe) Try to get a -snowflake bridge in the Tor connection options.

  • -
  • (Recommended if hostile/risky environment) Try -to get a meek bridge in the Tor connection options (might be your only -option if you are for instance in China).

  • -
-
-image54 - -
-

(Illustration from Tor Browser Bridge Configuration)

-

If none of those build-in methods are working, you could try getting -a manual bridge either from:

- -

This website obviously could be blocked/monitored too so you could -instead (if you have the ability) ask someone to do this for you if you -have a trusted contact and some e2e encrypted messaging app.

-

Finally, you could also request a bridge request by e-mail to with the subject empty and the -body being: “get transport obfs4” or “get transport meek”. There is some -limitation with this method tho as it is only available from a Gmail -e-mail address or Riseup.

- -

Hopefully, these bridges should be enough to get you connected even -in a hostile environment.

-

If not, consider Appendix -P: Accessing the internet as safely as possible when Tor and VPNs are -not an option

-

Appendix Y: -Installing and using desktop Tor Browser

-

Installation:

-

This is valid for Windows, Linux, and macOS.

- -

Usage and Precautions:

-
    -
  • After opening Tor Browser, you will see an option to -Connect, a checkbox to Always connect -automatically and a button to Configure -connection. The Tor Network settings are there for you to -possibly configure Bridges to connect to Tor if you are experiencing -issues connecting to Tor due to Censorship or Blocking. As explained -here: Appendix X: -Using Tor bridges in hostile environments, this is now done -automatically by the Tor Browser on Desktop.
  • -
-
-image55 - -
-
    -
  • Personally, in the case of censorship or blocking, we would -recommend using Meek-Azure bridges if needed. And Snowflake bridges as a -second option.
  • -
-
-image56 - -
- -
-image57 - -
-
    -
  • Standard (the default):

    -
      -
    • All features are enabled (including JavaScript)
    • -
  • -
  • Safer:

    -
      -
    • JavaScript is disabled on non-HTTPS websites

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
  • Safest:

    -
      -
    • Javascript is disabled everywhere

    • -
    • Some fonts and symbols are disabled

    • -
    • Any media playback is “click to play” (disabled by -default)

    • -
  • -
-

We would recommend the “Safest” level by default. The “Safer” level -should be enabled if you think you need access to a website not working -without JavaScript. The Safest mode will most likely break many websites -that rely actively on JavaScript.

-

If you are extra paranoid, use the “Safest” level by default and -consider downgrading to Safer is the website is unusable because of -Javascript blocking.

-

Optional and not recommended by the Tor Project: If -you are not using the “Safest” level, we will diverge from some but -agree with others (for instance the Tails project and others542) and will actually recommend some -modifications of the default Tor Browser in the addition of two -extensions:

- -

Let’s keep in mind that even 3 letters agencies recommend blocking -ads for their internal users in order to improve security543.

-

If you did not go for the above personal and not officially -recommended options, the Safer level should still be used with -some extra precautions while using some websites: see Appendix -A5: Additional browser precautions with JavaScript enabled.

-

Now, you are really done, and you can now surf the web anonymously -from your desktop device.

-

Appendix -Z: Online anonymous payments using cryptocurrencies

-

There are many services that you might want to use (VPS hosting, mail -hosting, domain names…) but require payment of some kind.

-

As mentioned before in this guide multiple times, we strongly -recommend the use of services accepting cash (that you could send -anonymously through the postal services) or Monero which you can buy and -use directly and safely.

-
    -
  • But what if the service you want does not accept Monero but does -accept a more mainstream cryptocurrency such as Bitcoin (BTC) or -Ethereum (ETH)?
  • -
-

Bitcoin and other “mainstream cryptocurrencies” are not -anonymous at all (Remember Your Cryptocurrencies -transactions) and you should never ever purchase, for example, -Bitcoin from an exchange and then use these directly for purchasing -services anonymously. This will not work, and the transaction can be -traced easily.

-
    -
  • Stay away from so-called “private” mixers, tumblers and -coinjoiners. You might think this is a good idea, but not only -are they useless with cryptocurrencies such as BTC/ETH/LTC, they are -also dangerous. They take custody of your coins. Use Monero to anonymize -your crypto. Do not use a normal KYC-enabled exchange to buy/sell your -Monero (such as Kraken), since this information on your purchases and -withdrawals (for intended use) are retained in the exchange. Instead, -use a P2P exchange that doesn’t require KYC such as what can be found on -https://kycnot.me/.

  • -
  • See Warning -about special tumbling, mixing, coinjoining privacy wallets and -services.

  • -
-

Using Bitcoin anonymously -option:

-

Despite this, it is possible to safely anonymize Bitcoin through the -use of non-custodial collaborative transactions and privacy-preserving -spending tools. This is possible with a protocol called ZeroLink -and an implementation called Whirlpool which as two clients that utilize -it and provide the necessary spending tools, detailed below. So, you -might be wondering how? Well, it is actually pretty simple:

-
    -
  1. Purchase Bitcoin at a non-KYC exchange (such as one found on https://kycnot.me/)

  2. -
  3. Create a wallet with Samourai Wallet (Android) or -Sparrow Wallet (Desktop). -Both of these use the Whirlpool protocol to gain the user forward-facing -on-chain privacy on Bitcoin.

  4. -
  5. Deposit coins into the wallet and follow the relevant -instructions (Samourai, Sparrow) -to remove their historic links.

  6. -
  7. Funds should only be spent from the Postmix account, as that is -the account with the coins that have gained anonymity through -Whirlpool.

  8. -
-
    -
  • You should run your own node when using Bitcoin and always -use that for connecting from your wallet. You do not need to purchase -separate hardware to do so, and it’s simple to do so by using the Tor -Network as well.
  • -
-

Using Monero anonymously -option:

-
    -
  1. Purchase Monero at a non-KYC exchange (such as one found on https://kycnot.me/)

  2. -
  3. Create a Monero wallet on one of your anonymized VMs (for -example, on the Whonix Workstation which includes a Monero GUI wallet -natively or using the Monero GUI wallet from https://www.getmonero.org/downloads/ on other -OSes)

  4. -
  5. Transfer your Monero from the wallet from which you bought it to -the wallet on your VM. We cannot stress enough how import it is to have -two separate wallets for this process, even for handling -Monero.

  6. -
  7. On the same VM (for instance again the Whonix Workstation), -create a Bitcoin Wallet (again this is provided natively within the -Whonix Workstation)

  8. -
  9. From an anonymized browser (such as Tor Browser), use a non-KYC -(Know Your Customer) service swapping service (see Appendix -A8: Crypto Swapping Services without Registration and KYC) and -convert your Monero to BTC and transfer those to the BTC Wallet you have -on your anonymized VM

  10. -
  11. You should now have an anonymized Bitcoin wallet that can be used -for purchasing services that do not accept Monero.

  12. -
-

You should never access this wallet from a non-anonymized -environment. Always use well-thought OPSEC with your BTC transactions. -Remember those can be traced back to you.

-

The origin of those BTC cannot be traced back to your real identity -due to the use of Monero unless Monero is broken or if -you consolidate outputs from spending at separate merchants. It is -recommended to use privacy preserving wallets in the Bitcoin section. -Please do read Appendix B2: -Monero Disclaimer.

-

Regarding Zcash: this section previously included use of -Zcash but it has been removed in light of newer, more accurate -information.

-

Warning -about special tumbling, mixing, coinjoining privacy wallets and -services: Wikiless Archive.org

-

Centralized “private” tumblers, mixers and coinjoiners are not -recommended since they do not provide anonymity in a way that truly -unlinks an output from its history. Here are some references about this -issue:

- -

Mixing BTC in this way should prevent any chain analysis on future -transactions. This will not however hide any past transactions -or the fact you purchased BTC from a KYC exchange. Instead we recommend -to use Bitcoin wallets that utilize Whirlpool or Monero (preferred).

-

When converting from BTC to -Monero:

-

Now, as part of any process above, if you want to convert BTC -back to Monero, we recommend not using a swapping service but -instead recommend using the new Monero Atomic Swap Tool: https://unstoppableswap.net/. This will prevent -unnecessary fees and intermediates when using a commercial swapping -service. The website is self-explanatory with detailed instructions for -all OSes.

-

Appendix A1: -Recommended VPS hosting providers

-

We will only recommend providers that accept Monero as payment and -here is my personal shortlist:

- -

Also consider these lists:

- -

Lastly, you could pick one (at your own risk) from the list here that -does accept Monero: https://www.getmonero.org/community/merchants/#hosting -[Archive.org]

-

Please do read Appendix B2: Monero -Disclaimer.

-

If the service does not accept Monero but does accept BTC, consider -the following appendix: Appendix Z: -Paying anonymously online with BTC.

-

Appendix -A2: Guidelines for passwords and passphrases

-

My opinion (and the one of many544545546547548549) is that passphrases are generally -better than passwords. So instead of thinking of better passwords, -forget them altogether and use passphrases instead (when possible). Or -just use a password manager with very long passwords (such as KeePassXC, -the preferred password manager in this guide).

-

The well-known shown-below XKCD https://xkcd.com/936/ [Archive.org] -is still valid despite some people disputing it (See https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength -[Archive.org]). -Yes, it is quite old now and is a little bit outdated and might be -misinterpreted. But generally, it is still valid and a good argument for -using passphrases instead of passwords.

-
-image58 - -
-

(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC -2.5)

-

Here are some recommendations (based on Wikipedia550):

-
    -
  • Long enough to be hard to guess (typically four words is a -minimum, five or more is better).

  • -
  • Not a famous quotation from literature, holy books, et -cetera.

  • -
  • Hard to guess by intuition—even by someone who knows the user -well.

  • -
  • Easy to remember and type accurately.

  • -
  • For better security, any easily memorable encoding at the user’s -own level can be applied.

  • -
  • Not reused between sites, applications, and other different -sources.

  • -
  • Do not use only “common words” (like “horse” or -“correct”)

  • -
-

Here is a nice website showing you some examples and guidelines: https://www.useapassphrase.com/

-

Watch this insightful video by Computerphile: https://www.youtube.com/watch?v=3NjQ9b3pgIg [Invidious]

-

Use a different one for each service/device if possible. Do -not make it easy for an adversary to access all your information because -you used the same passphrase everywhere.

-

You might ask how? Simple: use a password manager such as the -recommended KeePassXC. Only remember the passphrase to unlock the -database and then store everything else in the KeePassXC database. -Within KeePassXC you can then create extremely long passwords (30+ -random characters) for each different service.

-

Appendix A3: Search Engines

-

Which search engine to pick in your VMs?

-

We will not go into too many details. Just pick one from -PrivacyGuides.org (https://www.privacyguides.org/search-engines/ [Archive.org]).

-

Personally, my favorites are:

- -

Note that some of those have a convenient “.onion” address:

- -

In the end, we were often not satisfied with the results of both -those search engines and still ended up on Bing or Google.

-

Appendix A4: -Counteracting Forensic Linguistics

-

Note that this information is taken and adapted from a Dread -Post available here: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/aad54fe83b33a8a45920/

-

No plagiarism is intended but some important adaptations and -modifications have been made to improve the source post in various -ways.

-

Introduction:

-

Stylometry is our personal and unique writing style. No matter who -you are, you have a unique finger printable, and traceable writing -style. This has been understood for a while now, and a branch of -forensics is built off of this principle: forensic linguistics. In this -field, the particular name for forensic linguistics applied to internet -crime is called “Writeprint”. Writeprint primarily aims to determine -author identification over the internet by comparing a suspect’s text to -a known collection of writer invariant (normally written) texts, and -even without comparison texts, this forensic technique can yield -personal information about an author such as gender, age, and -personality.

-

What -does an adversary look for when examining your writing?

-
    -
  1. Lexical features: analysis of word choice.

  2. -
  3. Syntactic features: analysis of writing style, sentence -structure, punctuation, and hyphenation.

  4. -
  5. Structural features: analysis of structure and organization of -writing.

  6. -
  7. Content-specific words: analysis of contextually significant -writing such as acronyms.

  8. -
  9. Idiosyncratic features: analysis of grammatical errors, this is -the most important factor to consider because it provides relatively -high accuracy in author identification

  10. -
-

Examples:

-

You might think that this is not something that an adversary pays -attention to? Think again! There have been multiple cases where -adversaries such as law enforcement have used Writeprint techniques to -help catch and sentence people. Here are some examples:

- -

Do not use the same writing style for your sensitive activities as -for your normal activities. In particular, pay close attention to your -use of common phrases, and punctuations. Also, as a side note: limit the -amount of reference material that an adversary can use as comparison -text, you do not want to find yourself in trouble because of your -political Twitter post, or that Reddit post you made years ago, do -you?

-
    -
  • Here is another example from the book American Kingpin, about how a -DEA agent investigated the writing style of DPR (Dread Pirate Roberts -a.k.a Ross Ulbricht, founder of the Silk Road Dark Market) from a unique -perspective: For one, Ross Ulbricht used the word “epic” a lot, which -showed that he was likely young. He also used emoji smiley faces in his -writing, though he never used a hyphen as the nose, writing them as “:)” -rather than the old-fashioned “:-)”. Yet the one attribute about -Ulbricht that stood out was that rather than writing “yes” or “yeah” on -the site’s forums, Ulbricht instead always typed “yea”.
  • -
-

Pay attention to the little things that might add up. If you usually -reply with “ok” to people, maybe try to reply with “okay” for your -sensitive activities. You should NEVER use words or phrases from your -sensitive activities (even if they are not in a public post) for normal -purposes, and vice versa. Ross Ulbricht used “frosty” as the name for -his Silk Road servers, and for his YouTube account, which helped -convince law enforcement that Dread Pirate Roberts was in fact, Ross -Ulbricht.

-

How to -counteract the efforts of your adversary:

-
    -
  1. Reduce the amount of comparison text for adversaries to compare -you with. This goes with having a small online footprint for your normal -activities.

  2. -
  3. Use a word processor (such as LibreWriter) to fix any -grammatical/spelling errors that you regularly encounter.

  4. -
  5. Reduce or change the idioms that you use while conducting -sensitive activities.

  6. -
  7. Understand how your identity affects your writing style: Is your -alias younger? Older? More educated? Or less educated? If your identity -is older, maybe speak in a more JRR Tolkien style of writing.

  8. -
  9. Pay attention to how your slang and spelling might identify you. -If you are from the UK, you should say “maths”, but if you are from the -US you say “math”. It does not matter how you say “maths”, all that -matters is that it can be used to profile you. This also applies to -slang as many regions each have different and extremely particular -slang. You do not ask someone from the USA for a “rubber” and expect -them to give you an “eraser” as an example.

  10. -
  11. Pay attention to your use of emoticons and emojis. In the -previous example, the DEA agent was able to make a correct assumption -that Ulbricht was likely young because he did not use a hyphen when -making a smiley emoticon.

  12. -
  13. Pay attention to how you structure your writing. Do you use two -spaces after a period? Do you constantly use parenthesis in your -writing? Do you use the oxford comma?

  14. -
  15. Consider what symbols you use in your writing. Do you use €, £ or -$? Do you use “dd-mm-yyyy” or “mm-dd-yyyy” for dates? Do you use “08:00 -pm” or “20:00” for time?

  16. -
-

What -different linguistic choices could say about you:

-

Emoticons:

-
    -
  1. Russians for example use “)” instead of “:-)” or “:)” to express -a smiley face.

  2. -
  3. Scandinavians use “=)” instead of “:-)” or “:)” for a smiley -face.

  4. -
  5. Younger people generally do not use a hyphen in their smiley -faces and just use “:)”.

  6. -
-

Structural features:

-
    -
  1. Two spaces after a period give off the impression that you are -quite older because this is how typing was taught to people learning to -type with typewriters.

  2. -
  3. In the US people write numbers out with commas between numbers to -the left of the starting number and with periods between numbers to the -right of the starting number. This is in contrast to how people write -out numbers on the rest of the planet.

  4. -
-

US: 1,000.00$

-
-

Europe: 1.000,00€

-
-

Spelling slang and symbols:

-
    -
  1. Obviously, people in different nations use different slang. This -is even more pronounced when you use slang that is not as well known in -other places such as someone from the UK mentioning a “headmaster” when -in other nations it is referred to as a “principal”.

  2. -
  3. Spelling is another important factor that is similar to slang, -except it is harder to control. If you want to pretend that you are from -the USA, but you actually live in Australia, it only takes one time of -spelling “colour” as color to let people understand that something is -up.

  4. -
  5. Some people also spell words in a particular way that is not -regional for example you might spell “ax” as “axe” or vice -versa.

  6. -
  7. Of course, the symbols you use on your keyboard can give a lot of -information away, such as £’s or $’s.

  8. -
-

Techniques to prevent -writeprinting:

-

Here are some techniques in order of use:

-

Spelling and grammar -checking:

-

This helps prevent some fingerprinting done using your spelling and -grammar mistakes

-

Offline using a word -processor:

-

Use a word processor such as LibreWriter and use the spelling and -grammar checks features to fix mistakes you might have typed.

-

Online using an online -service:

-

If you do nothave a word processor available or don’t want to use -one, you can also use an online spelling and grammar checker such as -Grammarly (this requires an e-mail and an account creation).

-

Translation technique:

-

Disclaimer: a study archived here: https://web.archive.org/web/20181125133942/https://www.cs.drexel.edu/~sa499/papers/adversarial_stylometry.pdf -seems to indicate the translation technique is inefficient to prevent -stylometry. This step might be useless.

-

After being done with spelling and grammar fixes. Use a website or -software such as Google Translate (or for a more privacy-friendly -version, https://simplytranslate.org/) to translate between -several different languages before translating back to your original -language. These translations back and forth will alter your messages and -make fingerprinting more difficult.

-

Search and replace:

-

Finally, and optionally, add some salt by purposefully adding some -mistakes to your messages.

-

First decide upon a list of words that you frequently do not -misspell, maybe the words “grammatical”, “symbol”, and “pronounced” -(this list should include more words). Do not use an AutoCorrect -automatic replace option for this as it might correct when it does not -make sense. Instead, use Search and Replace and do this -manually for each word. Do not use “Replace All” either and -review each change. This is just the first step, for providing -misinformation against linguistic fingerprinting.

-

Next, find a list of words that you commonly use in your writing. Let -us say that we love to use contractions when wew rite, maybe we always -use words such as: “can’t”, “don’t”, “shouldn’t”, “won’t”, or “let’s”. -Well, maybe go into LibreWriter and use “Search and Replace” to replace -all contractions with the full versions of the words (“can’t” > -“cannot”, “don’t” > “do not”, “shouldn’t” > “should not”, “won’t” -> “will not”, “let’s” > “let us”). This can make a large -difference in your writing and give a difference in how people and most -importantly your adversaries perceive you. You can change most words to -be different, as an example you can change “huge” to “large”. Just make -sure these words fit with your identity.

-

Now, consider changing your words choices to fit a geographic -location. Maybe you live in the US, and you want to give the impression -that your identity is from the UK. For example, you can make use of -location-based spelling and lexicon. This is risky, and one mistake can -give it away.

-

First off, you need to decide where you want to give the impression -of your location. Here is an example to give off the impression that you -are from the US, or the UK. First, you will need to understand a thing -or two about where your identity is “from”, do not pretend that you are -from the UK, yet have no idea about it other than it exists.

-

After you have decided upon a good location that your identity is -from, research the differences in language between the two languages (in -this case between UK English and US English). Thanks to the internet, -this is quite easy, and you can find Wikipedia pages conveniently -highlighting the regional differences of a language between two nations. -Pay attention to how certain words are spelled (“metre” > “meter”) -and what words are exchanged with each other (“boot” > “trunk”). Now -that you have a list of words that can be exchanged with each other, and -a list of spelling that are different, use the “Search and Replace” in -your editor and change the words such as “colour” into “color”, and -“lorry” into “truck”. Again, do not use an AutoCorrect feature -or “Replace All” as some changes might not make sense. Review each -proposed change. As an example, if you were to use AutoCorrect or -“Replace all” on the word “boot” to change into “trunk”, this would make -perfect sense in the context of cars. But it would not make any sense in -the context of shoes.

-

Final advice:

-

Understand that you have to constantly think of what you type and how -you type while conducting sensitive activities.

-

Understand that altering your writing style for such purposes can -ultimately change your baseline writing style, ironically making your -writing traceable over longer periods.

-

Proofread yourself at least one time after you are done writing -anything to verify you made no mistakes in your process. Trust -(yourself) but verify anyway.

-

You might also consider the use of something like AnonyMouth https://web.archive.org/web/https://github.com/psal/anonymouth -[Archive.org] -which is a tool that you can use to anonymize your documents, developed -by PSAL, Drexel University’s Privacy, Security, and Automation -Laboratory https://psal.cs.drexel.edu/index.php/Main_Page [Archive.org]. -Such tools can prove invaluable.

- - -

Appendix -A5: Additional browser precautions with JavaScript enabled

-

To avoid Browser and User Fingerprinting through JavaScript but while -keeping JavaScript enabled, some additional safety measures should be -observed at least on some websites:

-

These recommendations are similar to the ones at the beginning of the -guide and especially valid for certain websites. Mostly, the -recommendation is to use privacy-friendly front-end instances and -alternative services for a variety of services:

- -

(Optional) Consider the use of the https://libredirect.github.io/ [Archive.org] -extension to automate the use of the above services.

-

Appendix A6: Mirrors

-

Find it online at:

- -

Appendix A7: Comparing -versions

-

If you want to compare an older version of the PDF with a newer -version, consider these online tools (note that we do not endorse those -tools in relation to their privacy policies, but it should not matter -since these PDFs are public):

- -

If you want to compare the older version of the ODT format with a -newer version, use the LibreWriter compare features as explained here: -https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html -[Archive.org]

-

Appendix -A8: Crypto Swapping Services without Registration and KYC

-

General Crypto Swapping:

-

Skip to next section for BTC to Monero. Do not use swapping -services for BTC to Monero.

-

Here is a small list of non-KYC crypto swapping services, remember -they all have a cost and fees:

- -

Consider having a look at https://kycnot.me/ which is an open-source project -listing non-KYC exchanges/swapping services (repository at https://codeberg.org/pluja/kycnot.me).

-

BTC to Monero only:

-

Do not use any swapping service, use their Atomic Swap -feature. See this Monero Atomic Swap Tool: https://unstoppableswap.net/.

-

This will prevent unnecessary fees and intermediates when using a -commercial swapping service. The website is self-explanatory with -detailed instructions for all OSes.

-

Appendix A9: Installing a -Zcash wallet:

-

Remember this should only be done on a secure environment such as VM -behind the Whonix Gateway.

-

Debian 11 VM:

- -

Ubuntu 20.04/21.04/21.10 VM:

-
    -
  • Load the Ubuntu VM

  • -
  • Open a browser

  • -
  • Go to the ZecWallet Lite Website to download the latest DEB -package https://www.zecwallet.co/#download

  • -
  • Open a Terminal window

  • -
  • Go to your download directory and run the following command (with -the updated downloaded version if needed), for example: -sudo apt install ./Zecwallet_Lite_1.7.5_amd64.deb

  • -
  • Click the upper left menu, find then launch ZecWallet -Lite

  • -
-

Windows 10/11 VM:

- -

Whonix Workstation 16 VM:

- -

Appendix -B1: Checklist of things to verify before sharing information:

-

Here is a checklist of things to verify before sharing information to -anyone:

- -

After curating the files for anything you want to leave out. -Double-check and even Triple check them. Then you could consider sending -them to an organization such as a press organization or -others.

-

Appendix B2: Monero -Disclaimer

-

First, please read this small introduction video to Monero: https://www.youtube.com/watch?v=H33ggs7bh8M [Invidious]

-

The anonymity of Monero depends on its crypto algorithms. If you do -use Monero from a KYC Exchange. You can be almost certain that you are -safe today. But you might not be in the long-term future if Monero -algorithms are ever broken551 (think Quantum -Computing). Do keep in mind that KYC regulations might force operators -(such as Crypto Exchanges) to keep your financial records for up to 10 -years and that you, therefore, need Monero algorithms to not be broken -for the next 10 years as well.

-

You may want to watch this insightful video for more details: https://www.youtube.com/watch?v=j02QoI4ZlnU [Invidious]

-

Also please consider reading: Privacy -Limitations in Anonymity Networks with Monero [Archive.org]

-

Use these at your own risk, sending cash payments to -providers accepting cash (through the postal service) is always a better -solution if/when possible.

-

Appendix B3: Threat -modeling resources

-

Here are various threat modeling resources if you want to go deeper -in threat modeling.

-

We recommend the LINDDUN https://www.linddun.org threat modeling method [Archive.org]: -- Researchers created an online tool to help make your threat model at -https://www.linddun.org/go [Archive.org]. -- It is synergistic with STRIDE below. - It is focused on privacy but is -clearly perfectly suitable for anonymity. - It is accessible to all -skill levels including beginners (providing many tutorials) but also -suitable for highly skilled readers. - It is used in the making of the -Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org/ [Archive.org]

-

LINDDUN threat modeling tutorials and resources: - We -recommend the following quick tutorial video from “The Hated One” -YouTube channel with the approval and review from LINDDUN designers: https://www.youtube.com/watch?v=6AXkJ3dot2s -[Invidious] to -get started. - More resources for deeper understanding and usage:

-
- You can read more here: [A Lightweight Approach to Privacy Threat Modeling](https://sion.info/assets/pdf/publications/WuytsIWPE2020.pdf)
-- Here are two videos from [Dr. K. Wuyts](https://www.semanticscholar.org/author/Kim-Wuyts/3190241) (imec-DistriNet, KU Leuven) explaining the process:
-    - [Privacy & prejudice: on privacy threat modeling misconceptions](https://www.youtube.com/watch?v=zI4SFyq_Xjw) <sup>[[Invidious]](https://yewtu.be/watch?v=zI4SFyq_Xjw)</sup>
-    - [Privacy Threat Model Using LINDDUN](https://www.youtube.com/watch?v=C9F8X1j9Zpg) <sup>[[Invidious]](https://yewtu.be/watch?v=C9F8X1j9Zpg>)</sup>
-

image59 (Illustration from LINDDUN2015)

-

Here are alternative resources and methodologies if LINDDUN doesn’t -suit you:

- -

Appendix -B4: Important notes about evil-maid and tampering

-

Your context needs to be taken into account.

-

Preventing an evil-maid attack attack or tampering might lead to bad -consequences. Your adversary might then resort to other means to obtain -the key.

-

On the other hand, allowing the attack but detecting it will not let -your adversary know that you are aware of the tampering. You can then -take steps safely to not reveal information and possibly leave.

-

See the Some last OPSEC -thoughts section for some tips.

-

Appendix B5: Types of CPU -attacks:

-

Select security issues plague many Intel CPUs, such as transient -execution attacks (formerly called speculative execution side channel -methods). Here you can check your CPU against affected micro-processors -with known bugs https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html -[Archive.org].

-

The Advanced Programmable Interrupt Controller (APIC) is an -integrated CPU component responsible for accepting, prioritizing, and -dispatching interrupts to logical processors (LPs). The APIC can operate -in xAPIC mode, also known as legacy mode, in which APIC configuration -registers are exposed through a memory-mapped I/O (MMIO) page.

-

Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that -leaks stale data from the microarchitecture without using a side -channel. It architecturally leaks stale data incorrectly returned by -reading undefined APIC-register ranges. This novel method was revealed -in the paper ÆPIC Leak: Architecturally Leaking Uninitialized Data -from the Microarchitecture which you can read here: Borrello2022AEPIC [Archive.org]

-

Model-specific registers (MSRs) and their configuration bits can also -be detected automatically on Intel and AMD CPUs: Kogler2022 [Archive.org]. -This allows an attacker (with heavy knowledge of CPU functionality) to -view information about the MSRs, which are essentially special CPU -registers allowing interaction with low-level CPU features and advanced -configuration of the CPU’s behavior. Modern x86 CPUs have hundreds of -these, which are usually documented very little and in increasingly less -verbosity over the past few years.

-

Some other microarchitecture -bugs:

-
    -
  • PLATYPUS [Archive.org] -- Software-based Power Side-Channel Attacks on x86, which shows how an -unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux -kernel and break kernel address-space layout randomization (KASLR).
  • -
  • SQUIP -[Archive.org] -- Scheduler Queue Usage via Interface Probing. All of AMD’s Zen CPUs are -vulnerable to a medium-severity flaw which can allow threat actors to -run side-channel attacks.
  • -
  • Hertzbleed -[Archive.org] -- Deducing cryptographic keys by analyzing power consumption has long -been an attack, but it’s not generally viable because measuring power -consumption is often hard. This new attack measures power consumption by -measuring time, making it easier to exploit.
  • -
  • Retbleed -[Archive.org] -- Retbleed focuses on return instructions, which are part of the -retpoline software mitigation against the speculative execution class of -attacks that became known starting early 2018, with Spectre.
  • -
  • Downfall [Archive.org] -- Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques -exploit the gather instruction to steal information -from SIMD -register buffers and victim processes.
  • -
  • Phantom -& Inception [Archive.org] -- Attacks that leak arbitrary data using seemingly “phantom” -instructions on AMD Zen CPUs; “[making] it take wrong actions based on -supposedly self conceived experiences”, an allusion to the Inception -movie, one we have made before.
  • -
-

Appendix B6: -Warning for using Orbot on Android

-

While this is often misunderstood, Orbot on Android does not make -your Tor-enabled apps go through Tor if you add them to the list. Orbot -is acting as a device-wide VPN (also known as a “transparent proxy”). -The list of apps using Orbot is a whitelist. This list will not make -some apps magically use Tor and unchecked ones use the clear-net. This -only ensures the device-wide VPN is using Tor to route traffic. This -means that Orbot can only control what app can access the VPN it -creates. Other apps will lose connectivity.

-

What is important to know is that, if you launch an app (or Android -does it automatically) while Orbot is not running, the app will just use -the normal network, without involving Orbot (with the exception of some -apps supporting a proxy Orbot).

-

Additionally, you should not be surprised by Tor Browser not working -when using Orbot in VPN mode, as the Tor design does not allow “Tor over -Tor” (you cannot re-enter the Tor network from a Tor exit node).

-

This is explained rather well by Alexander Færøy, who is a core -developer at the Tor Project, in their TorifyHOWTO: -Tor over Tor.

-

“When using a transparent proxy, it is possible to start a Tor -session from the client as well as from the transparent proxy (read the -warning!), creating a”Tor over Tor” scenario. Doing so produces -undefined and potentially unsafe behavior. In theory, however, you can -get six hops instead of three, but it is not guaranteed that you’ll get -three different hops - you could end up with the same hops, maybe in -reverse or mixed order. It is not clear if this is safe. It has never -been discussed. You can choose an entry/exit point, but you get the best -security that Tor can provide when you leave the route selection to Tor; -overriding the entry / exit nodes can mess up your anonymity in ways we -don’t understand. Therefore Tor over Tor usage is highly -discouraged.”

-

And from a -post on the Tor Stack Exchange:

-

“The danger (beyond the performance hit) which keeps me from running -Tor over Tor has to do with timing and congestion measurements. -Adversaries watching your traffic at the exit(s) of your circuits have a -better chance of linking your Whonix activity with your [Tor Browser -Bundle] activity when those shared circuits slow down or drop packets at -the same time. This can happen without Tor over Tor when your instances -use a common upstream link. The linkage will be made tighter and more -explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor -circuits. This tighter linkage raises the danger of successful -correlation.”

-

Appendix B7: -Caution about Session Messenger

-

Here are our reasons:

-
    -
  • The company is based in Australia which has very -unfavorable privacy laws.552553
  • -
  • They push their own cryptocurrency, Oxen, which creates a conflict -of interest.
  • -
  • They use LokiNet, which requires Oxen to run nodes to route Session -traffic, and it costs 15,000 $OXEN or 3,750 $OXEN for a shared node554, which is about ~$1,800 US dollars -or ~$500 US dollars, respectively. -
      -
    • The price of running nodes essentially puts their network behind a -paywall if you want to run a node, even just to contribute bandwidth to -the network like you might with Tor. But there is a stakeless fork of -Lokinet.
    • -
    • Session’s developers claim this to be an attempt to prevent sybil attacks, but -many have argued that this only encourages such attacks; by doing so, -guaranteeing only governments and other well-funded organizations (the -people these networks normally try to protect against) will ever have -the financial resources to run nodes. (Eh, it’s all pretty debatable. -But $OXEN is privacy-focused.)
    • -
  • -
  • They dropped critical security features of their protocol (perfect -forward secrecy (PFS) and deniability)555 -in favor of long-term message keys and self-deleting cryptographic -signatures, which provide much weaker security guarantees. 556 -
      -
    • This might not be as bad, if the nodes are free to run, but -they’re not.
    • -
  • -
  • Session has been audited557 with satisfactory -results, but that audit does not mention these changes. We also -currently lack sufficient information on LokiNet (the onion routing -network used by Session) to endorse it. Session is still recommended by -some, for example Techlore.558
  • -
  • Their funding is completely opaque.
  • -
-

In short, our opinion is that you may use Session Messenger on iOS -due to the absence of a better alternative (such as Briar). But if Briar -or another app (maybe Cwtch in the future) becomes available, we will -recommend going away from Session messenger as soon as possible. It is a -last resort.

-
-

References:

-
-
-
    -
  1. English translation of German -Telemedia Act https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf -[Archive.org]. -Section 13, Article 6, “The service provider must enable the use of -Telemedia and payment for them to occur anonymously or via a pseudonym -where this is technically possible and reasonable. The recipient of the -service is to be informed about this possibility.”.↩︎

  2. -
  3. Wikipedia, Real-Name System Germany -https://en.wikipedia.org/wiki/Real-name_system#Germany -[Wikiless] -[Archive.org]↩︎

  4. -
  5. Wikipedia, Don’t be evil https://en.wikipedia.org/wiki/Don%27t_be_evil [Wikiless] -[Archive.org]↩︎

  6. -
  7. YouTube, WarGames - “The Only Winning -Move” https://www.youtube.com/watch?v=6DGNZnfKYnU [Invidious]↩︎

  8. -
  9. Wikipedia, OSINT https://en.wikipedia.org/wiki/Open-source_intelligence -[Wikiless] -[Archive.org]↩︎

  10. -
  11. YouTube Internet Historian Playlist, -HWNDU https://www.youtube.com/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY -[Invidious]↩︎

  12. -
  13. Wikipedia, 4chan https://en.wikipedia.org/wiki/4chan [Wikiless] [Archive.org]↩︎

  14. -
  15. PIA, See this good article on the -matter https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/ -[Archive.org] -(disclaimer: this is not an endorsement or recommendation for this -commercial service).↩︎

  16. -
  17. Medium.com, Privacy, Blockchain and -Onion Routing https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841 -[Scribe.rip] -[Archive.org]↩︎

  18. -
  19. This World of Ours, James Mickens https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf -[Archive.org]↩︎

  20. -
  21. XKCD, Security https://xkcd.com/538/ -[Archive.org]↩︎

  22. -
  23. Wikipedia, Threat Model https://en.wikipedia.org/wiki/Threat_model [Wikiless] -[Archive.org]↩︎

  24. -
  25. Bellingcat https://www.bellingcat.com/ [Archive.org]↩︎

  26. -
  27. Wikipedia, Doxing https://en.wikipedia.org/wiki/Doxing [Wikiless] [Archive.org]↩︎

  28. -
  29. YouTube, Internet Historian, The -Bikelock Fugitive of Berkeley https://www.youtube.com/watch?v=muoR8Td44UE [Invidious]↩︎

  30. -
  31. This World of Ours, James Mickens https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf -[Archive.org]↩︎

  32. -
  33. BBC News, Tor Mirror https://www.bbc.com/news/technology-50150981 [Archive.org]↩︎

  34. -
  35. GitHub, Real World Onion websites https://github.com/alecmuffett/real-world-onion-sites -[Archive.org] -(updated extremely often)↩︎

  36. -
  37. Tor Project, Who Uses Tor https://2019.www.torproject.org/about/torusers.html.en -[Archive.org]↩︎

  38. -
  39. Whonix Documentation, The importance -of Anonymity https://www.whonix.org/wiki/Anonymity [Archive.org]↩︎

  40. -
  41. Geek Feminism https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F -[Archive.org]↩︎

  42. -
  43. Tor Project, Tor Users https://2019.www.torproject.org/about/torusers.html.en -[Archive.org]↩︎

  44. -
  45. PrivacyHub, Internet Privacy in the -Age of Surveillance https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/ -[Archive.org]↩︎

  46. -
  47. PIA Blog, 50 Key Stats About Freedom -of the Internet Around the World https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/ -[Archive.org]↩︎

  48. -
  49. Wikipedia, IANAL https://en.wikipedia.org/wiki/IANAL [Wikiless] [Archive.org]↩︎

  50. -
  51. Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust,_but_verify [Wikiless] -[Archive.org]↩︎

  52. -
  53. Wikipedia, Zero-trust Security Model -https://en.wikipedia.org/wiki/Zero_trust_security_model -[Wikiless] -[Archive.org]↩︎

  54. -
  55. Wikipedia, IP Address https://en.wikipedia.org/wiki/IP_address [Wikiless] [Archive.org]↩︎

  56. -
  57. Wikipedia; Data Retention https://en.wikipedia.org/wiki/Data_retention [Wikiless] -[Archive.org]↩︎

  58. -
  59. Wikipedia, Tor Anonymity Network https://en.wikipedia.org/wiki/Tor_(anonymity_network) -[Wikiless] -[Archive.org]↩︎

  60. -
  61. Wikipedia, VPN https://en.wikipedia.org/wiki/Virtual_private_network -[Wikiless] -[Archive.org]↩︎

  62. -
  63. Ieee.org, Anonymity Trilemma: Strong -Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two https://ieeexplore.ieee.org/document/8418599 [Archive.org]↩︎

  64. -
  65. Wikipedia, DNS https://en.wikipedia.org/wiki/Domain_Name_System [Wikiless] -[Archive.org]↩︎

  66. -
  67. Wikipedia, DNS Blocking https://en.wikipedia.org/wiki/DNS_blocking [Wikiless] -[Archive.org]↩︎

  68. -
  69. CensoredPlanet https://censoredplanet.org/ [Archive.org]↩︎

  70. -
  71. Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack -[Wikiless] -[Archive.org]↩︎

  72. -
  73. ArXiv, Characterizing Smart Home IoT -Traffic in the Wild https://arxiv.org/pdf/2001.08288.pdf [Archive.org]↩︎

  74. -
  75. Labzilla.io, Your Smart TV is -probably ignoring your Pi-Hole https://labzilla.io/blog/force-dns-pihole [Archive.org]↩︎

  76. -
  77. Wikipedia, DNS over HTTPS: https://en.wikipedia.org/wiki/DNS_over_HTTPS [Wikiless] -[Archive.org]↩︎

  78. -
  79. Wikipedia, DNS over TLS, https://en.wikipedia.org/wiki/DNS_over_TLS [Wikiless] -[Archive.org]↩︎

  80. -
  81. Wikipedia, Pi-Hole https://en.wikipedia.org/wiki/Pi-hole [Wikiless] [Archive.org]↩︎

  82. -
  83. Wikipedia, SNI https://en.wikipedia.org/wiki/Server_Name_Indication -[Wikiless] -[Archive.org]↩︎

  84. -
  85. Wikipedia, ECH https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello -[Wikiless] -[Archive.org]↩︎

  86. -
  87. Wikipedia, eSNI https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello -[Wikiless] -[Archive.org]↩︎

  88. -
  89. Usenix.org, On the Importance of -Encrypted-SNI (ESNI) to Censorship Circumvention https://www.usenix.org/system/files/foci19-paper_chai_0.pdf -[Archive.org]↩︎

  90. -
  91. Wikipedia, CDN https://en.wikipedia.org/wiki/Content_delivery_network -[Wikiless] -[Archive.org]↩︎

  92. -
  93. Cloudflare, Good-bye ESNI, hello -ECH! https://blog.cloudflare.com/encrypted-client-hello/ -[Archive.org]↩︎

  94. -
  95. ZDNET, Russia wants to ban the use -of secure protocols such as TLS 1.3, DoH, DoT, ESNI https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/ -[Archive.org]↩︎

  96. -
  97. ZDNET, China is now blocking all -encrypted HTTPS traffic that uses TLS 1.3 and ESNI https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ -[Archive.org]↩︎

  98. -
  99. Wikipedia, OCSP https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol -[Wikiless] -[Archive.org]↩︎

  100. -
  101. Madaidans Insecurities, Why -encrypted DNS is ineffective https://madaidans-insecurities.github.io/encrypted-dns.html -[Archive.org]↩︎

  102. -
  103. Wikipedia, OCSP Stapling https://en.wikipedia.org/wiki/OCSP_stapling [Wikiless] -[Archive.org]↩︎

  104. -
  105. Chromium Documentation, CRLSets https://dev.chromium.org/Home/chromium-security/crlsets -[Archive.org]↩︎

  106. -
  107. ZDNet, Chrome does certificate -revocation better https://www.zdnet.com/article/chrome-does-certificate-revocation-better/ -[Archive.org]↩︎

  108. -
  109. KUL, Encrypted DNS=⇒Privacy? A -Traffic Analysis Perspective https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf -[Archive.org]↩︎

  110. -
  111. ResearchGate, Oblivious DNS: -Practical Privacy for DNS Queries https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries -[Archive.org]↩︎

  112. -
  113. Nymity.ch, The Effect of DNS on -Tor’s Anonymity https://nymity.ch/tor-dns/ [Archive.org]↩︎

  114. -
  115. Wikipedia, RFID https://en.wikipedia.org/wiki/Radio-frequency_identification -[Wikiless] -[Archive.org]↩︎

  116. -
  117. Wikipedia, NFC https://en.wikipedia.org/wiki/Near-field_communication -[Wikiless] -[Archive.org]↩︎

  118. -
  119. Samsonite Online Shop, RFID -accessories https://shop.samsonite.com/accessories/rfid-accessories/ -[Archive.org]↩︎

  120. -
  121. Google Android Help, Android -Location Services https://support.google.com/accounts/answer/3467281?hl=en -[Archive.org]↩︎

  122. -
  123. Apple Support, Location Services and -Privacy https://support.apple.com/en-us/HT207056 [Archive.org]↩︎

  124. -
  125. 2016 International Conference on -Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs -for crowd localization http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf -[Archive.org]↩︎

  126. -
  127. Southeast University of Nanjing, -Probe Request Based Device Identification Attack and Defense https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/ -[Archive.org]↩︎

  128. -
  129. Medium.com, The Perils of Probe -Requests https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5 -[Scribe.rip] -[Archive.org]↩︎

  130. -
  131. State University of New York, -Towards 3D Human Pose Construction Using Wi-Fi https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf -[Archive.org]↩︎

  132. -
  133. Digi.Ninja, Jasager https://digi.ninja/jasager/ [Archive.org]↩︎

  134. -
  135. Hak5 Shop, Wi-Fi Pineapple https://shop.hak5.org/products/wifi-pineapple [Archive.org]↩︎

  136. -
  137. Wikipedia, Deautentication Attack https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack -[Wikiless] -[Archive.org]↩︎

  138. -
  139. Wikipedia, Capture Portal https://en.wikipedia.org/wiki/Captive_portal [Wikiless] -[Archive.org]↩︎

  140. -
  141. HackerFactor Blog, Deanonymizing Tor -Circuits https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html -[Archive.org]↩︎

  142. -
  143. KU Leuven, Website Fingerprinting -through Deep Learning https://distrinet.cs.kuleuven.be/software/tor-wf-dl/ -[Archive.org]↩︎

  144. -
  145. KU Leuven, Deep Fingerprinting: -Undermining Website Fingerprinting Defenses with Deep Learning https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf -[Archive.org]↩︎

  146. -
  147. Internet Society, Website -Fingerprinting at Internet Scale https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf -[Archive.org]↩︎

  148. -
  149. KU Leuven, A Critical Evaluation of -Website Fingerprinting Attacks https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf -[Archive.org]↩︎

  150. -
  151. DailyDot, How Tor helped catch the -Harvard bomb threat suspect https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/ -[Archive.org]↩︎

  152. -
  153. ArsTechnica, How the NSA can break -trillions of encrypted Web and VPN connections https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ -[Archive.org]↩︎

  154. -
  155. Wikipedia, Sybil Attack https://en.wikipedia.org/wiki/Sybil_attack [Wikiless] -[Archive.org]↩︎

  156. -
  157. ArsTechnica, Does Tor provide more -benefit or harm? New paper says it depends https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/ -[Archive.org]↩︎

  158. -
  159. ResearchGate, The potential harms of -the Tor anonymity network cluster disproportionately in free countries -https://www.pnas.org/content/early/2020/11/24/2011893117 -[Archive.org]↩︎

  160. -
  161. CryptoEngineering, How does Apple -(privately) find your offline devices? https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ -[Archive.org]↩︎

  162. -
  163. Apple Support https://support.apple.com/en-us/HT210515 [Archive.org]↩︎

  164. -
  165. XDA, Samsung’s Find My Mobile app -can locate Galaxy devices even when they’re offline https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/ -[Archive.org]↩︎

  166. -
  167. Apple Support, If your Mac is lost -or stolen https://support.apple.com/en-us/HT204756 [Archive.org]↩︎

  168. -
  169. Wikipedia, BLE https://en.wikipedia.org/wiki/Bluetooth_Low_Energy -[Wikiless] -[Archive.org]↩︎

  170. -
  171. Cryptography Engineering Blog, How -does Apple (privately) find your offline devices? https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ -[Archive.org]↩︎

  172. -
  173. Wikipedia, IMEI https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity -[Wikiless] -[Archive.org]↩︎

  174. -
  175. Wikipedia, IMSI https://en.wikipedia.org/wiki/International_mobile_subscriber_identity -[Wikiless] -[Archive.org]↩︎

  176. -
  177. Android Documentation, Device -Identifiers https://source.android.com/devices/tech/config/device-identifiers -[Archive.org]↩︎

  178. -
  179. Google Privacy Policy, Look for IMEI -https://policies.google.com/privacy/embedded?hl=en-US -[Archive.org]↩︎

  180. -
  181. Wikipedia, IMEI and the Law https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law -[Wikiless] -[Archive.org]↩︎

  182. -
  183. Bellingcat, The GRU Globetrotters: -Mission London https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/ -[Archive.org]↩︎

  184. -
  185. Bellingcat,“V” For “Vympel”: FSB’s -Secretive Department “V” Behind Assassination Of Georgian Asylum Seeker -In Germany https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/ -[Archive.org]↩︎

  186. -
  187. Wikipedia, CCTV https://en.wikipedia.org/wiki/Closed-circuit_television -[Wikiless] -[Archive.org]↩︎

  188. -
  189. Apple, Transparency Report, Device -Requests https://www.apple.com/legal/transparency/device-requests.html -[Archive.org]↩︎

  190. -
  191. The Intercept, How Cops Can Secretly -Track Your Phone https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/ -[Tor -Mirror] [Archive.org]↩︎

  192. -
  193. Wikipedia, IMSI Catcher https://en.wikipedia.org/wiki/IMSI-catcher [Wikiless] -[Archive.org]↩︎

  194. -
  195. Wikipedia, Stingray https://en.wikipedia.org/wiki/Stingray_phone_tracker -[Wikiless] -[Archive.org]↩︎

  196. -
  197. Gizmodo, Cops Turn to Canadian -Phone-Tracking Firm After Infamous ‘Stingrays’ Become ‘Obsolete’ https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778 -[Archive.org]↩︎

  198. -
  199. Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack -[Wikiless] -[Archive.org]↩︎

  200. -
  201. Purism, Librem 5 https://shop.puri.sm/shop/librem-5/ [Archive.org]↩︎

  202. -
  203. Wikipedia, MAC Address https://en.wikipedia.org/wiki/MAC_address [Wikiless] -[Archive.org]↩︎

  204. -
  205. Acyclica Road Trend Product Sheet, -https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf -[Archive.org]↩︎

  206. -
  207. ResearchGate, Tracking Anonymized -Bluetooth Devices https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf -[Archive.org]↩︎

  208. -
  209. Wikipedia, CPU https://en.wikipedia.org/wiki/Central_processing_unit -[Wikiless] -[Archive.org]↩︎

  210. -
  211. Wikipedia, Intel Management Engine -https://en.wikipedia.org/wiki/Intel_Management_Engine -[Wikiless] -[Archive.org]↩︎

  212. -
  213. Wikipedia, AMD Platform Security -Processor https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor -[Wikiless] -[Archive.org]↩︎

  214. -
  215. Wikipedia, IME, Security -Vulnerabilities https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities -[Wikiless] -[Archive.org]↩︎

  216. -
  217. Wikipedia, IME, Assertions that ME -is a backdoor https://en.wikipedia.org/wiki/Intel_Management_Engine#Assertions_that_ME_is_a_backdoor -[Wikiless] -[Archive.org]↩︎

  218. -
  219. Wikipedia, IME, Disabling the ME https://en.wikipedia.org/wiki/Intel_Management_Engine#Disabling_the_ME -[Wikiless] -[Archive.org]↩︎

  220. -
  221. Libreboot, https://libreboot.org/ -[Archive.org] -/ Coreboot, https://www.coreboot.org/ [Archive.org]↩︎

  222. -
  223. Trinity College Dublin, Mobile -Handset Privacy: Measuring The Data iOS and Android Send to Apple And -Google https://www.scss.tcd.ie/doug.leith/apple_google.pdf -[Archive.org]↩︎

  224. -
  225. Apple, Differential Privacy White -Paper https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf -[Archive.org]↩︎

  226. -
  227. Wikipedia, Differential Privacy https://en.wikipedia.org/wiki/Differential_privacy -[Wikiless] -[Archive.org]↩︎

  228. -
  229. Continuing Ed, The All-Seeing “i”: -Apple Just Declared War on Your Privacy https://edwardsnowden.substack.com/p/all-seeing-i -[Archive.org]↩︎

  230. -
  231. Trinity College Dublin, Mobile -Handset Privacy: Measuring The Data iOS and Android Send to Apple And -Google https://www.scss.tcd.ie/doug.leith/apple_google.pdf -[Archive.org]↩︎

  232. -
  233. Reuters, Exclusive: Apple dropped -plan for encrypting backups after FBI complained – sources https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT -[Archive.org]↩︎

  234. -
  235. ZDnet, I asked Apple for all my -data. Here’s what was sent back https://www.zdnet.com/article/apple-data-collection-stored-request/ -[Archive.org]↩︎

  236. -
  237. De Correspondent, Here’s how we -found the names and addresses of soldiers and secret agents using a -simple fitness app https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27 -[Archive.org]↩︎

  238. -
  239. Website Planet, Report: Fitness -Tracker Data Breach Exposed 61 Million Records and User Data Online https://www.websiteplanet.com/blog/gethealth-leak-report/ -[Archive.org]↩︎

  240. -
  241. Wired, The Strava Heat Map and the -End of Secrets https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/ -[Archive.org]↩︎

  242. -
  243. Bellingcat, How to Use and -Interpret Data from Strava’s Activity Map https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/ -[Archive.org]↩︎

  244. -
  245. The Guardian, Fitness tracking app -Strava gives away location of secret US army bases https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases -[Archive.org]↩︎

  246. -
  247. Telegraph, Running app reveals -locations of secret service agents in MI6 and GCHQ https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/ -[Archive.org]↩︎

  248. -
  249. Washington Post, Alexa has been -eavesdropping on you this whole time https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59 -[Archive.org]↩︎

  250. -
  251. Washington Post, What does your car -know about you? We hacked a Chevy to find out https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/ -[Archive.org]↩︎

  252. -
  253. Using Metadata to find Paul Revere -(https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ -[Archive.org])↩︎

  254. -
  255. Wikipedia, Google SensorVault, https://en.wikipedia.org/wiki/Sensorvault [Wikiless] -[Archive.org]↩︎

  256. -
  257. NRKBeta, My Phone Was Spying on Me, -so I Tracked Down the Surveillants https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/ -[Archive.org]↩︎

  258. -
  259. New York Times https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html -[Archive.org]↩︎

  260. -
  261. Sophos, Google data puts innocent -man at the scene of a crime https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/ -[Archive.org]↩︎

  262. -
  263. Wikipedia, Geofence Warrant https://en.wikipedia.org/wiki/Geo-fence_warrant [Wikiless] -[Archive.org]↩︎

  264. -
  265. Vice.com, Military Unit That -Conducts Drone Strikes Bought Location Data From Ordinary Apps https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard -[Archive.org]↩︎

  266. -
  267. TechCrunch, Google says geofence -warrants make up one-quarter of all US demands https://techcrunch.com/2021/08/19/google-geofence-warrants/ -[Archive.org]↩︎

  268. -
  269. TechDirt, Google Report Shows -‘Reverse Warrants’ Are Swiftly Becoming Law Enforcement’s Go-To -Investigative Tool https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml -[Archive.org]↩︎

  270. -
  271. Vice.com, Here’s the FBI’s Internal -Guide for Getting Data from AT&T, T-Mobile, Verizon https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon -[Archive.org]↩︎

  272. -
  273. Wikipedia, Room 641A https://en.wikipedia.org/wiki/Room_641A [Wikiless] [Archive.org]↩︎

  274. -
  275. Wikipedia, Edward Snowden https://en.wikipedia.org/wiki/Edward_Snowden [Wikiless] -[Archive.org]↩︎

  276. -
  277. Wikipedia, Permanent Record https://en.wikipedia.org/wiki/Permanent_Record_(autobiography) -[Wikiless] -[Archive.org]↩︎

  278. -
  279. Wikipedia, XKEYSCORE https://en.wikipedia.org/wiki/XKeyscore [Wikiless] [Archive.org]↩︎

  280. -
  281. ElectroSpaces, Danish military -intelligence uses XKEYSCORE to tap cables in cooperation with the NSA https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html -[Archive.org]↩︎

  282. -
  283. Wikipedia, MUSCULAR https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program) -[Archive.org]↩︎

  284. -
  285. Wikipedia, SORM https://en.wikipedia.org/wiki/SORM [Wikiless] [Archive.org]↩︎

  286. -
  287. Wikipedia, Tempora https://en.wikipedia.org/wiki/Tempora [Wikiless] [Archive.org]↩︎

  288. -
  289. Wikipedia, PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program) -[Wikiless] -[Archive.org]↩︎

  290. -
  291. Justsecurity, General Hayden https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/ -[Archive.org]↩︎

  292. -
  293. IDMB, The Social Dilemma https://www.imdb.com/title/tt11464826/ [Archive.org]↩︎

  294. -
  295. ArsTechnica, How the way you type -can shatter anonymity—even on Tor https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/ -[Archive.org]↩︎

  296. -
  297. Wikipedia, Stylometry https://en.wikipedia.org/wiki/Stylometry [Wikiless] [Archive.org]↩︎

  298. -
  299. Paul Moore Blog, Behavioral -Profiling: The password you can’t change. https://paul.reviews/behavioral-profiling-the-password-you-cant-change/ -[Archive.org]↩︎

  300. -
  301. Wikipedia, Sentiment Analysis https://en.wikipedia.org/wiki/Sentiment_analysis [Wikiless] -[Archive.org]↩︎

  302. -
  303. EFF, CoverYourTracks https://coveryourtracks.eff.org/ [Archive.org]↩︎

  304. -
  305. Berkeley.edu, On the Feasibility of -Internet-Scale Author Identification https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf -[Archive.org]↩︎

  306. -
  307. Forbes, Exclusive: Government -Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault -Victim’s Name, Address And Telephone Number https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users -[Archive.org]↩︎

  308. -
  309. FingerprintJS, Demo: Disabling -JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ -[Archive.org]↩︎

  310. -
  311. SecuredTouch Blog, Behavioral -Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics -[Archive.org]↩︎

  312. -
  313. Wikipedia, Captcha https://en.wikipedia.org/wiki/CAPTCHA [Wikiless] [Archive.org]↩︎

  314. -
  315. ArsTechnica, Stakeout: how the FBI -tracked and busted a Chicago Anon https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/ -[Archive.org]↩︎

  316. -
  317. Bellingcat MH17 - Russian GRU -Commander ‘Orion’ Identified as Oleg Ivannikov https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/ -[Archive.org]↩︎

  318. -
  319. Facebook Research, Deepface https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/ -[Archive.org]↩︎

  320. -
  321. Privacy News Online, Putting the -“face” in Facebook: how Mark Zuckerberg is building a world without -public anonymity https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/ -[Archive.org]↩︎

  322. -
  323. CNBC, “Facebook has mapped -populations in 23 countries as it explores satellites to expand -internet” https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html -[Archive.org]↩︎

  324. -
  325. MIT Technology Review, This is how -we lost control of our faces, https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/ -[Archive.org]↩︎

  326. -
  327. Bellingcat, Shadow of a Doubt: -Crowdsourcing Time Verification of the MH17 Missile Launch Photo https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/ -[Archive.org]↩︎

  328. -
  329. Brown Institute, Open-Source -Investigation, https://brown.columbia.edu/open-source-investigation/ -[Archive.org]↩︎

  330. -
  331. NewScientist, Facebook can -recognize you in photos even if you’re not looking https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/ -[Archive.org]↩︎

  332. -
  333. Google Patent, Techniques for -emotion detection and content delivery https://patentimages.storage.googleapis.com/2d/e4/fb/6cd2fb81899dcd/US20150242679A1.pdf -[Archive.org]↩︎

  334. -
  335. APNews, Chinese ‘gait recognition’ -tech IDs people by how they walk https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a -[Archive.org]↩︎

  336. -
  337. The Sun, New CCTV technology could -now identify you just by the WAY you walk and your body shape https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/ -[Archive.org]↩︎

  338. -
  339. City Security Magazine, Gait -recognition: a useful identification tool https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/ -[Archive.org]↩︎

  340. -
  341. Vice.com, Tech Companies Are -Training AI to Read Your Lips https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips -[Archive.org]↩︎

  342. -
  343. New Atlas, Eye tracking can reveal -an unbelievable amount of information about you https://newatlas.com/science/science/eye-tracking-privacy/ -[Archive.org]↩︎

  344. -
  345. TechCrunch, Facial recognition -reveals political party in troubling new research https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/ -[Archive.org]↩︎

  346. -
  347. Nature.com, Facial recognition -technology can expose political orientation from naturalistic facial -images https://www.nature.com/articles/s41598-020-79310-1.pdf -[Archive.org]↩︎

  348. -
  349. Slate https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html -[Archive.org]↩︎

  350. -
  351. The Conversation https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804 -[Archive.org]↩︎

  352. -
  353. The Verge https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy -[Archive.org]↩︎

  354. -
  355. ZDNET https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/ -[Archive.org]↩︎

  356. -
  357. CNET https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/ -[Archive.org]↩︎

  358. -
  359. Oosto https://oosto.com/ [Archive.org]↩︎

  360. -
  361. BuzzFeed.news, Surveillance Nation -https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition -[Archive.org]↩︎

  362. -
  363. Wired, Clearview AI Has New Tools -to Identify You in Photos https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/ -[Archive.org]↩︎

  364. -
  365. NEC, Neoface https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html -[Archive.org]↩︎

  366. -
  367. The Guardian, Met police deploy -live facial recognition technology https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology -[Archive.org]↩︎

  368. -
  369. YouTube, The Economist, China: -facial recognition and state control https://www.youtube.com/watch?v=lH2gMNrUuEY [Invidious]↩︎

  370. -
  371. CNN, Want your unemployment -benefits? You may have to submit to facial recognition first https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html -[Archive.org]↩︎

  372. -
  373. Washington Post, Huawei tested AI -software that could recognize Uighur minorities and alert police, report -says https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/ -[Archive.org]↩︎

  374. -
  375. The Intercept, How a Facial -Recognition Mismatch Can Ruin Your Life https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/ -[Tor -Mirror] [Archive.org]↩︎

  376. -
  377. Vice, Facial Recognition Failures -Are Locking People Out of Unemployment Systems https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems -[Archive.org]↩︎

  378. -
  379. BBC, WhatsApp photo drug dealer -caught by ‘groundbreaking’ work https://www.bbc.com/news/uk-wales-43711477 [Archive.org]↩︎

  380. -
  381. CNN, Drug dealer jailed after -sharing a photo of cheese that included his fingerprints https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html -[Archive.org]↩︎

  382. -
  383. Vice.com, Cops Got a Drug Dealer’s -Fingerprints From Photos of His Hand on WhatsApp https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers -[Archive.org]↩︎

  384. -
  385. Kraken Blog, https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/ -[Archive.org]↩︎

  386. -
  387. JUSTIA Patent, Identification of -taste attributes from an audio signal https://patents.justia.com/patent/10891948 [Archive.org]↩︎

  388. -
  389. PYMNTS, Iris Scan Serves As -Traveler ID At Dubai Airport https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/ -[Archive.org]↩︎

  390. -
  391. IMDB, Gattaca 1997, https://www.imdb.com/title/tt0119177/ [Archive.org]↩︎

  392. -
  393. IMDB, Person of Interest 2011 https://www.imdb.com/title/tt1839578 [Archive.org]↩︎

  394. -
  395. IMDB, Minority Report 2002, https://www.imdb.com/title/tt0181689 [Archive.org]↩︎

  396. -
  397. Wikipedia, Deepfake https://en.wikipedia.org/wiki/Deepfake [Wikiless] [Archive.org]↩︎

  398. -
  399. Econotimes, Deepfake Voice -Technology: The Good. The Bad. The Future https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278 -[Archive.org]↩︎

  400. -
  401. Wikipedia, Deepfake Events https://en.wikipedia.org/wiki/Deepfake#Example_events -[Wikiless] -[Archive.org]↩︎

  402. -
  403. Forbes, A Voice Deepfake Was Used -To Scam A CEO Out Of $243,000 https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/ -[Archive.org]↩︎

  404. -
  405. Joseph Steinberg, How To Prevent -Facial Recognition Technology From Identifying You https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/ -[Archive.org]↩︎

  406. -
  407. NIST, Face recognition accuracy -with masks using pre-COVID-19 algorithms https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf -[Archive.org]↩︎

  408. -
  409. BBC, Facial recognition identifies -people wearing masks https://www.bbc.com/news/technology-55573802 [Archive.org]↩︎

  410. -
  411. University of Wisconsin, Exploring -Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine -Learning in Computer Vision http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download -[Archive.org]↩︎

  412. -
  413. Wikipedia, Phishing https://en.wikipedia.org/wiki/Phishing [Wikiless] [Archive.org]↩︎

  414. -
  415. Wikipedia, Social Engineering https://en.wikipedia.org/wiki/Social_engineering_(security) -[Wikiless] -[Archive.org]↩︎

  416. -
  417. Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack -[Wikiless] -[Archive.org]↩︎

  418. -
  419. BBC, Spy pixels in emails have -become endemic https://www.bbc.com/news/technology-56071437 [Archive.org]↩︎

  420. -
  421. Vice, Facebook Helped the FBI Hack -a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez -[Archive.org]↩︎

  422. -
  423. Wikipedia, Exploit https://en.wikipedia.org/wiki/Exploit_(computer_security) -[Wikiless] -[Archive.org]↩︎

  424. -
  425. Wikipedia, Freedom Hosting https://en.wikipedia.org/wiki/Freedom_Hosting [Wikiless] -[Archive.org]↩︎

  426. -
  427. Wired, 2013 FBI Admits It -Controlled Tor Servers Behind Mass Malware Attack https://www.wired.com/2013/09/freedom-hosting-fbi/ -[Archive.org]↩︎

  428. -
  429. Wikipedia, 2020 United States -federal government data breach https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach -[Wikiless] -[Archive.org]↩︎

  430. -
  431. BBC, China social media: WeChat and -the Surveillance State https://www.bbc.com/news/blogs-china-blog-48552907 -[Archive.org]↩︎

  432. -
  433. The Intercept, Revealed: Massive -Chinese Police Database https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/ -[Tor -Mirror] [Archive.org]↩︎

  434. -
  435. Wikipedia, Sandbox https://en.wikipedia.org/wiki/Sandbox_(computer_security) -[Wikiless] -[Archive.org]↩︎

  436. -
  437. Wired, Why the Security of USB Is -Fundamentally Broken https://www.wired.com/2014/07/usb-security/ [Archive.org]↩︎

  438. -
  439. Wikipedia, Stuxnet https://en.wikipedia.org/wiki/Stuxnet [Wikiless] [Archive.org]↩︎

  440. -
  441. Superuser.com, How do I safely -investigate a USB stick found in the parking lot at work? https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work -[Archive.org]↩︎

  442. -
  443. The Guardian, Glenn Greenwald: how -the NSA tampers with US-made internet routers https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden -[Archive.org]↩︎

  444. -
  445. Wikipedia, Rootkit https://en.wikipedia.org/wiki/Rootkit [Wikiless] [Archive.org]↩︎

  446. -
  447. Wikipedia, Userspace https://en.wikipedia.org/wiki/User_space [Wikiless] [Archive.org]↩︎

  448. -
  449. Wikipedia, Firmware https://en.wikipedia.org/wiki/Firmware [Wikiless] [Archive.org]↩︎

  450. -
  451. Wikipedia, BIOS https://en.wikipedia.org/wiki/BIOS [Wikiless] [Archive.org]↩︎

  452. -
  453. Wikipedia, UEFI https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface -[Wikiless] -[Archive.org]↩︎

  454. -
  455. Bellingcat, Joseph Mifsud: Rush for -the EXIF https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/ -[Archive.org]↩︎

  456. -
  457. Zoom Support, Adding a watermark https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark -[Archive.org]↩︎

  458. -
  459. Zoom Support, Audio Watermark https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark -[Archive.org]↩︎

  460. -
  461. CreativeCloud Extension, IMATAG https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html -[Archive.org]↩︎

  462. -
  463. NexGuard, https://dtv.nagra.com/nexguard-forensic-watermarking -[Archive.org]↩︎

  464. -
  465. Vobile Solutions, https://www.vobilegroup.com/ [Archive.org]↩︎

  466. -
  467. Cinavia, https://www.cinavia.com/languages/english/pages/technology.html -[Archive.org]↩︎

  468. -
  469. Imatag, https://www.imatag.com/ -[Archive.org]↩︎

  470. -
  471. Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography [Wikiless] -[Archive.org]↩︎

  472. -
  473. IEEExplore, A JPEG compression -resistant steganography scheme for raster graphics images https://ieeexplore.ieee.org/document/4428921 [Archive.org]↩︎

  474. -
  475. ScienceDirect, Robust audio -watermarking using perceptual masking https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking -[Archive.org]↩︎

  476. -
  477. IEEExplore, Spread-spectrum -watermarking of audio signals https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio -[Archive.org]↩︎

  478. -
  479. Google Scholar, source camera -identification https://scholar.google.com/scholar?q=source+camera+identification -[Archive.org]↩︎

  480. -
  481. Wikipedia, Printing Steganography -https://en.wikipedia.org/wiki/Machine_Identification_Code -[Wikiless] -[Archive.org]↩︎

  482. -
  483. MIT, SeeingYellow, https://web.archive.org/web/20220224174025/http://seeingyellow.com/ -[Archive.org]↩︎

  484. -
  485. arXiv, An Analysis of Anonymity in -the Bitcoin System https://arxiv.org/pdf/1107.4524.pdf [Archive.org]↩︎

  486. -
  487. Bellingcat, How To Track Illegal -Funding Campaigns Via Cryptocurrency, https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/ -[Archive.org]↩︎

  488. -
  489. CoinDesk, Leaked Slides Show How -Chainalysis Flags Crypto Suspects for Cops https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/ -[Archive.org]↩︎

  490. -
  491. Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer [Wikiless] -[Archive.org]↩︎

  492. -
  493. arXiv.org, Probing the Mystery of -Cryptocurrency Theft: An Investigation into Methods for Taint Analysis -https://arxiv.org/pdf/1906.05754.pdf [Archive.org]↩︎

  494. -
  495. YouTube, Breaking Monero https://www.youtube.com/watch?v=WOyC6OB6ezA&list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y -[Invidious]↩︎

  496. -
  497. Monero, Monero vs Princeton -Researchers, https://monero.org/monero-vs-princeton-researchers/ -[Archive.org]↩︎

  498. -
  499. Wikipedia, Cryptocurrency Tumbler -https://en.wikipedia.org/wiki/Cryptocurrency_tumbler -[Wikiless] -[Archive.org]↩︎

  500. -
  501. Wikipedia, Security Through -Obscurity https://en.wikipedia.org/wiki/Security_through_obscurity -[Wikiless] -[Archive.org]↩︎

  502. -
  503. ArXiv, Tracking Mixed Bitcoins https://arxiv.org/pdf/2009.14007.pdf [Archive.org]↩︎

  504. -
  505. SSRN, The Cryptocurrency Tumblers: -Risks, Legality and Oversight https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight -[Archive.org]↩︎

  506. -
  507. Magnet Forensics, Magnet AXIOM https://www.magnetforensics.com/products/magnet-axiom/cloud/ -[Archive.org]↩︎

  508. -
  509. Cellebrite, Unlock cloud-based -evidence to solve the case sooner https://www.cellebrite.com/en/ufed-cloud/ [Archive.org]↩︎

  510. -
  511. Property of the People, Lawful -Access to Secure Messaging Apps Data, https://propertyofthepeople.org/document-detail/?doc-id=21114562 -[Archive.org]↩︎

  512. -
  513. Grayshift, https://www.grayshift.com/ [Archive.org]↩︎

  514. -
  515. Securephones.io, Data Security on -Mobile Devices: Current State of the Art, Open Problems, and Proposed -Solutions https://securephones.io/main.pdf [Archive.org]↩︎

  516. -
  517. Loup-Vaillant.fr, Rolling Your Own -Crypto https://loup-vaillant.fr/articles/rolling-your-own-crypto -[Archive.org]↩︎

  518. -
  519. Dhole Moments, Crackpot -Cryptography and Security Theater https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/ -[Archive.org]↩︎

  520. -
  521. Vice.com, Why You Don’t Roll Your -Own Crypto https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto -[Archive.org]↩︎

  522. -
  523. arXiv, MIT, You Really Shouldn’t -Roll Your Own Crypto: An Empirical Study of Vulnerabilities in -Cryptographic Libraries https://arxiv.org/pdf/2107.04940.pdf [Archive.org]↩︎

  524. -
  525. YouTube, Great Crypto Failures https://www.youtube.com/watch?v=loy84K3AJ5Q [Invidious]↩︎

  526. -
  527. Cryptography Dispatches, The Most -Backdoor-Looking Bug I’ve Ever Seen https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/ -[Archive.org]↩︎

  528. -
  529. Citizenlab.ca, Move Fast and Roll -Your Own Crypto https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ -[Archive.org]↩︎

  530. -
  531. Jack Poon, The myth of military -grade encryption https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369 -[Scribe.rip] -[Archive.org]↩︎

  532. -
  533. Congruent Labs, Stop calling it -“Military-Grade Encryption” https://blog.congruentlabs.co/military-grade-encryption/ -[Archive.org]↩︎

  534. -
  535. IronCoreLabs Blog, “Military Grade -Encryption” https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588 -[Archive.org]↩︎

  536. -
  537. Wikipedia, BLAKE2, https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2 -[Wikiless] -[Archive.org]↩︎

  538. -
  539. Wikipedia, AES Instruction Set, https://en.wikipedia.org/wiki/AES_instruction_set -[Wikiless] -[Archive.org]↩︎

  540. -
  541. Wikipedia, ChaCha Variants, https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant -[Wikiless] -[Archive.org]↩︎

  542. -
  543. Wikipedia, Serpent, https://en.wikipedia.org/wiki/Serpent_(cipher) [Wikiless] -[Archive.org]↩︎

  544. -
  545. Wikipedia, TwoFish, https://en.wikipedia.org/wiki/Twofish [Wikiless] [Archive.org]↩︎

  546. -
  547. Lacatora, The PGP Problem https://latacora.singles/2019/07/16/the-pgp-problem.html -[Archive.org]↩︎

  548. -
  549. Wikipedia, Shor’s Algorithm, https://en.wikipedia.org/wiki/Shor%27s_algorithm [Wikiless] -[Archive.org]↩︎

  550. -
  551. Wikipedia, Gag Order, https://en.wikipedia.org/wiki/Gag_order [Wikiless] [Archive.org]↩︎

  552. -
  553. Wikipedia, National Security Letter -https://en.wikipedia.org/wiki/National_security_letter -[Wikiless] -[Archive.org]↩︎

  554. -
  555. ArsTechnica, VPN servers seized by -Ukrainian authorities weren’t encrypted https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/ -[Archive.org]↩︎

  556. -
  557. BleepingComputer, DoubleVPN -servers, logs, and account info seized by law enforcement https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/ -[Archive.org]↩︎

  558. -
  559. CyberScoop, Court rules encrypted -email provider Tutanota must monitor messages in blackmail case https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/ -[Archive.org]↩︎

  560. -
  561. Heise Online (German), https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html -[Archive.org]↩︎

  562. -
  563. PCMag, Did PureVPN Cross a Line -When It Disclosed User Information? https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information -[Archive.org]↩︎

  564. -
  565. Internet Archive, Wipeyourdata, “No -logs” EarthVPN user arrested after police finds logs https://archive.is/XNuVw#selection-230.0-230.1 [Archive.org]↩︎

  566. -
  567. Wikipedia, Lavabit Suspension and -Gag order, https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order -[Wikiless] -[Archive.org]↩︎

  568. -
  569. Internet Archive, Invisibler, What -Everybody Ought to Know About HideMyAss https://archive.is/ag9w4#selection-136.0-136.1↩︎

  570. -
  571. Wikipedia, Warrant Canary https://en.wikipedia.org/wiki/Warrant_canary [Wikiless] -[Archive.org]↩︎

  572. -
  573. Washington Post, The intelligence -coup of the century https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ -[Archive.org]↩︎

  574. -
  575. Swissinfo.ch, Second Swiss firm -allegedly sold encrypted spying devices https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432 -[Archive.org]↩︎

  576. -
  577. Wikipedia, Das Leben der Anderen https://en.wikipedia.org/wiki/The_Lives_of_Others -[Wikiless] -[Archive.org]↩︎

  578. -
  579. Wired, Mind the Gap: This -Researcher Steals Data With Noise, Light, and Magnets https://www.wired.com/story/air-gap-researcher-mordechai-guri/ -[Archive.org]↩︎

  580. -
  581. Scientific American, A Blank Wall -Can Show How Many People Are in a Room and What They’re Doing https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/ -[Archive.org]↩︎

  582. -
  583. Scientific American, A Shiny Snack -Bag’s Reflections Can Reconstruct the Room around It https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/ -[Archive.org]↩︎

  584. -
  585. Scientific American, Footstep -Sensors Identify People by Gait https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/ -[Archive.org]↩︎

  586. -
  587. Ben Nassi, Lamphone https://www.nassiben.com/lamphone [Archive.org]↩︎

  588. -
  589. The Guardian, Laser spying: is it -really practical? https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices -[Archive.org]↩︎

  590. -
  591. ArsTechnica, Photos of an NSA -“upgrade” factory show Cisco router getting implant https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ -[Archive.org]↩︎

  592. -
  593. Wikipedia, Zero-trust Security -Model https://en.wikipedia.org/wiki/Zero_trust_security_model -[Wikiless] -[Archive.org]↩︎

  594. -
  595. Qubes OS, System Requirements https://www.qubes-os.org/doc/system-requirements/ -[Archive.org]↩︎

  596. -
  597. Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability -[Wikiless] -[Archive.org]↩︎

  598. -
  599. Wikipedia, Rubber-hose -Cryptanalysis https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis -[Archive.org]↩︎

  600. -
  601. Defuse.ca, TrueCrypt’s Plausible -Deniability is Theoretically Useless https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm -[Archive.org]↩︎

  602. -
  603. Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption -[Wikiless] -[Archive.org]↩︎

  604. -
  605. Wikipedia, OONI, https://en.wikipedia.org/wiki/OONI [Wikiless] [Archive.org]↩︎

  606. -
  607. Privacy International, Timeline of -SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws -[Archive.org]↩︎

  608. -
  609. NYTimes, Lost Passwords Lock -Millionaires Out of Their Bitcoin Fortunes https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html -[Archive.org]↩︎

  610. -
  611. Usenix.org, Shedding too much Light -on a Microcontroller’s Firmware Protection https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf -[Archive.org]↩︎

  612. -
  613. TorProject.org, Can I run Tor -Browser on an iOS device? https://support.torproject.org/tormobile/tormobile-3/ -[Archive.org]↩︎

  614. -
  615. Wikipedia, Tails https://en.wikipedia.org/wiki/Tails_(operating_system) -[Wikiless] -[Archive.org]↩︎

  616. -
  617. Vice.com, Facebook Helped the FBI -Hack a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez -[Archive.org]↩︎

  618. -
  619. XKCD, Security https://xkcd.com/538/ -[Archive.org]↩︎

  620. -
  621. Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability -[Wikiless] -[Archive.org]↩︎

  622. -
  623. Veracrypt Documentation, Trim -Operations https://www.veracrypt.fr/en/Trim%20Operation.html -[Archive.org]↩︎

  624. -
  625. YouTube, 36C3 - Uncover, -Understand, Own - Regaining Control Over Your AMD CPU https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s -[Invidious]↩︎

  626. -
  627. Qubes OS, Anti-Evil Maid, https://github.com/QubesOS/qubes-antievilmaid [Archive.org]↩︎

  628. -
  629. QubesOS FAQ, https://www.qubes-os.org/faq/#is-secure-boot-supported -[Archive.org]↩︎

  630. -
  631. Wikipedia, Secure Boot https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot -[Wikiless] -[Archive.org]↩︎

  632. -
  633. Wikipedia, Booting https://en.wikipedia.org/wiki/Booting [Wikiless] [Archive.org]↩︎

  634. -
  635. XKCD, Security https://xkcd.com/538/ -[Archive.org]↩︎

  636. -
  637. Wired, Don’t Want Your Laptop -Tampered With? Just Add Glitter Nail Polish https://www.wired.com/2013/12/better-data-security-nail-polish/ -[Archive.org]↩︎

  638. -
  639. Wikipedia, Virtual Machine https://en.wikipedia.org/wiki/Virtual_machine [Wikiless] -[Archive.org]↩︎

  640. -
  641. Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability -[Wikiless] -[Archive.org]↩︎

  642. -
  643. Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption -[Wikiless] -[Archive.org]↩︎

  644. -
  645. PrivacyGuides.org, Don’t use -Windows 10 - It’s a privacy nightmare https://web.archive.org/web/20220313023015/https://www.privacyguides.org/tools/#operating-systems#win10 -[Archive.org]↩︎

  646. -
  647. Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption -[Wikiless] -[Archive.org]↩︎

  648. -
  649. Wikipedia, Key Disclosure Laws https://en.wikipedia.org/wiki/Key_disclosure_law [Wikiless] -[Archive.org]↩︎

  650. -
  651. GP Digital, World map of encryption -laws and policies https://www.gp-digital.org/world-map-of-encryption/ -[Archive.org]↩︎

  652. -
  653. Wikipedia, Bitlocker https://en.wikipedia.org/wiki/BitLocker [Wikiless] [Archive.org]↩︎

  654. -
  655. Wikipedia, Evil Maid Attack https://en.wikipedia.org/wiki/Evil_maid_attack [Wikiless] -[Archive.org]↩︎

  656. -
  657. Wikipedia, Cold Boot Attack https://en.wikipedia.org/wiki/Cold_boot_attack [Wikiless] -[Archive.org]↩︎

  658. -
  659. CITP 2008 (https://www.youtube.com/watch?v=JDaicPIgn9U) [Invidious]↩︎

  660. -
  661. ResearchGate, Defeating Plausible -Deniability of VeraCrypt Hidden Operating Systems https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems -[Archive.org]↩︎

  662. -
  663. SANS.org, Mission Implausible: -Defeating Plausible Deniability with Digital Forensics https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500 -[Archive.org]↩︎

  664. -
  665. SourceForge, Veracrypt Forum https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/ -[Archive.org]↩︎

  666. -
  667. Microsoft, BitLocker -Countermeasures https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures -[Archive.org]↩︎

  668. -
  669. SANS, Windows ShellBag Forensics -in-depth https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545 -[Archive.org]↩︎

  670. -
  671. University of York, Forensic data -recovery from the Windows Search Database https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf -[Archive.org]↩︎

  672. -
  673. A forensic insight into Windows 10 -Jump Lists https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf -[Archive.org]↩︎

  674. -
  675. Wikipedia, Gatekeeper https://en.wikipedia.org/wiki/Gatekeeper_(macOS) [Wikiless] -[Archive.org]↩︎

  676. -
  677. Alpine Linux Wiki, Setting up a -laptop https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop -[Archive.org]↩︎

  678. -
  679. Wikipedia Veracrypt https://en.wikipedia.org/wiki/VeraCrypt [Wikiless] [Archive.org]↩︎

  680. -
  681. OSTIF Veracrypt Audit, 2016 https://web.archive.org/web/https://ostif.org/the-veracrypt-audit-results/↩︎

  682. -
  683. Veracrypt Documentation, -Unencrypted Data in RAM https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html -[Archive.org]↩︎

  684. -
  685. Veracrypt Documentation, Data Leaks -https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html -[Archive.org]↩︎

  686. -
  687. Dolos Group, From Stolen Laptop to -Inside the Company Network https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network -[Archive.org]↩︎

  688. -
  689. Trammell Hudson’s Projects, -Understanding TPM Sniffing Attacks https://trmm.net/tpm-sniffing/ [Archive.org]↩︎

  690. -
  691. Jon Aubrey, attacking laptops that -are protected by Microsoft Bitlocker drive encryption https://twitter.com/SecurityJon/status/1445020885472235524 -[Nitter]↩︎

  692. -
  693. F-Secure Labs, Sniff, there leaks -my BitLocker key https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/ -[Archive.org]↩︎

  694. -
  695. Microsoft, BitLocker -Countermeasures, Attacker countermeasures https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures -[Archive.org]↩︎

  696. -
  697. Wikipedia, Trim https://en.wikipedia.org/wiki/Trim_(computing) [Wikiless] -[Archive.org]↩︎

  698. -
  699. Veracrypt Documentation, Trim -Operations https://www.veracrypt.fr/en/Trim%20Operation.html -[Archive.org]↩︎

  700. -
  701. Veracrypt Documentation, Rescue -Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html -[Archive.org]↩︎

  702. -
  703. St Cloud State University, Forensic -Research on Solid State Drives using Trim Analysis https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds -[Archive.org]↩︎

  704. -
  705. WindowsCentral, Trim Tutorial https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance -[Archive.org]↩︎

  706. -
  707. Veracrypt Documentation, Trim -Operation https://veracrypt.eu/en/docs/trim-operation/ [Archive.org]↩︎

  708. -
  709. Black Hat 2018, Perfectly Deniable -Steganographic Disk Encryption https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf -[Archive.org]↩︎

  710. -
  711. Milan Broz’s Blog, TRIM & -dm-crypt … problems? http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html -[Archive.org]↩︎

  712. -
  713. Veracrypt Documentation, Rescue -Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html -[Archive.org]↩︎

  714. -
  715. Wikipedia, Virtualbox https://en.wikipedia.org/wiki/VirtualBox [Wikiless] [Archive.org]↩︎

  716. -
  717. VirtualBox Ticket 17987 https://www.virtualbox.org/ticket/17987 [Archive.org]↩︎

  718. -
  719. Whonix Documentation, Spectre -Meltdown https://www.whonix.org/wiki/Spectre_Meltdown#VirtualBox -[Archive.org]↩︎

  720. -
  721. Whonix Documentation, Stream -Isolation https://www.whonix.org/wiki/Stream_Isolation [Archive.org]↩︎

  722. -
  723. Whonix Documentation, Tunnels -Comparison Table https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table -[Archive.org]↩︎

  724. -
  725. Wikipedia, Whonix https://en.wikipedia.org/wiki/Whonix [Wikiless] [Archive.org]↩︎

  726. -
  727. Oracle Virtualbox Manual, Snapshots -https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html -[Archive.org]↩︎

  728. -
  729. Utica College, Forensic Recovery Of -Evidence From Deleted Oracle Virtualbox Virtual Machines https://web.archive.org/web/https://programs.online.utica.edu/sites/default/files/Neal_6_Gonnella_Forensic_Recovery_of_Evidence_from_Deleted_Oracle_VirtualBox_Virtual_Machine.pdf↩︎

  730. -
  731. Wikipedia, Spectre https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) -[Wikiless] -[Archive.org]↩︎

  732. -
  733. Wikipedia, Meltdown https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) -[Wikiless] -[Archive.org]↩︎

  734. -
  735. Whonix Documentation, Stream -Isolation, By Settings https://www.whonix.org/wiki/Stream_Isolation#By_Settings -[Archive.org]↩︎

  736. -
  737. Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm -[Wikiless] -[Archive.org]↩︎

  738. -
  739. Wikipedia, Multi-Factor -Authentication https://en.wikipedia.org/wiki/Multi-factor_authentication -[Wikiless] -[Archive.org]↩︎

  740. -
  741. Whonix Documentation, Bridged -Adapters Warning https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking -[Archive.org]↩︎

  742. -
  743. Qubes OS, FAQ, https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution -[Archive.org]↩︎

  744. -
  745. Whonix Documentation, Stream -Isolation https://www.whonix.org/wiki/Stream_Isolation [Archive.org]↩︎

  746. -
  747. Whonix Documentation, Tunnels -Comparison Table https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table -[Archive.org]↩︎

  748. -
  749. Qubes OS Issues, Simulate -Hibernation / Suspend-To-Disk (Issue #2414) https://github.com/QubesOS/qubes-issues/issues/2414 -[Archive.org]↩︎

  750. -
  751. Wikipedia, AppArmor https://en.wikipedia.org/wiki/AppArmor [Wikiless] [Archive.org]↩︎

  752. -
  753. Wikipedia, SELinux https://en.wikipedia.org/wiki/Security-Enhanced_Linux -[Wikiless] -[Archive.org]↩︎

  754. -
  755. Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm -[Wikiless] -[Archive.org]↩︎

  756. -
  757. Wikipedia, Multi-Factor -Authentication https://en.wikipedia.org/wiki/Multi-factor_authentication -[Wikiless] -[Archive.org]↩︎

  758. -
  759. Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability -[Wikiless] -[Archive.org]↩︎

  760. -
  761. Wikipedia, Captcha https://en.wikipedia.org/wiki/CAPTCHA [Wikiless] [Archive.org]↩︎

  762. -
  763. Wikipedia, Turing Test https://en.wikipedia.org/wiki/Turing_test [Wikiless] -[Archive.org]↩︎

  764. -
  765. Google reCAPTCHA https://www.google.com/recaptcha/about/ [Archive.org]↩︎

  766. -
  767. hCaptcha https://www.hcaptcha.com/ [Archive.org]↩︎

  768. -
  769. hCaptcha, hCaptcha Is Now the -Largest Independent CAPTCHA Service, Runs on 15% Of The Internet https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service -[Archive.org]↩︎

  770. -
  771. Nearcyan.com, You (probably) don’t -need ReCAPTCHA https://nearcyan.com/you-probably-dont-need-recaptcha/ -[Archive.org]↩︎

  772. -
  773. ArsTechnica, “Google’s reCAPTCHA -turns”invisible,” will separate bots from people without challenges” https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/ -[Archive.org]↩︎

  774. -
  775. BlackHat Asia 2016, “I’m not a -human: Breaking the Google reCAPTCHA” https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf -[Archive.org]↩︎

  776. -
  777. Google Blog https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html -[Archive.org]↩︎

  778. -
  779. Cloudflare Blog, Cloudflare -supports Privacy Pass https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ -[Archive.org]↩︎

  780. -
  781. Privacy International, Timeline of -SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws -[Archive.org]↩︎

  782. -
  783. Wikipedia, Device Fingerprinting https://en.wikipedia.org/wiki/Device_fingerprint [Wikiless] -[Archive.org]↩︎

  784. -
  785. Chromium Documentation, Technical -analysis of client identification mechanisms https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms#TOC-Machine-specific-characteristics -[Archive.org]↩︎

  786. -
  787. Mozilla Wiki, Fingerprinting https://wiki.mozilla.org/Fingerprinting [Archive.org]↩︎

  788. -
  789. Wikipedia, Device Fingerprinting https://en.wikipedia.org/wiki/Device_fingerprint [Wikiless] -[Archive.org]↩︎

  790. -
  791. Developers Google Blog, Guidance to -developers affected by our effort to block less secure browsers and -applications https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html -[Archive.org]↩︎

  792. -
  793. Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer [Wikiless] -[Archive.org]↩︎

  794. -
  795. Google Help, Access age-restricted -content & features https://support.google.com/accounts/answer/10071085 -[Archive.org]↩︎

  796. -
  797. Wikipedia, Dark Pattern https://en.wikipedia.org/wiki/Dark_pattern [Wikiless] -[Archive.org]↩︎

  798. -
  799. The Verge, Tinder will give you a -verified blue check mark if you pass its catfishing test https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight -[Archive.org]↩︎

  800. -
  801. DigitalInformationWorld, Facebook -will now require you to Create a Video Selfie for Identity Verification -https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html -[Archive.org]↩︎

  802. -
  803. Vice.com, PornHub Announces -‘Biometric Technology’ to Verify Users https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id -[Archive.org]↩︎

  804. -
  805. Variety, China Launches Hotline to -Report Online Comments That ‘Distort’ History or ‘Deny’ Its Cultural -Excellence https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/ -[Archive.org]↩︎

  806. -
  807. Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust,_but_verify [Wikiless] -[Archive.org]↩︎

  808. -
  809. Wikipedia, Zero-trust Security -Model https://en.wikipedia.org/wiki/Zero_trust_security_model -[Wikiless] -[Archive.org]↩︎

  810. -
  811. Wikipedia, Espionage, Organization -https://en.wikipedia.org/wiki/Espionage#Organization -[Wikiless] -[Archive.org]↩︎

  812. -
  813. Developers Google Blog, Guidance to -developers affected by our effort to block less secure browsers and -applications https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html -[Archive.org]↩︎

  814. -
  815. Medium.com, Kyle McDonald, How to -recognize fake AI-generated images https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842[Scribe.rip] -[Archive.org]↩︎

  816. -
  817. Jayway Blog, Using ML to detect -fake face images created by AI https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/ -[Archive.org]↩︎

  818. -
  819. Wikipedia, Sim Swapping https://en.wikipedia.org/wiki/SIM_swap_scam [Wikiless] -[Archive.org]↩︎

  820. -
  821. Whonix Documentation, Tor -Configuration https://www.whonix.org/wiki/Tor#Edit_Tor_Configuration -[Archive.org]↩︎

  822. -
  823. Tor Browser Documentation, Editing -Torrc https://support.torproject.org/tbb/tbb-editing-torrc/ -[Archive.org]↩︎

  824. -
  825. English translation of German -Telemedia Act https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf -[Archive.org]. -Section 13, Article 6, “The service provider must enable the use of -Telemedia and payment for them to occur anonymously or via a pseudonym -where this is technically possible and reasonable. The recipient of the -service is to be informed about this possibility.”.↩︎

  826. -
  827. Wikipedia, Real-Name System Germany -https://en.wikipedia.org/wiki/Real-name_system#Germany -[Wikiless] -[Archive.org]↩︎

  828. -
  829. Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer [Wikiless] -[Archive.org]↩︎

  830. -
  831. Facebook Onion Website http://facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/↩︎

  832. -
  833. Google Help https://support.google.com/accounts/answer/114129?hl=en -[Archive.org]↩︎

  834. -
  835. Google Help, Customer Matching -Process https://support.google.com/google-ads/answer/7474263?hl=en -[Archive.org]↩︎

  836. -
  837. Google, Your account is disabled https://support.google.com/accounts/answer/40695 [Archive.org]↩︎

  838. -
  839. Google, Request to restore the -account https://support.google.com/accounts/contact/disabled2 -[Archive.org]↩︎

  840. -
  841. Google Help, Update your account to -meet age requirements https://support.google.com/accounts/answer/1333913?hl=en -[Archive.org]↩︎

  842. -
  843. Jumio, ID verification features https://www.jumio.com/features/ [Archive.org]↩︎

  844. -
  845. Privacyguides.org recommended -E-mail Providers https://www.privacyguides.org/email/ [Archive.org]↩︎

  846. -
  847. Proton Registration Human -Verification https://proton.me/support/human-verification/ [Archive.org]↩︎

  848. -
  849. Twitter Appeal Form https://help.twitter.com/forms/general↩︎

  850. -
  851. KnowYourMeme, Good Luck, I’m Behind -7 Proxies https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies -[Archive.org]↩︎

  852. -
  853. Wikipedia, end-to-end encryption https://en.wikipedia.org/wiki/End-to-end_encryption -[Wikiless] -[Archive.org]↩︎

  854. -
  855. Wikipedia, Forward Secrecy https://en.wikipedia.org/wiki/Forward_secrecy [Wikiless] -[Archive.org]↩︎

  856. -
  857. Proton Blog, What is zero-access -encryption? https://proton.me/blog/zero-access-encryption/ [Archive.org]↩︎

  858. -
  859. Wikipedia, Cambridge Analytica -Scandal https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal -[Wikiless] -[Archive.org]↩︎

  860. -
  861. Signal Blog, Technology preview: -Sealed sender for Signal https://signal.org/blog/sealed-sender/ [Archive.org]↩︎

  862. -
  863. Signal Blog, Private Contact -Discovery https://signal.org/blog/private-contact-discovery/ -[Archive.org]↩︎

  864. -
  865. Signal Blog, Private Group System -https://signal.org/blog/signal-private-group-system/ -[Archive.org]↩︎

  866. -
  867. Privacyguides.org, File-Sharing https://www.privacyguides.org/file-sharing/ [Archive.org]↩︎

  868. -
  869. Privacyguides.org, Real-Time -Communication https://www.privacyguides.org/real-time-communication/ -[Archive.org]↩︎

  870. -
  871. Wikipedia, IPFS https://en.wikipedia.org/wiki/InterPlanetary_File_System -[Wikiless] -[Archive.org]↩︎

  872. -
  873. Praxis Films, Open Letter from -Laura Poitras https://www.praxisfilms.org/open-letter-from-laura-poitras/ -[Archive.org]↩︎

  874. -
  875. Wikipedia, SecureDrop https://en.wikipedia.org/wiki/SecureDrop [Wikiless] [Archive.org]↩︎

  876. -
  877. Wikipedia, TPM https://en.wikipedia.org/wiki/Trusted_Platform_Module -[Wikiless] -[Archive.org]↩︎

  878. -
  879. Wikipedia, Pastebin https://en.wikipedia.org/wiki/Pastebin [Wikiless] [Archive.org]↩︎

  880. -
  881. Wikipedia, Wear Leveling https://en.wikipedia.org/wiki/Wear_leveling [Wikiless] -[Archive.org]↩︎

  882. -
  883. Wikipedia, Trim https://en.wikipedia.org/wiki/Write_amplification#TRIM -[Wikiless] -[Archive.org]↩︎

  884. -
  885. Wikipedia, Write Amplification https://en.wikipedia.org/wiki/Write_amplification -[Wikiless] -[Archive.org]↩︎

  886. -
  887. Wikipedia, Trim Disadvantages https://en.wikipedia.org/wiki/Trim_(computing)#Disadvantages -[Wikiless] -[Archive.org]↩︎

  888. -
  889. Wikipedia, Garbage Collection https://en.wikipedia.org/wiki/Write_amplification#Garbage_collection -[Wikiless] -[Archive.org]↩︎

  890. -
  891. Techgage, Too TRIM? When SSD Data -Recovery is Impossible https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/ -[Archive.org]↩︎

  892. -
  893. ResearchGate, Live forensics method -for acquisition on the Solid-State Drive (SSD) NVMe TRIM function https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function -[Archive.org]↩︎

  894. -
  895. ElcomSoft, Life after Trim: Using -Factory Access Mode for Imaging SSD Drives https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/ -[Archive.org]↩︎

  896. -
  897. Forensic Focus, Forensic -Acquisition Of Solid State Drives With Open Source Tools https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/ -[Archive.org]↩︎

  898. -
  899. ResearchGate, Solid State Drive -Forensics: Where Do We Stand? https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand -[Archive.org]↩︎

  900. -
  901. BleepingComputer, Firmware attack -can drop persistent malware in hidden SSD area https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/ -[Archive.org]↩︎

  902. -
  903. Wikipedia, Parted Magic https://en.wikipedia.org/wiki/Parted_Magic [Wikiless] -[Archive.org]↩︎

  904. -
  905. Wikipedia, hdparm https://en.wikipedia.org/wiki/Hdparm [Wikiless] [Archive.org]↩︎

  906. -
  907. GitHub, nvme-cli https://github.com/linux-nvme/nvme-cli [Archive.org]↩︎

  908. -
  909. PartedMagic Secure Erase https://partedmagic.com/secure-erase/ [Archive.org]↩︎

  910. -
  911. Partedmagic NVMe Secure Erase https://partedmagic.com/nvme-secure-erase/ [Archive.org]↩︎

  912. -
  913. UFSExplorer, Can I recover data -from an encrypted storage? https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php -[Archive.org]↩︎

  914. -
  915. Apple Developer Documentation https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html -[Archive.org]↩︎

  916. -
  917. EFF, How to: Delete Your Data -Securely on macOS https://ssd.eff.org/en/module/how-delete-your-data-securely-macos -[Archive.org]↩︎

  918. -
  919. Privacyguides.org, Productivity -tools https://privacyguides.org/productivity/ [Archive.org]↩︎

  920. -
  921. Whonix Documentation, Scrubbing -Metadata https://www.whonix.org/wiki/Metadata [Archive.org]↩︎

  922. -
  923. Tails documentation, MAT https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/ -[Archive.org]↩︎

  924. -
  925. GitHub, Disable Gatekeeper on macOS -Big Sur (11.x) https://disable-gatekeeper.github.io/ [Archive.org]↩︎

  926. -
  927. Veracrypt Documentation, Data Leaks -https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html -[Archive.org]↩︎

  928. -
  929. SANS, Windows ShellBag Forensics -in-depth https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545 -[Archive.org]↩︎

  930. -
  931. St Cloud State University, Forensic -Research on Solid State Drives using Trim Analysis https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds -[Archive.org]↩︎

  932. -
  933. Wikipedia, Trim https://en.wikipedia.org/wiki/Trim_(computing) [Wikiless] -[Archive.org]↩︎

  934. -
  935. DuckDuckGo help, Cache https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/ -[Archive.org]↩︎

  936. -
  937. DuckDuckGo help, Sources https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/ -[Archive.org]↩︎

  938. -
  939. Wikipedia, Dead Drop https://en.wikipedia.org/wiki/Dead_drop [Wikiless] [Archive.org]↩︎

  940. -
  941. Wikipedia, Secure Communication -Obfuscation https://en.wikipedia.org/wiki/Obfuscation#Secure_communication -[Wikiless] -[Archive.org]↩︎

  942. -
  943. Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography [Wikiless] -[Archive.org]↩︎

  944. -
  945. Wikipedia, Kleptography https://en.wikipedia.org/wiki/Kleptography [Wikiless] -[Archive.org]↩︎

  946. -
  947. Wikipedia, Koalang https://en.wikipedia.org/wiki/Koalang [Wikiless] [Archive.org]↩︎

  948. -
  949. Wikipedia, OPSEC https://en.wikipedia.org/wiki/Operations_security -[Wikiless] -[Archive.org]↩︎

  950. -
  951. Quote Investigator, A Lie Can -Travel Halfway Around the World While the Truth Is Putting On Its Shoes -https://quoteinvestigator.com/2014/07/13/truth/ [Archive.org]↩︎

  952. -
  953. Privacyguides.org, Operating -Systems https://www.privacyguides.org/tools/#operating-systems -[Archive.org]↩︎

  954. -
  955. Medium.com, Digging into the System -Resource Usage Monitor (SRUM) https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375 -[Scribe.rip] -[Archive.org]↩︎

  956. -
  957. SANS, Timestamped Registry & -NTFS Artifacts from Unallocated Space https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/ -[Archive.org]↩︎

  958. -
  959. DBAN, https://dban.org/ [Archive.org]↩︎

  960. -
  961. NYTimes, Lost Passwords Lock -Millionaires Out of Their Bitcoin Fortunes https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html -[Archive.org]↩︎

  962. -
  963. Wikipedia, Koalang https://en.wikipedia.org/wiki/Koalang [Wikiless] [Archive.org]↩︎

  964. -
  965. Wikipedia, Faraday Cage, https://en.wikipedia.org/wiki/Faraday_cage [Wikiless] -[Archive.org]↩︎

  966. -
  967. Edith Cowan University, A forensic -examination of several mobile device Faraday bags & materials to -test their effectiveness materials to test their effectiveness https://web.archive.org/web/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf -[Archive.org]↩︎

  968. -
  969. arXiv, Deep-Spying: Spying using -Smartwatch and Deep Learning https://arxiv.org/pdf/1512.05616.pdf [Archive.org]↩︎

  970. -
  971. Acm.org, Privacy Implications of -Accelerometer Data: A Review of Possible Inferences https://dl.acm.org/doi/pdf/10.1145/3309074.3309076 -[Archive.org]↩︎

  972. -
  973. YouTube, Fingerprinting Paper - -Forensic Education https://www.youtube.com/watch?v=sO98kDLkh-M [Invidious]↩︎

  974. -
  975. Wikipedia, Touch DNA, https://en.wikipedia.org/wiki/Touch_DNA [Wikiless] [Archive.org]↩︎

  976. -
  977. TheDNAGuide, DNA from Postage -Stamps or Hair Samples? Yeeesssss….. https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps -[Archive.org]↩︎

  978. -
  979. Wikipedia, OONI, https://en.wikipedia.org/wiki/OONI [Wikiless] [Archive.org]↩︎

  980. -
  981. GitHub, Mhinkie, OONI-Detection https://github.com/mhinkie/ooni-detection [Archive.org]↩︎

  982. -
  983. Wikipedia, File Verification https://en.wikipedia.org/wiki/File_verification [Wikiless] -[Archive.org]↩︎

  984. -
  985. Wikipedia, CRC https://en.wikipedia.org/wiki/Cyclic_redundancy_check -[Wikiless] -[Archive.org]↩︎

  986. -
  987. Wikipedia, MD5 https://en.wikipedia.org/wiki/MD5 [Wikiless] [Archive.org]↩︎

  988. -
  989. Wikipedia, MD5 Security https://en.wikipedia.org/wiki/MD5#Security [Wikiless] [Archive.org]↩︎

  990. -
  991. Wikipedia, Collisions https://en.wikipedia.org/wiki/Collision_(computer_science) -[Wikiless] -[Archive.org]↩︎

  992. -
  993. Wikipedia, SHA https://en.wikipedia.org/wiki/Secure_Hash_Algorithms -[Wikiless] -[Archive.org]↩︎

  994. -
  995. Wikipedia, SHA-2 https://en.wikipedia.org/wiki/SHA-2 [Wikiless] [Archive.org]↩︎

  996. -
  997. Wikipedia, Collision Resistance https://en.wikipedia.org/wiki/Collision_resistance -[Wikiless] -[Archive.org]↩︎

  998. -
  999. GnuPG Gpg4win Wiki, Check integrity -of Gpg4win packages https://wiki.gnupg.org/Gpg4win/CheckIntegrity [Archive.org]↩︎

  1000. -
  1001. Wikipedia, GPG https://en.wikipedia.org/wiki/GNU_Privacy_Guard [Wikiless] -[Archive.org]↩︎

  1002. -
  1003. Wikipedia, Public-Key Cryptography -https://en.wikipedia.org/wiki/Public-key_cryptography -[Wikiless] -[Archive.org]↩︎

  1004. -
  1005. Wikipedia, Polymorphic Code https://en.wikipedia.org/wiki/Polymorphic_code [Wikiless] -[Archive.org]↩︎

  1006. -
  1007. Whonix Documentation, Use of AV, https://www.whonix.org/wiki/Malware_and_Firmware_Trojans#The_Utility_of_Antivirus_Tools -[Archive.org]↩︎

  1008. -
  1009. Whonix Forums, https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8 -[Archive.org]↩︎

  1010. -
  1011. AV-Test Security Report 2018-2019, -https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf -[Archive.org]↩︎

  1012. -
  1013. ZDNet, ESET discovers 21 new Linux -malware families https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/ -[Archive.org]↩︎

  1014. -
  1015. NakeSecurity, EvilGnome – Linux -malware aimed at your desktop, not your servers https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/ -[Archive.org]↩︎

  1016. -
  1017. Immunify, HiddenWasp: How to detect -malware hidden on Linux & IoT https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot -[Archive.org]↩︎

  1018. -
  1019. Wikipedia, Linux Malware https://en.wikipedia.org/wiki/Linux_malware [Wikiless] -[Archive.org]↩︎

  1020. -
  1021. Lenny Zeltser, Analyzing Malicious -Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/ -[Archive.org]↩︎

  1022. -
  1023. Wikipedia, macOS Malware https://en.wikipedia.org/wiki/macOS_malware [Wikiless] -[Archive.org]↩︎

  1024. -
  1025. MacWorld, List of Mac viruses, -malware and security flaws https://www.macworld.co.uk/feature/mac-viruses-list-3668354/ -[Archive.org]↩︎

  1026. -
  1027. JAMF, The Mac Malware of 2020 https://resources.jamf.com/documents/macmalware-2020.pdf -[Archive.org]↩︎

  1028. -
  1029. macOS Security and Privacy Guide, -https://github.com/drduh/macOS-Security-and-Privacy-Guide#viruses-and-malware -[Archive.org]↩︎

  1030. -
  1031. ImageTragick.com, https://imagetragick.com/ [Archive.org]↩︎

  1032. -
  1033. Oracle Virtualbox Documentation, https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html -[Archive.org]↩︎

  1034. -
  1035. Oracle Virtualbox Documentation, https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html -[Archive.org]↩︎

  1036. -
  1037. Lenny Zeltser, Analyzing Malicious -Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/ -[Archive.org]↩︎

  1038. -
  1039. Wikipedia, Portable Applications https://en.wikipedia.org/wiki/Portable_application -[Wikiless] -[Archive.org]↩︎

  1040. -
  1041. Brave Help, What is a Private -Window with Tor Connectivity? https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor -[Archive.org]↩︎

  1042. -
  1043. BlackGNU, Brave, the false -sensation of privacy https://blackgnu.net/brave-is-shit.html [Archive.org]↩︎

  1044. -
  1045. Brave Help Center, What is -“Shields”? https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields -[Archive.org]↩︎

  1046. -
  1047. VentureBeat, Browser benchmark -battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/ -[Archive.org]↩︎

  1048. -
  1049. Brave.com, Brave, Fingerprinting, -and Privacy Budgets https://brave.com/brave-fingerprinting-and-privacy-budgets/ -[Archive.org]↩︎

  1050. -
  1051. Madaidan’s Insecurities, Firefox -and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html -[Archive.org]↩︎

  1052. -
  1053. GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing [Archive.org]↩︎

  1054. -
  1055. ResearchGate, Web Browser Privacy: -What Do Browsers Say When They Phone Home? https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home -[Archive.org]↩︎

  1056. -
  1057. Duck’s pond, Ungoogled-Chromium https://qua3k.github.io/ungoogled/ [Archive.org]↩︎

  1058. -
  1059. Madaidan’s Insecurities, Firefox -and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html -[Archive.org]↩︎

  1060. -
  1061. GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing [Archive.org]↩︎

  1062. -
  1063. Microsoft.com, Microsoft Edge -support for Microsoft Defender Application Guard https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard -[Archive.org]↩︎

  1064. -
  1065. PcMag, Mozilla Signs Lucrative -3-Year Google Search Deal for Firefox https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox -[Archive.org]↩︎

  1066. -
  1067. Madaidan’s Insecurities, Firefox -and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html -[Archive.org]↩︎

  1068. -
  1069. FingerprintJS, Demo: Disabling -JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ -[Archive.org]↩︎

  1070. -
  1071. Duck’s pond, Ungoogled-Chromium https://qua3k.github.io/ungoogled/ [Archive.org]↩︎

  1072. -
  1073. Wikipedia, Virtualization https://en.wikipedia.org/wiki/Virtualization [Wikiless] -[Archive.org]↩︎

  1074. -
  1075. Tor Project, Project Snowflake https://snowflake.torproject.org/ [Archive.org]↩︎

  1076. -
  1077. GitHub, Obfs4 Repository https://github.com/Yawning/obfs4/ [Archive.org]↩︎

  1078. -
  1079. Tor Browser Manual, Pluggable -Transport https://tb-manual.torproject.org/circumvention/ [Archive.org]↩︎

  1080. -
  1081. Wikipedia, Domain Fronting https://en.wikipedia.org/wiki/Domain_fronting [Wikiless] -[Archive.org]↩︎

  1082. -
  1083. GitLab, Tor Browser Issues, Add -uBlock Origin to the Tor Browser https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569 -[Archive.org]↩︎

  1084. -
  1085. Vice, The NSA and CIA Use Ad -Blockers Because Online Advertising Is So Dangerous https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous -[Archive.org]↩︎

  1086. -
  1087. NIST, NIST Has Spoken - Death to -Complexity, Long Live the Passphrase! https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/ -[Archive.org]↩︎

  1088. -
  1089. ZDnet, FBI recommends passphrases -over password complexity https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/ -[Archive.org]↩︎

  1090. -
  1091. The Intercept, Passphrases That You -Can Memorize — But That Even the NSA Can’t Guess https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ -[Tor -Mirror] [Archive.org]↩︎

  1092. -
  1093. Proton Blog, Let’s settle the -password vs. passphrase debate once and for all https://proton.me/blog/protonmail-com-blog-password-vs-passphrase/ -[Archive.org]↩︎

  1094. -
  1095. YouTube, Edward Snowden on -Passwords: Last Week Tonight with John Oliver (HBO) https://www.youtube.com/watch?v=yzGzB-yYKcc [Invidious]↩︎

  1096. -
  1097. YouTube, How to Choose a Password – -Computerphile https://www.youtube.com/watch?v=3NjQ9b3pgIg [Invidious]↩︎

  1098. -
  1099. Wikipedia, Passphrase https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection -[Wikiless] -[Archive.org]↩︎

  1100. -
  1101. Monero Research Lab, Evaluating -cryptocurrency security and privacy in a post-quantum world https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf -[Archive.org]↩︎

  1102. -
  1103. Wikipedia, Privacy in Australian -Law https://en.wikipedia.org/wiki/Privacy_in_Australian_law -[Wikiless] -[Archive.org]↩︎

  1104. -
  1105. Parliament of Autralia, -Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623 -[Archive.org]↩︎

  1106. -
  1107. Lokinet Documentation, Service -Nodes, https://loki.network/service-nodes/ [Archive.org]↩︎

  1108. -
  1109. GetSession.org, The Session -Protocol: What’s changing — and why https://getsession.org/session-protocol-explained/ -[Archive.org]↩︎

  1110. -
  1111. Session Documentation, Session -protocol explained, https://getsession.org/session-protocol-explained -[Archive.org]↩︎

  1112. -
  1113. Quarkslab, Audit of Session Secure -Messaging Application https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html -[Archive.org]↩︎

  1114. -
  1115. Techlore, Top 5 BEST Messengers For -Privacy https://www.youtube.com/watch?v=aVwl892hqb4 [Invidious]↩︎

  1116. -
-
- - diff --git a/export/guide.html.asc b/export/guide.html.asc deleted file mode 100644 index 5f3165c0..00000000 --- a/export/guide.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQDwAKCRAhq2tqbLLD -NzQ2AQCOz7cl3VYb4le+WOAK4W7jmyXIZtKXOJ4dF+u8ib7T6wD/cVt+UBImCzvD -veVAifoYV6asANWVODur18RXyHRm7gU= -=5HM/ ------END PGP SIGNATURE----- diff --git a/export/guide.html.minisig b/export/guide.html.minisig deleted file mode 100644 index 83aae35e..00000000 --- a/export/guide.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/gN0DETJR6h3DZR/h4CZdT4K6nuuTBT36JfydLXG1GxT6UW9aT84cTsUzfUYXDGFNcq2QrA3oc3MM5p2baFOLw0= -trusted comment: timestamp:1691602960 file:guide.html hashed -KT4ScL07NuE17MIq1ZbEKsp0fXDWGneoMOWW+bjD+GDViYDgGBuX6zO2gv/BqsS2ToVl54z1YjC/7dhTnxuzDw== diff --git a/export/guide.odt b/export/guide.odt deleted file mode 100644 index f2ecc20d..00000000 Binary files a/export/guide.odt and /dev/null differ diff --git a/export/guide.odt.asc b/export/guide.odt.asc deleted file mode 100644 index 9655a8c6..00000000 --- a/export/guide.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQEQAKCRAhq2tqbLLD -N5O9AP9xbFOc08aOQXT45jdZaBh9fN8xIBi1nyRdtruTNEq0SAD7BTkm7GS9v8GC -5V//Fm8AlWNNwhtSZi6yAvWLIqRgngQ= -=A3ib ------END PGP SIGNATURE----- diff --git a/export/guide.odt.minisig b/export/guide.odt.minisig deleted file mode 100644 index aa4d7e57..00000000 --- a/export/guide.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/uMbN3zzV0XaxkceFKiwOeZUOs7KpC2DjRsIYuit9bKgYGZygB4J3zhRgNnMGjkaJ8MiRSg+t3CJc32W+q9UqQc= -trusted comment: timestamp:1691602963 file:guide.odt hashed -HsF5+yWeySnM0BpQiUSadgaxS+73D55n5y0CrGrUeAx8AvnyIy/FB6byeN+zJ8PIhve3JRL/DKhjP0hvdOxaAQ== diff --git a/export/guide.pdf b/export/guide.pdf deleted file mode 100644 index 35b38a06..00000000 Binary files a/export/guide.pdf and /dev/null differ diff --git a/export/guide.pdf.asc b/export/guide.pdf.asc deleted file mode 100644 index d126c430..00000000 --- a/export/guide.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQEwAKCRAhq2tqbLLD -N6MeAP9K/SMXQK6Qn3Tocvik+XTgNisMd7sSpHTBmnqT6lgXOAEApxyEC6HGmiaT -le1Pz8Z6ZBp6u1xOtb8aHbRtREhw0Qc= -=nYqA ------END PGP SIGNATURE----- diff --git a/export/guide.pdf.minisig b/export/guide.pdf.minisig deleted file mode 100644 index 22e57b2d..00000000 --- a/export/guide.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/i/ZgUT5aMhl5/LVnl0zgJu+HO2z2wcSoA9udJpTHK5LGu8CD2VU5MhzYtYqxmVK1c5+I/51Ltq9HKpfLVPmMQI= -trusted comment: timestamp:1691602965 file:guide.pdf hashed -x6MoWvbnGGmNC+DXK+wFznmRpXVzKPwj/r5WphWZo/6XIpAWk68PwiIr+VatubuRDa+w6r7dtcDbMaymyAkzBg== diff --git a/export/legacy.html b/export/legacy.html deleted file mode 100644 index b1ef733c..00000000 --- a/export/legacy.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Legacy Resources:

-

The guide and all the files are also readily available on Archive.org -and Archive.today:

- -

Direct downloads: - CryptPad.fr (outdated) at: https://cryptpad.fr/drive/#/2/drive/view/Ughm9CjQJCwB8BIppdtvj5zy4PyE-8Gxn11x9zaqJLI/

- - diff --git a/export/legacy.html.asc b/export/legacy.html.asc deleted file mode 100644 index 843c0b39..00000000 --- a/export/legacy.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQFQAKCRAhq2tqbLLD -N0UDAQD/0LHsjHmH2h4qqKW96wMoo/dvb396wXNxP00Ya9nAfwD+McI3gqo8q54u -nMUl1ZzfgLO0ix2X4zJuWxK8j+AxiwU= -=l3Bw ------END PGP SIGNATURE----- diff --git a/export/legacy.html.minisig b/export/legacy.html.minisig deleted file mode 100644 index 0fa7514f..00000000 --- a/export/legacy.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/mpCBdh5xxYi2/NBhDkcurPsUZEYYE61j93becsBWzRWuwl0yc8NaTcxXZvLF38aIoycLIYiOgHlPedv0DhsmwU= -trusted comment: timestamp:1691602966 file:legacy.html hashed -jffcS0ow8tdtLVJXa+wT9uCVzkJXgRVNXgwr8EcKXCL1zKFfaqN/KhN4igyn9OLZqeUOt4G7SnA2X4XQHHXVCw== diff --git a/export/legacy.odt b/export/legacy.odt deleted file mode 100644 index 154fa76f..00000000 Binary files a/export/legacy.odt and /dev/null differ diff --git a/export/legacy.odt.asc b/export/legacy.odt.asc deleted file mode 100644 index c016fd37..00000000 --- a/export/legacy.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQFgAKCRAhq2tqbLLD -N3V1AQCa7qeaVAJQF151CjP2bwkbBsUOr7wsXDbXW3DOFs8AhgEA93kNgdPbC7DB -XJI4Kfr4QK2AfpwxLnx4YSMzaqy5pQE= -=PKev ------END PGP SIGNATURE----- diff --git a/export/legacy.odt.minisig b/export/legacy.odt.minisig deleted file mode 100644 index 33babcae..00000000 --- a/export/legacy.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/p9lo/BL4+OFwZ3HzICH1jwWFfayccvRsaL4kJFBx2H9kEwD4UE9qf1SnZT5QTjUjbSntMDnim7PI3c1WBPH1AE= -trusted comment: timestamp:1691602968 file:legacy.odt hashed -JdJ+psrNb9TMrRZ6M6OQzn8UpROyb/47LO7F4fg2A5vYPnnRYOk8LbNYSy7UPe5fCQ7TaklvlpVuah9n0r5/Bg== diff --git a/export/legacy.pdf b/export/legacy.pdf deleted file mode 100644 index 200bc6c2..00000000 Binary files a/export/legacy.pdf and /dev/null differ diff --git a/export/legacy.pdf.asc b/export/legacy.pdf.asc deleted file mode 100644 index faf34196..00000000 --- a/export/legacy.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQGAAKCRAhq2tqbLLD -NwbbAQDIMmJ7L3u7fq2/Iz5uB+CA9hOleuZItIy3CBvjWDf9XQEA893WaWdx6EqK -2ng7890iiEh1TeJgftqfODVDFBHVEAQ= -=Tpbo ------END PGP SIGNATURE----- diff --git a/export/legacy.pdf.minisig b/export/legacy.pdf.minisig deleted file mode 100644 index 7e78009b..00000000 --- a/export/legacy.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/oI4c5fstsm/24Xl4qjLyaaKr0s88XFnFQRBXzJzg9AuoFOhyi3pMu7jDP5ahYLox2aTp17BHBZMuB5UpXyASQ0= -trusted comment: timestamp:1691602970 file:legacy.pdf hashed -S6axIzT4eC9J5WIcVim/nExqlSQa5lM7I2Y5SGVZ/zDFPxi4WQbdD9oNJHtrNLbP2rNui8KUfW4mcihZ+yRpAg== diff --git a/export/links.html b/export/links.html deleted file mode 100644 index 051a83af..00000000 --- a/export/links.html +++ /dev/null @@ -1,210 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
- -

Disclaimer:

-

Some of those resources may, in order to sustain their project, -contain or propose: - Sponsored commercial content - Monetized content -through third party platforms (such as YouTube) - Affiliate links to -commercial services - Paid Services such as consultancy - Premium -content such as ad-free content or updated content - Merchandising

-

Anonymous Planet does not participate in any sponsoring, -endorsement, advertising, or other affiliate programs for any entity. We -only rely on anonymous donations in a closed, transparent loop -system.

-

All the links below are listed in alphabetical order:

- - -

Blogs and personal websites:

- -

Useful resources:

- - - diff --git a/export/links.html.asc b/export/links.html.asc deleted file mode 100644 index ac6acc8c..00000000 --- a/export/links.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQGgAKCRAhq2tqbLLD -NyvJAQCed4vhSXZpQZOqz1hlBnR5j9/huwFPGL4pz9SScOh79gEAvXZrBBi5J1ha -FTJBuwCGpG67NWr6kF2FC7p5cwH+Sg4= -=B2c6 ------END PGP SIGNATURE----- diff --git a/export/links.html.minisig b/export/links.html.minisig deleted file mode 100644 index f0c4c1d2..00000000 --- a/export/links.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/thJcuk3zeth9y09OgvY+AwIg6LNoIP/YXkGEYIhEGIrRE/Ng2rVB1TzjtZatbJML0ZdtC629LlYOq9QbQo/HQY= -trusted comment: timestamp:1691602972 file:links.html hashed -OpSRts760vFETJN8KZtStrt9whFBaY8p+DK2Xj42n+c2mfNexQYTWm664Z1w9b2AlzdSiVGpAL1xN+XjbZOGAg== diff --git a/export/links.odt b/export/links.odt deleted file mode 100644 index a49c11bc..00000000 Binary files a/export/links.odt and /dev/null differ diff --git a/export/links.odt.asc b/export/links.odt.asc deleted file mode 100644 index 29461e7f..00000000 --- a/export/links.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQHAAKCRAhq2tqbLLD -N7pHAP47qh17BMJu1wn166nVR5IouxfYU5ah49U/pMqMODom0wEAru9ZJQmcQPtD -f8gbd8T25G/3lyW8SoU1S3WSJYo+bAw= -=6q3+ ------END PGP SIGNATURE----- diff --git a/export/links.odt.minisig b/export/links.odt.minisig deleted file mode 100644 index 64fcdea7..00000000 --- a/export/links.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/oHMQbe8SMtrRFQZS9bV/rKJzICG0pW0EB5YDnQRqkYMu5UaBjFnQ/gIEM7HCgUOWJ0IS+k3f+ENOaCveLKO+gc= -trusted comment: timestamp:1691602974 file:links.odt hashed -WMb4XeTVDCshiStjenBTAfBBP/ykYvneX7hNUffPA+lg1wZr8/ENMbovXsZF/ypHPZO9JLYRUBLrdOYFYU8EBA== diff --git a/export/links.pdf b/export/links.pdf deleted file mode 100644 index ead15f9e..00000000 Binary files a/export/links.pdf and /dev/null differ diff --git a/export/links.pdf.asc b/export/links.pdf.asc deleted file mode 100644 index 369e3b23..00000000 --- a/export/links.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQHgAKCRAhq2tqbLLD -N7OKAPwOxfP65C8U6fysoW7g0D8h11mf0aMKstbsaMtyLjFhzwEA4o5D8WDAj/zO -bW280ToZYXUq1HwIl+isuR6xplPIvQg= -=9Xzg ------END PGP SIGNATURE----- diff --git a/export/links.pdf.minisig b/export/links.pdf.minisig deleted file mode 100644 index 7ca57393..00000000 --- a/export/links.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/sw2X8c3ygZuWCUtG4q9MD8pCFJE/zHrdg0yyOfm4wjJ9KJr++njW9aWWIFzc0cDAXIP3aqRHbzkHrBcNdQkJQY= -trusted comment: timestamp:1691602976 file:links.pdf hashed -Nnzv3vlT0Y+ePL2jFu+YMJAuIIzTK1G2Pt51PUjBkZ4yHyeQDJ6MhW3AjSXGvgRlxxidbSodaaHQJhOpqZCrAw== diff --git a/export/moderncrypto-rules.html b/export/moderncrypto-rules.html deleted file mode 100644 index 3addbc6b..00000000 --- a/export/moderncrypto-rules.html +++ /dev/null @@ -1,211 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Modern Crypto Rules

-

This page documents the rules for my Matrix room, -#moderncrypto:gnuradio.org.

-

Modern Crypto is part of the PSA community. See https://anonymousplanet.org/chatrooms-rules.html

-
-

Rules:

-
    -
  • Keep it legal ethical -
      -
    • Ethics take precedent over laws. For example, laws that ban -encryption deserve to be broken.
    • -
  • -
  • English only
  • -
  • Be respectful to each other
  • -
  • Avoid FUD and/or disinformation
  • -
  • Avoid gatekeeping
  • -
  • No hate speech -
      -
    • This includes racism, sexism, homophobia, transphobia, and other -anti-LGBTQ+ behavior
    • -
    • Hate speech will result in an insta-ban. No -exceptions.
    • -
  • -
  • No spam
  • -
  • No trolling
  • -
  • No doxxing
  • -
  • No soliciting donations
  • -
  • No NSFW content (no Porn, no Gore, no Hentai…)
  • -
  • No pedophilia
  • -
  • Avoid drifting too much off-topic or move to an off-topic room like -#bnonymity
  • -
  • We are not lawyers. Behavior not covered by these rules may be -handled at the discretion of any acting moderator(s). -
      -
    • We enforce the spirit of the rules, not the letter.
    • -
    • Citing technicalities or imprecisions in the definitions of -rules won’t save you.
    • -
  • -
-

Violations of these rules may result in a PSA-wide -ban.

-
-

Join the PSA community: #p-s-a:matrix.org or -#privacy-security-anonymity:matrix.org

-

If you want to invite people to Modern Crypto on Discord : -https://discord.gg/PTgXQ8ffmw

-

If you want to invite people to PSA on Discord : -https://discord.gg/V8dmd9y7mt

- - diff --git a/export/moderncrypto-rules.html.asc b/export/moderncrypto-rules.html.asc deleted file mode 100644 index af966556..00000000 --- a/export/moderncrypto-rules.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQIAAKCRAhq2tqbLLD -N0hRAP9QQ5RtspmR+sq22ANrWQ4WSXqHgL2pn3DWdyl8R/IEmQD+IygrWUfgdS9B -c1B/rfrhGjR+HjbBgDvldcc4p875NQE= -=lVMA ------END PGP SIGNATURE----- diff --git a/export/moderncrypto-rules.html.minisig b/export/moderncrypto-rules.html.minisig deleted file mode 100644 index 035dd35d..00000000 --- a/export/moderncrypto-rules.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/svPsS+xxLFKBjldNbtOXHFdfeSDcLsvuePtBPZHET1TOXcRoD8pmFqHRyoVDZFIhOyDi7vjHmoR6M81rRi7EAQ= -trusted comment: timestamp:1691602977 file:moderncrypto-rules.html hashed -SbO+cgADB8eXXdjTi0wv+Bdm6Df0DfWx3pAhVZzfLqaEQy87Gkf935gNUis4HNDYfUedehcxrJ6433cQoI/WDA== diff --git a/export/moderncrypto-rules.odt b/export/moderncrypto-rules.odt deleted file mode 100644 index 7f21362c..00000000 Binary files a/export/moderncrypto-rules.odt and /dev/null differ diff --git a/export/moderncrypto-rules.odt.asc b/export/moderncrypto-rules.odt.asc deleted file mode 100644 index 27e6e5f4..00000000 --- a/export/moderncrypto-rules.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQIQAKCRAhq2tqbLLD -N8CUAQDkB5L9t8TNu8yI5QRI39U+C4iwQoBPMitQ/LdYluoZlQD8ChVP7Hc3d4sV -CRJ0Cz8fvoF66blOZV7c3M+K7wTR0QU= -=7OzO ------END PGP SIGNATURE----- diff --git a/export/moderncrypto-rules.odt.minisig b/export/moderncrypto-rules.odt.minisig deleted file mode 100644 index c68b1e54..00000000 --- a/export/moderncrypto-rules.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/iTGJnsDWteKRExVzi44ekiss959FFDShP2zx7gp17JGnUGW6eBF2QeDqUXTsBSBG98Ftd11q9fVdPXYqu9vCwc= -trusted comment: timestamp:1691602979 file:moderncrypto-rules.odt hashed -csf+iMYdZbzTmBPmvIVfSTF32bOoslXxLJSHDCrb16JwUhA5+RNeNNxUOzNW3Mwlx+4/v34EwZbWQy+QbEHJBQ== diff --git a/export/moderncrypto-rules.pdf b/export/moderncrypto-rules.pdf deleted file mode 100644 index 04425673..00000000 Binary files a/export/moderncrypto-rules.pdf and /dev/null differ diff --git a/export/moderncrypto-rules.pdf.asc b/export/moderncrypto-rules.pdf.asc deleted file mode 100644 index 58b55392..00000000 --- a/export/moderncrypto-rules.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQIwAKCRAhq2tqbLLD -N6erAQDhLwNdnrNOoyrc3hzHmvV7yzgvV8aMM/SGVR8vo2OMGwD/SganfxhkpAmi -gZk04r8tAtXlWQ4O8IHN79seU35MigI= -=lgV6 ------END PGP SIGNATURE----- diff --git a/export/moderncrypto-rules.pdf.minisig b/export/moderncrypto-rules.pdf.minisig deleted file mode 100644 index fd4f4f26..00000000 --- a/export/moderncrypto-rules.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/spHpOiZk0rLAZv8JWT2z1jBhqGMIMM8NZu7qYG82r4Uzm53vDPSSy9ulR1UtQ1A9AV6h3sXgnyUS6fktnVx9wA= -trusted comment: timestamp:1691602981 file:moderncrypto-rules.pdf hashed -oiqIelQpRvH93ZEx1ab8iVfMvvZ9kE9gE3njUpX/hkpQo9+X2Qj4i4AgAdU9TwZpdd3DpZEk3syYg6CQqA/7Bg== diff --git a/export/sha256sum.txt b/export/sha256sum.txt deleted file mode 100644 index f88e2ae8..00000000 --- a/export/sha256sum.txt +++ /dev/null @@ -1,50 +0,0 @@ -c302f34e5229655fa5c738f9dfbd8188d4b733b3046d5376ac6578e8a001d68b ./CHANGELOG.html -9bb1dee357891b1bae53ad00bc365c71c7dec4f23739b894dea2dc9523a4fc1e ./CHANGELOG.odt -434b037286f00d5deaffc463913bab2d375336c863ebc502d95d8e7ae90564f3 ./CHANGELOG.pdf -7491e5ef16299b313224b69c9132fba692f3f4c24bb38d384f38a7dab352efcf ./CODE_OF_CONDUCT.html -16e71b734962fd7a91462756b56c7c612be06a9a023206fdd4ee77ef5e43dbb1 ./CODE_OF_CONDUCT.odt -b8639f9d7934b53c442192ab252733d91eb84544a25d246345d6ce61868357a7 ./CODE_OF_CONDUCT.pdf -44d3eda8b469e00eeb947fa83e326e4974ab4bf426e9de016d36d4c01bba6b05 ./CONTRIBUTING.html -e79f5b5d8a3fa70f2f73992cc8347e9a4f6815ae42f59148a425536184d7ccef ./CONTRIBUTING.odt -fde893c281a6cffaf6e6afe098f4280ee0629b3aacfdae904c43017590c6811d ./CONTRIBUTING.pdf -449b9fa0890715278e80174f4f0c727c5c9a02250bad9cc874ad07fd1323ce35 ./KEY_ROTATION.html -3de1de2439668f53a3db770cfe8f05feb2148dcacec5d0cef8a2a92aa042dd9d ./KEY_ROTATION.odt -208f05b3f5d117ce0e2caceafe0f285cdb7e994d3157b87a1b8e73d7e1e06460 ./KEY_ROTATION.pdf -9727f2cc28c13c00263d3f8c4f0243552d426b70e12d40b23588f1bfed40ff11 ./LICENSE.html -b5465bb419222f23db285783fb804af03e9c3b94d716ad5bc6f3e70e435cf0bd ./LICENSE.odt -ecc5e4456f8dea765af84c4a3e1e7dae935fa09817059c1f1765650312bf6f80 ./LICENSE.pdf -95f7e4554b92659b44b8096971025485d835a26076c0b9e3a98c02ee7f5ff0a3 ./README.html -ddabee63b7d5f33b66b0cd49615e3e47841a196c5b6cfa9c25d7c4fef414f250 ./README.odt -497c97d3f02c542f233c6b196aa59a61d2e666d2fcf71fc645329e120a639b24 ./README.pdf -2e65122c34df9b709a08b3dddeb229077beec6728b91785675a35dd454cd7d99 ./about.html -947572ec8192e7e152202049eb0e76a64dace78f047e28a9953e2a5bdab29576 ./about.odt -1b97652b8ab081b2f44567d48e31dd4360403375850ac496dfcebad4ba8214d4 ./about.pdf -1bc72ea585ab893f169351de845e895546ed6d701420e985b9e70e60df30b632 ./briar.html -a036303b9e21e2713a63645cc2cc06755ff78290eb7f7ce4cb36becaacce210f ./briar.odt -17e928efa2756e0c34b7f779d2abb32ec6d56caeb5726811d4d142c1a514ed55 ./briar.pdf -06336b1e2be383b12155fabf1f31a429d6910d664907a12befbcde2177042720 ./chatrooms-rules.html -4beb09d8d5af768d715edc13f0beeac53a7ceb840f21591762a967c20bd76761 ./chatrooms-rules.odt -0324c94252c9e12a23d42436881362fc32d0562ed0d1d43daa2d2e562fa4e518 ./constitution.html -a4ba68c82a6823844a451a995ce36fbddb60803917eb361b069c5c21f5e8867c ./constitution.odt -fdd120c27e122ecb26c111f5a635de759523ecec53a8c615ff287c9e36185f3d ./constitution.pdf -aa254e89ff04996e6b2ae45296a08876af96407bcca1957d3b100c10a9c95b76 ./donations.html -018bcb3948b8d96b089fdd3842802a58eb5ac2183f6c014dcfb9b66c86722aa4 ./donations.odt -d50fb3605bfd474663f02ecbb88778e4d6dcd708ac8f87408c3cf2615f1838d6 ./donations.pdf -3828f9fe97d2a664ecf86086bdb6225c0346105c1b5d837cd14881a703729922 ./guide.html -14f89b6ec97e8334da34debc7daaba3d8f95eb212fc5e82fc96e269bd387c0ac ./guide.odt -0c28f3e9f76042b88fa00baee64d768ce870ad7cbcb6b48d3989b6972dd2beaf ./guide.pdf -84b4c81101b9a8547c553c94ba114533bbef68fde641ff090240fb5afa497556 ./legacy.html -7826f10ec4f69d72d35f7e06d8cdf1f56dc6a17e1a60b1a6ab20196ffa3fe228 ./legacy.odt -81b6eac9c22bc27728f84a4cd18c2070de10516a194907b096f6ae692ccbc96b ./legacy.pdf -d6b255d076e3032277db9427fc38769e079e806e32d45ae370133da742c55d6c ./links.html -3c8a889a4bd380f94928a4f274723083d99350092cfe994e41ca46ccab7a96da ./links.odt -be66727cea875f1d045e79664c1556c042dbd39834e7de06c80762f94fa746b4 ./links.pdf -969f5c566e085b6929b9c9b709a2f982064f6fcdc191621a0fc3b3d40cc9afa7 ./moderncrypto-rules.html -6b1de0f118535143a61da5ca8129d3a49bd9b7171059ebd83060c075598f3415 ./moderncrypto-rules.odt -48c531f7f4335074ef9f5983c1aeb9d9e9b79b7108fd960abbec36fa43c9719a ./moderncrypto-rules.pdf -5f82c4f8abf068a4c5b5188305e5b91db855adeedf68edf869f9d362f2927d5e ./twitter.html -6ca0c22712e787a774d4776845255853988e75e1ef879aec21489b44032f3b60 ./twitter.odt -a0c6043c7ead8e0fe5fe4eebed0d18adf5581b19e928cd32a5110a11ed6eff83 ./twitter.pdf -fcd1c16107a59043363c03123219708a49f59d9d5af67a9db2db9298ab89efce ./verify.html -f5f907eaa6da57c5771de0c91801fbf97115294581b533efee9a730832e2683f ./verify.odt -3d65705020a50a9c40a1d60b1278672128726c90d997183c5e12eccdfcbcbece ./verify.pdf diff --git a/export/sha256sum.txt.asc b/export/sha256sum.txt.asc deleted file mode 100644 index 92ae0054..00000000 --- a/export/sha256sum.txt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQJQAKCRAhq2tqbLLD -N3wDAQD9LKSgJsmaxV7afTxUNM8RjNHM1obIhU5LDmZu19ojmAD/VHeOOVfc0xtm -+Mrs/9x0pXseeurbgQGSKKLMOPIr2QM= -=unGy ------END PGP SIGNATURE----- diff --git a/export/sha256sum.txt.minisig b/export/sha256sum.txt.minisig deleted file mode 100644 index 241233bc..00000000 --- a/export/sha256sum.txt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/l1HVnenwUVo/AsjNvrM/Zd2Z+6ZbLtPxckzTbt8TJ2AoJdxZB+Ga3l97Jm6x6SRentZuj5MQmpi5PMNt1SHqQU= -trusted comment: timestamp:1691602983 file:sha256sum.txt hashed -ZukC2S/qeiZSvtoyTdNiwcvZcr3b2Zn+OGJHp44gLuX0ukE/XGKU+SWMOuE46vgvA+/1o5jLZzfFP75NyT/KAw== diff --git a/export/twitter.html b/export/twitter.html deleted file mode 100644 index fe273038..00000000 --- a/export/twitter.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

Anonymous Planet is leaving -Twitter

-

Anonymous Planet is moving to Mastodon. This is largely due to -Twitter being currently owned by Elon Musk, the $8 fees, and recent -security issues that have come to light.

- -

Our mastodon can be found at @anonymousplanet@mastodon.social

- - - - diff --git a/export/twitter.html.asc b/export/twitter.html.asc deleted file mode 100644 index 335a350c..00000000 --- a/export/twitter.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQJwAKCRAhq2tqbLLD -N0jFAP4rmydACm29ar5C38/03LCDbxUIHS0yAoRcNGQSHWdciAD7Br3Fmr4zduA5 -BPbgnkrzuGVgMIhbtgxyjcJFPv6KGQM= -=R0n9 ------END PGP SIGNATURE----- diff --git a/export/twitter.html.minisig b/export/twitter.html.minisig deleted file mode 100644 index d6cc1d9a..00000000 --- a/export/twitter.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/hq+gOZs89g6orc1xUjzrNr8wiv6dx/AH/f1cc9WjlyxMD8Ct9UufomijzC5lDWZQYXM1tgKKmvuYifQXk6qPA8= -trusted comment: timestamp:1691602985 file:twitter.html hashed -5Hy7gbSTMY9rTqx7mRxtfHp2uZw5JpvgK5BnASdo4ZUgVG+IJNNwPrTi/duQPQ5CQEUpCPWQqSxNJQJDmzlECg== diff --git a/export/twitter.odt b/export/twitter.odt deleted file mode 100644 index f0cd6098..00000000 Binary files a/export/twitter.odt and /dev/null differ diff --git a/export/twitter.odt.asc b/export/twitter.odt.asc deleted file mode 100644 index f1ac2a1b..00000000 --- a/export/twitter.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQKQAKCRAhq2tqbLLD -NxtWAP498adOjNkp0DpPkH6iqjbTImEkF0/DMpVnXq2dycZLkAEA56zZP2gZ6XFn -3XOxWkCfnEM2c/WzAXnUFCCKGH35+g0= -=cN++ ------END PGP SIGNATURE----- diff --git a/export/twitter.odt.minisig b/export/twitter.odt.minisig deleted file mode 100644 index fee7e4ce..00000000 --- a/export/twitter.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/uDm6uML/bOq/C8Me635PjLVqdn3L7DKV25THBCjxMernhza3tbZGaKChbycsIEpEtEzACglSdHbgKQoAPoaOwI= -trusted comment: timestamp:1691602987 file:twitter.odt hashed -GvuCGhAIalDun9q0rajSCUG3AIb2zial21q+2SAUMnC97mpt1oLUjXBIK+3Mf5HWZqAJ2lxDiAi7QROA6AhdBw== diff --git a/export/twitter.pdf b/export/twitter.pdf deleted file mode 100644 index 0ba027a3..00000000 Binary files a/export/twitter.pdf and /dev/null differ diff --git a/export/twitter.pdf.asc b/export/twitter.pdf.asc deleted file mode 100644 index 9943d681..00000000 --- a/export/twitter.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQKwAKCRAhq2tqbLLD -N4txAP48xmYMcjoA+UmRTq0VIkkZ5PrcWtTXHcistVNAmQEWNQEAoSjqG+7eC95+ -8j1/1q6ClGibc9OWN1m9h5F8yGOyIQE= -=o3Ls ------END PGP SIGNATURE----- diff --git a/export/twitter.pdf.minisig b/export/twitter.pdf.minisig deleted file mode 100644 index 6bfe39ba..00000000 --- a/export/twitter.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/mel6PVwIQhFIjPkIJ6IzPcMyk1gdWyiKBbBnLKuu+Vuc2/NZOGRs4Hv39P64hjexfheSwRxCGnuoV7ooXnbDgE= -trusted comment: timestamp:1691602989 file:twitter.pdf hashed -XvZApkw317w69kBqtgJWgp+iSOynH0Fj/XiEs6YiQVvRiloIUnBWbBYCk48XWjLYz8E/WTeRxSGxkPUEGAL7CQ== diff --git a/export/verify.html b/export/verify.html deleted file mode 100644 index 4da9f4ca..00000000 --- a/export/verify.html +++ /dev/null @@ -1,297 +0,0 @@ - - - - - - - The Hitchhiker's Guide to Online Anonymity - - - -
-

The Hitchhiker's Guide to Online Anonymity

-
-

How to -check files for safety/integrity and authenticity:

-

The PDF and ODT files of this guide are cryptographically signed -using GPG and Minisign. Their integrity -can be verified with the published SHA256 Checksum hashes on this -website. SHA256 checksums of all the PDF and ODT files are available -here in the sha256sum.txt file. -SHA256 checksums, signatures, and VirusTotal (“VT”) checks of the -releases files (containing the whole repository) are available within -the latest release information at https://github.com/Anon-Planet/thgtoa/releases/latest -which will be available as soon as we have a stable release.

-

The GPG signatures for each PDF and ODT files are available here: - -PDF (Light Theme) Main and Mirrors: guide.pdf.asc - ODT Main and Mirrors: guide.odt.asc

-

The Minisign signatures for each PDF and ODT files are available -here: - PDF (Light Theme) Main and Mirrors: guide.pdf.minisig - ODT Main and -Mirrors: guide.odt.minisig

-

How -to check the integrity of files using SHA256 checksums:

-

First get the hash of your local file by following these steps for -your OS:

-

Windows: - From a command prompt, run -certutil -hashfile filename.txt sha256 - Compare the -obtained hash result of your local file to the online file’s published -hash. They should match.

-

macOS: - From a terminal, run -shasum -a 256 /full/path/to/your/file - Compare the -obtained hash result of your local file to the online file’s published -hash. They should match.

-

Linux: - From a terminal, run -sha256sum /full/path/to/your/file - Compare the obtained -hash result of your local file to the online file’s published hash. They -should match.

-

All commits and releases on this repository are cryptographically -signed and verified by each collaborator (check for the “Verified” tags -on commits and releases).

-

How -to verify the the authenticity and integrity of files using GPG:

-

To verify files with GPG signatures, you should first install gpg on -your system: - Windows: Install gpg4win from https://www.gpg4win.org/download.html - MacOS: Install -GPG Tools from https://gpgtools.org/ - Linux: gpg should be installed -by default. If not, use your Linux package manager to install it such as -apt (debian) or rpm (red hat).

-

Import the master signing key from a trusted source of the publisher -using the following command from a command prompt or terminal:

-

gpg --auto-key-locate nodefault,wkd --locate-keys 9EA98278639F1CD853E096CBFF94507587A6A9B9

-

In theory this command should fetch the key from the a default pool -server. If this doesn’t work, you can also download/view it directly -from here (in our case): https://anonymousplanet.org/pgp/AnonymousPlanet-Master-Signing-Key_9EA98278639F1CD853E096CBFF94507587A6A9B9.asc

-

As well as the published key on any keyserver below (search for the -fingerprint 9EA98278639F1CD853E096CBFF94507587A6A9B9): - https://pgp.mit.edu - https://keys.openpgp.org -- https://keyserver.ubuntu.com

-

You should then import it manually by issuing the following command -on any OS:

-

gpg --import 9EA98278639F1CD853E096CBFF94507587A6A9B9.asc

-

The master signing key allows you to verify all other project-related -keys. Once you have the master signing key and are confident it’s the -correct key (nobody has tampered with it), mark the key as trusted by -locally signing it:

-

gpg --lsign-key 9EA98278639F1CD853E096CBFF94507587A6A9B9

-

Alternatively, if you use Kleopatra, it will ask you to certify the -key. Certify the key to mark it as trusted.

-

Once you have the master key downloaded, imported, and certified, you -will obtain a copy of the release key.

-

gpg --auto-key-locate nodefault,wkd --locate-keys 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 -(to import the release signing key)

-

https://anonymousplanet.org/pgp/AnonymousPlanet-Release-Signing-Key_83A6CF9EF57AC25B5C7F5D29285E6048A12321B2.asc -(to download the key yourself)

-

If you use GPG directly, you won’t need to mark the release signing -key as trusted, because it’s already signed by the master signing key. -If you use Kleopatra, the process to import the release signing key is -the same as importing the master signing key.

-

Finally, verify the asc signature file (links above) against the PDF -file by issuing the following example command:

-

gpg --verify guide.pdf.asc guide.pdf

-

This should output a result showing it matches a signature created by -the release signing key, and is therefore a good result.

-

How -to verify the the authenticity and integrity of the files using -Minisign:

-

To verify the files with Minisign:

-
    -
  • First, download minisign from https://jedisct1.github.io/minisign/.
  • -
  • Download the files along with their *.minisig signature file (these -should be in the same directory).
  • -
  • Download the Minisign public key available on the website and -repository: minisign.pub (again, place it in -the same directory for convenience).
  • -
  • Run the following command in a command prompt or terminal within the -directory with both files: -minisign -Vm guide.pdf -p minisign.pub.
  • -
  • Output should show -Signature and comment signature verified.
  • -
-

How -to check the relative safety of files or even URLs (such as -https://anonymousplanet.org) using VirusTotal:

-

Note: we do not endorse VirusTotal. It should be used with -extreme caution, never with any sensitive files, due to their privacy -policies. Do not upload sensitive files to VirusTotal.

-

The PDF and ODT files of this guide have been automatically scanned -by VT, see the links below for an example but do not trust these hashes -blindly. Check the hashes match and re-upload to VT if needed: - PDF -file: [VT -Scan] - ODT file: [VT -Scan]

-

Additional -manual safety checks for the PDF files:

-

For additional safety, you can always double check the PDF files -using the PDFID tool which you can download at https://blog.didierstevens.com/programs/pdf-tools/. (You -might be wondering: “Why should I trust a random python script?” Well, -it is open-source and well-known. It is also probably a safer bet than -trusting a random PDF).

-

Here are the steps:

-
    -
  • Install the latest version (e.g., 3.10.6 stable) of Python, download -pdfid -and, from a command prompt or terminal, run:
  • -
-

python pdfid.py file-to-check.pdf

-

And you should see the following entries at 0 for -safety, this 0 means there is no Javascript or any action that could -possibly execute malicious macros, scripts, etc. Normally this won’t be -necessary as most modern PDF readers won’t execute those scripts -anyway.

-
/JS                    0 #This indicates the presence of Javascript which could be malicious
-/JavaScript            0 #This indicates the presence of Javascript which could be malicious
-/AA                    0 #This indicates the presence of automatic action on opening
-/OpenAction            0 #This indicates the presence of automatic action on opening
-/AcroForm              0 #This indicates the presence of AcroForm which could contain malicious JavaScript
-/JBIG2Decode           0 #This indicates the PDF uses JBIG2 compression which could be used for obfuscating malicious content
-/RichMedia             0 #This indicates the presence rich media within the PDF such as Flash
-/Launch                0 #This counts the launch actions
-/EmbeddedFile          0 #This indicates there are embedded files within the PDF
-/XFA                   0 #This indicates the presence of XML Forms within the PDF
- - diff --git a/export/verify.html.asc b/export/verify.html.asc deleted file mode 100644 index abf542a3..00000000 --- a/export/verify.html.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQLQAKCRAhq2tqbLLD -N3DMAP45spChtyIpn6JspnqFV8xaWftxAYUlSTkRAnKWfwhqjgD/ZpdHG41CrRqG -KmyG56vdPqYpo3vVFZzYHhtAlgkNjQ0= -=jQ5q ------END PGP SIGNATURE----- diff --git a/export/verify.html.minisig b/export/verify.html.minisig deleted file mode 100644 index 5cc5af1c..00000000 --- a/export/verify.html.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jylzGCsFk/Gi61PfFgPqVtOV++wx9OVgxV0RPJpuirlIkFLaXEMYLK6vbX1hdj+y+DpLP5yai5Vaag3zLeJCAs= -trusted comment: timestamp:1691602991 file:verify.html hashed -Pq6WHNWPF0xu18CYIolha2VZx8Tdk7oRVjxQmGXACVg7gNLwX0gH7RPNqGODWa+qDSzRJ5fjlFJjl50nS96fBA== diff --git a/export/verify.odt b/export/verify.odt deleted file mode 100644 index b495fbc9..00000000 Binary files a/export/verify.odt and /dev/null differ diff --git a/export/verify.odt.asc b/export/verify.odt.asc deleted file mode 100644 index 572ee0a3..00000000 --- a/export/verify.odt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQLwAKCRAhq2tqbLLD -N6LGAQDd7KmyTdonVKuaSfZwbKX2mCA2eU551evvI8YPLcWZJgEA/a115I8swX2C -aYmxwbhZ4ifm57JUnpEWIY5GzN0Ntww= -=evTd ------END PGP SIGNATURE----- diff --git a/export/verify.odt.minisig b/export/verify.odt.minisig deleted file mode 100644 index 0aade3ab..00000000 --- a/export/verify.odt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pU/1uVqS0pk4aJafpEHoO3wPfnhKbRuNsAKZssdNuXazSiVU26IXA/EciJZV/FwAB2b8Hu1uFFJmhJzZBAgIwE= -trusted comment: timestamp:1691602993 file:verify.odt hashed -RB2VVopi1Uu0j6loAhDU3mmzyORjJYz4Hijltvqzf0N00131tuyZMmt7doiSNK6WfVq4AkAHNaKiXv3svC/eBw== diff --git a/export/verify.pdf b/export/verify.pdf deleted file mode 100644 index 43025687..00000000 Binary files a/export/verify.pdf and /dev/null differ diff --git a/export/verify.pdf.asc b/export/verify.pdf.asc deleted file mode 100644 index e343940d..00000000 --- a/export/verify.pdf.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQMQAKCRAhq2tqbLLD -Nx02AQDde5rIXzYgTQinqiDWsHBdG5o6oIhZpRT9/mdu6LgOkgD8Cybl0UrmGeOI -K+MD9/QyRZYpMST3wxZ5TaCecNJuMwo= -=B4d2 ------END PGP SIGNATURE----- diff --git a/export/verify.pdf.minisig b/export/verify.pdf.minisig deleted file mode 100644 index f95c6bb6..00000000 --- a/export/verify.pdf.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/jMhStXOAPcxKJL3r32vOOlHVQ+U+wFXxrnrRmeKv7TioQH9JPt3tPGiM+KEpkVJOE8PIVq6RKvP7ciAT4rHnAQ= -trusted comment: timestamp:1691602995 file:verify.pdf hashed -YNPwqzKjZRAFlqI+8WgG9064/pyQJRmZcKr57pzU7177Hzj3IxBIKcuuPDZedN4S8iHS4UINqceHvVhGqlZwDA== diff --git a/guide.md b/guide.md index ad72a44a..91b8e91d 100644 --- a/guide.md +++ b/guide.md @@ -1,13831 +1,13831 @@ -# The Hitchhiker's Guide to Online Anonymity - -(Or "How I learned to start worrying and love ~~privacy~~ anonymity") - -Version v1.1.9, August 2023 by Anonymous Planet - -#### **IMPORTANT RECOMMENDATION FOR UKRAINIANS. ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ УКРАЇНЦІВ** - -Це послання до народу України. Ми настійно рекомендуємо вам використовувати Briar для спілкування. Ви можете знайти його тут: , Швидкий початок: - --------------------------------------------------------------------------- - -This is a message for the people of Ukraine. We strongly recommend that you use Briar for communicating. You can find it here: -With this application, you can communicate even when there is no internet. -The manual is here: , quick-start guide here: - --------------------------------------------------------------------------- - -**This guide is a work in progress**. It will probably never be "finished". - -**No affiliation with the** [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) [[Wikiless]](https://wikiless.org/wiki/Anonymous_(hacker_group)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) **collective/movement.** - -**There might be some wrong or outdated information in this guide because no one is perfect.** - -**Your experience may vary. Remember to check regularly for an updated version of this guide.** - -This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). - -- For mirrors see [Appendix A6: Mirrors] - -- For help in comparing versions see [Appendix A7: Comparing versions] - -Feel free to submit issues **(please do report anything wrong)** using GitHub Issues at: - -Feel free to come to discuss ideas at: - -- Rules for our chatrooms: - -- Matrix/Element Room: ```#anonymity:matrix.org``` - -- Matrix Space regrouping several rooms with similar interests: ```#privacy-security-anonymity:matrix.org``` . - -Follow us on: - -- Twitter at - -- Mastodon at - -To contact me, see the updated information on the website or send an e-mail to - -**Please consider [donating][Donations:] if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.** - -There are several ways you could read this guide: - -- You want to understand the current state of online privacy and anonymity not necessarily get too technical about it: Just read the [Introduction][Introduction:], [Requirements][Pre-requisites and limitations:], [Understanding some basics of how some information can lead back to you and how to mitigate those][Understanding some basics of how some information can lead back to you and how to mitigate some:] and [A final editorial note][A small final editorial note:] sections. - -- You want to do the above but also learn how to remove some online information about you: Just read the above and add the [Removing some traces of your identities on search engines and various platforms.][Removing some traces of your identities on search engines and various platforms:] - -- You want to do the above and create online anonymous identities online safely and securely: Read the whole guide. - -Precautions while reading this guide and accessing the various links: - -- **Documents/Files** have a **[Archive.org]** link next to them for accessing content through Archive.org for increased privacy and in case the content goes missing. Some links are not yet archived or outdated on archive.org in which case we encourage you to ask for a new save if possible. - -- **YouTube Videos** have a **[Invidious]** link next to them for accessing content through an Invidious Instance (in this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious) for more information. - -- **Twitter** links have a **[Nitter]** link next to them for accessing content through a Nitter Instance (in this case nitter.net) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter) for more information. - -- **Wikipedia** links have a **[Wikiless]** link next to them for accessing content through a Wikiless Instance (in this case Wikiless.org) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless) for more information. - -- **Medium** links have **[Scribe.rip]** link next to them for accessing content through a Scribe.rip Instance for increased privacy. Again, it is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://scribe.rip/) for more information. - -- If you are reading this in PDF or ODT format, you will notice plenty of \`\`\` in place of double quotes (""). These \`\`\` are there to ease conversion into Markdown/HTML format for online viewing of code blocks on the website. - -If you do not want the hassle and use one of the browsers below, you could also just install the following extension on your browser: [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/): - -- Firefox: - -- Chromium-based browsers (Chrome, Brave, Edge): - -**If you are having trouble accessing any of the many academic articles referenced in this guide due to paywalls, feel free to use Sci-Hub (** [[Wikiless]](https://wikiless.org/wiki/Sci-Hub) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sci-Hub)**) or LibGen (** [[Wikiless]](https://wikiless.org/wiki/Library_Genesis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Library_Genesis)**) for finding and reading them. Because Science should be free. All of it. If you are faced with a paywall accessing some resources, consider using .** - -Finally note that this guide does mention and even recommends various commercial services (such as VPNs, CDNs, e-mail providers, hosting providers...) **but is not endorsed or sponsored by any of them in any way. There are no referral links and no commercial ties with any of these providers. This project is 100% non-profit and only relying on donations.** - -# Contents: - -- [Pre-requisites and limitations:] - - [Pre-requisites:] - - [Limitations:] -- [Introduction:] -- [Understanding some basics of how some information can lead back to you and how to mitigate some:] - - [Your Network:] - - [Your IP address:] - - [Your DNS and IP requests:] - - [Your RFID enabled devices:] - - [The Wi-Fi and Bluetooth devices around you:] - - [Malicious/Rogue Wi-Fi Access Points:] - - [Your Anonymized Tor/VPN traffic:] - - [Some Devices can be tracked even when offline:] - - [Your Hardware Identifiers:] - - [Your IMEI and IMSI (and by extension, your phone number):] - - [Your Wi-Fi or Ethernet MAC address:] - - [Your Bluetooth MAC address:] - - [Your CPU:] - - [Your Operating Systems and Apps telemetry services:] - - [Your Smart devices in general:] - - [Yourself:] - - [Your Metadata including your Geo-Location:] - - [Your Digital Fingerprint, Footprint, and Online Behavior:] - - [Your Clues about your Real Life and OSINT:] - - [Your Face, Voice, Biometrics, and Pictures:] - - [Gait Recognition and Other Long-Range Biometrics] - - [Phishing and Social Engineering:] - - [Malware, exploits, and viruses:] - - [Malware in your files/documents/e-mails:] - - [Malware and Exploits in your apps and services:] - - [Malicious USB devices:] - - [Malware and backdoors in your Hardware Firmware and Operating System:] - - [Your files, documents, pictures, and videos:] - - [Properties and Metadata:] - - [Watermarking:] - - [Pixelized or Blurred Information:] - - [Your Cryptocurrencies transactions:] - - [Your Cloud backups/sync services:] - - [Microarchitectural Side-channel Deanonymization Attacks:] - - [Local Data Leaks and Forensics:] - - [Bad Cryptography:] - - [No logging but logging anyway policies:] - - [Some Advanced targeted techniques:] - - [Some bonus resources:] - - [Notes:] -- [General Preparations:] - - [Picking your route:] - - [Timing limitations:] - - [Budget/Material limitations:] - - [Skills:] - - [Adversarial considerations:] - - [Steps for all routes:] - - [Getting used to using better passwords:] - - [Getting an anonymous Phone number:] - - [Get a USB key:] - - [Find some safe places with decent public Wi-Fi:] - - [The Tor Browser route:] - - [Windows, Linux, and macOS:] - - [Android:] - - [iOS:] - - [Important Warning:] - - [The Tails route:] - - [Tor Browser settings on Tails:] - - [Persistent Plausible Deniability using Whonix within Tails:] - - [Steps for all other routes:] - - [Get a dedicated laptop for your sensitive activities:] - - [Some laptop recommendations:] - - [Bios/UEFI/Firmware Settings of your laptop:] - - [Physically Tamper protect your laptop:] - - [The Whonix route:] - - [Picking your Host OS (the OS installed on your laptop):] - - [Linux Host OS:] - - [macOS Host OS:] - - [Windows Host OS:] - - [Virtualbox on your Host OS:] - - [Pick your connectivity method:] - - [Getting an anonymous VPN/Proxy:] - - [Whonix:] - - [Tor over VPN:] - - [Whonix Virtual Machines:] - - [Pick your guest workstation Virtual Machine:] - - [Linux Virtual Machine (Whonix or Linux):] - - [Windows 10/11 Virtual Machine:] - - [Android Virtual Machine:] - - [macOS Virtual Machine:] - - [KeepassXC:] - - [VPN client installation (cash/Monero paid):] - - [(Optional) VM kill switch:] - - [Final step:] - - [The Qubes Route:] - - [Pick your connectivity method:][1] - - [Getting an anonymous VPN/Proxy:][2] - - [Note about Plausible Deniability:] - - [Installation:] - - [Lid Closure Behavior:] - - [Anti Evil Maid (AEM):] - - [Connect to a Public Wi-Fi:] - - [Updating Qubes OS:] - - [Updating Whonix from version 15 to version 16:] - - [Hardening Qubes OS:] - - [Setup the VPN ProxyVM:] - - [Setup a safe Browser within Qubes OS (optional but recommended):] - - [Setup an Android VM:] - - [KeePassXC:][3] -- [Quick note: Correlation vs Attribution:] -- [Creating your anonymous online identities:] - - [Understanding the methods used to prevent anonymity and verify identity:] - - [Captchas:] - - [Phone verification:] - - [E-Mail verification:] - - [User details checking:] - - [Proof of ID verification:] - - [IP Filters:] - - [Browser and Device Fingerprinting:] - - [Human interaction:] - - [User Moderation:] - - [Behavioral Analysis:] - - [Financial transactions:] - - [Sign-in with some platform:] - - [Live Face recognition and biometrics (again):] - - [Manual reviews:] - - [Getting Online:] - - [Creating new identities:] - - [Checking if your Tor Exit Node is terrible:] - - [The Real-Name System:] - - [About paid services:] - - [Overview:] - - [How to share files privately and/or chat anonymously:] - - [How to share files publicly but anonymously:] - - [Redacting Documents/Pictures/Videos/Audio safely:] - - [Communicating sensitive information to various known organizations:] - - [Maintenance tasks:] -- [Backing up your work securely:] - - [Offline Backups:] - - [Selected Files Backups:] - - [Full Disk/System Backups:] - - [Online Backups:] - - [Files:] - - [Information:] - - [Synchronizing your files between devices Online:] -- [Covering your tracks:] - - [Understanding HDD vs SSD:] - - [Wear-Leveling.] - - [Trim Operations:] - - [Garbage Collection:] - - [Conclusion:] - - [How to securely wipe your whole Laptop/Drives if you want to erase everything:] - - [Linux (all versions including Qubes OS):] - - [Windows:] - - [macOS:] - - [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] - - [Windows:][4] - - [Linux (non-Qubes OS):] - - [Linux (Qubes OS):] - - [macOS:][5] - - [Some additional measures against forensics:] - - [Removing Metadata from Files/Documents/Pictures:] - - [Tails:] - - [Whonix:][6] - - [macOS:][7] - - [Linux (Qubes OS):][8] - - [Linux (non-Qubes):] - - [Windows:][9] - - [Removing some traces of your identities on search engines and various platforms:] - - [Google:] - - [Bing:] - - [DuckDuckGo:] - - [Yandex:] - - [Qwant:] - - [Yahoo Search:] - - [Baidu:] - - [Wikipedia:] - - [Archive.today:] - - [Internet Archive:] - - [Others:] -- [Some low-tech old-school tricks:] - - [Hidden communications in plain sight:] - - [How to spot if someone has been searching your stuff:] -- [Some last OPSEC thoughts:] -- [**If you think you got burned:**] - - [If you have some time:] - - [If you have no time:] -- [A small final editorial note:] -- [Donations:] -- [Helping others staying anonymous:] -- [Acknowledgments:] -- [Appendix A: Windows Installation] - - [Installation:][10] - - [Privacy Settings:] -- [Appendix B: Windows Additional Privacy Settings] -- [Appendix C: Windows Installation Media Creation] -- [Appendix D: Using System Rescue to securely wipe an SSD drive] -- [Appendix E: Clonezilla] -- [Appendix F: Diskpart] -- [Appendix G: Safe Browser on the Host OS] - - [If you can use Tor:] - - [If you cannot use Tor:] -- [Appendix H: Windows Cleaning Tools] -- [Appendix I: Using ShredOS to securely wipe an HDD drive:] - - [Windows:][11] - - [Linux:] -- [Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] - - [Tools that provide a boot disk for wiping from boot:] - - [Tools that provide only support from running OS (for external drives).] -- [Appendix K: Considerations for using external SSD drives] - - [Windows:][12] - - [Trim Support:] - - [ATA/NVMe Operations (Secure Erase/Sanitize):] - - [Linux:][13] - - [Trim Support:][14] - - [ATA/NVMe Operations (Secure Erase/Sanitize):][15] - - [macOS:][16] - - [Trim Support:][17] - - [ATA/NVMe Operations (Secure Erase/Sanitize):][18] -- [Appendix L: Creating a mat2-web guest VM for removing metadata from files] -- [Appendix M: BIOS/UEFI options to wipe disks in various Brands] -- [Appendix N: Warning about smartphones and smart devices] -- [Appendix O: Getting an anonymous VPN/Proxy] - - [Cash/Monero-Paid VPN:] - - [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] - - [VPN VPS:] - - [Socks Proxy VPS:] -- [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] -- [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:] -- [Appendix R: Installing a VPN on your VM or Host OS] -- [Appendix S: Check your network for surveillance/censorship using OONI] -- [Appendix T: Checking files for malware] - - [Integrity (if available):] - - [Authenticity (if available):] - - [Security (checking for actual malware):] - - [Anti-Virus Software:] - - [Manual Reviews:][19] -- [Appendix U: How to bypass (some) local restrictions on supervised computers] - - [Portable Apps:] - - [Bootable Live Systems:] - - [Precautions:] -- [Appendix V: What browser to use in your Guest VM/Disposable VM] - - [Brave:] - - [Ungoogled-Chromium:] - - [Edge:] - - [Safari:] - - [Firefox:] - - [Tor Browser:] -- [Appendix V1: Hardening your Browsers:] - - [Brave:][20] - - [Ungoogled-Chromium:][21] - - [Edge:][22] - - [Safari:][23] - - [Firefox:][24] - - [Normal settings:] - - [Advanced settings:] - - [Addons to install/consider:] - - [Bonus resources:] -- [Appendix W: Virtualization] - - [Nested virtualization risks] -- [Appendix X: Using Tor bridges in hostile environments] -- [Appendix Y: Installing and using desktop Tor Browser] - - [Installation:][25] - - [Usage and Precautions:] -- [Appendix Z: Online anonymous payments using cryptocurrencies] - - [Using Bitcoin anonymously option:] - - [Using Monero anonymously option:] - - [Warning about special tumbling, mixing, coinjoining privacy wallets and services] - - [When converting from BTC to Monero:] -- [Appendix A1: Recommended VPS hosting providers] -- [Appendix A2: Guidelines for passwords and passphrases] -- [Appendix A3: Search Engines] -- [Appendix A4: Counteracting Forensic Linguistics] - - [Introduction:][26] - - [What does an adversary look for when examining your writing?] - - [Examples:] - - [How to counteract the efforts of your adversary:] - - [What different linguistic choices could say about you:] - - [Emoticons:] - - [Structural features:] - - [Spelling slang and symbols:] - - [Techniques to prevent writeprinting:] - - [Spelling and grammar checking:] - - [Translation technique:] - - [Search and replace:] - - [Final advice:] - - [Bonus links:] -- [Appendix A5: Additional browser precautions with JavaScript enabled] -- [Appendix A6: Mirrors] -- [Appendix A7: Comparing versions] -- [Appendix A8: Crypto Swapping Services without Registration and KYC] - - [General Crypto Swapping:] - - [BTC to Monero only:] -- [Appendix A9: Installing a Zcash wallet:] - - [Debian 11 VM:] - - [Ubuntu 20.04/21.04/21.10 VM:] - - [Windows 10/11 VM:] - - [Whonix Workstation 16 VM:] -- [Appendix B1: Checklist of things to verify before sharing information:] -- [Appendix B2: Monero Disclaimer] -- [Appendix B3: Threat modeling resources] -- [Appendix B4: Important notes about evil-maid and tampering] -- [Appendix B5: Types of CPU attacks:] -- [Appendix B6: Warning for using Orbot on Android] -- [Appendix B7: Caution about Session messenger] -- [References:] - -# Pre-requisites and limitations: - -## Pre-requisites: - -- Understanding of the English language (in this case American English). - -- Be a permanent resident in Germany where the courts have upheld the legality of not using real names on online platforms (§13 VI of the German Telemedia Act of 2007[^1]'[^2]). **Alternatively, be a resident of any other country where you can confirm and verify the legality of this guide yourself.** - -- This guide will assume you already have access to some (Windows/Linux/macOS) laptop computer - ideally not a work/shared device - and a basic understanding of how computers work. - -- Have patience, as this process could take several weeks to complete if you want to go through all the content. - -- Have some free time on your hands to dedicate to this process (depending on which route you pick). - -- Be prepared to read a lot of references (do read them), guides (do not skip them), and tutorials thoroughly (do not skip them either). - -- Don't be evil (for real this time)[^3]. - -- Understand that there is no common path that will be both quick and easy. - -## Limitations: - -This guide is not intended for: - -- Creating bot accounts of any kind. - -- Creating impersonation accounts of existing people (such as identity theft). - -- Helping malicious actors conduct unethical, criminal, or illicit activities (such as trolling, stalking, disinformation, misinformation, harassment, bullying, or fraud). - -- Use by minors. - -# Introduction: - -**TLDR for the whole guide: "A strange game. The only winning move is not to play"** [^4]**.** - -Making a social media account with a pseudonym or artist/brand name is easy. And it is enough in most use cases to protect your identity as the next George Orwell. There are plenty of people using pseudonyms all over Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/... But the vast majority of those are anything but anonymous and can easily be traced to their real identity by your local police officers, random people within the OSINT[^5] (Open-Source Intelligence) community, and trolls[^6] on 4chan[^7]. - -This is a good thing as most criminals/trolls are not tech-savvy and will usually be identified with ease. But this is also a terrible thing as most political dissidents, human rights activists and whistleblowers can also be tracked rather easily. - -This guide aims to provide an introduction to various de-anonymization techniques, tracking techniques, ID verification techniques, and optional guidance to creating and maintaining **reasonably and truly** online anonymous identities including social media accounts safely. This includes mainstream platforms and not only the privacy-friendly ones. - -It is important to understand that the purpose of this guide is anonymity and not just privacy but much of the guidance you will find here will also help you improve your privacy and security even if you are not interested in anonymity. There is an important overlap in techniques and tools used for privacy, security, and anonymity but they differ at some point: - -- **Privacy is about people knowing who you are but not knowing what you are doing.** - -- **Anonymity is about people knowing what you are doing but not knowing who you are** [^8]**.** - -![image01](media/image01.png) - -(Illustration from[^9]) - -Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to find you? Probably not ... Mossad will be doing "Mossad things" [^10] and will probably find you no matter how hard you try to hide[^11]. - -You must consider your threat model[^12] before going further. - -![image02](media/image02.png) - -(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) - -Will this guide help you protect your privacy from OSINT researchers like Bellingcat[^13], Doxing[^14] trolls on 4chan[^15], and others that have no access to the NSA toolbox? More likely. Tho we would not be so sure about 4chan. - -Here is a basic simplified threat model for this guide: - -![image40](media/image40.png) - -(Note that the "magical amulets/submarine/fake your own death" jokes are quoted from the excellent article "This World of Ours" by James Mickens, 2014.[^10]) - -Disclaimer: Jokes aside (magical amulet...). Of course, there are also advanced ways to mitigate attacks against such advanced and skilled adversaries but those are just out of the scope of this guide. It is crucially important that you understand the limits of the threat model of this guide. And therefore, this guide will not double in size to help with those advanced mitigations as this is just too complex and will require an exceedingly high knowledge and skill level that is not expected from the targeted audience of this guide. - -The EFF provides a few security scenarios of what you should consider depending on your activity. While some of those tips might not be within the scope of this guide (more about Privacy than Anonymity), they are still worth reading as examples. See [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module-categories/security-scenarios). - -If you want to go deeper into threat modeling, see [Appendix B3: Threat modeling resources]. - -You might think this guide has no legitimate use but there are many[^16]'[^17]'[^18]'[^19]'[^20]'[^21]'[^22] such as: - -- Evading Online Censorship[^23] - -- Evading Online Oppression - -- Evading Online Stalking, Doxxing, and Harassment - -- Evading Online Unlawful Government Surveillance - -- Anonymous Online Whistle Blowing - -- Anonymous Online Activism - -- Anonymous Online Journalism - -- Anonymous Online Legal Practice - -- Anonymous Online Academic Activities (For instance accessing scientific research where such resources are blocked). See note below. - -- ... - -This guide is written with hope for those **good-intended individuals** who might not be knowledgeable enough to consider the big picture of online anonymity and privacy. - -**Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your local law before use (IANAL**[^24]**). "Trust but verify"**[^25] **all the information yourself (or even better, "Never Trust, always verify"**[^391]**). We strongly encourage you to inform yourself and do not hesitate to check any information in this guide with outside sources in case of doubt. Please do report any mistake you spot to us as we welcome criticism. Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as possible.** - -# Understanding some basics of how some information can lead back to you and how to mitigate some: - -There are many ways you can be tracked besides browser cookies and ads, your e-mail, and your phone number. And if you think only the Mossad or the NSA/FSB can find you, you would be wrong. - -First, you could also consider these more general resources on privacy and security to learn more basics: - -- The New Oil\*: [[Archive.org]](https://web.archive.org/web/https://thenewoil.org/) - -- Techlore videos\*: [[Invidious]](https://yewtu.be/c/Techlore) - -- Privacy Guides: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/) - -- Privacy Tools\*: [[Archive.org]](https://web.archive.org/web/https://privacytools.io/) - -*Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.* - -If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project ( [[Archive.org]](https://web.archive.org/web/https://github.com/techlore-official/go-incognito)) as an introduction before going further: [[Invidious]](https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO). This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all. - -**Now, here is a non-exhaustive list of some of the many ways you could be tracked and de-anonymized:** - -## Your Network: - -### Your IP address: - -**Disclaimer: this whole paragraph is about your public-facing Internet IP and not your local network IP.** - -Your IP address[^26] is the most known and obvious way you can be tracked. That IP is the IP you are using at the source. This is where you connect to the internet. That IP is usually provided by your ISP (Internet Service Provider) (xDSL, Mobile, Cable, Fiber, Cafe, Bar, Friend, Neighbor). Most countries have data retention regulations[^27] that mandate keeping logs of who is using what IP at a certain time/date for up to several years or indefinitely. Your ISP can tell a third party that you were using a specific IP at a specific date and time, years after the fact. If that IP (the original one) leaks at any point for any reason, it can be used to track down you directly. In many countries, you will not be able to have internet access without providing some form of identification to the provider (address, ID, real name, e-mail ...). - -Needless to say, that most platforms (such as social networks) will also keep (sometimes indefinitely) the IP addresses you used to sign-up and sign into their services. - -Here are some online resources you can use to find some information about your current **public IP** right now: - -- Find your IP: - - - - - - (Bonus, check your IP for DNS leaks) - -- Find your IP location or the location of any IP: - - - - -- Find if an IP is "suspicious" (in blacklists) or has downloaded "things" on some public resources: - - - - - - - - - (Take this with a grain of salt, it might not show anything interesting and has limited data sources. This is more for fun than anything serious.) - -- Registration information of an IP (most likely your ISP or the ISP of your connection who most likely know who is using that IP at any time): - - - - -- Check for open-services or open devices on an IP (especially if there are leaky Smart Devices on it): - - - (replace the IP by your IP or any other, or change in the search box, this example IP is a Tor Exit node) - -- Various tools to check your IP such as block-lists checkers and more: - - - - - - - -- Would you like to know if you are connected through Tor? - - - - -For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it through a combination of various means: - -- Using a public Wi-Fi service (free). - -- Using the Tor Anonymity Network[^28] (free). - -- Using VPN[^29] services anonymously (anonymously paid with cash or Monero). - -Do note that, unfortunately, these solutions are not perfect, and you will experience performance issues[^30]. - -All those will be explained later in this guide. - -### Your DNS and IP requests: - -DNS stands for "Domain Name System"[^31] and is a service used by your browser (and other apps) to find the IP addresses of a service. It is a huge "contact list" (phone book for older people) that works like asking it a name and it returns the number to call. Except it returns an IP instead. - -Every time your browser wants to access a certain service such as Google through www.google.com. Your Browser (Chrome or Firefox) will query a DNS service to find the IP addresses of the Google web servers. - -Here is a video explaining DNS visually if you are already lost: [[Invidious]](https://yewtu.be/watch?v=vrxwXXytEuI) - -Usually, the DNS service is provided by your ISP and automatically configured by the network you are connecting to. This DNS service could also be subject to data retention regulations or will just keep logs for other reasons (data collection for advertising purposes for instance). Therefore, this ISP will be capable of telling everything you did online just by looking at those logs which can, in turn, be provided to an adversary. Conveniently this is also the easiest way for many adversaries to apply censoring or parental control by using DNS blocking[^32]. The provided DNS servers will give you a different address (than their real one) for some websites (like redirecting thepiratebay.org to some government website). Such blocking is widely applied worldwide for certain sites[^33]. - -Using a private DNS service or your own DNS service would mitigate these issues, but the other problem is that most of those DNS requests are by default still sent in clear text (unencrypted) over the network. Even if you browse PornHub in an incognito Window, using HTTPS and using a private DNS service, chances are exceedingly high that your browser will send a clear text unencrypted DNS request to some DNS servers asking basically "So what's the IP address of www.pornhub.com?". - -Because it is not encrypted, your ISP and/or any other adversary could still intercept (using a Man-in-the-middle attack[^97]) your request will know and possibly log what your IP was looking for. The same ISP can also tamper with the DNS responses even if you are using a private DNS. Rendering the use of a private DNS service useless. - -As a bonus, many devices and apps will use hardcoded DNS servers bypassing any system setting you could set. This is for example the case with most (70%) Smart TVs and a large part (46%) of Game Consoles[^34]. For these devices, you will have to force them[^35] to stop using their hardcoded DNS service which could make them stop working properly. - -A solution to this is to use encrypted DNS using DoH (DNS over HTTPS[^36]), DoT (DNS over TLS[^37]) with a private DNS server (this can be self-hosted locally with a solution like pi-hole[^38], remotely hosted with a solution like nextdns.io or using the solutions provided by your VPN provider or the Tor network). This should prevent your ISP or some go-between from snooping on your requests ... except it might not. - -Small in-between Disclaimer: **This guide does not necessarily endorse or recommend Cloudflare services even if it is mentioned several times in this section for technical understanding.** - -Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/) ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself. - -![](media/image04.png) - -In addition to limited browser support, only web Services and CDNs[^43] behind Cloudflare CDN support ECH/eSNI at this stage[^44]. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as: - -- Amazon (including AWS, Twitch...) - -- Microsoft (including Azure, OneDrive, Outlook, Office 365...) - -- Google (including Gmail, Google Cloud...) - -- Apple (including iCloud, iMessage...) - -- Reddit - -- YouTube - -- Facebook - -- Instagram - -- Twitter - -- GitHub - -- ... - -Some countries like Russia[^45] and China[^46] might (unverified despite the articles) block ECH/eSNI handshakes at the network level to allow snooping and prevent bypassing censorship. Meaning you will not be able to establish an HTTPS connection with a service if you do not allow them to see what it was. - -The issues do not end here. Part of the HTTPS TLS validation is called OCSP[^47] and this protocol used by Firefox-based browsers will leak metadata in the form of the serial number of the certificate of the website you are visiting. An adversary can then easily find which website you are visiting by matching the certificate number[^48]. This issue can be mitigated by using OCSP stapling[^49]. Unfortunately, this is enabled but not enforced by default in Firefox/Tor Browser. But the website you are visiting must also be supporting it and not all do. Chromium-based browsers on the other hand use a different system called CRLSets[^50]'[^51] which is arguably better. - -Here is a list of how various browsers behave with OCSP: [[Archive.org]](https://web.archive.org/web/https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/) - -Here is an illustration of the issue you could encounter on Firefox-based browsers: - -![](media/image05.png) - -Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies[^52] have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). - -One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/welcome-hidden-resolver/), [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/oblivious-dns/)). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). - -**Note that Oblivious DNS addresses an adversary that eavesdrops on one of the connections listed here but not all. It does not address a global passive adversary (GPA) who can eavesdrop on many or all of these connections**: -- traffic between the client resolver and the recursive resolver -- the recursive resolver and the ODNS resolver -- the ODNS resolver and an authoritative server. - -Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/dohot). This guide will not help you with this one at this stage, but it might be coming soon. - -Here is an illustration showing the current state of DNS and HTTPS privacy based on our current knowledge. - -![](media/image06.png) - -As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome. - -But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: [[Archive.org]](https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/). This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are visiting anyway. - -Therefore, to mitigate all these issues (as much as possible and as best as we can), this guide will later recommend two solutions: Using Tor and a virtualized (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) multi-layered solution of VPN over Tor solution (DNS over VPN over Tor or DNS over TOR). Other options will also be explained (Tor over VPN, VPN only, No Tor/VPN) but are less recommended. - -### Your RFID enabled devices: - -RFID stands for Radio-frequency identification[^55], it is the technology used for instance for contactless payments and various identification systems. Of course, your smartphone is among those devices and has RFID contactless payment capabilities through NFC[^56]. As with everything else, such capabilities can be used for tracking by various actors. - -But unfortunately, this is not limited to your smartphone, and you also probably carry some amount of RFID enabled device with you all the time such as: - -- Your contactless-enabled credit/debit cards - -- Your store loyalty cards - -- Your transportation payment cards - -- Your work-related access cards - -- Your car keys - -- Your national ID or driver license - -- Your passport - -- The price/anti-theft tags on object/clothing - -- ... - -While all these cannot be used to de-anonymize you from a remote online adversary, they can be used to narrow down a search if your approximate location at a certain time is known. For instance, you cannot rule out that some stores will effectively scan (and log) all RFID chips passing through the door. They might be looking for their loyalty cards but are also logging others along the way. Such RFID tags could be traced to your identity and allow for de-anonymization. - -More information over at Wikipedia: [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) and [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) - -The only way to mitigate this problem is to have no RFID tags on you or to shield them again using a type of Faraday cage. You could also use specialized wallets/pouches that specifically block RFID communications. Many of those are now made by well-known brands such as Samsonite[^57]. You should just not carry such RFID devices while conducting sensitive activities. - -See [Appendix N: Warning about smartphones and smart devices] - -### The Wi-Fi and Bluetooth devices around you: - -Geolocation is not only done by using mobile antennas triangulation. It is also done using the Wi-Fi and Bluetooth devices around you. Operating systems makers like Google (Android[^58]) and Apple (IOS[^59]) maintain a convenient database of most Wi-Fi access points, Bluetooth devices, and their location. When your Android smartphone or iPhone is on (and not in Plane mode), it will scan actively (unless you specifically disable this feature in the settings) Wi-Fi access points, and Bluetooth devices around you and will be able to geolocate you with more precision than when using a GPS. - -This active and continuous probing can then be sent back to Google/Apple/Microsoft as part of their Telemetry. The issue is that this probing is unique and can be used to uniquely identify a user and track such user. Shops, for example, can use this technique to fingerprint customers including when they return, where they go in the shop and how long they stay at a particular place. There are several papers[^60]'[^61] and articles[^62] describing this issue in depth. - -This allows them to provide accurate locations even when GPS is off, but it also allows them to keep a convenient record of all Wi-Fi Bluetooth devices all over the world. Which can then be accessed by them or third parties for tracking. - -Note: If you have an Android smartphone, Google probably knows where it is no matter what you do. You cannot really trust the settings. The whole operating system is built by a company that wants your data. Remember that if it is free then you are the product. - -But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to track your movements accurately just based on radio interferences. What this means is that it is possible to track your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat conspiracy theory claim but here are the references[^63] with demonstrations showing this tech in action: [[Archive.org]](https://web.archive.org/web/http://rfpose.csail.mit.edu/) and the video here: [[Invidious]](https://yewtu.be/watch?v=HgDdaMy8KNE) - -Other researchers have found a way to count the people in a defined space using only Wi-Fi, see [[Archive.org]](https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you) - -You could therefore imagine many use cases for such technologies like recording who enters specific buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby tracking them from outside. Even if they have no smartphone on them. - -![](media/image07.png) - -Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage. - -Here is another video of the same kind of tech in action: [[Invidious]](https://yewtu.be/watch?v=FDZ39h-kCS8) - -See [Appendix N: Warning about smartphones and smart devices] - -There is not much you can do about these. Besides being non-identifiable in the first place. - -### Malicious/Rogue Wi-Fi Access Points: - -These have been used at least since 2008 using an attack called "Jasager"[^64] and can be done by anyone using self-built tools or using commercially available devices such as Wi-Fi Pineapple[^65]. - -Here are some videos explaining more about the topic: - -- HOPE 2020, - -- YouTube, Hak5, Wi-Fi Pineapple Mark VII [[Invidious]](https://yewtu.be/watch?v=7v3JR4Wlw4Q) - -These devices can fit in a small bag and can take over the Wi-Fi environment of any place within their range. For instance, a Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients to disconnect from their current Wi-Fi (using de-authentication, disassociation attacks[^66]) while spoofing the normal Wi-Fi networks at the same location. They will continue to perform this attack until your computer, or you decide to try to connect to the rogue AP. - -These devices can then mimic a captive portal[^67] with the exact same layout as the Wi-Fi you are trying to access (for instance an Airport Wi-Fi registration portal). Or they could just give you unrestricted access internet that they will themselves get from the same place. - -Once you are connected through the Rogue AP, this AP will be able to execute various man-in-the-middle attacks to perform analysis on your traffic. These could be malicious redirections or simple traffic sniffing. These can then easily identify any client that would for instance try to connect to a VPN server or the Tor Network. - -This can be useful when you know someone you want to de-anonymize is in a crowded place, but you do not know who. This would allow such an adversary to possibly fingerprint any website you visit despite the use of HTTPS, DoT, DoH, ODoH, VPN, or Tor using traffic analysis as pointed above in the DNS section. - -These can also be used to carefully craft and serve you advanced phishing webpages that would harvest your credentials or try to make you install a malicious certificate allowing them to see your encrypted traffic. - -How to mitigate those? If you do connect to a public wi-fi access point, use Tor, or use a VPN and then Tor (Tor over VPN) or even (VPN over Tor) to obfuscate your traffic from the rogue AP while still using it. - -### Your Anonymized Tor/VPN traffic: - -Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize encrypted Tor traffic over the years[^68]. Most of those techniques are Correlation attacks that will correlate your network traffic in one way or another to logs or datasets. Here are some examples: - -- **Correlation Fingerprinting Attack:** As illustrated (simplified) below, this attack will fingerprint your encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without decrypting it. Some of those methods can do so with a 96% success rate **in a closed-world setting**. **The efficacy of those methods in a real open-world setting** **has not been demonstrated yet and would probably require tremendous resources computing power making it very unlikely that such techniques would be used by a local adversary in the near future.** Such techniques could however hypothetically be used by an advanced and probably global adversary with access to your source network to determine some of your activity. Examples of those attacks are described in several research papers[^69]'[^70]'[^71] as well as their limitations[^72]. The Tor Project itself published an article about these attacks with some mitigations: [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations). - -![](media/image08.png) - -- **Correlation Timing Attacks:** As illustrated (simplified) below, an adversary that has access to network connection logs (IP or DNS for instance, remember that most VPN servers and most Tor nodes are known and publicly listed) at the source and the destination could correlate the timings to de-anonymize you without requiring any access to the Tor or VPN network in between. A real use case of this technique was done by the FBI in 2013 to de-anonymize[^73] a bomb threat hoax at Harvard University. - -![](media/image09.png) - -- **Correlation Counting Attacks:** As illustrated (simplified) below, an adversary that has no access to detailed connection logs (cannot see that you used Tor or Netflix) but has access to data counting logs could see that you have downloaded 600MB on a specific time/date that matches the 600MB upload at the destination. This correlation can then be used to de-anonymize you over time. - -![](media/image10.png) - -There are ways to mitigate these such as: - -- Do not use Tor/VPNs to access services that are on the same network (ISP) as the destination service. For example, do not connect to Tor from your University Network to access a University Service anonymously. Instead, use a different source point (such as a public Wi-Fi) that cannot be correlated easily by an adversary. - -- Do not use Tor/VPN from an obviously heavily monitored network (such as a corporate/governmental network) but instead try to find an unmonitored network such as a public Wi-Fi or a residential Wi-Fi. - -- Consider the use of multiple layers (such as what will be recommended in this guide later: VPN over Tor) so that an adversary might be able to see that someone connected to the service through Tor but will not be able to see that it was you because you were connected to a VPN and not the Tor Network. - -Be aware again that this might not be enough against a motivated global adversary[^74] with wide access to global mass surveillance. Such an adversary might have access to logs no matter where you are and could use those to de-anonymize you. Usually, these attacks are part of what is called a Sybil Attack[^75]. **These adversaries are out of the scope of this guide.** - -Be also aware that all the other methods described in this guide such as Behavioral analysis can also be used to deanonymize Tor users indirectly (see further [Your Digital Fingerprint, Footprint, and Online Behavior][Your Digital Fingerprint, Footprint, and Online Behavior:]). - -I also strongly recommend reading this very good, complete, and thorough (and more detailed) guide on most known Attack Vectors on Tor: [[Archive.org]](https://web.archive.org/web/https://github.com/Attacks-on-Tor/Attacks-on-Tor) as well as this recent research publication [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research) - -As well as this great series of blog posts: [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html) - -Recently, one of these attacks was attempted on the Tor Network with more information here: [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/) - -Lastly, do remember that using Tor can already be considered suspicious activity[^76], and its use could be considered malicious by some[^77]. - -This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi-fi's for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated adversaries and are out of scope from this guide. It is also recommended that you learn about practical correlation attacks, as performed by intelligence agencies: [[Archive.org]](https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) - -**Disclaimer: it should also be noted that Tor is not designed to protect against a global adversary. For more information see [[Archive.org]](https://web.archive.org/web/https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf) and specifically, "Part 3. Design goals and assumptions.".** - - -### Some Devices can be tracked even when offline: - -You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used. Most people would think that's overkill. Well, unfortunately, no, this is now becoming true at least for some devices: - -- iPhones and iPads (IOS 13 and above)[^78]'[^79] - -- Samsung Phones (Android 10 and above)[^80] - -- MacBooks (macOS 10.15 and above)[^81] - -Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth Low-Energy[^82]. They do not have access to the devices directly (which are not connected to the internet) but instead use BLE to find them through other nearby devices[^83]. They are using peer-to-peer short-range Bluetooth communication to broadcast their status through nearby online devices. - -They could now find such devices and keep the location in some database that could then be used by third parties or themselves for various purposes (including analytics, advertising, or evidence/intelligence gathering). - -See [Appendix N: Warning about smartphones and smart devices] - -TLDR: Do not take such devices with you when conducting sensitive activities. - -## Your Hardware Identifiers: - -### Your IMEI and IMSI (and by extension, your phone number): - -The IMEI (International Mobile Equipment Identity[^84]) and the IMSI (International Mobile Subscriber Identity[^85]) are unique numbers created by cell phone manufacturers and cell phone operators. - -The IMEI is tied directly to the phone you are using. This number is known and tracked by the cell phone operators and known by the manufacturers. Every time your phone connects to the mobile network, it will register the IMEI on the network along with the IMSI (if a SIM card is inserted but that is not even needed). It is also used by many applications (Banking apps abusing the phone permission on Android for instance[^86]) and smartphone Operating Systems (Android/IOS) for identification of the device[^87]. It is possible but difficult (and not illegal in many jurisdictions[^88]) to change the IMEI on a phone but it is probably easier and cheaper to just find and buy some old (working) Burner phone for a few Euros (this guide is for Germany remember) at a flea market or some random small shop. - -The IMSI is tied directly to the mobile subscription or pre-paid plan you are using and is tied to your phone number by your mobile provider. The IMSI is hardcoded directly on the SIM card and cannot be changed. Remember that every time your phone connects to the mobile network, it will also register the IMSI on the network along with the IMEI. Like the IMEI, the IMSI is also being used by some applications and smartphone Operating systems for identification and is being tracked. Some countries in the EU for instance maintain a database of IMEI/IMSI associations for easy querying by Law Enforcement. - -Today, giving away your (real) phone number is the same or better than giving away your Social Security number/Passport ID/National ID. - -The IMEI and IMSI can be traced back to you in at least six ways: - -- The mobile operator subscriber logs will usually store the IMEI along with the IMSI and their subscriber information database. If you use a prepaid anonymous SIM (anonymous IMSI but with a known IMEI), they could see this cell belongs to you if you used that cell phone before with a different SIM card (different anonymous IMSI but same known IMEI). - -- The mobile operator antenna logs will conveniently keep a log of which IMEI. IMSI also keep some connection data. They know and log for instance that a phone with this IMEI/IMSI combination connected to a set of mobile antennas and how powerful the signal to each of those antennas were, allowing easy triangulation/geolocation of the signal. They also know which other phones (your real one for instance) connected at the same time to the same antennas with the same signal. This makes it possible to know precisely that this "burner phone" was always connected at the same place/time than this other "known phone" which shows up every time the burner phone is being used. This information can/is used by various third parties to geolocate/track you quite precisely[^89]'[^90]. - -- The manufacturer of the Phone can trace back the sale of the phone using the IMEI if that phone was bought in a non-anonymous way. Indeed, they will have logs of each phone sale (including serial number and IMEI), to which shop/person to whom it was sold. And if you are using a phone that you bought online (or from someone that knows you). It can be traced to you using that information. Even if they do not find you on CCTV[^91] and you bought the phone using cash, they can still find what other phone (your real one in your pocket) was there (in that shop) at that time/date by using the antenna logs. - -- The IMSI alone can be used to find you as well because most countries now require customers to provide an ID when buying a SIM card (subscription or pre-paid). The IMSI is then tied to the identity of the buyer of the card. In the countries where the SIM can still be bought with cash (like the UK), they still know where (which shop) it was bought and when. This information can then be used to retrieve information from the shop itself (such as CCTV footage as for the IMEI case). Or again the antenna logs can also be used to figure out which other phone was there at the moment of the sale. - -- The smartphone OS makers (Google/Apple for Android/IOs) also keep logs of IMEI/IMSI identifications tied to Google/Apple accounts and which user has been using them. They too can trace back the history of the phone and to which accounts it was tied in the past[^92]. - -- Government agencies around the world interested in your phone number can and do use[^93] special devices called "IMSI catchers"[^94] like the Stingray[^95] or more recently the Nyxcell[^96]. These devices can impersonate (to spoof) a cell phone Antenna and force a specific IMSI (your phone) to connect to it to access the cell network. Once they do, they will be able to use various MITM[^97] (Man-In-The-Middle Attacks) that will allow them to: - - - Tap your phone (voice calls and SMS). - - - Sniff and examine your data traffic. - - - Impersonate your phone number without controlling your phone. - - - ... - -Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]](https://yewtu.be/watch?v=siCk4pGGcqA) - - **For these reasons, it is crucial to get a dedicated anonymous phone number and/or an anonymous burner phone with a cash-bought pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible to get an anonymous pre-paid but preferably dedicated number from free and paid online services accepting anonymous cryptocurrencies like Monero. Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:].** - -While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. - -See [Appendix N: Warning about smartphones and smart devices] - -### Your Wi-Fi or Ethernet MAC address: - -The MAC address[^99] is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, ...) and it is possible again for them to track where and when the computer with the MAC address in question was sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (or a CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the Mobile Provider antenna logs at that time (IMEI/IMSI). - -Operating Systems makers (Google/Microsoft/Apple) will also keep logs of devices and their MAC addresses in their logs for device identification (Find my device type services for example). Apple can tell that the MacBook with this specific MAC address was tied to a specific Apple Account before. Maybe yours before you decided to use the MacBook for sensitive activities. Maybe to a different user who sold it to you but remembers your e-mail/number from when the sale happened. - -Your home router/Wi-Fi access point keeps logs of devices that are registered on the Wi-Fi, and these can be accessed too to find out who has been using your Wi-Fi. Sometimes this can be done remotely (and silently) by the ISP depending on if that router/Wi-Fi access point is being "managed" remotely by the ISP (which is often the case when they provide the router to their customers). - -Some commercial devices will keep a record of MAC addresses roaming around for various purposes such as road congestion[^100]. - -**So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to randomize MAC addresses (Android, IOS, Linux, and Windows 10/11)** with the notable exception of macOS which does not support this feature even in its latest Big Sur version. - -See [Appendix N: Warning about smartphones and smart devices] - -### Your Bluetooth MAC address: - -Your Bluetooth MAC is like the earlier MAC address except it is for Bluetooth. Again, it can be used to track you as manufacturers and operating system makers keep logs of such information. It could be tied to a sale place/time/date or accounts and then could be used to track you with such information, the shop billing information, the CCTV, or the mobile antenna logs in correlation. - -Operating systems have protections in place to randomize those addresses but are still subject to vulnerabilities[^101]. - -For this reason, and unless you really need those, you should just disable Bluetooth completely in the BIOS/UEFI settings if possible or in the Operating System otherwise. - -On Windows 10, you will need to disable and enable the Bluetooth device in the device manager itself to force randomization of the address for next use and prevent tracking. - -In general, this should not be too much of a concern compared to MAC Addresses. BT Addresses are randomized quite often. - -See [Appendix N: Warning about smartphones and smart devices] - -## Your CPU: - -All modern CPUs[^102] are now integrating hidden management platforms such as the now infamous Intel Management Engine[^103] and the AMD Platform Security Processor[^104]. - -Those management platforms are small operating systems running directly on your CPU as long as they have power. These systems have full access to your computer's network and could be accessed by an adversary to de-anonymize you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine [[Invidious]](https://yewtu.be/watch?v=mYsTBPqbya8). - -These have already been affected by several security vulnerabilities in the past[^105] that allowed malware to gain control of target systems. These are also accused by many privacy actors including the EFF and Libreboot of being a backdoor into any system[^106]. - -There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP. - -Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s). In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. - -If you are feeling a bit more adventurous, you could install your own BIOS using Coreboot [^108] or Libreboot (a distribution of Coreboot) if your laptop supports it. Coreboot allows users to add their own microcode or other firmware blobs in order for the machine to function, but this is based upon user choice, and as of Dec 2022, Libreboot has adopted a similar pragmatic approach in order to support newer devices in the Coreboot tree. (Thanks, kind Anon who corrected previous information in this paragraph.) - -Check yourself: - -- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]](https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker) which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: [[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent) and here [[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf) - -- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]](https://web.archive.org/web/https://www.grc.com/inspectre.htm) - -Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) - -Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (warning: these can severely impact the performance of your VMs). - -This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. - -We will mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. - -**In addition, we recommend the use of AMD CPUs instead of Intel CPUs.** - -- CPU vulnerabilities found in the past few years: - - - [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Æpic](https://aepicleak.com/), [SGAxe](https://en.wikipedia.org/wiki/Software_Guard_Extensions#SGAxe), [LVI](https://en.wikipedia.org/wiki/Software_Guard_Extensions#LVI), [Plundervolt](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Plundervolt), [MicroScope replay attack](https://en.wikipedia.org/wiki/Software_Guard_Extensions#MicroScope_replay_attack), [Enclave](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Enclave_attack), [Prime+Probe](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Prime+Probe_attack), [Crosstalk](https://www.vusec.net/projects/crosstalk/), [Hertzbleed](https://en.wikipedia.org/wiki/Hertzbleed), [Squip attack](https://www.securityweek.com/amd-processors-expose-sensitive-data-new-squip-attack/), [Zenbleed](https://lock.cmpxchg8b.com/zenbleed.html) - -## Your Operating Systems and Apps telemetry services: - -Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect telemetry information by default even if you never opt-in or opted-out[^112] from the start. Some like Windows will not even allow disabling telemetry completely without some technical tweaks. This information collection can be extensive and include a staggering number of details (metadata and data) on your devices and their usage. - -Here are good overviews of what is being collected by those five popular OSes in their last versions: - -- Android/Google: - - - Just have a read at their privacy policy [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy) - - - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) - -- IOS/Apple: - - - More information at [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/privacy/en-ww/) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202100) - - - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) - - - Apple does claim[^109] that they anonymize this data using differential privacy[^110] but you will have to trust them on that. - -- Windows/Microsoft: - - - Full list of required diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004) - - - Full list of optional diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data) - -- macOS: - - - More details on [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac) - -- Ubuntu: - - - Ubuntu despite being a Linux distribution also collects Telemetry Data nowadays. This data however is quite limited compared to the others. More details on [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/desktop/statistics) - -Not only are Operating Systems gathering telemetry services but so are Apps themselves like Browsers, Mail Clients, and Social Networking Apps installed on your system. - -It is important to understand that this telemetry data can be tied to your device and help de-anonymizing you and later can be used against you by an adversary that would get access to this data. - -This does not mean for example that Apple devices are terrible choices for good Privacy (tho this might be changing[^111]), but they are certainly not the best choices for (relative) Anonymity. They might protect you from third parties knowing what you are doing but not from themselves. In all likelihood, they certainly know who you are. - -Later in this guide, we will use all the means at our disposal to disable and block as much telemetry as possible to mitigate this attack vector in the Operating Systems supported in this guide. These will include Windows, macOS, and even Linux in some regard. - -See [Appendix N: Warning about smartphones and smart devices] - -## Your Smart devices in general: - -You got it; your smartphone is an advanced spying/tracking device that: - -- Records everything you say at any time ("Hey Siri", "Hey Google"). - -- Records your location everywhere you go. - -- Always records other devices around you (Bluetooth devices, Wi-Fi Access points). - -- Records your habits and health data (steps, screen time, exposure to diseases, connected devices data) - -- Records all your network locations. - -- Records all your pictures and videos (and most likely where they were taken). - -- Has most likely access to most of your known accounts including social media, messaging, and financial accounts. - -Data is being transmitted even if you opt-out[^112], processed, and stored indefinitely (most likely unencrypted[^113]) by various third parties[^114]. - -But that is not all, this section is not called "Smartphones" but "Smart devices" because it is not only your smartphone spying on you. It is also every other smart device you could have: - -- Your Smart Watch? (Apple Watch, Android Smartwatch ...) - -- Your Fitness Devices and Apps[^115]'[^116]? (Strava[^117]'[^118], Fitbit[^119], Garmin, Polar[^120], ...) - -- Your Smart Speaker? (Amazon Alexa[^121], Google Echo, Apple Homepod ...) - -- Your Smart Transportation? (Car? Scooter?) - -- Your Smart Tags? (Apple AirTag, Galaxy SmartTag, Tile...) - -- Your Car? (Yes, most modern cars have advanced logging/tracking features these days[^122]) - -- Any other Smart device? There are even convenient search engines dedicated to finding them online: - - - - - - - - - - -See [Appendix N: Warning about smartphones and smart devices] - -Conclusion: Do not bring your smart devices with you when conducting sensitive activities. - -## Yourself: - -### Your Metadata including your Geo-Location: - -Your metadata is all the information about your activities without the actual content of those activities. For instance, it is like knowing you had a call from an oncologist before then calling your family and friends successively. You do not know what was said during the conversation, but you can guess what it was just from the metadata[^123]. - -This metadata will also often include your location that is being harvested by Smartphones, Operating Systems (Android[^124]/IOS), Browsers, Apps, Websites. Odds are several companies are knowing exactly where you are at any time[^125] because of your smartphone[^126]. - -This location data has been used in many judicial cases[^127] already as part of "geofencing warrants" [^128] that allow law enforcement to ask companies (such as Google/Apple) a list of all devices present at a certain location at a certain time. In addition, this location data is even sold by private companies to the military who can then use it conveniently[^129]. These warrants are becoming widely used by law enforcement[^130]'[^131]'[^132]. - -If you want to experience yourself what a "geofencing warrant" would look like, here is an example: . - -Now let us say you are using a VPN to hide your IP. The social media platform knows you were active on that account on November 4th from 8 am to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot trace back that VPN IP to your IP. Your ISP however knows (or at least can know) you were connected to that same VPN provider on November 4th from 7:30 am to 2 pm but does not know what you were doing with it. - -The question is: Is there someone somewhere that would have both pieces of information available[^133] for correlation in a convenient database? - -Have you heard of Edward Snowden[^134]? Now is the time to google him and read his book[^135]. Also read about XKEYSCORE[^136]'[^137], MUSCULAR[^138], SORM[^139], Tempora[^140] , and PRISM[^141]. - -See "We kill people based on Metadata"[^142] or this famous tweet from the IDF [[Archive.org]](https://web.archive.org/web/https://twitter.com/idf/status/1125066395010699264) [[Nitter]](https://nitter.net/idf/status/1125066395010699264). - -See [Appendix N: Warning about smartphones and smart devices] - -### Your Digital Fingerprint, Footprint, and Online Behavior: - -This is the part where you should watch the documentary "The Social Dilemma"[^143] on Netflix as they cover this topic much better than anyone else. - -This includes is the way you write (stylometry) [^144]'[^145], the way you behave[^146]'[^147]. The way you click. The way you browse. The fonts you use on your browser[^148]. Fingerprinting is being used to guess who someone is by the way that user is behaving. You might be using specific pedantic words or making specific spelling mistakes that could give you away using a simple Google search for similar features because you typed comparably on some Reddit post 5 years ago using a not so anonymous Reddit account[^149]. The words you type in a search engine alone can be used against you as the authorities now have warrants to find users who used specific keywords in search engines[^150]. - -Social Media platforms such as Facebook/Google can go a step further and can register your behavior in the browser itself. For instance, they can register everything you type even if you do not send it / save it. Think of when you draft an e-mail in Gmail. It is saved automatically as you type. They can register your clicks and cursor movements as well. - -All they need to achieve this in most cases is Javascript enabled in your browser (which is the case in most Browsers including Tor Browser by default). Even with Javascript disabled, there are still ways to fingerprint you[^151]. - -While these methods are usually used for marketing purposes and advertising, they can also be a useful tool for fingerprinting users. This is because your behavior is unique or unique enough that over time, you could be de-anonymized. - -Here are some examples: - -- Specialized companies are selling to, for example, law enforcement agencies products for analyzing social network activities such as [[Archive.org]](https://web.archive.org/web/https://mediasonar.com/) - -- For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say accidentally hitting an "l" instead of a "k" on three out of every seven transactions) and mouse movements establish that person's unique pattern of behavior[^152]. Some commercial services such as TypingDNA ( [[Archive.org]](https://web.archive.org/web/https://www.typingdna.com/)) even offer such analysis as a replacement for two-factor authentications. - -- This technology is also widely used in CAPTCHAS[^371] services to verify that you are "human" and can be used to fingerprint a user. - -- See [Appendix A4: Counteracting Forensic Linguistics]. - -Analysis algorithms could then be used to match these patterns with other users and match you to a different known user. It is unclear whether such data is already used or not by Governments and Law Enforcement agencies, but it might be in the future. And while this is mostly used for advertising/marketing/captchas purposes now. It could and probably will be used for investigations in the short or mid-term future to deanonymize users. - -Here is a fun example you try yourself to see some of those things in action: (no archive links for this one sorry). You will see it becoming interesting over time (this requires Javascript enabled). - -Here is also a recent example just showing what Google Chrome collects on you: - -Here are some other resources on the topic if you cannot see this documentary: - -- 2017, Behavior Analysis in Social Networks, [[Archive.org]](https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1) - -- 2017, Social Networks and Positive and Negative Affect [[Archive.today]](https://archive.ph/iuowI) - -- 2015, Using Social Networks Data for Behavior and Sentiment Analysis [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis) - -- 2016, A Survey on User Behavior Analysis in Social Networks [[Archive.org]](https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks) - -- 2017, DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) - -- 2019, Influence and Behavior Analysis in Social Networks and Social Media [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2) - -So, how can you mitigate these? - -- This guide will provide some technical mitigations using Fingerprinting resistant tools but those might not be sufficient. - -- You should apply common sense and try to find your own patterns in your behavior and behave differently when using anonymous identities. This includes: - - - The way you type (speed, accuracy...). - - - The words you use (be careful with your usual expressions). - - - The type of response you use (if you are sarcastic by default, try to have a different approach with your identities). - - - The way you use your mouse and click (try to solve the Captchas differently than your usual way) - - - The habits you have when using some Apps or visiting some Websites (do not always use the same menus/buttons/links to reach your content). - - - ... - -You need to act and fully adopt a role as an actor would do for a performance. You need to become a different person, think, and act like that person. This is not a technical mitigation but a human one. You can only rely on yourself for that. - -Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information when using your anonymous identities. See [Appendix A4: Counteracting Forensic Linguistics]. - -### Your Clues about your Real Life and OSINT: - -These are clues you might give over time that could point to your real identity. You might be talking to someone or posting on some board/forum/Reddit. In those posts, you might over time leak some information about your real life. These might be memories, experiences, or clues you shared that could then allow a motivated adversary to build a profile to narrow their search. - -A real use and well-documented case of this was the arrest of the hacker Jeremy Hammond[^153] who shared over time several details about his past and was later discovered. - -There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: [[Archive.org]](https://web.archive.org/web/https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit) - -**We have an OSINT discussion room in our Matrix community. Feel free to join at ```#OSINT:matrix.org```.** - -You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example: - -- [[Archive.org]](https://web.archive.org/web/https://github.com/jivoi/awesome-osint) - -- - -- - -- - -As well as this interesting Playlist on YouTube: [[Invidious]](https://yewtu.be/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy) - -As well as those interesting podcasts: - - - -You should never share real individual experiences/details using your anonymous identities that could later lead to finding your real identity. You will see more details about this in the [Creating new identities][Creating new identities:] section. - -### Your Face, Voice, Biometrics, and Pictures: - -"Hell is other people", even if you evade every method listed above, you are not out of the woods yet thanks to the widespread use of advanced Face recognition by everyone. - -Companies like Facebook have used advanced face recognition for years[^155]'[^156] and have been using other means (Satellite imagery) to create maps of "people" around the world[^157]. This evolution has been going on for years to the point we can now say "we lost control of our faces"[^158]. - -If you are walking in a touristy place, you will most likely appear in someone's selfie within minutes without knowing it. That person could then go ahead and upload that selfie to various platforms (Twitter, Google Photos, Instagram, Facebook, Snapchat ...). Those platforms will then apply face recognition algorithms to those pictures under the pretext of allowing better/easier tagging or to better organize your photo library. In addition to this, the same picture will provide a precise timestamp and in most cases geolocation of where it was taken. Even if the person does not provide a timestamp and geolocation, it can still be guessed with other means[^159]'[^160]. - -Here are a few resources for even trying this yourself: - -- Bellingcat, Guide To Using Reverse Image Search For Investigations: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/) - -- Bellingcat, Using the New Russian Facial Recognition Site SearchFace [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/) - -- Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged Photograph from Skripal Suspect Chepiga [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/) - -- Bellingcat, Advanced Guide on Verifying Video Content [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/) - -- Bellingcat, Using the Sun and the Shadows for Geolocation [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/) - -- Bellingcat, Navalny Poison Squad Implicated in Murders of Three Russian Activists [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/) - -- Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman Passed to German Investigators [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/) - -- Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led Coalition Bombing of a Yemen Hospital [[Invidious]](https://yewtu.be/watch?v=cAVZaPiVArA) - -- Bellingcat, Digital Research Tutorial: Using Facial Recognition in Investigations [[Invidious]](https://yewtu.be/watch?v=awY87q2Mr0E) - -- Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt Venezuelan Officials in Europe [[Invidious]](https://yewtu.be/watch?v=bS6gYWM4kzY) - -### Gait Recognition and Other Long-Range Biometrics - -Even if you are not looking at the camera, they can still figure out who you are[^161], make out your emotions[^162], analyze your gait[^163]'[^164]'[^165], read your lips[^166], analyze the behavior of your eyes[^167], and probably guess your political affiliation[^168]'[^169]. - -Contrary to popular belief and pop culture, modern gait recognition systems aren't fooled by simply changing how you walk (ex. with something uncomfortable in your shoe), as they analyze the way your body's muscles move across your entire body, as you perform certain actions. The best way to fool modern gait recognition is to wear loose clothes that obscure the way your muscles move as you perform actions. - -Other things than can be used to identify you include your earlobes, which are actually more identifiable than fingerprints, or even the shape of your skull. As such, soft headcoverings such as balaclavas are not recommendable for obscuring your identity - they make you look incredibly suspicious, while also conforming to the shape of your skull. - -![](media/image11.png) - -(Illustration from [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf)) - -![](media/image12.png) - -(illustration from [[Archive.org]](https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15)) - -Those platforms (Google/Facebook) already know who you are for a few reasons: - -- Because you have or had a profile with them, and you identified yourself. - -- Even if you never made a profile on those platforms, you still have one without even knowing it[^170]'[^171]'[^172]'[^173]'[^174]. - -- Because other people have tagged you or identified you in their holidays/party pictures. - -- Because other people have put a picture of you in their contact list which they then shared with them. - -Here is also an insightful demo of Microsoft Azure you can try for yourself at where you can detect emotions and compare faces from different pictures. - -Governments already know who you are because they have your ID/Passport/Driving License pictures and often added biometrics (Fingerprints) in their database. Those same governments are integrating those technologies (often provided by private companies such as the Israeli Oosto[^175], Clearview AI[^176]'[^177], or NEC[^178]) in their CCTV networks to look for "persons of interest"[^179]. And some heavily surveilled states like China have implemented widespread use of Facial Recognition for various purposes[^180]'[^181] including possibly identifying ethnic minorities[^182]. A simple face recognition error by some algorithm can ruin your life[^183]'[^184]. - -Here are some resources detailing some techniques used by Law Enforcement today: - -- CCC video explaining current Law Enforcement surveillance capabilities: [[Archive.org]](https://web.archive.org/web/https://media.ccc.de/v/rc3-11406-spot_the_surveillance) - -- EFF SLS: [[Archive.org]](https://web.archive.org/web/https://www.eff.org/sls) - -Apple is making FaceID mainstream and pushing its use to log you into many services including the Banking systems. - -The same goes with fingerprint authentication being mainstreamed by many smartphone makers to authenticate yourself. A simple picture where your fingers appear can be used to de-anonymize you[^185]'[^186]'[^187]'[^188]. - -The same goes with your voice which can be analyzed for various purposes as shown in the recent Spotify patent[^189]. - -Even your iris can be used for identification in some places[^190]. - -We can safely imagine a near future where you will not be able to create accounts or sign in anywhere without providing unique biometrics (A suitable time to re-watch Gattaca[^191], Person of Interest[^192] , and Minority Report[^193]). And you can safely imagine how useful these large biometrics databases could be to some interested third parties. - -In addition, all this information can also be used against you (if you are already de-anonymized) using deepfake[^194] by crafting false information (Pictures, Videos, Voice Recordings[^195]...) and have already been used for such purposes[^196]'[^197]. There are even commercial services for this readily available such as [[Archive.org]](https://web.archive.org/web/https://www.respeecher.com/) and [[Archive.org]](https://web.archive.org/web/https://www.descript.com/overdub). - -See this demo: [[Invidious]](https://yewtu.be/watch?v=t5yw5cR79VA) - -At this time, there are a few steps[^198] you can use to mitigate (and only mitigate) face recognition when conducting sensitive activities where CCTV might be present: - -- Wear a facemask as they have been proven to defeat some face recognition technologies[^199] but not all[^200]. - -- Wear a baseball cap or hat to mitigate identification from high-angle CCTVs (filming from above) from recording your face. Remember this will not help against front-facing cameras. - -- Wear sunglasses in addition to the facemask and baseball cap to mitigate identification from your eye's features. - -- Consider wearing special sunglasses (expensive, unfortunately) called "Reflectacles" [[Archive.org]](https://web.archive.org/web/https://www.reflectacles.com/). There was a small study showing their efficiency against IBM and Amazon facial recognition[^201]. - -- All that might still be useless because of gait recognition mentioned earlier but there might be hope here if you have a 3D Printer: [[Archive.org]](https://web.archive.org/web/https://gitlab.com/FG-01/fg-01) - -(see [Gait Recognition and Other Long-Range Biometrics]) - -(Note that if you intend to use these where advanced facial recognition systems have been installed, these measures could also flag as you as suspicious by themselves and trigger a human check) - -### Phishing and Social Engineering: - -Phishing[^202] is a social engineering[^203] type of attack where an adversary could try to extract information from you by pretending or impersonating something/someone else. - -A typical case is an adversary using a man-in-the-middle[^97] attack or a fake e-mail/call to ask for your credential for a service. This could for example be through e-mail or through impersonating financial services. - -Such attacks can also be used to de-anonymize someone by tricking them into downloading malware or revealing personal information over time. The only defense against those is not to fall for them and common sense. - -These have been used countless times since the early days of the internet and the usual one is called the "419 scam" (see [[Wikiless]](https://wikiless.org/wiki/Advance-fee_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Advance-fee_scam)). - -Here is a good video if you want to learn a bit more about phishing types: Black Hat, Ichthyology: Phishing as a Science [[Invidious]](https://yewtu.be/watch?v=Z20XNp-luNA). - -## Malware, exploits, and viruses: - -### Malware in your files/documents/e-mails: - -Using steganography or other techniques, it is easy to embed malware into common file formats such as Office Documents, Pictures, Videos, PDF documents... - -These can be as simple as HTML tracking links or complex targeted malware. - -These could be simple pixel-sized images[^204] hidden in your e-mails that would call a remote server to try and get your IP address. - -These could be exploiting a vulnerability in an outdated format or an outdated reader[^205]. Such exploits could then be used to compromise your system. - -See these good videos for more explanations on the matter: - -- What is a File Format? [[Invidious]](https://yewtu.be/watch?v=VVdmmN0su6E) - -- Ange Albertini: Funky File Formats: [[Invidious]](https://yewtu.be/watch?v=hdCs6bPM4is) - -You should always use extreme caution. To mitigate these attacks, this guide will later recommend the use of virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) to mitigate leaking any information even in case of opening such a malicious file. - -If you want to learn how to try detecting such malware, see [Appendix T: Checking files for malware] - -### Malware and Exploits in your apps and services: - -So, you are using Tor Browser or Brave Browser over Tor. You could be using those over a VPN for added security. But you should keep in mind that there are exploits[^206] (hacks) that could be known by an adversary (but unknown to the App/Browser provider). Such exploits could be used to compromise your system and reveal details to de-anonymize you such as your IP address or other details. - -A real use case of this technique was the Freedom Hosting[^207] case in 2013 where the FBI inserted malware[^208] using a Firefox browser exploit on a Tor website. This exploit allowed them to reveal details of some users. More recently, there was the notable SolarWinds[^209] hack that breached several US government institutions by inserting malware into an official software update server. - -In some countries, Malware is just mandatory and/or distributed by the state itself. This is the case for instance in China with WeChat[^210] which can then be used in combination with other data for state surveillance[^211]. - -There are countless examples of malicious browser extensions, smartphone apps, and various apps that have been infiltrated with malware over the years. - -Here are some steps to mitigate this type of attack: - -- You should never have 100% trust in the apps you are using. - -- You should always check that you are using the updated version of such apps before use and ideally validate each download using their signature if available. - -- You should not use such apps directly from a hardware system but instead, use a Virtual Machine for compartmentalization. - -To reflect these recommendations, this guide will therefore later guide you in the use of Virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) so that even if your Browser/Apps get compromised by a skilled adversary, that adversary will find himself stuck in a sandbox[^212] without being able to access identifying information or compromise your system. - -### Malicious USB devices: - -There are readily available commercial and cheap "badUSB" [^213]devices that can take deploy malware, log your typing, geolocate you, listen to you or gain control of your laptop just by plugging them in. Here are some examples that you can already buy yourself: - -- Hak5, USB Rubber Ducky [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/usb-rubber-ducky-deluxe) - -- Hak5, O.MG Cable [[Invidious]](https://yewtu.be/watch?v=V5mBJHotZv0) - -- Keelog [[Archive.org]](https://web.archive.org/web/https://www.keelog.com/) - -- AliExpress [[Archive.org]](https://web.archive.org/web/https://www.aliexpress.com/i/4000710369016.html) - -Such devices can be implanted anywhere (charging cable, mouse, keyboard, USB key ...) by an adversary and can be used to track you or compromise your computer or smartphone. The most notable example of such attacks is probably Stuxnet[^214] in 2005. - -While you could inspect a USB key physically, scan it with various utilities, check the various components to see if they are genuine, you will most likely never be able to discover complex malware embedded in genuine parts of a genuine USB key by a skilled adversary without advanced forensics equipment[^215]. - -To mitigate this, you should never trust such devices and plug them into sensitive equipment. If you use a charging device, you should consider the use of a USB data blocking device that will only allow charging but not any data transfer. Such data blocking devices are now readily available in many online shops. You should also consider disabling USB ports completely within the BIOS of your computer unless you need them (if you can). - -### Malware and backdoors in your Hardware Firmware and Operating System: - -This might sound a bit familiar as this was already partially covered previously in the [Your CPU][Your CPU:] section. - -Malware and backdoors can be embedded directly into your hardware components. Sometimes those backdoors are implemented by the manufacturer itself such as the IME in the case of Intel CPUs. And in other cases, such backdoors can be implemented by a third party that places itself between orders of new hardware and customer delivery[^216]. - -Such malware and backdoors can also be deployed by an adversary using software exploits. Many of those are called rootkits[^217] within the tech world. Usually, these types of malware are harder to detect and mitigate as they are implemented at a lower level than the userspace[^218] and often in the firmware[^219] of hardware components itself. - -What is firmware? Firmware is a low-level operating system for devices. Each component in your computer probably has firmware including for instance your disk drives. The BIOS[^220]/UEFI[^221] system of your machine for instance is a type of firmware. - -These can allow remote management and are capable of enabling full control of a target system silently and stealthily. - -As mentioned previously, these are harder to detect by users but some limited steps that can be taken to mitigate some of those by protecting your device from tampering and use some measures (like re-flashing the bios for example). Unfortunately, if such malware or backdoor is implemented by the manufacturer itself, it becomes extremely difficult to detect and disable those. - -## Your files, documents, pictures, and videos: - -### Properties and Metadata: - -This can be obvious to many but not to all. Most files have metadata attached to them. Good examples are pictures that store EXIF[^222] information which can hold a lot of information such as GPS coordinates, which camera/phone model took it, and when it was taken precisely. While this information might not directly give out who you are, it could tell exactly where you were at a certain moment which could allow others to use various sources to find you (CCTV or other footage taken at the same place at the same time during a protest for instance). You must verify any file you would put on those platforms for any properties that might hold any information that might lead back to you. - -Here is an example of EXIF data that could be on a picture: - -![](media/image13.png) - -(Illustration from Wikipedia) - -This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance a very convenient tool to geo-locate YouTube videos: [[Archive.org]](https://web.archive.org/web/https://mattw.io/youtube-geofind/location) - -For this reason, you will always have to be incredibly careful when uploading files using your anonymous identities and check the metadata of those files. - -**Even if you publish a plain text file, you should always double or triple-check it for any information leakage before publishing. You will find some guidance about this in the [Some additional measures against forensics][Some additional measures against forensics:] section at the end of the guide.** - -### Watermarking: - -#### Pictures/Videos/Audio: - -Pictures/Videos often contain visible watermarks indicating who is the owner/creator but there are also invisible watermarks in various products aiming at identifying the viewer itself. - -So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are chances that those might contain invisible watermarking within them that would include information about you as a viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video[^223] or Audio[^224]) or with extensions[^225] for popular apps such as Adobe Premiere Pro. These can be inserted by various content management systems. - -For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/) - -Such watermarks can be inserted by various products[^226]'[^227]'[^228]'[^229] using Steganography[^230] and can resist compression[^231] and re-encoding[^232]'[^233]. - -These watermarks are not easily detectable and could allow identification of the source despite all efforts. - -In addition to watermarks, the camera used for filming (and therefore the device used for filming) a video can also be identified using various techniques such as lens identification[^234] which could lead to de-anonymization. - -Be extremely careful when publishing videos/pictures/audio files from known commercial platforms as they might contain such invisible watermarks in addition to details in the images themselves. There is no guaranteed 100% protection against those. You will have to use common sense. - -#### Printing Watermarking: - -Did you know your printer is most likely spying on you too? Even if it is not connected to any network? This is usually a known fact by many people in the IT community but few outside people. - -Yes ... Your printers can be used to de-anonymize you as well as explained by the EFF here [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/printers) - -With this (old but still relevant) video explaining how from the EFF as well: [[Invidious]](https://yewtu.be/watch?v=izMGMsIZK4U) - -Many printers will print an invisible watermark allowing for identification of the printer on every printed page. This is called Printer Steganography[^235]. There is no tangible way to mitigate this but to inform yourself on your printer and make sure it does not print any invisible watermark. This is important if you intend to print anonymously. - -Here is an (old but still relevant) list of printers and brands who do not print such tracking dots provided by the EFF [[Archive.org]](https://web.archive.org/web/https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots) - -Here are also some tips from the Whonix documentation ( [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Printing_and_Scanning)): - -**Do not ever print in Color, usually, watermarks are not present without color toners/cartridges**[^236]**.** - -### Pixelized or Blurred Information: - -Did you ever see a document with blurred text? Did you ever make fun of those movies/series where they "enhance" an image to recover seemingly impossible-to-read information? - -Well, there are techniques for recovering information from such documents, videos, and pictures. - -Here is for example an open-source project you could use yourself for recovering text from some blurred images yourself: [[Archive.org]](https://web.archive.org/web/https://github.com/beurtschipper/Depix) - -![image14](media/image14.png) - -This is of course an open-source project available for all to use. But you can imagine that such techniques have probably been used before by other adversaries. These could be used to reveal blurred information from published documents that could then be used to de-anonymize you. - -There are also tutorials for using such techniques using Photo Editing tools such as GIMP such as [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b) followed by [[Scribe.rip]](https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) - -![image15](media/image15.png) - -Finally, you will find plenty of deblurring resources here: [[Archive.org]](https://web.archive.org/web/https://github.com/subeeshvasu/Awesome-Deblurring) - -Some online services could even help you do this automatically to some extent like MyHeritage.com enhance tool: - - [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/photo-enhancer) - -Here is the result of the above image: - -![image16](media/image16.png) - -Of course, this tool is more like "guessing" than really deblurring at this point, but it could be enough to find you using various reverse image searching services. - -There are also techniques to deblur/depixelate parts in videos: see [[Archive.org]](https://web.archive.org/web/https://positive.security/blog/video-depixelation) - -For this reason, it is always extremely important that you correctly redact and curate any document you might want to publish. Blurring is not enough, and you should always completely blacken/remove any sensitive data to avoid any attempt at recovering data from any adversary. Do not pixelized, do not blur, just put a hard black rectangle to redact information. - -## Your Cryptocurrencies transactions: - -Contrary to widespread belief, Crypto transactions (such as Bitcoin and Ethereum) are not anonymous[^237]. Most cryptocurrencies can be tracked accurately through various methods[^238]'[^239]. - -Remember what they say on their page: [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/you-need-to-know) and [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/protect-your-privacy): "Bitcoin is not anonymous" - -The main issue is not setting up a random Crypto wallet to receive some currency behind a VPN/Tor address (at this point, the wallet is anonymous). The issue is mainly when you want to convert Fiat money (Euros, Dollars ...) to Crypto and then when you want to cash in your Crypto. You will have few realistic options but to transfer those to an exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges have known wallet addresses and will keep detailed logs (due to KYC[^240] financial regulations) and can then trace back those crypto transactions to you using the financial system[^241]. - -There are some cryptocurrencies with privacy/anonymity in mind like Monero but even those have some and warnings to consider[^242]'[^243]. - -Use of "private" mixers, tumblers[^244] (centralized services that specialize in "anonymizing" cryptocurrencies by "mixing them") and coinjoiners are risky as you don't know what's happening on them[^245] and can be trivially de-mixed[^246]. Their centrally-controlled nature could also put you in trouble as they are more susceptible to money-laundering laws[^247]. - - -This does not mean you cannot use Bitcoin anonymously at all. You can actually use Bitcoin anonymously as long as you do not convert it to actual currency, use a Bitcoin wallet from a safe anonymous network, and do not reuse addresses or consolidate outputs that were used when spending at different merchants. Meaning you should avoid KYC/AML regulations by various exchanges, avoid using the Bitcoin network from any known IP address, and use a wallet that provides privacy-preserving tools. See [Appendix Z: Online anonymous payments using cryptocurrencies][Appendix Z: Online anonymous payments using cryptocurrencies]. - -**Overall, the best option for using Crypto with reasonable anonymity and privacy is still Monero and you should ideally not use any other for sensitive transactions unless you are aware of the limitations and risks involved. Please do read** [Appendix B2: Monero Disclaimer]**.** - -**TLDR: Use Monero!** - -## Your Cloud backups/sync services: - -All companies are advertising their use of end-to-end encryption (E2EE). This is true for almost every messaging app and website (HTTPS). Apple and Google are advertising their use of encryption on their Android devices and their iPhones. - -But what about your backups? Those automated iCloud/Google Drive backups you have? - -Well, you should know that most of those backups are not fully end-to-end encrypted and will hold some of your information readily available for a third party. You will see their claims that data is encrypted at rest and safe from anyone ... Except they usually do keep a key to access some of the data themselves. These keys are used for them indexing your content, recover your account, collecting various analytics. - -There are specialized commercial forensics solutions available (Magnet Axiom[^248], Cellebrite Cloud[^249]) that will help an adversary analyze your cloud data with ease. - -Notable Examples: - -- Apple iCloud: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202303) : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". - -- Google Drive and WhatsApp: [[Archive.org]](https://web.archive.org/web/https://faq.whatsapp.com/android/chats/about-google-drive-backups/): "**Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive**. ". Do however note that Facebook/Whatsapp have announced the rollout of encrypted backups on October 14^th^ 2021 ( [[Archive.org]](https://web.archive.org/web/https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/)) which should solve this issue. - -- Dropbox: [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/privacy) "To provide these and other features, **Dropbox accesses, stores, and scans Your Stuff**. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with". - -- Microsoft OneDrive: [[Archive.org]](https://web.archive.org/web/https://privacy.microsoft.com/en-us/privacystatement): Productivity and communications products, "When you use OneDrive, we collect data about your usage of the service, as well as the content you store, to provide, improve, and protect the services. **Examples include indexing the contents of your OneDrive documents so that you can search for them later and using location information to enable you to search for photos based on where the photo was taken**". - -You should not trust cloud providers with your (not previously and locally encrypted) sensitive data and you should be wary of their privacy claims. In most cases, they can access your data and provide it to a third party if they want to[^250]. - -The only way to mitigate this is to encrypt your data on your side and then only upload it to such services **or just not use them at all.** - -## Microarchitectural Side-channel Deanonymization Attacks: - -There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC. - -The attack, published at [[Archive.org]](https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/), can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation. - -One loosely documented attack might take the following approach to fingerprinting: Alice is browsing the web using Firefox. The website she has just visited is using an invisible `iframe` that creates long strings, e.g., sentences or hashes, to produce some non-user-viewable string. These strings are setting a certain font type, Arial. Whether the browser renders this is non-essential, it only matters if the font changes. The `iframe` in this case serves no purpose but to identify whether a user has installed a certain font on their machine. If Alice is using a font that this frame has tried to render, then it is reported back to the website and to the person in control of the website. - -The font renders a box with a specific height and width around itself, so that means a specific height and width of the text contained within. The `iframe` keeps doing this for each installed font to create a list of installed fonts for Alice. Because of stylistic differences between each font family, the same string and the same font size will add up to a different height and a different width than Arial. It is used as a fallback font to display text that won't display otherwise, in the case of a user not having that font on their machine and thus non-viewable from their browser. - -If a font requested by an `iframe` is not available, Arial will be used to show that text to the user. Every time the font measurement (identified by the dimensions of the box produced) changed, it means the font is present on Alice's browser and her machine. By doing this for hundreds of fonts, websites can use this information to track users using their installed fonts across websites. Imagine a website then selling this “anonymized” information as a dataset to advertisement companies to serve you ads based on the websites you visit, because they know every font you have installed on your machine and can now track your identity across the internet. This attack is demonstrated here: [Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask)](https://www.youtube.com/watch?v=5Y1Y96jC5AA) by Dr. Nick Nikiforakis, PhD in Computer Science from KU Leuven. He explains how his team of researchers identified which sites were using such techniques on Alexa's top 10,000 websites. Primarily, they found that of those, 145 were fingerprinting browsers. They were fingerprinted 100% of the time — whether they were using the Do Not Track header, a popular Privacy & Security setting in many browsers, did not matter. - -Attacks such as invisible iframes and media elements can be avoided by blocking all scripts globally by using something like uBlock Origin or by using NoScript . This is highly encouraged, not only to those wishing to be anonymous, but also to general web users. - -## Tor Browser: - -**Note: This attack is now prevented by default by an update of [NoScript](https://noscript.net/) (11.4.8 and above) on all security levels in Tor Browser.** - -## All others: - -Installing the [NoScript](https://noscript.net/) extension will prevent the attack **by default only in private Windows** using their new "TabGuard feature". But can be enabled in the NoScript options to work on all Windows. See: - -- Release tweet: [[Archive.org]](https://web.archive.org/web/https://twitter.com/ma1/status/1557751019945299969) -- User explanation: [[Archive.org]](https://web.archive.org/web/https://noscript.net/usage/#crosstab-identity-leak-protection) -- Tor Project Forum Post: [[Archive.org]](https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2) -- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): -- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): - -### Alternative to NoScript for all other browsers: - -The researches who disclosed the issue also made an extension available below. Again, **nothing is required in Tor Browser**. This path is not our preferred path but is still available if you do not want to use NoScript. - -- Leakuidator+ extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): -- Leakuidator+ extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): - -Separating identities via separate browsers or even with VMs is not enough to avoid this attack. However, another solution is to make sure that when you start working with an anonymous identity, you entirely close all activities linked to other identities. The vulnerability only works if you're actively logged into a non-anonymous identity. The issue with this is that it can hinder effective workflow, as multitasking across multiple identities becomes impossible. - -## Local Data Leaks and Forensics: - -Most of you have probably seen enough Crime dramas on Netflix or TV to know what forensics are. These are technicians (usually working for law enforcement) that will perform various analysis of evidence. This of course could include your smartphone or laptop. - -While these might be done by an adversary when you already got "burned", these might also be done randomly during a routine control or a border check. These unrelated checks might reveal secret information to adversaries that had no prior knowledge of such activities. - -Forensics techniques are now very advanced and can reveal a staggering amount of information from your devices even if they are encrypted[^253]. These techniques are widely used by law enforcement all over the world and should be considered. - -Here are some recent resources you should read about your smartphone: - -- UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile Phones [[Archive.org]](https://web.archive.org/web/https://www.upturn.org/reports/2020/mass-extraction/) - -- New-York Times, The Police Can Probably Break Into Your Phone [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html) - -- Vice, Cops Around the Country Can Now Unlock iPhones, Records Show [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police) - -I also highly recommend that you read some documents from a forensics examiner perspective such as: - -- EnCase Forensic User Guide, [[Archive.org]](https://web.archive.org/web/http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External%20Files/EnCase%20Forensic%20v8.07%20User%20Guide.pdf) - -- FTK Forensic Toolkit, [[Archive.org]](https://web.archive.org/web/https://accessdata.com/products-services/forensic-toolkit-ftk) - -- SANS Digital Forensics and Incident Response Videos, - -And finally, here is this very instructive detailed paper on the current state of IOS/Android security from the John Hopkins University: https://securephones.io/main.html[^254]. - -When it comes to your laptop, the forensics techniques are many and widespread. Many of those issues can be mitigated by using full disk encryption, virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]), and compartmentalization. This guide will later detail such threats and techniques to mitigate them. - -## Bad Cryptography: - -There is a frequent adage among the infosec community: "Don't roll your own crypto!". - -And there are reasons[^255]'[^256]'[^257]'[^258] for that: - -We would not want people discouraged from studying and innovating in the crypto field because of that adage. So instead, we would recommend people to be cautious with "Roll your own crypto" because it is not necessarily good crypto: - -- Good cryptography is not easy and usually takes years of research to develop and fine-tune. - -- Good cryptography is transparent and not proprietary/closed source so it can be reviewed by peers. - -- Good cryptography is developed carefully, slowly, and rarely alone. - -- Good cryptography is usually presented and discussed in conferences and published in various journals. - -- Good cryptography is extensively peer-reviewed before it is released for use in the wild. - -- Using and implementing existing good cryptography correctly is already a challenge. - -Yet, this is not stopping some from doing it anyway and publishing various production Apps/Services using their self-made cryptography or proprietary closed-source methods: - -- You should apply caution when using Apps/Services using closed-source or proprietary encryption methods. All the good crypto standards are public and peer-reviewed and there should be no issue disclosing the one you use. - -- You should be wary of Apps/Services using a "modified" or proprietary cryptographic method[^259]. - -- By default, you should not trust any "Roll your own crypto" until it was audited, peer-reviewed, vetted, and accepted by the cryptography community[^260]'[^261]. - -- There is no such thing as "military-grade crypto"[^262]'[^263]'[^264]. - -Cryptography is a complex topic and bad cryptography could easily lead to your de-anonymization. - -In the context of this guide,we recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods. - -So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using "bad crypto" or "good crypto". Once you get the technical details, you could check this page for seeing what it is worth: [[Archive.org]](https://web.archive.org/web/https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html) - -Here are some examples: - -- Hashes: - - - Prefer: SHA-3 or BLAKE2[^265] - - - Still relatively ok to use: SHA-2 (such as the widely used SHA-256 or SHA-512) - - - Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6 (rarely used) - -- File/Disk Encryption: - - - Prefer: - - - Hardware Accelerated[^266]: AES (Rijndael) 256 Bits with HMAC-SHA-2 or HMAC-SHA-3 (This is what Veracrypt, Bitlocker, Filevault 2, KeepassXC, and LUKS use by default). Prefer SHA-3. - - - Non-Hardware Accelerated: Same as accelerated above or if available consider: - - - ChaCha20[^267] or XChaCha20 (You can use ChaCha20 with Kryptor , unfortunately, it is not available with Veracrypt). - - - Serpent[^268] - - - TwoFish[^269] - - - Avoid: Pretty much anything else - -- Password Storage: - - - Prefer: Argon2, scrypt - - If these aren't options, use bcrypt, or if not possible at least PBKDF2 (only as a last resort) - - Be skeptical of Argon2d, as it's vulnerable to some forms of side-channels. Prefer Argon2i or Argon2id - - - Avoid: SHA-3, SHA-2, SHA-1, MD5 - - -- Browser Security (HTTPS): - - - Prefer: TLS 1.3 (ideally TLS 1.3 with ECH/eSNI support) or at least TLS 1.2 (widely used) - - - Avoid: Anything Else (TLS =<1.1, SSL =<3) - -- Signing messages/files with PGP/GPG: - - - Prefer ECDSA (ed25519)+ECDH (ec25519) or RSA 4096 Bits* - - - **Consider a more modern**[^270] **alternative to PGP/GPG: Minisign ** [[Archive.org]](https://web.archive.org/web/https://jedisct1.github.io/minisign/) - - - Avoid: RSA 2048 bits - -- SSH keys: - - - ED25519 (preferred) or RSA 4096 Bits* - - - Avoid: RSA 2048 bits - -* **Warning: RSA and ED25519 are unfortunately not seen as "Quantum Resistant"**[^271] **and while they have not been broken yet, they probably will be broken someday into the future. It is just a matter of when rather than if RSA will ever be broken. So, these are preferred in those contexts due to the lack of a better possibility.** - -Here are some real cases of issues bad cryptography: - -- Telegram: [[Archive.org]](https://web.archive.org/web/https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/) - -- Telegram: [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) - -- Cryptocat: - -- Some other examples can be found here: [[Archive.org]](https://web.archive.org/web/https://www.cryptofails.com/) - -Later this guide will not recommend "bad cryptography" and that should hopefully be enough to protect you? - -## No logging but logging anyway policies: - -Many people have the idea that privacy-oriented services such as VPN or E-Mail providers are safe due to their no-logging policies or their encryption schemes. Unfortunately, many of those same people forget that all those providers are legal commercial entities subject to the laws of the countries in which they operate. - -Any of those providers can be forced to silently (without your knowing (using for example a court order with a gag order[^272] or a national security letter[^273]) log your activity to de-anonymize you. There have been several recent examples of those: - -- 2021, Proton, Proton logged IP address of French activist after an order by Swiss authorities (source link unavailable). - -- 2021, WindScribe, Servers were not encrypted as they should have been allowing MITM attacks by authorities[^275]. - -- 2021, DoubleVPN servers, logs, and account info seized by law enforcement[^276]. - -- 2021, The Germany-based mail provider Tutanota was forced to monitor specific accounts for 3 months[^277]. - -- 2020, The Germany-based mail provider Tutanota was forced to implement a backdoor to intercept and save copies of the unencrypted e-mails of one user[^278] (they did not decrypt the stored e-mail). - -- 2017, PureVPN was forced to disclose information of one user to the FBI[^279]. - -- 2014, an EarthVPN user was arrested based on logs provider to the Dutch Police[^280]. - -- 2013, Secure E-Mail provider Lavabit shuts down after fighting a secret gag order[^281]. - -- 2011, HideMyAss user was de-anonymized, and logs were provided to the FBI[^282]. - -Some providers have implemented the use of a Warrant Canary[^283] that would allow their users to find out if they have been compromised by such orders, but this has not been tested yet as far as we know. - -Finally, it is now well known that some companies might be sponsored front ends for some state adversaries (see the Crypto AG story[^284] and Omnisec story[^285]). - -For these reasons, you mustn't trust such providers for your privacy despite all their claims. In most cases, you will be the last person to know if any of your accounts were targeted by such orders and you might never know at all. - -To mitigate this, in cases where you want to use a VPN, we will recommend the use of a cash/Monero-paid VPN provider over Tor to prevent the VPN service from knowing any identifiable information about you. - -If the VPN provider knows nothing about you, it should mitigate any issue due to them not logging but logging anyway. - -## Some Advanced targeted techniques: - -![image17](media/image17.png) - -(Illustration: an excellent movie we highly recommend: Das Leben der Anderen[^286]) - -Many advanced techniques can be used by skilled adversaries[^287] to bypass your security measures provided they already know where your devices are. Many of those techniques are detailed here [[Archive.org]](https://web.archive.org/web/https://cyber.bgu.ac.il/advanced-cyber/airgap) (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel) but also in this report [[Archive.org]](https://web.archive.org/web/https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf) (ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and include: - -- Attacks requiring malware implants: - - - Exfiltration of Data through a Malware infected Router: [[Invidious]](https://yewtu.be/watch?v=mSNt4h7EDKo) - - - Exfiltration of Data through observation of Light variation in a Backlit keyboard with a compromised camera: [[Invidious]](https://yewtu.be/watch?v=1kBGDHVr7x0) - - - Exfiltration of Data through a compromised Security Camera (that could first use the previous attack) [[Invidious]](https://yewtu.be/watch?v=om5fNqKjj2M) - - - Communication from outsider to compromised Security Cameras through IR light signals: [[Invidious]](https://yewtu.be/watch?v=auoYKSzdOj4) - - - Exfiltration of data from a compromised air-gapped computer through acoustic analysis of the FAN noises with a smartphone [[Invidious]](https://yewtu.be/watch?v=v2_sZIfZkDQ) - - - Exfiltration of data from a malware-infected air-gapped computer through HD LEDs with a Drone [[Invidious]](https://yewtu.be/watch?v=4vIu8ld68fc) - - - Exfiltration of data from a USB malware on an air-gapped computer through electromagnetic interferences [[Invidious]](https://yewtu.be/watch?v=E28V1t-k8Hk) - - - Exfiltration of data from a malware-infected HDD drive through covert acoustic noise [[Invidious]](https://yewtu.be/watch?v=H7lQXmSLiP8) - - - Exfiltration of data through GSM frequencies from a compromised (with malware) air-gapped computer [[Invidious]](https://yewtu.be/watch?v=RChj7Mg3rC4) - - - Exfiltration of data through electromagnetic emissions from a compromised Display device [[Invidious]](https://yewtu.be/watch?v=2OzTWiGl1rM&t=20s) - - - Exfiltration of data through magnetic waves from a compromised air-gapped computer to a Smartphone stored inside a Faraday bag [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) - - - Communication between two compromised air-gapped computers using ultrasonic soundwaves [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) - - - Exfiltration of Bitcoin Wallet from a compromised air-gapped computer to a smartphone [[Invidious]](https://yewtu.be/watch?v=2WtiHZNeveY) - - - Exfiltration of Data from a compromised air-gapped computer using display brightness [[Invidious]](https://yewtu.be/watch?v=ZrkZUO2g4DE) - - - Exfiltration of Data from a compromised air-gapped computer through vibrations [[Invidious]](https://yewtu.be/watch?v=XGD343nq1dg) - - - Exfiltration of Data from a compromised air-gapped computer by turning RAM into a Wi-Fi emitter [[Invidious]](https://yewtu.be/watch?v=vhNnc0ln63c) - - - Exfiltration of Data from a compromised air-gapped computer through power lines [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1804.04014.pdf) - -- **Attacks not requiring malware:** - - - Observing a blank wall in a room from a distance to figure how many people are in a room and what they are doing[^288]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/http://wallcamera.csail.mit.edu/) - - - Observing a reflective bag of snacks in a room from a distance to reconstruct the entire room[^289]. Publication with photographic examples: [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.04642.pdf) - - - Measuring floor vibrations to identify individuals and determine their health condition and mood[^290]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html) - - - Observing a light bulb from a distance to listen to the sound in the room[^291] **without any malware**: Demonstration: [[Invidious]](https://yewtu.be/watch?v=t32QvpfOHqw). It should be noted that this type of attack is not new at all and there have been articles about such techniques as far back as 2013[^292] and that you can even buy devices to perform this yourself such as here: [[Archive.org]](https://web.archive.org/web/http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html) - -Here is also a good video from the same authors to explain those topics: Black Hat, The Air-Gap Jumpers [[Invidious]](https://yewtu.be/watch?v=YKRtFgunyj4) - -**Realistically, this guide will be of little help against such adversaries as such malware could be implanted on the devices by a manufacturer, anyone in the middle**[^293]**, or by anyone with physical access to the air-gapped computer but there are still some ways to mitigate such techniques:** - -- Do not conduct sensitive activity while connected to an untrusted/unsecured power line to prevent power line leaks. - -- Do not use your devices in front of a camera that could be compromised. - -- Use your devices in a soundproofed room to prevent sound leaks. - -- Use your devices in a Faraday cage to prevent electromagnetic leaks. - -- Do not talk about sensitive information where lightbulbs could be seen from outside. - -- Buy your devices from different/unpredictable/offline places (shops) where the probability of them being infected with such malware is lower. - -- Do not let anyone access your air-gapped computers except trusted people. - -## Some bonus resources: - -- Have a look at the Whonix Documentation concerning Data Collection techniques here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Data_Collection_Techniques) - -- You might also enjoy looking at this service [[Archive.org]](https://web.archive.org/web/https://tosdr.org/) (Terms of Services, Didn't Read) that will give you a good overview of the various ToS of many services. - -- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/privacy) for some more resources. - -- Have a look at [[Wikiless]](https://wikiless.org/wiki/List_of_government_mass_surveillance_projects) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects) to have an overview of all known mass-surveillance projects, current, and past. - -- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.gwern.net/Death-Note-Anonymity) (even if you don't know about Death Note). - -- Consider finding and reading Michael Bazzell's book "Open-Source Intelligence Techniques" (eighth edition as of this writing to find out more about recent OSINT techniques) - -- Finally, check [[Archive.org]](https://web.archive.org/web/https://www.freehaven.net/anonbib/date.html) for the latest academic papers related to Online Anonymity. - -## Notes: - -If you still do not think such information can be used by various actors to track you, you can see some statistics for yourself for some platforms and keep in mind those are only accounting for the lawful data requests and will not count things like PRISM, MUSCULAR, SORM or XKEYSCORE explained earlier: - -- Google Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparencyreport.google.com/user-data/overview) - -- Facebook Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparency.facebook.com/) - -- Apple Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/) - -- Cloudflare Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/transparency/) - -- Snapchat Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.snap.com/en-US/privacy/transparency) - -- Telegram Transparency Report [[Archive.org]](https://web.archive.org/web/https://t.me/transparency) (requires telegram installed) - -- Microsoft Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report) - -- Amazon Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF) - -- Dropbox Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/transparency) - -- Discord Transparency Report [[Archive.org]](https://web.archive.org/web/20220812051950/https://discord.com/blog/discord-transparency-report-q1-2022) - -- GitHub Transparency Report [[Archive.org]](https://web.archive.org/web/https://github.blog/2021-02-25-2020-transparency-report/) - -- TikTok Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054600/https://www.tiktok.com/transparency/en/information-requests-2021-2/) - -- Reddit Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054736/https://www.redditinc.com/policies/transparency-report-2021) - -- Twitter Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054839/https://transparency.twitter.com/) - -# General Preparations: - -Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context,we only have one to recommend: - -Zero-Trust Security[^391] ("Never trust, always verify"). - -Here are some various resources about what Zero-Trust Security is: - -- DEFCON, Zero Trust a Vision for Securing Cloud, [[Invidious]](https://yewtu.be/watch?v=euSsqXO53GY) - -- From the NSA themselves, Embracing a Zero Trust Security Model, [[Archive.org]](https://web.archive.org/web/https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF) - -## Picking your route: - -First, here is a small basic UML diagram showing your available options according to your skills/budget/time/resources. - -![image18](media/image18.png) - -### Timing limitations: - -- You have no time at all: - - - **Go for the Tor Browser route.** - -- You have extremely limited time to learn and need a fast-working solution: - - - **Your best option is to go for the Tails route (excluding the persistent plausible deniability section).** - -- You have time and more importantly motivation to learn: - - - **Go with any route.** - -### Budget/Material limitations: - -- You have no budget and even accessing a laptop is complicated or you only have your smartphone: - - - **Go for the Tor Browser route.** - -- You only have one laptop available and cannot afford anything else. You use this laptop for either work, family, or your personal stuff (or both): - - - **Your best option is to go for the Tails route.** - -- You can afford a spare dedicated unsupervised/unmonitored laptop for your sensitive activities: - - - But it is old, slow, and has bad specs (less than 6GB of RAM, less than 250GB disk space, old/slow CPU): - - - **You should go for the Tails route.** - - - It is not that old, and it has decent specs (at least 8GB of RAM, 250GB of disk space or more, decent CPU): - - - **You could go for Tails, Whonix routes.** - - - It is new and it has great specs (more than 16GB or ideally 32GB of RAM, >250GB of disk space, recent fast CPU): - - - **You could go for any route, but we would recommend Qubes OS if your threat model allows it. Please see the requirements.[^363]** - - - If it is an ARM-based M1/M2 Mac: - - - **Not possible currently for these reasons:** - - - Virtualization of Intel x86 images on ARM (M1/M2) hosts is still limited to commercial software (e.g., Parallels, Fusion) which are mostly not supported by Whonix, yet. They are very buggy and for advanced people only. Please seek this information yourself. - - - [Virtualbox is now available natively for ARM64 architecture](https://osxdaily.com/2022/10/22/you-can-now-run-virtualbox-on-apple-silicon-m1-m2/) in a package as of October 2022. Download the ["Developer preview for macOS/Arm64 (M1/M2) hosts"](https://www.virtualbox.org/wiki/Downloads). - - - Whonix does not support macOS easily. "You need to build Whonix using the build script to get it running on Apple Silicon." [See the forum thread](https://www.whonix.org/wiki/MacOS#M1). - - - Tails is not supported on ARM64 architecture yet. [See this thread](https://gitlab.tails.boum.org/tails/blueprints/-/wikis/ARM_platforms/) for more information (keep in mind this page hasn't been updated recently). - - - Qubes OS is not supported on ARM64 architecture yet, but there is work being done to make it available on aarch64, which may be delayed for the unforseeable future.. - -**The general advice in this guide regarding virtualization software is that it's costly. That said, you should probably get a dedicated laptop, capable of running virtualization software, preferably a 64-bit architecture, to be used for more sensitive activities and testing.** - -### Skills: - -- Do you have no IT skills at all the content of this guide look like an alien language to you? Consider: - - - **The Tor Browser route (simplest of all)** - - - **The Tails route (excluding the persistent plausible deniability section).** - -- You have some IT skills and mostly understand this guide so far, consider: - - - **The Tails route (with the optional persistent plausible deniability section).** - - - **The Whonix route.** - -- You have moderate to high IT skills, and you are already familiar with some of the content of this guide, consider: - - - **Any route (Qubes OS is preferred if you can afford it).** - -- You are an l33T hacker, "there is no spoon", "the cake is a lie", you have been using "doas" for years, and "all your base is belong to us", and you have strong opinions on systemd. - - - **This guide is not meant for you and will not help you with your HardenedBSD on your hardened Libreboot laptop ;-)** - -### Adversarial considerations: - -Now that you know what is possible, you should also consider threats and adversaries before picking the right route. - -#### Threats: - -- If your main concern is a forensic examination of your devices, you should consider the Tor Browser route or the Tails route. - -- If your main concerns are remote adversaries that might uncover your online identity on various platforms, you should consider the Tails, Whonix, or Qubes OS routes (listed in order of difficulty). - -- If you want system-wide plausible deniability[^311]'[^294] despite the risks[^295]'[^314], consider the Tails route, including the persistent plausible deniability section (see [Persistent Plausible Deniability using Whonix within Tails][Persistent Plausible Deniability using Whonix within Tails:]).** - -- If you are in a hostile environment where Tor/VPN usage alone is impossible/dangerous/suspicious, consider the Tails route (without actually using Tor), or more advanced routes like Whonix or Qubes OS. - -#### Adversaries: - -- Low skills: - - - Low resources: - - - Any motivation: Any Route - - - Medium resources: - - - Low to Medium motivation: Any Route - - - High motivation: Tails, Whonix, Qubes OS Routes - - - High resources: - - - Low motivation: Any route - - - Medium to High motivation: Tails, Whonix, Qubes OS Routes - -- Intermediate skills: - - - Low resources: - - - Low motivation: Any Route - - - Medium to High motivation: Tails, Whonix, Qubes OS Routes - - - Medium resources: - - - Low motivation: Any Route - - - Medium to High motivation: Tails, Whonix, Qubes OS Routes - - - High resources: - - - Low to High motivation: Tails, Whonix, Qubes OS Routes - -- Highly skilled: - - - Low resources: - - - Low motivation: Any Route - - - Medium to High motivation: Tails, Whonix, Qubes OS Routes - - - Medium resources: - - - Low to High motivation: Tails, Whonix, Qubes OS Routes - - - High resources: - - - Low to High motivations: Tails, Whonix, Qubes OS Routes **(but likely out of scope from this guide as this is probably a global adversary)** - -In all cases, you should read these two pages from the Whonix documentation that will give you in-depth insight into your choices: - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Dev/Threat_Model) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_with_Others) - -You might be asking yourself: "How do I know if I'm in a hostile online environment where activities are actively monitored and blocked?" - -- First read more about it at the EFF here: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship) - -- Check some data yourself here on the Tor Project OONI[^296] (Open Observatory of Network Interference) website: - -- Have a look at and see if they have data about your country. - -- Specific to China, look at and [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/sec21-hoang.pdf) - -- Test for yourself using OONI (this can be risky in a hostile environment). - -## Steps for all routes: - -### Getting used to using better passwords: - -See [Appendix A2: Guidelines for passwords and passphrases]. - -### Getting an anonymous Phone number: - -**Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just want anonymous browsing or if the platforms you will use allow registration without a phone number.** - -#### Physical Burner Phone and prepaid SIM card: - -##### Get a burner phone: - -This is rather easy. Leave your smartphone on and at home. Have some cash and go to some random flea market or small shop (ideally one without CCTV inside or outside and while avoiding being photographed/filmed) and just buy the cheapest phone you can find with cash and without providing any personal information. It only needs to be in working order. - -*A note regarding your current phone:* The point of leaving your smartphone on is to create avoid leaking the fact that you're not using the device. If a smartphone is turned off, this creates a metadata trail that can be used to correlate the time your smartphone was turned off with the activation of your burner. If possible, leave your phone doing something (for example, watching YouTube on auto-play) to obscure the metadata trail further. This will not make it impossible to correlate your inactivity, but may make it more difficult if your phone's usage patterns can look convincing while you buy your burner. - -We would recommend getting an old "dumbphone" with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi. - -**Site Note: Be careful of some sellers as shown here ** [[Archive.org]](https://web.archive.org/web/https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/) - -It will also be crucial not to power on that burner phone ever (not even without the SIM card) in any geographical location that could lead to you (at your home/work for instance) and never at the same location as your other known smartphone (because that one has an IMEI/IMSI that will easily lead to you). This might seem like a big burden, but it is not as these phones are only being used during the setup/sign-up process and for verification from time to time. - -See [Appendix N: Warning about smartphones and smart devices] - -You should test that the phone is in working order before going to the next step. But we will repeat ourselves and state that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) and that you test the phone at a random location that cannot be tracked back to you (and again, do not do that in front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either. - -When you are certain the phone is in working order, disable Bluetooth then power it off (remove the battery if you can) and go back home and resume your normal activities. Go to the next step. - -##### Getting an anonymous pre-paid SIM card: - -This is the hardest part of the whole guide. It is a SPOF (Single Point of Failure). The places where you can still buy prepaid SIM cards without ID registration are getting increasingly limited due to various KYC type regulations[^297]. - -So here is a list of places where you can still get them now: [[Archive.org]](https://web.archive.org/web/https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country) - -You should be able to find a place that is "not too far" and just go there physically to buy some pre-paid cards and top-up vouchers with cash. Do verify that no law was passed before going that would make registration mandatory (in case the above wiki was not updated). Try to avoid CCTV and cameras and do not forget to buy a Top-Up voucher with the SIM card (if it is not a package) as most pre-paid cards will require a top-up before use. - -See [Appendix N: Warning about smartphones and smart devices] - -Double-check that the mobile operators selling the pre-paid SIM cards will accept the SIM activation and top-up without any ID registration of any kind before going there. Ideally, they should accept SIM activation and top-up from the country you live in. - -We would recommend GiffGaff in the UK as they are "affordable", do not require identification for activation and top-up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM card will therefore grant you three numbers to use for your needs. - -Power off the phone after activation/top-up and before going home. Do not ever power it on again unless you are not at a place that can be used to reveal your identity and ideally leave your real phone on but at home before going to the safe place with only your burner phone. - -#### Online Phone Number: - -**DISCLAIMER: Do not attempt this until you are done setting up a secure environment according to one of the selected routes. This step will require online access and should only be done from an anonymous network. Do not do this from any known/unsecured environment. Skip this until you have finished one of the routes.** - -There are many commercial services offering numbers to receive SMS messages online but most of those have no anonymity/privacy and can be of no help as most Social Media platforms place a limit on how many times a phone number can be used for registration. - -There are some forums and subreddits (like r/phoneverification/) where users will offer the service of receiving such SMS messages for you for a small fee (using PayPal or some crypto payment). Unfortunately, these are full of scammers and very risky in terms of anonymity. **You should not use those under any circumstance.** - -To this date, we do not know any reputable service that would offer this service and accept cash payments (by post for instance) like some VPN providers. But a few services are providing online phone numbers and do accept Monero which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that you could consider: - -- **Recommended**: Providers which accept Monero (XMR) and don't require verification: - - - (Iceland based) [[Tor Mirror]](http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion) [[Archive.org]](https://web.archive.org/web/https://crypton.sh/) - - - (Ukraine based) [[Archive.org]](https://web.archive.org/web/https://virtualsim.net/) - - - (Many countries) [[Archive.org]](https://web.archive.org/web/20230718123605/https://silent.link/) (my favorite) - -- Do require e-mail verification, but accept Monero: - - - (US California based) [[Archive.org]](https://web.archive.org/web/https://mobilesms.io/) - - - (Germany based) [[Archive.org]](https://web.archive.org/web/https://www.sms77.io/) - - - (Russia based) [[Archive.org]](https://web.archive.org/web/https://onlinesim.ru/) - -There are some other possibilities listed here [[Archive.org]](https://web.archive.org/web/https://cryptwerk.com/companies/sms/xmr/). **Use at your own risk.** - -Now, what if you have no money? Well, in that case, you will have to try your luck with free services and hope for the best. Here are some examples, **use at your own risk**: - -- - -- - -- - -**Disclaimer: We cannot vouch for any of these providers. We recommend doing it yourself physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that requires any kind of identification using your real identity. Please do read [Appendix B2: Monero Disclaimer].** - -It is more convenient, cheaper, and less risky to just get a pre-paid SIM card from one of the physical places that still sell them for cash without ID. - -### Get a USB key: - -**Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms, but you will want anonymous browsing; or if the platforms which you will use allow registration without a phone number.** - -Get at least one or two decent size generic USB keys (at least 16GB but we would recommend 32GB). - -Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) - -Some might be very efficient[^298] but many are gimmicky gadgets that offer no real protection[^299]. - -### Find some safe places with decent public Wi-Fi: - -You need to find safe places where you will be able to do your sensitive activities using some publicly accessible Wi-Fi (without any account/ID registration, avoid CCTVs). - -This can be anywhere that will not be tied to you directly (your home/work) and where you can use the Wi-Fi for a while without being bothered. But also, a place where you can do this without being "noticed" by anyone. - -If you think Starbucks is a clever idea, you may reconsider: - -- They probably have CCTVs in all their shops and keep those recordings for an unknown amount of time. - -- You will need to buy a coffee to get the Wi-Fi access code in most. If you pay for this coffee with an electronic method, they will be able to tie your Wi-Fi access with your identity. - -Situational awareness is key, and you should be constantly aware of your surroundings and avoid touristy places like it was plagued by Ebola. You want to avoid appearing on any picture/video of anyone while someone is taking a selfie, making a TikTok video, or posting some travel pictures on their Instagram. If you do, remember chances are high that those pictures will end up online (publicly or privately) with full metadata attached to them (time/date/geolocation) and your face. Remember these can and will be indexed by Facebook/Google/Yandex/Apple and probably all three letters' agencies. - -While this will not be available yet to your local police officers, it could be in the near future. - -You will ideally need a set of 3-5 separate places such as this to avoid using the same place twice. Several trips will be needed over the weeks for the various steps in this guide. - -You could also consider connecting to these places from a safe distance for added security. See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance.][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:] - -## The Tor Browser route: - -This part of the guide will help you in setting up the simplest and easiest way to browse the web anonymously. It is not necessarily the best method and there are more advanced methods below with (much) better security and (much) better mitigations against various adversaries. Yet, this is a straightforward way of accessing resources anonymously and quickly with no budget, no time, no skills, and limited usage. - -So, what is Tor Browser? Tor Browser ( [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/)) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. - -This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]](https://yewtu.be/watch?v=JWII85UlzKw). After that, you should probably head over to their page to read their quick overview here: [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/overview.html.en). Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. - -Here are several ways to set it up for all main OSes. - -**Warning:** You should avoid installing extensions in Tor Browser, as they can be used to fingerprint and identify you. - -### Windows, Linux, and macOS: - -Please see [Appendix Y: Installing and using desktop Tor Browser]. - -### Android: - -**Note on Tor Browser for Android: The development of Tor Browser for Android is behind desktop Tor Browser Bundle (TBB). Some features are not available yet. E.g., the desktop version of Tor now enables automatic bridges using Moat:** - -"**Connection Assist** works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent). It manages to do so without needing to connect to the Tor Network first by utilizing [moat](https://support.torproject.org/glossary/moat/) – the same domain-fronting tool that Tor Browser uses to request a bridge from torproject.org." - -- Head over to: - - - Play Store: - - - F-Droid Store: It's not yet there but you can add it manually following the instructions at [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-7/) - -- Install - -- Launch Tor Browser - -- After launching, click the upper right **Settings** icon - -- Select **Settings** > **Privacy and security** > **Tor network** - -- Select **Config Bridge**. - -- Read [Appendix X: Using Tor bridges in hostile environments]. - -- **If needed (after reading the appendix above)**, activate the option and select the type of bridge you want: - - - Obfs4 - - - Meek-Azure - - - Snowflake - -- **If your internet isn't censored**, consider running one of the bridge types to help the network! - - - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. - - - Medium: Snowflake - More about Snowflakes here. - - - Hard: Meek - This is the documentation. It's not as simple. - -Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked. - -*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) - -- You are almost done - -As with the desktop version, you need to know there are safety levels in Tor Browser. On Android, you can access these by following these steps: - -- Click the menu (bottom right) - -- Click **Settings**. - -- Head over to the **Privacy and security** section. - -- Click **Security Settings**. - -You will find details about each level here: [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) but here is a summary: - -- Standard (the default): - - - All features are enabled (including JavaScript) - -- Safer: - - - JavaScript is disabled on non-HTTPS websites - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -- Safest: - - - Javascript is disabled everywhere - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites and/or if you are extra paranoid. - -If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. - -However, the Safer level should be used with some extra precautions while using some websites: see [Appendix A5: Additional browser precautions with JavaScript enabled]. - -Now, you are really done, and you can now surf the web anonymously from your Android device. - -**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android]. - -### iOS: - -**Disclaimer: Onion Browser, following a 2018 release on iOS, has had IP leaks via WebRTC. It is still the only officially endorsed browser for the Tor network for iOS. Users should exercise caution when using the browser and check for any DNS leaks.** - -While the official Tor Browser is not yet available for iOS, there is an alternative called Onion Browser endorsed by the Tor Project[^300]. - -- Head over to - -- Install - -- Disable Wi-Fi and Mobile Data - -- Launch Onion Browser - -- After Launching, click the upper right Settings icon (Disabling Wi-Fi and Mobile Data previously were to prevent Onion Browser from connecting automatically and to allow access to these options). - -- Select "Bridge Configuration" and read [Appendix X: Using Tor bridges in hostile environments] - -- **If needed (after reading the appendix above)**, activate the option and select the type of bridge you want: - - - Obfs4 - - - Snowflake - - - (Meek-Azure is unfortunately not available on Onion Browser for iOS (See [commit 21bc18428](https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810) for more information.) - -- **If your internet isn't censored**, consider running one of the bridge types to help the network! - - - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. - - - Medium: Snowflake - More about Snowflakes here. - - - Hard: Meek - This is the documentation. It's not as simple. - -Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS. - -- You are almost done - -As with the desktop version, you need to know there are safety levels in Onion Browser. On iOS, you can access these by following these steps: - -- Click the shield icon (upper left) - -- You will have three levels to pick from - - - 1. Gold: Ideal if you are suspicious, paranoid, or accessing what you think are dangerous resources. - - - JavaScript is disabled - - - WebSockets, Geolocation, and XHR are disabled - - - No Video or Audio - - - Links cannot open Apps - - - WebRTC is blocked - - - Mixed HTTP/HTTPS is blocked - - - Ads and Pop-Ups are blocked - - - 2. Silver: - - - JavaScript partially allowed - - - WebSockets, Geolocation, and XHR are disabled - - - No Video or Audio - - - Links cannot open Apps - - - WebRTC is blocked - - - Mixed HTTP/HTTPS is blocked - - - Ads and Pop-Ups are blocked - - - 3. Bronze (not recommended): - - - JavaScript allowed - - - Audio and Video allowed - - - Links cannot open Apps - - - WebRTC is not blocked - - - Mixed HTTP/HTTPS is not blocked - - - Ads and Pop-Ups are blocked - -We would recommend the "Silver" level for most cases. The Gold level should only be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Gold mode will also most likely break many websites that rely actively on JavaScript. - -As JavaScript is enabled in the Silver mode, please see [Appendix A5: Additional browser precautions with JavaScript enabled]. - -Now, you are really done, and you can now surf the web anonymously from your iOS device. - -### Important Warning: - -**This route is the easiest but is not designed to resist highly skilled adversaries. It is however usable on any device regardless of the configuration. This route is also vulnerable to correlation attacks (See [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]) and is blind to anything that might be on your device (this could be any malware, exploit, virus, remote administration software, parental controls...). Yet, if your threat model is quite low, it is probably sufficient for most people.** - -If you have time and want to learn, we recommend going for other routes instead as they offer far better security and mitigate far more risks while lowering your attack surface considerably. - -## The Tails route: - -This part of the guide will help you in setting up Tails if one of the following is true: - -- You cannot afford a dedicated laptop - -- Your dedicated laptop is just too old and too slow - -- You have very low IT skills - -- You decide to go with Tails anyway - -Tails[^301] stands for **The Amnesic Incognito Live System**. It is a bootable Live Operating System running from a USB key that is designed for leaving no traces and forcing all connections through the Tor network. - -You insert the Tails USB key into your laptop, boot from it and you have a full operating system running with privacy and anonymity in mind. As soon as you shut down the computer, everything will be gone unless you saved it somewhere. - -Tails is an amazingly straightforward way to get going in no time with what you have and without much learning. It has extensive documentation and tutorials. - -**WARNING: Tails is not always up to date with their bundled software. And not always up to date with the Tor Browser updates either. You should always make sure you are using the latest version of Tails and you should use extreme caution when using bundled apps within Tails that might be vulnerable to exploits and reveal your location**[^302]**.** - -It does however have some drawbacks: - -- Tails uses Tor and therefore you will be using Tor to access any resource on the internet. This alone will make you suspicious to most platforms where you want to create anonymous accounts (this will be explained in more detail later). - -- Your ISP (whether it is yours or some public Wi-Fi) will also see that you are using Tor, and this could make you suspicious in itself. - -- Tails does not include (natively) some of the software you might want to use later which will complicate things quite a bit if you want to run some specific things (Android Emulators for instance). - -- Tails uses Tor Browser which while it is very secure will be detected as well by most platforms and will hinder you in creating anonymous identities on many platforms. - -- Tails will not protect you more from the 5$ wrench[^11]. - -- Tor in itself might not be enough to protect you from an adversary with enough resources as explained earlier. - -**Important Note: If your laptop is monitored/supervised and some local restrictions are in place, please read** [Appendix U: How to bypass (some) local restrictions on supervised computers]**.** - -You should also read Tails Documentation, Warnings, and limitations, before going further [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/about/warnings/index.en.html) - -Taking all this into account and the fact that their documentation is great, we will just redirect you towards their well-made and well-maintained tutorial: - - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/index.en.html), pick your flavor and proceed. - -If you're having an issue accessing Tor due to censorship or other issues, you can try using Tor Bridges by following this Tails tutorial: [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/anonymous_internet/tor/index.en.html) and find more information about these on Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) - -**If you think using Tor alone is dangerous/suspicious, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]** - -### Tor Browser settings on Tails: - -When using Tor Browser, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. - -- Standard (the default): - - - All features are enabled (including JavaScript) - -- Safer: - - - JavaScript is disabled on non-HTTPS websites - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -- Safest: - - - Javascript is disabled everywhere - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript. - -If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. - -Lastly, while using Tor Browser on Tails on the "Safer" level, please consider [Appendix A5: Additional browser precautions with JavaScript enabled] - -When you are done and have a working Tails on your laptop, go to the [Creating your anonymous online identities][Creating your anonymous online identities:] step much further in this guide or if you want persistence and plausible deniability, continue with the next section. - -### Persistent Plausible Deniability using Whonix within Tails: - -Consider checking the [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM) project for Tails. - -This project is a clever idea of a one-click self-contained VM solution that you could store on an encrypted disk using plausible deniability[^311] (see [The Whonix route:] first chapters and also for some explanations about Plausible deniability, as well as the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section at the end of this guide for more understanding). - -This would allow the creation of a hybrid system mixing Tails with the Virtualization options of the Whonix route in this guide. - -![image19](media/image19.png) - -**Note: See** [Pick your connectivity method][Pick your connectivity method:] **in the Whonix Route for more explanations about Stream Isolation** - -In short: - -- You could run non-persistent Tails from one USB key (following their recommendations) - -- You could store persistent VMs within a secondary container that could be encrypted normally or using the Veracrypt plausible deniability feature (these could be Whonix VMs for instance or any other). - -- You do benefit from the added Tor Stream Isolation feature (see [Tor over VPN] for more info about stream isolation). - -In that case, as the project outlines it, there should be no traces of any of your activities on your computer and the sensitive work could be done from VMs stored into a Hidden container that should not be easily discoverable by a soft adversary. - -**This option is particularly interesting for "traveling light" and to mitigate forensics attacks while keeping persistence on your work.** You only need 2 USB keys (one with Tails and one with a Veracrypt container containing persistent Whonix). The first USB key will appear to contain just Tails and the second USB will appear to contain just random garbage but will have a decoy volume which you can show for plausible deniability. - -You might also wonder if this will result in a "Tor over Tor" setup, but it will not. The Whonix VMs will be accessing the network directly through clearnet and not through Tails Onion Routing. - -In the future, this could also be supported by the Whonix project themselves as explained here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Host) but it is not yet recommended as of now for end-users. - -Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) - -**Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means.** - -**See ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) - -CAUTION: Please see [**Appendix K: Considerations for using external SSD drives**][Appendix K: Considerations for using external SSD drives] and [**Understanding HDD vs SSD**][Understanding HDD vs SSD:] sections if you consider storing such hidden VMs on an external SSD drive: - -- **Do not use hidden volumes on SSD drives as this is not supported/recommended by Veracrypt**[^303]**.** - -- **Use instead file containers instead of encrypted volumes.** - -- **Make sure you do know how to clean data from an external SSD drive properly.** - -Here is my guide on how to achieve this: - -#### First Run: - -- Download the latest HiddenVM release from [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM/releases) - -- Download the latest Whonix XFCE release from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) - -- Prepare a USB Key/Drive with Veracrypt - - - Create a Hidden Volume on the USB/Key Drive (We would recommend at least 16GB for the hidden volume) - - - In the Outer Volume, place some decoy files - - - In the Hidden Volume, place the HiddenVM appimage file - - - In the Hidden Volume, place the Whonix XFCE ova file - -- Boot into Tails - -- Setup the Keyboard layout as you want. - -- Select Additional Settings and set an administrator (root) password (needed for installing HiddenVM) - -- Start Tails - -- Connect to a safe wi-fi (this is a required step for the rest to work) - -- Go into Utilities and Unlock your Veracrypt (hidden) Volume (do not forget to check the hidden volume checkbox) - -- Launch the HiddenVM appimage - -- When prompted to select a folder, select the Root of the Hidden volume (where the Whonix OVA and HiddenVM app image files are). - -- Let it do its thing (This will install Virtualbox within Tails with one click) - -- When it is done, it should automatically start Virtualbox Manager. - -- Import the Whonix OVA files (see [Whonix Virtual Machines:]) - -Note, if during the import you are having issues such as "NS_ERROR_INVALID_ARG (0x80070057)", this is probably because there is not enough disk space on your Hidden volume for Whonix. Whonix themselves recommend 32GB of free space but that's probably not necessary and 10GB should be enough for a start. You can try working around this error by renaming the Whonix *.OVA file to *.TAR and decompressing it within Tails. When you are done with decompression, delete the OVA file and import the other files with the Import wizard. This time it might work. - -#### Subsequent Runs: - -- Boot into Tails - -- Connect to Wi-Fi - -- Unlock your Hidden Volume - -- Launch the HiddenVM App - -- This should automatically open VirtualBox manager and show your earlier VMs from the first run - -## Steps for all other routes: - -### Get a dedicated laptop for your sensitive activities: - -Ideally, you should get a dedicated laptop that will not be tied to you in any effortless way (ideally paid with cash anonymously and using the same precautions as previously mentioned for the phone and the SIM card). It is recommended but not mandatory. This guide will help you harden your laptop as much as possible to prevent data leaks through various means. There will be several lines of defense standing between your online identities and yourself which should prevent most adversaries from de-anonymizing you - besides state/global actors. It will take considerable resources. - -This laptop should ideally be a clean, freshly installed laptop (running Windows, Linux, or macOS); which is clean of your normal day-to-day activities; and which is offline (never connected to your home network). In the case of a Windows laptop, and if you used it before such a clean install, it should also not be activated. Simply reinstall without a product key in the case that it came pre-activated. Specifically, in the case of MacBooks, it should never have been tied to your identity before in any means. So, buy secondhand with cash from an unknown stranger who does not know your identity. - -This is to mitigate some future issues in case of online leaks (including telemetry from your OS or Apps) that could compromise any unique identifiers of the laptop while using it (MAC Address, Bluetooth Address, and Product key ...). But also, to avoid being tracked back if you need to dispose of the laptop. - -If you used this laptop before for different purposes (like your day-to-day activities), all its hardware identifiers are probably known and registered by Microsoft or Apple. If later any of those identifiers is compromised (by malware, telemetry, exploits, human errors ...) they could lead back to you. - -The laptop should have at least 250GB of Disk Space **at least 6GB (ideally 8GB or 16GB)** of RAM and should be able to run a couple of Virtual Machines at the same time. It should have a working battery that lasts a few hours. You should aim for something with large storage (1TB+) if possible because we will need as much as possible. - -This laptop could have an HDD (7200rpm) or an SSD/NVMe drive. Both possibilities have their benefits and issues that will be detailed later. - -All future online steps performed with this laptop should ideally be done from a safe network such as Public Wi-Fi in a safe place (see [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]). But several steps will have to be taken offline first. - -### Some laptop recommendations: - -We would strongly recommend getting a "business grade" laptop (meaning not consumer/gaming-grade laptop) if you can. For instance, some ThinkPad from Lenovo (my personal favorite). - -This is because those business laptops usually offer better and more customizable security features (especially in the BIOS/UEFI settings) with longer support than most consumer laptops (Asus, MSI, Gigabyte, Acer...). The interesting features to look for are: - -- Better custom Secure Boot **settings (where you can selectively manage all the keys and not just use the Standard ones)** - -- HDD/SSD passwords in addition to just BIOS/UEFI passwords. - -- AMD laptops could be more interesting as some provide the ability to disable AMD PSP (the AMD equivalent of Intel IME) from the BIOS/UEFI settings by default. And, because AFAIK, AMD PSP was audited and contrary to IME was not found to have any "evil" functionalities[^304]. However, if you are going for the Qubes OS Route consider Intel CPUs as Qubes OS does not support AMD with their anti-evil-maid system[^305]. - -- Secure Wipe tools from the BIOS (especially useful for SSD/NVMe drives, see [Appendix M: BIOS/UEFI options to wipe disks in various Brands]). - -- Better control over the disabling/enabling of select peripherals (USB ports, Wi-Fis, Bluetooth, Camera, Microphone ...). - -- Better security features with Virtualization. - -- Native anti-tampering protections. - -- Longer support with BIOS/UEFI updates (and subsequent BIOS/UEFI security updates). - -- Some are supported by Libreboot - -### Bios/UEFI/Firmware Settings of your laptop: - -#### PC: - -These settings can be accessed through the boot menu of your laptop. Here is a good tutorial from HP explaining all the ways to access the BIOS on various computers: [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs) - -Usually how to access it is by pressing a specific key (F1, F2, or Del) at boot (before your OS). - -Once you are in there, you will need to apply a few recommended settings: - -- Disable Bluetooth completely if you can. - -- Disable Biometrics (fingerprint scanners) if you have any if you can. However, you could add a biometric additional check for booting only (pre-boot) but not for accessing the BIOS/UEFI settings. - -- Disable the Webcam and Microphone if you can. - -- Enable BIOS/UEFI password and use a long passphrase instead of a password (if you can) and make sure this password is required for: - - - Accessing the BIOS/UEFI settings themselves - - - Changing the Boot order - - - Startup/Power-on of the device - -- Enable HDD/SSD password if the feature is available. This feature will add another password on the HDD/SSD itself (not in the BIOS/UEFI firmware) that will prevent this HDD/SSD from being used in a different computer without the password. Note that this feature is also specific to some manufacturers and could require specific software to unlock this disk from a completely different computer. - -- Prevent accessing the boot options (the boot order) without providing the BIOS/UEFI password if you can. - -- Disable USB/HDMI or any other port (Ethernet, Firewire, SD card ...) if you can. - -- Disable Intel ME if you can (odds are very high you can't). - -- Disable AMD PSP if you can (AMD's equivalent to IME, see [Your CPU][Your CPU:]) - -- Disable Secure Boot if you intend to use Qubes OS as they do not support it out of the box[^306]. Keep it on if you intend to use Linux/Windows. - -- Check if your laptop BIOS has a secure erase option for your HDD/SSD that could be convenient in case of need. - -Only enable those on a "need to use" basis and disable them again after use. This can help mitigate some attacks in case your laptop is seized while locked but still on OR if you had to shut it down rather quickly and someone took possession of it (this topic will be explained later in this guide). - -##### About Secure boot: - -So, what is Secure Boot[^307]? In short, it is a UEFI security feature designed to prevent your computer from booting an operating system from which the bootloader was not signed by specific keys stored in the UEFI firmware of your laptop. - -When the operating system (or the Bootloader[^308]) supports it, you can store the keys of your bootloader in your UEFI firmware, and this will prevent booting up any unauthorized Operating System (such as a live OS USB or anything similar). - -Secure Boot settings are protected by the password you set up to access the BIOS/UEFI settings. If you have that password, you can disable Secure Boot and allow unsigned OSes to boot on your system. This can help mitigate some Evil-Maid attacks (explained later in this guide). - -In most cases, Secure Boot is disabled by default or is enabled but in "setup" mode which will allow any system to boot. For Secure Boot to work, your Operating System will have to support it and then sign its bootloader and push those signing keys to your UEFI firmware. After that, you will have to go to your BIOS/UEFI settings and save those pushed keys from your OS and change the Secure Boot from setup to user mode (or custom mode in some cases). - -After doing that step, only the Operating Systems from which your UEFI firmware can verify the integrity of the bootloader will be able to boot. - -Most laptops will have some default keys already stored in the secure boot settings. Usually, those are from the manufacturer itself or some companies such as Microsoft. So, this means that by default, it will always be possible to boot some USB disks even with secure boot. These include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, OpenSUSE, Tails, Clonezilla, and many others. Secure Boot is however not supported at all by Qubes OS at this point. - -In some laptops, you can manage those keys and remove the ones you do not want with a "custom mode" to only authorize your bootloader that you could sign yourself if you want to. - -So, what is Secure Boot protecting you from? It will protect your laptop from booting unsigned bootloaders (by the OS provider) with for instance injected malware. - -What is Secure Boot **not** protecting you from? - -- Secure Boot is not encrypting your disk and an adversary can still just remove the disk from your laptop and extract data from it using a different machine. Secure Boot is therefore useless without full disk encryption. - -- Secure Boot is not protecting you from a signed bootloader that would be compromised and signed by the manufacturer itself (Microsoft for example in the case of Windows). Most mainstream Linux distributions are signed these days and will boot with Secure Boot enabled. - -- Secure Boot can have flaws and exploits like any other system. If you are running an old laptop that does not benefit from new BIOS/UEFI updates, these can be left unfixed. - -Additionally, several attacks could be possible against Secure Boot as explained (in-depth) in these technical videos: - -- Defcon 22, [[Invidious]](https://yewtu.be/watch?v=QDSlWa9xQuA) - -- BlackHat 2016, [[Invidious]](https://yewtu.be/watch?v=0fZdL3ufVOI) - -**So, it can be useful as an added measure against some adversaries but not all. Secure Boot in itself is not encrypting your hard drive. It is an added layer but that is it.** - -**I still recommend you keep it on if you can.** - -#### Mac: - -Take a moment to set a firmware password according to the tutorial here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-au/HT204455) - -You should also enable firmware password reset protection (available from Catalina) according to the documentation here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) - -This feature will mitigate the possibility for some adversaries to use hardware hacks to disable/bypass your firmware password. Note that this will also prevent Apple themselves from accessing the firmware in case of repair. - -### Physically Tamper protect your laptop: - -At some point, you will inevitably leave this laptop alone somewhere. You will not sleep with it and take it everywhere every single day. You should make it as hard as possible for anyone to tamper with it without you noticing it. This is mostly useful against some limited adversaries that will not use a 5$ wrench against you[^11]. - -It is important to know that it is trivially easy for some specialists to install a key logger in your laptop, or to just make a clone copy of your hard drive that could later allow them to detect the presence of encrypted data in it using forensic techniques (more on that later). - -Here is a good cheap method to make your laptop tamper-proof using Nail Polish (with glitter) [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/how-tamper-protect-laptop/) [^309] (with pictures). - -While this is a good cheap method, it could also raise suspicions as it is quite "noticeable" and might just reveal that you "have something to hide". So, there are more subtle ways of achieving the same result. You could also for instance make a close-up macro photography of the back screws of your laptop or just use a small amount of candle wax within one of the screws that could just look like usual dirt. You could then check for tampering by comparing the photographs of the screws with new ones. Their orientation might have changed a bit if your adversary was not careful enough (Tightening them exactly the same way they were before). Or the wax within the bottom of a screw head might have been damaged compared to before. - -![image20](media/image20.png) - -![image21](media/image21.png) - -The same techniques can be used with USB ports where you could just put a tiny amount of candle wax within the plug that would be damaged by inserting a USB key in it. - -In riskier environments, check your laptop for tampering before using it regularly. - -## The Whonix route: - -### Picking your Host OS (the OS installed on your laptop): - -This route will make extensive use of Virtual Machines[^310], they will require a host OS to run the Virtualization software. You have three recommended choices in this part of the guide: - -- Your Linux distribution of choice (excluding Qubes OS) - -- Windows 10/11 (preferably Home edition due to the absence of Bitlocker) - -- macOS (Catalina or higher up to Monterey) - -In addition, chances are high that your Mac is or has been tied to an Apple account (at the time of purchase or after signing-in) and therefore its unique hardware identifiers could lead back to you in case of hardware identifiers leak. - -Linux is also not necessarily the best choice for anonymity depending on your threat model. This is because using Windows will allow us to **conveniently** use Plausible Deniability[^311] (aka Deniable Encryption[^312]) easily at the OS level. Windows is also unfortunately at the same time a privacy nightmare[^313] but is the only easy to set up option for using OS-wide plausible deniability. Windows telemetry and telemetry blocking are also widely documented which should mitigate many issues. - -**So, what is Plausible Deniability?** You can cooperate with an adversary requesting access to your device/data without revealing your true secret. All this using Deniable Encryption[^314]. - -A soft lawful adversary could ask for your encrypted laptop password. At first, you could refuse to give out any password (using your "right to remain silent", "right not to incriminate yourself") but some countries are implementing laws[^315]'[^316] to exempt this from such rights (because terrorists and "think of the children"). In that case, you might have to reveal the password or face jail time in contempt of court. This is where plausible deniability will come into play. - -You could then reveal a password, but that password will only give access to "plausible data" (a decoy OS). The forensics will be well aware that it is possible for you to have hidden data but should not be able to prove this **(if you do this right)**. You will have cooperated, and the investigators will have access to something but not what you actually want to hide. Since the burden of proof should lie on their side, they will have no options but to believe you unless they have proof that you have hidden data. - -This feature can be used at the OS level (a plausible OS and a hidden OS) or at the files level where you will have an encrypted file container (similar to a zip file) where different files will be shown depending on the encryption password you use. - -This also means you could set up your own advanced "plausible deniability" setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see [Some additional measures against forensics][Some additional measures against forensics:] section later). There is a project for achieving this within Tails ( [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM)) which would make your Host OS non-persistent and use plausible deniability within Tails. - -In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10/11 Home (and not Pro). This is because Windows 10/11 Pro natively offers a full-disk encryption system (Bitlocker[^317]) where Windows 10/11 Home offers no full-disk encryption at all. You will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10/11 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10/11 Pro would be suspicious. - -**Note about Linux:** So, what about Linux and plausible deniability? Yes, it is possible to achieve plausible deniability with Linux too. More information within the Linux Host OS section later. - -Unfortunately, encryption is not magic and there are some risks involved: - -#### Threats with encryption: - -##### **The 5$ Wrench:** - -Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) - -Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. **Avoid, if possible, the use of plausible deniability-capable software (such as Veracrypt) if your threat model includes hard adversaries. So, Windows users should in that case install Windows Pro as a Host OS and use Bitlocker instead.** - -See [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) - -##### Evil-Maid Attack: - -Evil Maid Attacks[^318] are conducted when someone tampers with your laptop while you are away. To install to clone your hard drive, install malware or a key logger. If they can clone your hard drive, they can compare one image of your hard drive at the time they took it while you were away with the hard drive when they seize it from you. If you used the laptop again in between, forensics examiners might be able to prove the existence of the hidden data by looking at the variations between the two images in what should be an empty/unused space. This could lead to compelling evidence of the existence of hidden data. If they install a key logger or malware within your laptop (software or hardware), they will be able to simply get the password from you for later use when they seize it. Such attacks can be done at your home, your hotel, a border crossing, or anywhere you leave your devices unattended. - -You can mitigate this attack by doing the following (as recommended earlier): - -- Have basic tamper protection (as explained previously) to prevent physical access to the internals of the laptop without your knowing. This will prevent them from cloning your disks and installing a physical key logger without your knowledge. - -- Disable all the USB ports (as explained previously) within a password-protected BIOS/UEFI. Again, they will not be able to turn them on (without physically accessing the motherboard to reset the BIOS) to boot a USB device that could clone your hard drive or install a software-based malware that could act as a key logger. - -- Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized boot of an unauthorized device. - -- Some OSes and Encryption software have the [Anti Evil Maid (AEM)][Anti Evil Maid (AEM):] protection that can be enabled. This is the case with Windows/Veracrypt and QubeOS (only on Intel CPUs). - -##### Cold-Boot Attack: - -Cold Boot attacks[^319] are trickier than the Evil Maid Attack but can be part of an Evil Maid attack as it requires an adversary to come into possession of your laptop while you are actively using your device or shortly afterward. - -The idea is rather simple, as shown in this video[^320], an adversary could theoretically quickly boot your device on a special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the USB ports are disabled or if they feel like they need more time, they could open it and "cool down" the memory using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. You will later apply a few principles to mitigate these. - -In the case of Plausible Deniability, there have been some forensics studies[^321] about technically proving the presence of the hidden data with a simple forensic examination (without a Cold Boot/Evil Maid Attack) but these have been contested by other studies[^322] and by the maintainer of Veracrypt[^323] so we would not worry too much about those yet. - -The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added ones: - -- If your OS or Encryption software allows it, you should consider encrypting the keys within RAM too (this is possible with Windows/Veracrypt and will be explained later). Again see [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) - -- Do enable the option to Wipe keys from memory if a device is inserted in Veracrypt. - -- You should limit the use of Sleep stand-by and instead use Shutdown or Hibernate to prevent the encryption keys from staying in RAM when your computer goes to sleep. This is because sleep will maintain power in your memory for resuming your activity faster. Only hibernation and shutdown will actually clear the key from the memory[^324]. - -See also [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense) and [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks) - -Here are also some interesting tools to consider for Linux users to defend against these: - -- [[Archive.org]](https://web.archive.org/web/https://github.com/0xPoly/Centry) (unfortunately unmaintained it seems) - -- [[Archive.org]](https://web.archive.org/web/https://github.com/hephaest0s/usbkill) (unfortunately unmaintained as well it seems) - -- [[Archive.org]](https://web.archive.org/web/https://github.com/Lvl4Sword/Killer) - -- [[Archive.org]](https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks) - -- (Qubes OS, Intel CPU only) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) - -##### About Sleep, Hibernation, and Shutdown: - -If you want better security, you should shut down your laptop completely every time you leave it unattended or close the lid. This should clean and/or release the RAM and provide mitigations against cold boot attacks. However, this can be a bit inconvenient as you will have to reboot completely and type in a ton of passwords into various apps. Restart various VMs and other apps. So instead, you could also use hibernation (not supported on Qubes OS). Since the whole disk is encrypted, hibernation in itself should not pose a large security risk but will still shut down your laptop and clear the memory while allowing you to conveniently resume your work afterward. **What you should never do is using the standard sleep feature which will keep your computer on, and the memory powered. This is an attack vector against evil-maid and cold-boot attacks discussed earlier. This is because your powered-on memory holds the encryption keys to your disk (encrypted or not) and could then be accessed by a skilled adversary.** - -This guide will provide guidance later on how to enable hibernation on various host OSes (except Qubes OS) if you do not want to shut down every time. - -##### Local Data Leaks (traces) and forensics examination: - -As mentioned briefly earlier, these are data leaks and traces from your operating system and apps when you perform any activity on your computer. These mostly apply to encrypted file containers (with or without plausible deniability) than OS-wide encryption. Such leaks are less "important" if your whole OS is encrypted (if you are not compelled to reveal the password). - -Let us say for example you have a Veracrypt encrypted USB key with plausible deniability enabled. Depending on the password you use when mounting the USB key, it will open a decoy folder or the sensitive folder. Within those folders, you will have decoy documents/data within the decoy folder and sensitive documents/data within the sensitive folder. - -In all cases, you will (most likely) open these folders with Windows Explorer, macOS Finder, or any other utility and do whatever you planned to do. Maybe you will edit a document within the sensitive folder. Maybe you will search for a document within the folder. Maybe you will delete one or watch a sensitive video using VLC. - -Well, all those Apps and your Operating System might keep logs and traces of that usage. This might include the full path of the folder/files/drives, the time those were accessed, temporary caches of those files, the "recent" lists in each app, the file indexing system that could index the drive, and even thumbnails that could be generated - -Here are some examples of such leaks: - -###### Windows: - -- Windows ShellBags that are stored within the Windows Registry silently storing various histories of accessed volumes/files/folders[^325]. - -- Windows Indexing keeping traces of the files present in your user folder by default[^326]. - -- Recent lists (aka Jump Lists) in Windows and various apps keeping traces of recently accessed documents[^327]. - -- Many more traces in various logs, please see this convenient interesting poster for more insight: [[Archive.org]](https://web.archive.org/web/https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download) - -###### macOS: - -- Gatekeeper[^328] and XProtect keeping track of your download history in a local database and file attributes. - -- Spotlight Indexing - -- Recent lists in various apps keeping traces of recently accessed documents. - -- Temporary folders keeping various traces of App usage and Document usage. - -- macOS Logs - -- ... - -###### Linux: - -- Tracker Indexing - -- Bash History - -- USB logs - -- Recent lists in various apps keeping traces of recently accessed documents. - -- Linux Logs - -- ... - -Forensics could' use all those leaks (see [Local Data Leaks and Forensics][Local Data Leaks and Forensics:]) to prove the existence of hidden data and defeat your attempts at using plausible deniability and to find out about your various sensitive activities. - -It will be therefore important to apply various steps to prevent forensics from doing this by preventing and cleaning these leaks/traces and more importantly by using whole disk encryption, virtualization, and compartmentalization. - -Forensics cannot extract local data leaks from an OS they cannot access. And you will be able to clean most of those traces by wiping the drive or by securely erasing your virtual machines (which is not as easy as you think on SSD drives). - -Some cleaning techniques will nevertheless be covered in the "Cover your Tracks" part of this guide at the very end. - -##### Online Data Leaks: - -Whether you are using simple encryption or plausible deniability encryption. Even if you covered your tracks on the computer itself. There is still a risk of online data leaks that could reveal the presence of hidden data. - -**Telemetry is your enemy**. As explained earlier in this guide, the telemetry of Operating Systems but also from Apps can send staggering amounts of private information online. - -In the case of Windows, this data could for instance be used to prove the existence of a hidden OS / Volume on a computer and would be readily available at Microsoft. Therefore, it is critically important that you disable and block telemetry with all the means at your disposal. No matter what OS you are using. - -#### Conclusion: - -You should never conduct sensitive activities from a non-encrypted system. And even if it is encrypted, you should never conduct sensitive activities from the Host OS itself. Instead, you should use a VM to be able to efficiently isolate and compartmentalize your activities and prevent local data leaks. - -If you have little to no knowledge of Linux or if you want to use OS-wide plausible deniability, we recommend going for Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks. - -If you have no interest in OS-wide plausible deniability and want to learn to use Linux, we will strongly recommend going for Linux or the Qubes OS route if your hardware allows it. - -**In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should ideally not be used for any of your day-to-day activities.** - -Consider also reading **** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Full_Disk_Encryption) - -### Linux Host OS: - -As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at least we do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. - -I also recommend that you do the initial installation completely offline to avoid any data leak. - -You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are not necessarily better at security than other systems such as macOS and Windows. See this reference to understand why [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/linux.html). - -#### Full disk encryption: - -There are two routes here with Ubuntu or Debian based distros: - -- Using LUKS: - - - Without plausible deniability: - - - (Recommended and easy) Encrypt as part of the installation process: [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/tutorials/install-ubuntu-desktop) - - - This process requires the full erasure of your entire drive (clean install). - - - Just check the "Encrypt the new Ubuntu installation for security" - - - (Tedious but possible) Encrypt after installation: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/ManualFullSystemEncryption) - - - With plausible deniability: See the next section [The Detached Headers Way] - -- Using Veracrypt: - - - With or without plausible deniability: See the next section [The Veracrypt Way] - -For other distros, you will have to document yourself, but it will likely be similar. Encryption during install is just much easier in the context of this guide. - -#### Note about plausible deniability on Linux: - -There are several ways to achieve plausible deniability on Linux[^329] and it is possible to achieve. Here are some more details about some of the ways we would recommend. All these options require some higher level of skills at using Linux. - -##### The Detached Headers Way: - -While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using detached LUKS headers. For now, we will redirect you toward this page for more information: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header) - -##### The Veracrypt Way: - -It is technically possible to not only use Veracrypt but also to achieve plausible deniability on a Linux Host OS by using Veracrypt for system full-disk encryption (instead of LUKS). This is not supported by Veracrypt (System encryption is only supported on Windows) and requires some tinkering with various commands. This is not recommended at all for unskilled users and should only be used at your own risk. - -The steps to achieve this are not yet integrated into this guide but can be found here: (this is a .onion address and requires Tor Browser). - -#### Reject/Disable any telemetry: - -- During the install, just make sure you do not allow any data collection if prompted. - -- If you are not sure, just make sure you did not enable any telemetry and follow this tutorial if needed [[Archive.org]](https://web.archive.org/web/https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/) - -- Any other distro: you will need to document yourself and find out how to disable telemetry. - -#### Disable anything unnecessary: - -- Disable Bluetooth if enabled by following this guide [[Archive.org]](https://web.archive.org/web/https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/) or issuing the following command: - - - ```sudo systemctl disable bluetooth.service --force``` - -- Disable Indexing if enabled by default (Ubuntu >19.04) by following this guide [[Archive.org]](https://web.archive.org/web/https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html) or issuing the following commands: - - - ```sudo systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service``` - - - You can safely ignore any error if it says some service does not exist - - - ```sudo tracker reset -hard``` - -##### Hibernation: - -As explained previously, you should not use the sleep features but shut down or hibernate your laptop to mitigate some evil-maid and cold-boot attacks. Unfortunately, this feature is disabled by default on many Linux distros including Ubuntu. It is possible to enable it, but it might not work as expected. Follow this information at your own risk. If you do not want to do this, you should never use the sleep function and power off instead (and set the lid closing behavior to power off instead of sleep). - -Follow one of these tutorials to enable Hibernate: - -- [[Archive.org]](https://web.archive.org/web/https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/) - -- [[Archive.org]](https://web.archive.org/web/http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/) - -- [[Archive.org]](https://web.archive.org/web/20211011215449/https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/) - -After Hibernate is enabled, change the behavior so that your laptop will hibernate when you close the lid by following this tutorial for Ubuntu 20.04 [[Archive.org]](https://web.archive.org/web/http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/) and this tutorial for Ubuntu 18.04 [[Archive.org]](https://web.archive.org/web/https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/). There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for 20.04 should probably work too. - -Unfortunately, this will not clean the key from memory directly when hibernating. To avoid this at the cost of some performance, you might consider encrypting the swap file by following this tutorial: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) - -These settings should mitigate cold boot attacks if you can hibernate fast enough. - -#### Enable MAC address randomization: - -- For Ubuntu, follow these steps [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses). - -- Consider this tutorial which should still work: [[Archive.org]](https://web.archive.org/web/https://josh.works/shell-script-basics-change-mac-address) - -#### Hardening Linux: - -As a light introduction for new Linux users, consider [[Invidious]](https://yewtu.be/watch?v=Sa0KqbpLye4) - -For more in-depth and advanced options, refer to: - -- This excellent guide: [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/guides/linux-hardening.html) - -- This excellent wiki resource: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Security) - -- These excellent scripts are based on the guide and wiki above: [[Archive.org]](https://web.archive.org/web/https://codeberg.org/SalamanderSecurity/PARSEC) - -- These tools that can help you harden your Linux Kernel: - - - Lynis: - - - Kconfig-hardened-check: - -- Consider installing Safing Portmaster from [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/) **(Warning: there might be issues with some VPN clients. See: ** [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/status/vpn-compatibility) - -- Consider the use of KickSecure when using Debian: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Kicksecure) - -- This interesting article: [[Archive.org]](https://web.archive.org/web/http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html) - -#### Setting up a safe Browser: - -See [Appendix G: Safe Browser on the Host OS] - -### macOS Host OS: - -**Note: Mac M1/M2 chips are now supported natively, or, if you wish to use commercial tools like VMWare Fusion or Parallels Desktop, but those are not covered in this guide. Seek this information yourself.** - -As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at least we do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. - -We also recommend that you do the initial installation completely offline to avoid any data leak. - -**Do not ever sign in with your Apple account using that Mac.** - -#### During the install: - -- Stay Offline - -- Disable all data sharing requests when prompted including location services - -- Do not sign in with Apple - -- Do not enable Siri - -#### Hardening macOS: - -As a light introduction for new macOS users, consider [[Invidious]](https://yewtu.be/watch?v=lFx5icuE6Io) - -Now to go more in-depth in securing and hardening your macOS, we recommend reading this guide which covers many of the issues: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - - -Here are the basic steps you should take after your offline installation: - -##### Enable Firmware password with "disable-reset-capability" option: - -First, you should set up a firmware password following this guide from Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204455) - -Unfortunately, some attacks are still possible and an adversary could disable this password so you should also follow this guide to prevent disabling the firmware password from anyone including Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) - -##### Enable Hibernation instead of sleep: - -Again, this is to prevent some cold-boot and evil-maid attacks by powering down your RAM and cleaning the encryption key when you close the lid. You should always either hibernate or shut down. On macOS, the hibernate feature even has a special option to specifically clear the encryption key from memory when hibernating (while you might have to wait for the memory to decay on other Operating Systems). Once again there are no easy options to do this within the settings so instead, we will have to do this by running a few commands to enable hibernation: - -- Open a Terminal - -- Run: ```sudo pmset -a destroyfvkeyonstandby 1``` - - - This command will instruct macOS to destroy the Filevault key on Standby (sleep) - -- Run: ```sudo pmset -a hibernatemode 25``` - - - This command will instruct macOS to power off the memory during sleep instead of doing a hybrid hibernate that keeps the memory powered on. It will result in slower wakes but will increase battery life. - -Now when you close the lid of your MacBook, it should hibernate instead of sleep and mitigate attempts at performing cold-boot attacks. - -In addition, you should also set up an automatic sleep (Settings > Energy) so that your MacBook will hibernate automatically if left unattended. - -##### Disable unnecessary services: - -Disable some unnecessary settings within the settings: - -- Disable Bluetooth - -- Disable the Camera and Microphone - -- Disable Location Services - -- Disable Airdrop - -- Disable Indexing - -##### Prevent Apple OCSP calls: - -These are the infamous "unblockable telemetry" calls from macOS Big Sur disclosed here: [[Archive.org]](https://web.archive.org/web/https://sneak.berlin/20201112/your-computer-isnt-yours/) - -You could block OCSP reporting by issuing the following command in Terminal: - -- ``` sudo sh -c 'echo "127.0.0.1 ocsp.apple.com" >> /etc/hosts'``` - -But you should document yourself on the actual issue before acting. This page is a good place to start: [[Archive.org]](https://web.archive.org/web/https://blog.jacopo.io/en/post/apple-ocsp/) - -Up to you really. We would block it because we do not want any telemetry at all from my OS to the mothership without my specific consent. None. - -##### Enable Full Disk encryption (Filevault): - -You should enable full disk encryption on your Mac using Filevault according to this part of the guide: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - -**Be careful when enabling. Do not store the recovery key at Apple if prompted (should not be an issue since you should be offline at this stage). You do not want a third party to have your recovery key.** - -##### MAC Address Randomization: - -Unfortunately, macOS does not offer a native convenient way of randomizing your MAC Address and so you will have to do this manually. This will be reset at each reboot, and you will have to re-do it each time to ensure you do not use your actual MAC Address when connecting to various Wi-Fis - -You can do this by issuing the following commands in terminal (without the parentheses): - -- (Turn the Wi-Fi off) ```networksetup -setairportpower en0 off``` - -- (Change the MAC Address) ```sudo ifconfig en0 ether 88:63:11:11:11:11``` - -- (Turn the Wi-Fi back on) ```networksetup -setairportpower en0 on``` - -#### Setting up a safe Browser: - -See [Appendix G: Safe Browser on the Host OS] - -### Windows Host OS: - -As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at leastWedo not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. - -I also recommend that you do the initial installation completely offline to avoid any data leak. - -#### Installation: - -You should follow [Appendix A: Windows Installation] - -As a light introduction, consider watching [[Invidious]](https://yewtu.be/watch?v=vNRics7tlqw) - -#### Enable MAC address randomization: - -You should randomize your MAC address as explained earlier in this guide: - -Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware addresses - -Alternatively, you could use this free piece of software: [[Archive.org]](https://web.archive.org/web/https://technitium.com/tmac/) - -#### Setting up a safe Browser: - -See [Appendix G: Safe Browser on the Host OS] - -#### Enable some additional privacy settings on your Host OS: - -See [Appendix B: Windows Additional Privacy Settings] - -##### Windows Host OS encryption: - -###### If you intend to use system-wide plausible deniability: - -Veracrypt[^330] is the software we will recommend for full-disk encryption, file encryption, and plausible deniability. It is a fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for: - -- Full Disk simple encryption (your hard drive is encrypted with one passphrase). - -- Full Disk encryption with plausible deniability (this means that depending on the passphrase entered at boot, you will either boot a decoy OS or a hidden OS). - -- File container simple encryption (it is a large file that you will be able to mount within Veracrypt as if it were an external drive to store encrypted files within). - -- File container with plausible deniability (it is the same large file but depending on the passphrase you use when mounting it, you will either mount a "hidden volume" or the "decoy volume"). - -It is to my knowledge the only (convenient and usable by anyone) free, open-source, and openly audited[^331] encryption software that also provides plausible deniability for widespread use and it works with Windows Home Edition. - -Go ahead and download and install Veracrypt from: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Downloads.html) - -After installation, please take a moment to review the following options that will help mitigate some attacks: - -- Encrypt the memory with a Veracrypt option[^332] (settings > performance/driver options > encrypt RAM) at a cost of 5-15% performance. This setting will also disable hibernation (which does not actively clear the key when hibernating) and instead encrypt the memory altogether to mitigate some cold-boot attacks. More details about this feature here: [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) - -- Enable the Veracrypt option to wipe the keys from memory if a new device is inserted (system > settings > security > clear keys from memory if a new device is inserted). This could help in case your system is seized while still on (but locked). - -- Enable the Veracrypt option to mount volumes as removable volumes (Settings > Preferences > Mount volume as removable media). This will prevent Windows from writing some logs about your mounts in the Event logs[^333] and prevent some local data leaks. - -- Be careful and have a good situational awareness if you sense something weird. Shut your laptop down as fast as possible. - -If you do not want to use encrypted memory (because performance might be an issue), you should at least enable hibernation instead of sleep. This will not clear the keys from memory (you are still vulnerable to cold boot attacks) but at least should mitigate them if your memory has enough time to decay. - -More details later in [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]. - -###### If you do not intend to use system-wide plausible deniability: - -For this case, we will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is that BitLocker does not offer a plausible deniability possibility contrary to Veracrypt. A hard adversary has then no incentive in pursuing his "enhanced" interrogation if you reveal the passphrase. - -Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward. - -Basically, you can follow the instructions here: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) - -But here are the steps: - -- Click the Windows Menu - -- Type "Bitlocker" - -- Click "Manage Bitlocker" - -- Click "Turn on Bitlocker" on your System Drive - -- Follow the instructions - - - **Do not save your recovery key to a Microsoft Account if prompted.** - - - **Only save the recovery key to an external encrypted drive. To bypass this, print the recovery key using the Microsoft Print to PDF printer and save the key within the Documents folder. Delete that file later.** - - - **Encrypt Entire Drive (do not encrypt the used disk space only).** - - - **Use "New Encryption Mode"** - - - **Run the BitLocker Check** - - - **Reboot** - -- Encryption should now be started in the background (you can check by clicking the Bitlocker icon on the lower right side of the taskbar). - -Unfortunately, this is not enough. With this setup, your Bitlocker key can just be stored as-is in the TPM chip of your computer. This is rather problematic as the key can be extracted in some cases with ease[^334]'[^335]'[^336]'[^337]. - -To mitigate this, you will have to enable a few more options as per the recommendations of Microsoft[^338]: - -- Click the Windows icon - -- Type Run - -- Type "gpedit.msc" (this is the group policy editor) - -- Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker > Operating System Drives - - - Double Click the "Require Additional Authentication at Startup" - - - Click the "Configure TPM Startup PIN" and set it to "Require Startup PIN with TPM" - - - Double Click the "Allow enhanced PINs for startup" - - - Click the "Enable" (this will allow us to set a password rather than a PIN) - -- Close the Group Policy Editor - -- Click the Windows icon - -- Type Command to display the "Command Prompt" - -- Right Click on it and click "Run as Administrator" - -- Run ```manage-bde -protectors -delete c:``` (this will delete current protection: the recovery key you will not need) - -- Run ```manage-bde -protectors -add c: -TPMAndPIN``` (this will prompt you for a pre-boot password) - - - Enter a password or passphrase of your choice (a good one) - -- Run ```manage-bde -status``` - - - You should now see at your C: drive below "Key Protectors" the option "TPM and PIN" - -- You are done - -Now when you reboot your computer, you should ideally be prompted for: - -- A BIOS/UEFI boot password - -- An SSD/HDD unlock password (if the feature is available on your BIOS) - -- A Bitlocker Pre-Boot Pin Screen where you need to enter the password/passphrase you just set-up - -- And finally, the Windows Logon Screen where you can enter the credentials you set-up earlier - -##### Enable Hibernation (optional): - -Again, as explained earlier. You should never use the sleep/stand-by feature to mitigate some cold-boot and evil-maid attacks. Instead, you should Shut down or hibernate. You should therefore switch your laptop from sleeping to hibernating when closing the lid or when your laptop goes to sleep. - -(**Note that you cannot enable hibernation if you previously enabled RAM encryption within Veracrypt)** - -The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the other hand will leave the memory powered on (including your decryption key) and could leave your laptop vulnerable to cold-boot attacks. - -By default, Windows 10/11 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation) - -- Open an administrator command prompt (right-click on Command Prompt and "Run as Administrator") - -- Run: powercfg.exe /hibernate on - -- Now run the additional command: ```**powercfg /h /type full**``` - - - **This command will make sure your hibernate mode is full and will fully clean the memory (not securely tho).** - -After that you should go into your power settings: - -- Open the Control Panel - -- Open System & Security - -- Open Power Options - -- Open "Choose what the power button does" - -- Change everything from sleep to hibernate or shutdown - -- Go back to the Power Options - -- Select Change Plan Settings - -- Select Advanced Power Settings - -- Change all the Sleep Values for each Power Plan to 0 (Never) - -- Make sure Hybrid Sleep is Off for each Power Plan - -- Enable Hibernate After the time you would like - -- Disable all the Wake timers - -#### Deciding which sub-route you will take: - -Now you will have to pick your next step between two options: - -- Route A: Simple encryption of your current OS - - - Pros: - - - Does not require you to wipe your laptop - - - No issue with local data leaks - - - Works fine with an SSD drive - - - Works with any OS - - - Simple - - - Cons: - - - You could be compelled by an adversary to reveal your password and all your secrets and will have no plausible deniability. - - - The danger of Online data leaks - -- Route B: Simple encryption of your current OS with later use of plausible deniability on files themselves: - - - Pros: - - - Does not require you to wipe your laptop - - - Works fine with an SSD drive - - - Works with any OS - - - Plausible deniability is possible with "soft" adversaries - - - Cons: - - - The danger of Online Data leaks - - - The danger of Local Data leaks (that will lead to more work to clean up those leaks) - -- Route C: Plausible Deniability Encryption of your Operating system (you will have a "hidden OS" and a "decoy OS" running on the laptop): - - - Pros: - - - No issues with local Data leaks - - - Plausible deniability is possible with "soft" adversaries - - - Cons: - - - Requires Windows (this feature is not "easily" supported on Linux). - - - The danger of online Data leaks - - - Requires full wipe of your laptop - - - No use with an SSD drive due to the requirement of disabling Trim[^339] Operations[^340]. This will severely degrade the performance/health of your SSD drive over time. - -**As you can see, Route C only offers two privacy advantages over the others, and it will only be of use against a soft lawful adversary. Remember ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)**.** - -Deciding which route you will take is up to you. Route A is a minimum. - -**Always be sure to check for new versions of Veracrypt frequently to ensure you benefit from the latest patches. Especially check this before applying large Windows updates that might break the Veracrypt bootloader and send you into a boot loop.** - -**NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM PASSWORD IN QWERTY (display the password as a test). This can cause issues if your boot input is using your laptop's keyboard (AZERTY for example) as you will have set up your password in QWERTY and will input it at boot time in AZERTY. So, make sure you check when doing the test boot what keyboard layout your BIOS is using. You could fail to log in just because of the QWERTY/AZERTY mix-up. If your BIOS boots using AZERTY, you will need to type the password in QWERTY within Veracrypt.** - -##### Route A and B: Simple Encryption using Veracrypt (Windows tutorial) - -**Skip this step if you used BitLocker instead earlier.** - -You do not have to have an HDD for this method, and you do not need to disable Trim on this route. Trim leaks will only be of use to forensics in detecting the presence of a Hidden Volume but will not be of much use otherwise. - -This route is rather straightforward and will just encrypt your current Operating System in place without losing any data. Be sure to read all the texts Veracrypt is showing you, so you have a full understanding of what is going on. Here are the steps: - -- Launch VeraCrypt - -- Go into Settings: - - - Settings > Performance/driver options > Encrypt RAM - - - System > Settings > Security > Clear keys from memory if a new device is inserted - - - System > Settings > Windows > Enable Secure Desktop - -- Select System - -- Select Encrypt System Partition/Drive - -- Select Normal (Simple) - -- Select Single-Boot - -- Select AES as encryption Algorithm (click the test button if you want to compare the speeds) - -- Select SHA-512 as hash Algorithm (because why not) - -- Enter a strong passphrase (longer the better, remember [Appendix A2: Guidelines for passwords and passphrases]) - -- Collect some entropy by randomly moving your cursor around until the bar is full - -- Click Next as the Generated Keys screen - -- To rescue disk[^341] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. - -- Wipe mode: - - - If you have no sensitive data yet on this laptop, select None - - - If you have sensitive data on an SSD, Trim alone should take care of it[^342] but we would recommend one pass (random data) just to be sure. - - - If you have sensitive data on an HDD, there is no Trim, and we Swould recommend at least 1-pass. - -- Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test must pass for encryption to go forward. - -- After your computer rebooted and the test is passed. You will be prompted by Veracrypt to start the encryption process. - -- Start the encryption and wait for it to complete. - -- You are done, skip Route B and go to the next steps. - -There will be another section on creating encrypted file containers with Plausible Deniability on Windows. - -##### Route B: Plausible Deniability Encryption with a Hidden OS (Windows only) - -**This is only supported on Windows.** - -**This is only recommended on an HDD drive. This is not recommended on an SSD drive.** - -**Your Hidden OS should not be activated (with an MS product key). Therefore, this route will recommend and guide you through a full clean installation that will wipe everything on your laptop.** - -Read the Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) (Process of Creation of Hidden Operating System part) and [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html) (Security Requirements and Precautions Pertaining to Hidden Volumes). - -This is how your system will look after this process is done: - -![image22](media/image22.png) - -(Illustration from Veracrypt Documentation, [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html)) - -As you can see this process requires you to have two partitions on your hard drive from the start. - -This process will do the following: - -- Encrypt your second partition (the outer volume) that will look like an empty unformatted disk from the decoy OS. - -- Prompt you with the opportunity to copy some decoy content within the outer volume. - - - This is where you will copy your decoy Anime/Porn collection from some external hard drive to the outer volume. - -- Create a hidden volume within the outer volume of that second partition. This is where the hidden OS will reside. - -- Clone your currently running Windows 10/11 installation onto the hidden volume. - -- Wipe your currently running Windows 10/11. - -- This means that your current Windows 10/11 will become the hidden Windows 10/11 and that you will need to reinstall a fresh decoy Windows 10/11 OS. - -**Mandatory if you have an SSD drive and you still want to do this against the recommendation: Disable SSD Trim in Windows**[^343] **(again this is NOT recommended at all as** **disabling Trim in itself is highly suspicious**). **Also** **as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks**[^344] **that could allow forensics to defeat your plausible deniability**[^345][^346]**. The only way around this at the moment is to have a laptop with a classic HDD drive instead.** - -###### Step 1: Create a Windows 10/11 install USB key - -See [Appendix C: Windows Installation Media Creation][306] and go with the USB key route. - -###### Step 2: Boot the USB key and start the Windows 10/11 install process (Hidden OS) - -- Insert the USB key into your laptop - -- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home. - -###### Step 3: Privacy Settings (Hidden OS) - -See [Appendix B: Windows Additional Privacy Settings] - -###### Step 4: Veracrypt installation and encryption process start (Hidden OS) - -Remember to read [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) - -Do not connect this OS to your known Wi-Fi. You should download the Veracrypt installer from a different computer and copy the installer here using a USB key. Here are the steps: - -- Install Veracrypt - -- Start Veracrypt - -- Go into Settings: - - - Settings > Performance/driver options > Encrypt RAM (**note that this option is not compatible with Hibernation your laptop and means you will have to shut down completely)** - - - System > Settings > Security > Clear keys from memory if a new device is inserted - - - System > Settings > Windows > Enable Secure Desktop - -- Go into System and select Create Hidden Operating System - -- Read all the prompts thoroughly - -- Select Single-Boot if prompted - -- Create the Outer Volume using AES and SHA-512. - -- Use all the space available on the second partition for the Outer Volume - -- Use a strong passphrase (remember [Appendix A2: Guidelines for passwords and passphrases]) - -- Select yes to Large Files - -- Create some Entropy by moving the mouse around until the bar is full and select NTFS (do not select exFAT as you want this outer volume to look "normal" and NTFS is normal). - -- Format the Outer Volume - -- Open Outer Volume: - - - At this stage, you should copy decoy data onto the outer volume. So, you should have some sensitive but not so sensitive files/folders to copy there. In case you need to reveal a password to this Volume**.** This is a good place for your Anime/Mp3/Movies/Porn collection. - - - We recommend you do not fill the outer volume too much or too little (about 40%). Remember you must leave enough space for the Hidden OS (which will be the same size as the first partition you created during installation). - -- Use a strong passphrase for the Hidden Volume (obviously a different one than the one for the Outer Volume). - -- Now you will create the Hidden Volume, select AES and SHA-512 - -- Fill the entropy bar until the end with random mouse movements - -- Format the hidden Volume - -- Proceed with the Cloning - -- Veracrypt will now restart and Clone the Windows where you started this process into the Hidden Volume. This Windows will become your Hidden OS. - -- When the cloning is complete, Veracrypt will restart within the Hidden System - -- Veracrypt will inform you that the Hidden System is now installed and then prompt you to wipe the Original OS (the one you installed previously with the USB key). - -- Use 1-Pass Wipe and proceed. - -- Now your Hidden OS will be installed, proceed to the next step - -###### Step 5: Reboot and boot the USB key and start the Windows 10/11 install process again (Decoy OS) - -Now that the Hidden OS is fully installed, you will need to install a Decoy OS: - -- Insert the USB key into your laptop - -- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home again (do not install a different version and stick with Home). - -###### Step 6: Privacy settings (Decoy OS) - -See [Appendix B: Windows Additional Privacy Settings] - -###### Step 7: Veracrypt installation and encryption process start (Decoy OS) - -Now you will encrypt the Decoy OS: - -- Install Veracrypt - -- Launch VeraCrypt - -- Select System - -- Select Encrypt System Partition/Drive - -- Select Normal (Simple) - -- Select Single-Boot - -- Select AES as encryption Algorithm (click the test button if you want to compare the speeds) - -- Select SHA-512 as hash Algorithm (because why not) - -- Enter a short weak password (yes this is serious, do it, it will be explained later). - -- Collect some entropy by randomly moving your cursor around until the bar is full - -- Click Next as the Generated Keys screen - -- To rescue disk[^347] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. - -- Wipe mode: Select 1-Pass just to be safe - -- Pre-Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test must pass for encryption to go forward. - -- After your computer rebooted and the test is passed. You will be prompted by Veracrypt to start the encryption process. - -- Start the encryption and wait for it to complete. - -- Your Decoy OS is now ready for use. - -###### Step 8: Test your setup (Boot in Both) - -Time to test your setup: - -- Reboot and input your Hidden OS passphrase, you should boot within the Hidden OS. - -- Reboot and input your Decoy OS passphrase, you should boot within the Decoy OS. - -- Launch Veracrypt on the Decoy OS and mount the second partition using the Outer Volume Passphrase (mount it as read-only, by going into Mount Options and Selecting Read-Only) and it should mount the second partition as a read-only displaying your decoy data (your Anime/Porn collection). You are mounting it as read-only now because if you were to write data on it, you could override content from your Hidden OS. - -###### Step 9: Changing the decoy data on your Outer Volume safely - -Before going to the next step, you should learn the way to mount your Outer Volume safely for writing content on it. This is also explained in this official Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) - -**You should do this from a safe, trusted space.** - -Basically, you are going to mount your Outer Volume while also providing the Hidden Volume passphrase within the Mount Options to protect the Hidden Volume from being overwritten: - -- Open Veracrypt - -- Select your Second Partition - -- Click Mount - -- Click Mount Options - -- Check the "Protect the Hidden volume..." Option - -- Enter the Hidden OS passphrase - -- Click OK - -- Enter your Outer Volume passphrase - -- Click OK - -- You should now be able to open and write to your Outer Volume to change the content (copy/move/delete/edit...) - -This operation will not actually mount the Hidden Volume and should prevent the creation of any forensic evidence that could lead to the discovery of the Hidden OS. However, while you are performing this operation, both passwords will be stored in your RAM. You could still be vulnerable to a Cold-Boot Attack. To mitigate this, be sure to have the option to encrypt your RAM as instructed before. - -###### Step 10: Leave some forensics evidence of your Outer Volume (with the decoy Data) within your Decoy OS - -We must make the Decoy OS as plausible as possible. We also want your adversary to underestimate your intelligence. - -It is important to voluntarily leave some forensic evidence of your Decoy Content within your Decoy OS. This evidence will let forensic examiners see that you mounted your Outer Volume frequently to access its content. - -Here are useful tips to leave some forensics evidence: - -- Play the content from the Outer Volume from your Decoy OS (using VLC for instance). Be sure to keep a history of those. - -- Edit documents and work on them. - -- Enable file indexing again on the Decoy OS and include the mounted Outer Volume. - -- Unmount it and mount it frequently to watch some content or move files around. - -- Copy some content from your Outer Volume to your Decoy OS and then delete it unsafely. Just put it in the Recycle Bin, which only someone who is naive would do, thinking it were deleted. - -- Have a Torrent Client installed on the Decoy OS; use it from time to time to download some similar stuff that you will leave on the Decoy OS. - -- You could have a VPN client installed on the Decoy OS with a known VPN of yours (non-cash paid). - -Do not put anything suspicious on the Decoy OS such as: - -- This guide - -- Any links to this guide - -- Any suspicious anonymity software such as Tor Browser - -- Any Veracrypt volumes - -- Any documents on anonymity or security - -The intention is to make your adversary believe you are not as smart as they thought, to deter them from searching deeper. - -###### Notes: - -**Remember that you will need valid excuses for this plausible deniability scenario to work:** - -- **You are using Veracrypt because you are using Windows 10/11 Home, which do not feature Bitlocker, but you still wanted reasonable Privacy.** - -- **You have two partitions because you wanted to separate the system from the data for easy organization, and because some geeky friend told you this was better for performance.** - -- **You have used a weak password for easy convenient booting of the system and a strong, long passphrase on the Outer Volume. You were too lazy to type a strong passphrase at each boot.** - -- **You encrypted the second partition with a different password than the system because you do not want anyone in your group/domain to see your stuff. You did not want that data available to anyone.** - -Take some time to read again the "Possible Explanations for Existence of Two Veracrypt Partitions on Single Drive" of the Veracrypt documentation here [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) - -**Be careful:** - -- **You should never mount the Hidden Volume from the Decoy OS (NEVER EVER). If you did this, it would create forensic evidence of the Hidden Volume within the Decoy OS which could jeopardize your attempt at plausible deniability**. If you did this anyway (intentionally or by mistake) from the Decoy OS, there are ways to erase forensic evidence that will be explained later at the end of this guide, so this mistake alone isn't a huge deal if you follow the steps in [Some additional measures against forensics][Some additional measures against forensics:]. - -- **Never use the Decoy OS from the same network (public Wi-Fi) as the Hidden OS.** - -- **When you do mount the Outer Volume from the Decoy OS, do not write any data within the Outer Volume. This could override what looks like empty space, but is in fact your Hidden OS. You should always mount it as read-only.** - -- **If you want to change the decoy content of the Outer Volume, you should use a Live OS USB Key that will run Veracrypt.** - -- **Note that you will not use the Hidden OS to perform sensitive activities, this will be done later from a VM within the Hidden OS. The Hidden OS is only meant to protect you from soft lawful adversaries that could gain access to your laptop and compel you to reveal your password.** - -- **Be careful of any tampering with your laptop. Evil-Maid Attacks can reveal your Hidden OS.** - -### Virtualbox on your Host OS: - -Remember [Appendix W: Virtualization]. - -This step and the following steps should be done from within the Host OS. This can either be your Host OS with simple encryption (Windows/Linux/macOS) or your Hidden OS with plausible deniability (Windows only). - -In this route, you will make extensive use of the free Oracle Virtualbox[^348] software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience). - -So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of security. Some of the reported issues[^349] have not been completely fixed to date[^350]. If you are using Linux, and you possess a bit more technical skill, you should consider using KVM instead by following the guide available at Whonix here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F) - -Some steps should be taken in all cases: - -**All your sensitive activities will be done from within a guest Virtual Machine running Windows 10/11 Pro (not Home this time), Linux, or macOS.** - -This has a few advantages that will help you remain anonymous: - -- It should prevent the guest VM OS (Windows/Linux/macOS), apps, and any telemetry within the VMs from accessing your hardware directly. Even if your VM is compromised by malware, the malware should not be able to access the Host OS and compromise your actual machine. - -- It will allow us to force all the network traffic from your VM to run through another Gateway VM that will direct all the traffic over the Tor Network. This is a network "kill switch". Your VM will lose its network connectivity completely and go offline if the target network VM loses its connection to the Tor Network. - -- The VM itself, which only has internet connectivity through a Tor Network Gateway, will connect to your cash-paid VPN service through Tor. - -- DNS Leaks will be impossible because the VM is on an isolated network that must go through Tor no matter what. - -### Pick your connectivity method: - -There are seven possibilities within this route: - -- **Recommended and preferred:** - - - **Use Tor alone (User > Tor > Internet)** - - - **Use VPN over Tor (User > Tor > VPN > Internet) in specific cases** - - - **Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) in specific cases** - -- Possible if required by context: - - - Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) - - - Use Tor over VPN (User > VPN > Tor > Internet) - -- Not recommended and risky: - - - Use VPN alone (User > VPN > Internet) - - - Use VPN over VPN (User > VPN > VPN > Internet) - -- **Not recommended and highly risky (but possible)** - - - No VPN and no Tor (User > Internet) - -![image23](media/image23.png) - -#### Tor only: - -This is the preferred and most recommended solution. - -![image24](media/image24.png) - -With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases. - -There is one main drawback tho: **Some services block/ban Tor Exit nodes outright and will not allow account creations from those.** - -To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section. - -#### VPN/Proxy over Tor: - -This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). - -This solution can be achieved in two ways: - -- Paid VPN over Tor (easiest) - -- Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas but requiring more skills with Linux) - -As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN/Proxy account connecting to their services from a Tor Exit node. - -![image25](media/image25.png) - -If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity. - -If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. - -**This solution however has one main drawback to consider: Interference with Tor Stream Isolation**[^351]. - -Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is: - -![image26](media/image26.png) - -(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) - -VPN/Proxy over Tor falls on the right-side[^352] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: - -- When your destination service does not allow Tor Exit nodes. - -- When you do not mind using a shared Tor circuit for various services. For instance, when using various authenticated services. - -**You should however consider not using this method when your aim is just to browse random various unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks easier over time for an adversary between each of your sessions (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). If your goal however is to use the same identity at each session on the same authenticated services, the value of Stream isolation is lessened as you can be correlated through other means.** - -You should also know that Stream Isolation is not necessarily configured by default on Whonix Workstation. It is only pre-configured for some applications (including Tor Browser). - -Also, note that Stream Isolation does not necessarily change all the nodes in your Tor circuit. It can sometimes only change one or two. In many cases, Stream Isolation (for instance within the Tor Browser) will only change the relay (middle) node and the exit node while keeping the same guard (entry) node. - -More information at: - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) - -- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) - -#### Tor over VPN: - -You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, we would not necessarily recommend it: - -- Disadvantages: - - - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if required. We do not trust them. We prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. - - - This would result in you connecting to various services using the IP of a Tor Exit Node which is banned/flagged in many places. It does not help in terms of convenience. - -- Advantages: - - - **The main advantage is that if you are in a hostile environment where Tor access is impossible/dangerous/suspicious, but VPN is okay.** - - - This method also does not break Tor Stream isolation. - - - This also hides your Tor activities from your main ISP. - -Note, if you are having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges. See [Appendix X: Using Tor bridges in hostile environments]. - -It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). - -This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. - -Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route. - -Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity. - -#### VPN only: - -This route will not be explained nor recommended. - -**If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.** - -Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the second one will still know you were using that other first VPN service. This will only slightly delay your de-anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de-anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. - -For more info, please see the following references: - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) - -- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) - -- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) - -- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) - -**In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** - -#### No VPN/Tor: - -If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high. - -Just do not, it is not worth it and too risky. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes. - -Do not forget to check back on [Adversaries (threats)] and [Appendix S: Check your network for surveillance/censorship using OONI]. - -If you have absolutely no other option and still want to do something, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] **(at your own risk) and consider [The Tails route][The Tor Browser route:] instead.** - -#### Conclusion: - -| Connection Type | Anonymity | Ease of Access to online resources | Tor Stream isolation | Safer where Tor is suspicious/dangerous | Speed | Cost | Recommended | -|------------------------------------|-----------|------------------------------------|----------------------|-----------------------------------------|------------|---------------------------|--------------------------------------------------| -| Tor Alone | **Good** | **Medium** | **Possible** | **No** | **Medium** | **Free** | **Yes** | -| Tor over VPN | **Good+** | **Medium** | **Possible** | **Yes** | **Medium** | **Around 50€/y** | **If needed (Tor inaccessible)** | -| Tor over VPN over Tor | **Best** | **Medium** | **Possible** | **Yes** | **Poor** | **Around 50€/y** | **Yes** | -| VPN over Tor | **Good-** | **Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | -| Self-Hosted VPS VPN/Proxy over Tor | **Good-** | **Very Good** | **No** | **Yes** | **Medium** | **Around 50€/y** | **If needed (convenience)** | -| VPN/Proxy over Tor over VPN | **Good-** | **Good** | **No** | **Yes** | **Poor** | **Around 100€/y** | **If needed (convenience and Tor inaccessible)** | -| VPN/Proxy Alone | **Bad** | **Good** | **N/A** | **Yes** | **Good** | **Around 50€/y** | **No.** | -| No Tor and VPN | **Bad** | **Unknown** | **N/A** | **No** | **Good** | **Around 100€ (Antenna)** | **No.** | - -Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor is still the best solution for anonymity and must be somewhere for anonymity. - -- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. - - - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). - -- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** - -- If cost is an issue, we recommend the Tor Only option if possible. - -- If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -For more information, you can also see the discussions here that could help decide yourself: - -- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) - -- Tails Documentation: - - - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) - - - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) - -- Whonix Documentation (in this order): - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) - -- Some papers on the matter: - - - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) - -### Getting an anonymous VPN/Proxy: - -**Skip this step if you want to use Tor only.** - -See [Appendix O: Getting an anonymous VPN/Proxy] - -### Whonix: - -**Skip this step if you cannot use Tor.** - -This route will use Virtualization and Whonix[^353] as part of the anonymization process. Whonix is a Linux distribution composed of two Virtual Machines: - -- The Whonix Workstation (this is a VM where you can conduct sensitive activities) - -- The Whonix Gateway (this VM will establish a connection to the Tor network and route all the network traffic from the Workstation through the Tor network). - -This guide will therefore propose two flavors of this route: - -- The Whonix only route where all traffic is routed through the Tor Network (Tor Only or Tor over VPN). - -![image27](media/image27.png) - -- A Whonix hybrid route where all traffic is routed through a cash (preferred)/Monero paid VPN over the Tor Network (VPN over Tor or VPN over Tor over VPN). - -![image28](media/image28.png) - -You will be able to decide which flavor to use based on my recommendations. We recommend the second one as explained before. - -Whonix is well maintained and has extensive and incredibly detailed documentation. - -#### A note on Virtualbox Snapshots: - -Later, you will create and run several Virtual Machines within Virtualbox for your sensitive activities. Virtualbox provides a feature called "Snapshots"[^354] that allow for saving the state of a VM at any point in time. If for any reason later you want to go back to that state, you can restore that snapshot at any moment. - -**I strongly recommend that you do make use of this feature by creating a snapshot after the initial installation/update of each VM. This snapshot should be done before its use for any sensitive/anonymous activity.** - -This will allow you to turn your VMs into a kind of disposable "Live Operating Systems" (like Tails discussed earlier). Meaning that you will be able to erase all the traces of your activities within a VM by restoring a Snapshot to an earlier state. Of course, this will not be "as good" as Tails (where everything is stored in memory) as there might be traces of this activity left on your hard disk. Forensics studies have shown the ability to recover data from a reverted VM[^355]. Fortunately, there will be ways to remove those traces after the deletion or reverting to an earlier snapshot. Such techniques will be discussed in the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide. - -#### Download Virtualbox and Whonix utilities: - -You should download a few things within the host OS: - -- The latest version of the Virtualbox installer according to your Host OS [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/wiki/Downloads) - -- (Skip this if you cannot use Tor natively or through a VPN) The latest Whonix OVA file from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Download) according to your preference (Linux/Windows, with a Desktop interface XFCE for simplicity or only with the text-client for advanced users) - -This will conclude the preparations and you should now be ready to start setting up the final environment that will protect your anonymity online. - -#### Virtualbox Hardening recommendations: - -For ideal security, you should follow the recommendations provided here for each Virtualbox Virtual Machine [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Virtualization_Platform_Security) : - -- Disable Audio. - -- Do not enable Shared Folders. - -- Do not enable 2D acceleration. This one is done running the following command ```VBoxManage modifyvm "vm-id" --accelerate2dvideo on|off``` - -- Do not enable 3D acceleration. - -- Do not enable the Serial Port. - -- Remove the Floppy drive. - -- Remove the CD/DVD drive. - -- Do not enable the Remote Display server. - -- Enable PAE/NX (NX is a security feature). - -- Disable Advanced Configuration and Power Interface (ACPI). This one is done running the following command ```VBoxManage modifyvm "vm-id" --acpi on|off``` - -- Do not attach USB devices. - -- Disable the USB controller which is enabled by default. Set the Pointing Device to "PS/2 Mouse" or changes will revert. - -Finally, also follow this recommendation to desync the clock you are your VM compared to your host OS [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Network_Time_Synchronization) - -This offset should be within a 60000-millisecond range and should be different for each VM and here are some examples (which can be later applied to any VM): - -- ```VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset -35017``` - -- ```VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset +27931``` - -- ```VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset -35017``` - -- ```VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931``` - -Also, consider applying these mitigations from VirtualBox to mitigate Spectre[^356]/Meltdown[^357] vulnerabilities by running this command from the VirtualBox Program Directory. All of these are described here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (be aware these can impact severely the performance of your VMs but should be done for best security). - -Finally, consider the security advice from Virtualbox themselves here [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/manual/ch13.html) - -### Tor over VPN: - -**Skip this step if you do not intend to use Tor over VPN and only intend to use Tor or cannot.** - -If you intend to use Tor over VPN for any reason. You first must configure a VPN service on your host OS. - -Remember that in this case, we recommend having two VPN accounts. Both paid with cash/Monero (see [Appendix O: Getting an anonymous VPN/Proxy]). One will be used in the Host OS for the first VPN connection. The other could be used in the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN). - -If you intend to only use Tor over VPN, you only need one VPN account. - -See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] for instructions. - -### Whonix Virtual Machines: - -**Skip this step if you cannot use Tor.** - -- Start Virtualbox on your Host OS. - -- Import Whonix file Into Virtualbox following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) - -- Start the Whonix VMs - -Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should consider connecting using Bridges as explained in this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges). - -- Update the Whonix VMs by following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Operating_System_Software_and_Updates) - -- Shutdown the Whonix VMs - -- Take a snapshot of the updated Whonix VMs within Virtualbox (select a VM and click the Take Snapshot button). More on that later. - -- Go to the next step - -**Important Note: You should also read these very good recommendations over there ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) **as most of those principles will also apply to this guide. You should also read their general documentation here ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **which will also provide tons of advice like this guide.** - -### Pick your guest workstation Virtual Machine: - -Using Whonix/Linux will require more skills on your side as these are Linux distributions. You will also encounter more difficulties if you intend to use specific software that might be harder to use on Whonix/Linux. Setting up a VPN over Tor on Whonix will also be more complicated than on Windows as well. - -#### If you can use Tor: - -You can decide if you prefer to conduct your sensitive activities from the Whonix Workstation provided in the earlier section **(highly recommended)** or from a Custom VM that will use the Whonix Gateway like the Whonix Workstation (less secure but might be required depending on what you intend to do). - -#### If you cannot use Tor: - -If you cannot use Tor, you can use a Custom VM of your choice that will ideally use an anonymous VPN, if possible, to then connect to the Tor network. Or you could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -### Linux Virtual Machine (Whonix or Linux): - -#### Whonix Workstation **(recommended and preferred)**: - -**Skip this step if you cannot use Tor.** - -Just use the provided Whonix Workstation VM. **It is the safest and most secure way to go on this route.** - -**It is also the only VM that will provide Stream Isolation pre-configured for most apps by default**[^358]**.** - -If you want additional software on the Workstation (such as another Browser), follow their guide here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) - -Consider running Whonix in Live Mode if for extra malware protection, See [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) - -Do not forget to apply the VM hardening recommendations here: [Virtualbox Hardening recommendations]. - -Consider using AppArmor on your Whonix Workstations by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) - -#### Linux (any distro): - -**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) - -##### If you can use Tor (natively or over a VPN): - -Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. - -Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. - -Consider hardening the VM as recommended in [Hardening Linux]. - -##### If you cannot use Tor: - -Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. You could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -##### Choose a browser within the VM: - -This time, we will recommend Brave browser. - -See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] - -See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. - -### Windows 10/11 Virtual Machine: - -**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) - -#### Windows 10 and 11 ISO download: - -Go with the Official Windows 10/11 Pro VM and harden it yourself: see [Appendix C: Windows Installation Media Creation][306] and go with the ISO route. - -#### If you can use Tor (natively or over a VPN): - -Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. - -##### Install: - -- Shut down the Whonix Gateway VM (this will prevent Windows from sending out telemetry and allow you to create a local account). - -- Open Virtualbox - -- Select Machine > New > Select Windows 10 or Windows 11 64bit - -- Allocate a minimum amount of 2GB for Windows 10 and 4GB for Windows 11 - -- Create a Virtual Disk using the VDI format and select Dynamically Allocated - -- Keep the disk size at 50GB for Windows 10 and 80GB for Windows 11 (this is a maximum; it should not reach that much) - -- Make sure PAE/NX is enabled in System > Processor - -- Select the VM and click Settings, Go into the Network Tab - -- Select "Internal Network" in the "Attached to" Field and select Whonix. - -- Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 - -- Click on "Choose a disk file" and select the Windows ISO you previously downloaded - -- Click ok and start the VM - -- Virtualbox will prompt you to either push a button to boot the ISO or ask you what to boot, select the ISO or click. - -- Follow the steps in [Appendix A: Windows Installation] - -- Start the Whonix Gateway VM - -##### Network Settings: - -- Back to your Windows - -- Windows 10: Go back into Settings then Network & Internet. Windows 11: Go into settings, click the upper left menu and pick "Network and Internet" - -- Windows 10: Click Properties (Below Ethernet). Windows 11: Click Ethernet - -- Windows 10: Edit IP settings. Windows 11: Edit IP assignment. - -- Windows 10: Enable IPv4 and set the following, Windows 11: Switch from DHCP to Manual and set the following: - - - IP address ```10.152.152.50``` (increase this IP by one for any other VM) - - - Subnet prefix length ```18``` (```255.255.192.0```) - - - Gateway ```10.152.152.10``` (this is the Whonix Gateway) - - - (Windows 10) DNS ```10.152.152.10``` (this is again the Whonix Gateway) - - - (Windows 11) exit the IP assignment and select DNS server assignment and set it to ```10.152.152.10``` (this is again the Whonix Gateway) - - - Save - -- Windows might prompt you if you want to be "discoverable" on this network. Click NO. Always stay on a "public network" if prompted. - -**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** - -#### If you cannot use Tor: - -See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -##### Install: - -- Open Virtualbox - -- Select Machine > New > Select Windows 10 or 11 64bit - -- Allocate a minimum amount of 4GB of RAM for 11 , 2GB of RAM for 10. - -- Create a Virtual Disk using the VDI format and select Dynamically Allocated - -- In the System/Processor tab, make sure PAE/NX is enabled. - -- Keep the disk size at 80GB for 11, 50GB for 10 (this is a maximum; it should not reach that much) - -- Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 - -- Click on "Choose a disk file" and select the Windows ISO you previously downloaded - -- Click ok and start the VM - -- Virtualbox will prompt you to either push a button to boot the ISO or ask you what to boot, select the ISO or click. - -- Follow the steps in [Appendix A: Windows Installation] - -##### Network Settings: - -- Windows will prompt you if you want to be discoverable on this network. Click NO. - -**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** - -#### Choose a browser within the VM: - -This time, we will recommend Brave browser. - -See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] - -See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. - -#### Additional Privacy settings in Windows 10/11: - -See [Appendix B: Windows Additional Privacy Settings] - -### Android Virtual Machine: - -Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network connectivity. But this can also be set up as VPN over Tor over VPN - -#### If you can use Tor (natively or over a VPN): - -Later in the VM settings during creation, go into Network and select Internal Network, Whonix. - -Then on Android itself: - -- Select Wi-Fi - -- Select VirtWifi to connect - -- Go into the advanced Wi-Fi properties - -- Switch from DHCP to Static - - - IP address ```10.152.152.50``` (increase this IP by one for any other VM) - - - Subnet prefix length ```18``` (```255.255.192.0```) - - - Gateway ```10.152.152.10``` (this is the Whonix Gateway) - - - DNS ```10.152.152.10``` (this is again the Whonix Gateway) - -#### If you cannot use Tor: - -Just use the tutorials as is and see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -#### Installation: - -Two possibilities: AnBox or Android-x86 - -Personally, We would recommend AnBox over Android-x86 but it requires Linux - -##### AnBox: - -Basically follow the tutorial here for installing AnBox on the Whonix Workstation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) for running Android Applications within an AnBox VM. - -Or follow the instructions here to install on any other VM **(Linux Only)** - -##### Android-x86: - -Basically, follow the tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html) - -- Download the ISO file of your choice - -- Create a New VM. - -- Select Linux and Linux 2.6 / 3.x / 4.x 64 Bit. - -- In System: - - - Allocate at least 2048MB (2GB) memory - - - Uncheck the Floppy drive - - - In the Processor Tab, select at least 1 or more CPUs - - - Enable PAE/NX - -- In Display Settings, Change the adapter to VBoxVGA - -- In Audio Settings, Change to Intel HD Audio - -- Start the VM - -- Select Advanced if you want persistence, Live if you want a disposable Boot (and skip the next steps). - -- Select Auto Install on Selected Hard Disk - -- Select Run Android - -- Set up as you wish (disable all prompts for data collections). **I recommend using the TaskBar Home.** - -- Go into Settings, Android-x86 Options, and disable all collections. - -- Connect to VirtWifi Wi-Fi Network **(see the above section if you are behind Whonix and want to use Tor)** - -You are now done and can now install any Android app. - -### macOS Virtual Machine: - -Yes, you can actually run macOS within Virtualbox (on Windows/Linux/macOS host systems) if you want to use macOS. You can run any version of macOS you want. - -#### If you can use Tor (natively or over a VPN): - -During the following tutorials, before starting the macOS VM, make sure you do put the macOS VMs on the Whonix Network. - -- Select the VM and click Settings, Go into the Network Tab - -- Select "Internal Network" in the "Attached to" Field and select Whonix - -Afterward, and during the install, you will need to input an IP address manually to connect through the Whonix Gateway. - -Use these settings when prompted in the macOS installation process: - -- IP address ```10.152.152.50``` (increase this IP by one for any other VM) - -- Subnet prefix length ```18``` (```255.255.192.0```) - -- Gateway ```10.152.152.10``` (this is the Whonix Gateway) - -- DNS ```10.152.152.10``` (this is again the Whonix Gateway) - -#### If you cannot use Tor: - -Just use the tutorials as is and see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -#### Installation: - -- Windows Host OS: - - - Virtualbox Catalina Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/) - - - Virtualbox Big Sur Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/) - - - Virtualbox Monterey Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-monterey-on-virtualbox/) - -- macOS Host OS: - - - Just use the same tutorials as above but execute the various commands in the terminal. It should work without issue. - -- Linux Host OS: - - - Just use the same tutorials as above but execute the various commands in the terminal. It should work without issue. - -There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage...) without a genuine ID. You can set such IDs using this script: [[Archive.org]](https://web.archive.org/web/https://github.com/myspaghetti/macos-virtualbox) but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal). - -Note: We also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configurationWeused which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead: - -- ```VBoxManage modifyvm "macOSCatalina" ---cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff``` - -- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBookPro15,1" ``` - -- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-551B86E5744E2388"``` - -- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"``` - -- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1``` - -- ```VBoxManage modifyvm "macOSCatalina" --cpu-profile "Intel Core i7-6700K"``` - -- ```VBoxManage setextradata "macOSCatalina" VBoxInternal2/EfiGraphicsResolution 1920x1080``` - -#### Hardening macOS: - -Refer to [Hardening macOS]. - -#### Choose a browser within the VM: - -This time, we will recommend Brave browser. - -See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] - -See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. - -### KeepassXC: - -You will need something to store your data (logins/passwords, identities, and TOTP[^359] information). - -For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^360] authentication with the authenticator feature. - -Remember this should ideally be installed on your Guest VM and not on your Host OS. You should never do any sensitive activities from your Host OS. - -Here are the tutorials: - -- Tails: KeePassXC is integrated by default - -- Whonix: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Keepassxc) - -- Linux: - - - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) - -- Windows: - - - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) - -- macOS: - - - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) - -Test that KeePassXC is working before going to the next step. - -### VPN client installation (cash/Monero paid): - -**If you decided to not use a cash-paid VPN and just want to use Tor, skip this step.** - -**If you cannot use a VPN at all in a hostile environment, skip this step.** - -Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] to install a VPN client on your client VM. - -This should conclude the Route and you should now be ready. - -#### About VPN Client Data Mining/Leaks: - -You might be asking yourself if those VPN clients are trustworthy not to leak any information about your local environment to the VPN provider when using them in the "VPN over Tor" context. - -This is a valid concern but should be taken with a grain of salt. - -Remember that all VPN activities are happening from a sandboxed VM on an internal network behind a Network Gateway (the Whonix Gateway). It does not matter much if the VPN client leaves some identifiers on your guest VM. The guest VM is still sandboxed and walled-off from the Host OS. The attack surface is small especially when using the reputable and recommended VPN providers within the guides (iVPN, Mullvad, Proton VPN, and maybe Safing.io). - -At best, the VPN client would know your local IP (internal IP) and some randomized identifiers but should not be able to get anything from the Host OS. And in theory, the VPN client should not send any telemetry back to the VPN provider. If your VPN client does this or asks this, you should consider changing the provider. - -### (Optional) VM kill switch: - -This step will allow you to configure your Host OS so that only the Whonix Gateway VM will have access to the internet. This will therefore prevent any "leak" from your Host OS while letting the Whonix Gateway establish the tor connectivity. The other VMs (Whonix Workstation or any other VM you installed behind it will not be affected) - -There are three ways to do this: - -- The Lazy Way (not really recommended): not supported by Whonix and might have some security implications as you will expose the Whonix Gateway VM to the Public Wi-Fi network. We would recommend against this unless you are in a hurry or very lazy. - - - **This method will not work with Wi-Fi captive portals requiring any registration to connect.** - -- The Better Way (see further down): still not supported by Whonix but it will not expose the Whonix Gateway VM to the Public Wi-Fi network. This should keep things in check in terms of security. - -- The Best Way: Using an external USB Wi-Fi dongle and just disabling Wi-Fi on the Host OS/Computer. - -#### The Lazy Way (**not supported by Whonix** but it will work if you are in a hurry, see further for the better way): - - -**This way is not supported by the Whonix project**[^361] but I will go ahead and give this option anyway. This is helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs. - -**Note that this option as-is will only work on Wi-Fis without a captive portal (where you must enter some information to unlock access).** - -The illustration below shows the result of this step: - -![image29](media/image29.png) - -##### Configuration of the Whonix Gateway VM: - -For this to work, we will need to change some configurations on the Whonix Gateway VM. we will need to add a DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will still have to have internet access allowed for now. - -So here is how: - -- Be sure to have your Host OS connected to a safe Wi-Fi. - -- Through VirtualBox, start the Whonix Gateway VM - -- Start a Terminal on the VM - -- Install a DHCP client on the Whonix Gateway VM using the following command: - - - ```sudo apt install dhcpcd5``` - -- Now edit the Whonix Gateway VM network configuration using the following command: - - - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` - -- Within the file change the following lines: - - - ```# auto eth0``` to ```auto eth0``` - - - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` - - - ```iface eth0 inet static``` to ```# iface eth0 inet static``` - - - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` - - - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` - - - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` - -- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu - -- Go into the VirtualBox Application and select the Whonix Gateway VM - -- Click Settings - -- Click the Network Tab - -- For Adapter 1, change the "Attached To" value from "NAT" to "Bridged Adapter" - -- As "Name", select your Wi-Fi network Adapter - -- Click OK and you are done with the VM configuration part - -##### Configuration of the Host OS: - -Now you must block internet access from your Host OS while still allowing the VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi association to get an IP address. - -###### Windows Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open an administrative command prompt (right-click on Command Prompt and Run as Administrator) - -- Run the following command: ```route delete 0.0.0.0``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -###### Linux Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open a Terminal - -- Run the following command: ```sudo ip route del default``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -###### macOS Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open a Terminal - -- Run the following command: ```sudo route delete default``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -#### The Better Way (recommended): - -This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive Portal where you need to enter some information to access the internet. - -Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. - -This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge. - -For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. - -Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. - -Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. - -This is how it will look at the end: - -![image30](media/image30.png) - -##### Installing XUbuntu VM: - -XUbuntu was picked due the performance of XFCE. - -Make sure you are connected to a safe Wi-Fi for this operation. - -First, you will need to download the latest XUbuntu Stable release ISO from - -When you are done with the download, it is time to create a new VM: - -- Start VirtualBox Manager - -- Create a new VM and name it as you want, for example, "XUbuntu Bridge" - -- Select type "Linux" - -- Select Version "Ubuntu (64-bit)" - -- Leave other options to default and click Create - -- On the next screen, leave the default options and click Create - -- Select the newly create VM and click Settings - -- Select Network - -- For Adapter 1, Switch to Bridged Mode and pick your Wi-Fi adapter in the Name - -- Select Adapter 2 and enable it - -- Attach it to "Internal Network" and name it "XUbuntu Bridge" - -- Select Storage - -- Select the Empty CD drive - -- On the right side, click the CD icon and select "Choose a disk file" - -- Select the ISO of XUbuntu you previously downloaded and Click Ok - -- Start the VM - -- Select Start XUbuntu - -- Select Install XUbuntu - -- Pick your Keyboard Layout and click Continue - -- Select Minimal Installation and Download Updates while installing XUbuntu - -- Select Erase Disk and install XUbuntu and click Install Now - -- Select the Time Zone of your choice and click Continue - -- Pick some random names unrelated to you (my favorite username is "NoSuchAccount") - -- Pick a password and require a password to login - -- Click Continue and wait for the install to finish and Restart - -- When you are done rebooting, log-in - -- Click the upper right connection icon (it looks like two rotating spheres) - -- Click Edit Connections - -- Select Wired Connection 2 (Adapter 2 previously configured in VirtualBox settings) - -- Select the IPv4 Tab - -- Change the Method to "Shared to other computers" and click Save - -- You are now done setting up the XUbuntu Bridge VM - -##### Configuring the Whonix Gateway VM: - -By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you configured earlier: - -- Through VirtualBox, start the Whonix Gateway VM - -- Start a Terminal on the VM - -- Install a DHCP client on the Whonix Gateway VM using the following command: - - - ```sudo apt install dhcpcd5``` - -- Now edit the Whonix Gateway VM network configuration using the following command: - - - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` - -- Within the file change the following lines: - - - ```# auto eth0``` to ```auto eth0``` - - - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` - - - ```iface eth0 inet static``` to ```# iface eth0 inet static``` - - - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` - - - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` - - - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` - -- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu - -- Go into the VirtualBox Application and select the Whonix Gateway VM - -- Click Settings - -- Click the Network Tab - -- For Adapter 1, change the "Attached To" value from "NAT" to "Internal Network" - -- As "Name", select the internal network "XUbuntu Bridge" you created earlier and click OK - -- Reboot the Whonix Gateway VM - -- From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should be) - -- You are done configuring the Whonix Gateway VM - -##### Configuration of the Host OS: - -Now you must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will then use your Wi-fi association to get an IP address. - -If necessary, from the XUbuntu Bridge VM, you will be able to launch a Browser to enter information into any captive/registration portal on the Wi-Fi network. - -Only the XUbuntu Bridge VM should be able to access the internet. The Host OS will be limited to local traffic only. - -###### Windows Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open an administrative command prompt (right-click on Command Prompt and Run as Administrator) - -- Run the following command: ```route delete 0.0.0.0``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. - -- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -###### Linux Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open a Terminal - -- Run the following command: ```sudo ip route del default``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. - -- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -###### macOS Host OS: - -The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - -- First, connect to the safe Wi-Fi of your choice - -- Open a Terminal - -- Run the following command: ```sudo route delete default``` (this deletes the Gateway from your IP configuration) - -- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi - - - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. - -- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). - -- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. - -- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. - -- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. - -#### The best way: - -This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive Portal where you need to enter some information to access the internet. Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. This option is the best because the network will be completely disabled on the Host OS from booting up. - -This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi network. **This option requires a working USB Wi-Fi Dongle that will be passed through to a bridge VM.** - -For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. - -Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. - -Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. - -This is how it will look at the end: - -![image31](media/image31.png) - -##### Configuration of the Host OS: - -- Disable Networking on your Host OS completely (Turn off the on-board Wi-Fi completely) - -- Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public Wi-Fi. This should be easy and automatically installed by any recent OS (Windows 10/11, macOS, Linux). - -##### Configuring the Whonix Gateway VM: - -By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you will configure later, on a Bridge VM: - -- Through VirtualBox, start the Whonix Gateway VM - -- Start a Terminal on the VM - -- Install a DHCP client on the Whonix Gateway VM using the following command: - - - ```sudo apt install dhcpcd5``` - -- Now edit the Whonix Gateway VM network configuration using the following command: - - - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` - -- Within the file change the following lines: - - - ```# auto eth0``` to ```auto eth0``` - - - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` - - - ```iface eth0 inet static``` to ```# iface eth0 inet static``` - - - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` - - - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` - - - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` - -- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu - -##### Installing XUbuntu VM: - -Make sure you are connected to a safe Wi-Fi for this operation. - -First, you will need to download the latest XUbuntu Stable release ISO from - -When you are done with the download, it is time to create a new VM: - -- Disconnect your host OS from the Wi-Fi you previously connected to with the dongle and forget the network. - -- Start VirtualBox Manager - -- Create a new VM and name it as you want, for example, "XUbuntu Bridge" - -- Select type "Linux" - -- Select Version "Ubuntu (64-bit)" - -- Leave other options to default and click Create - -- On the next screen, leave the default options and click Create - -- Select the newly create VM and click Settings - -- Select Network - -- For Adapter 1, Attach it to "Internal Network" and name it "XUbuntu Bridge" - -- Select Storage - -- Select the Empty CD drive - -- On the right side, click the CD icon and select "Choose a disk file" - -- Select the ISO of XUbuntu you previously downloaded and Click Ok - -- Select the USB Tab - -- On the right side, click the USB icon with a + sign (the second from the top) - -- Select the Wi-Fi Adapter Dongle from the list and make sure it is checked (leave the USB options to default) - -- Start the VM - -- Select Start XUbuntu - -- Select Install XUbuntu - -- Pick your Keyboard Layout and click Continue - -- Select Minimal Installation and do not check the Download Updates during the install option - -- Select Erase Disk and install XUbuntu and click Install Now - -- Select the Time Zone of your choice and click Continue - -- Pick some random names unrelated to you (my favorite username is "NoSuchAccount") - -- Pick a password and require a password to login - -- Click Continue and wait for the install to finish and Restart - -- When you are done rebooting, log-in - -- Click the upper right connection icon (it looks like two rotating spheres) - -- Click Edit Connections - -- Select Wired Connection 1 (normally there should only be one) - -- Select the IPv4 Tab - -- Change the Method to "Shared to other computers" and click Save - -- Again, click the upper right connection icon - -- Connect to the safe Wi-Fi of your choice and if necessary, input the necessary information into a Captive Portal. - -- You are now done setting up the XUbuntu Bridge VM - -At this stage, your Host OS should have no network at all and your XUbuntu VM should have a fully working Wi-Fi connection and this Wi-Fi connection will be shared to the Internal Network "XUbuntu Bridge". - -##### Additional configuration of the Whonix Gateway VM: - -Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM you just made on the earlier step: - -- Go into the VirtualBox Application and select the Whonix Gateway VM - -- Click Settings - -- Click the Network Tab - -- For Adapter 1, change the "Attached To" value from "NAT" to "Internal Network" - -- As "Name", select the internal network "XUbuntu Bridge" you created earlier and click OK - -- Reboot the Whonix Gateway VM - -- From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should be) - -- You are done configuring the Whonix Gateway VM - -At this stage, your Whonix Gateway VM should be getting internet access from the XUbuntu Bridge VM which in turn is getting internet access from the Wi-Fi Dongle and sharing it. Your Host OS should have no network connectivity at all. - -All the VMs behind the Whonix Gateway should now work fine without additional configuration. - -### Final step: - -**Take a post-install VirtualBox snapshot of your VMs.** - -You are done and can now skip the rest to go to the [Getting Online][Getting Online:] part. - -## The Qubes Route: - -**Note that the guide has been updated to Qubes OS 4.1** - -As they say on their website, Qubes OS is a reasonably secure, free, open-source, and security-oriented operating system for single-user desktop computing. Qubes OS leverages and extensively uses Xen-based virtualization to allow for the creation and management of isolated compartments called Qubes. - -Qubes OS is not a Linux distribution[^362] but a Xen distribution. It is different from Linux distributions because it will make extensive use of Virtualization and Compartmentalization so that any app will run in a different VM (Qube). As a bonus, Qubes OS integrates Whonix by default and allows for increased privacy and anonymity. It is highly recommended that you document yourself over Qubes OS principles before going this route. Here are some recommended resources: - -- Qubes OS Introduction, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/intro/) - -- Qubes OS Video Tours, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/video-tours/) - -- Qubes OS Getting Started, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/getting-started/) - -- YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation [[Invidious]](https://yewtu.be/watch?v=8cU4hQg6GvU) - -- YouTube, We used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]](https://yewtu.be/watch?v=sbN5Bz3v-uA) - -- YouTube, Qubes OS: How it works, and a demo of this VM-centric OS [[Invidious]](https://yewtu.be/watch?v=YPAvoFsvSbg) - -This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org. - -Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements [[Archive.org]](https://yewtu.be/watch?v=sbN5Bz3v-uA), the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. - -The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require and allocate a certain amount of memory that will not be available for other apps. If you are running native Windows apps within Qubes OS Qubes, the ram overhead will be significant. - -You should also check their hardware compatibility here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/hcl/) before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself. - -I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide [plausible deniability](https://en.wikipedia.org/wiki/Plausible_deniability) [[Wikiless]](https://wikiless.org/wiki/Plausible_deniability), unlike the Whonix route. - -### Pick your connectivity method: - -There are seven possibilities within this route: - -- **Recommended and preferred:** - - - **Use Tor alone (User > Tor > Internet)** - - - **Use VPN over Tor (User > Tor > VPN > Internet) in specific cases** - - - **Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) in specific cases** - -- Possible if required by context: - - - Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) - - - Use Tor over VPN (User > VPN > Tor > Internet) - -- Not recommended and risky: - - - Use VPN alone (User > VPN > Internet) - - - Use VPN over VPN (User > VPN > VPN > Internet) - -- **Not recommended and highly risky (but possible)** - - - No VPN and no Tor (User > Internet) - -![image23](media/image23.png) - -#### Tor only: - -This is the preferred and most recommended solution. - -![image32](media/image32.png) - -With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases. - -There is one main drawback tho: **Some services block/ban Tor Exit nodes outright and will not allow account creations from those.** - -To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section. - -#### VPN/Proxy over Tor: - -This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). - -This solution can be achieved in two ways: - -- Paid VPN over Tor (easiest) - -- Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas but requiring more skills with Linux) - -As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN account connecting to their services from a Tor Exit node. - -![image33](media/image33.png) - -If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity. - -If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. - -**This solution however has one main drawback to consider: Interference with Tor Stream Isolation**[^364]. - -Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is: - -![image26](media/image26.png) - -(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) - -VPN/Proxy over Tor falls on the right-side[^365] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: - -- When your destination service does not allow Tor Exit nodes. - -- When you do not mind using a shared Tor circuit for various services. For instance for using various authenticated services. - -**You should however consider not using this method when your aim is just to browse random various unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks easier for an adversary between each of your sessions (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]).** - -More information at: - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) - -- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) - -#### Tor over VPN: - -You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? - -- Disadvantages - - - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if needed. We do not trust them. Prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. - - - This would result in you connecting to various services using the IP of a Tor Exit Node which is banned/flagged in many places. It does not help in terms of convenience. - -- Advantages: - - - **The main advantage is that if you are in a hostile environment where Tor access is impossible/dangerous/suspicious, but VPN is okay.** - - - This method also does not break Tor Stream isolation. - -Note, if you're having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). - -It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). - -This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. - -Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route. - -Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity. - -#### VPN only: - -This route will not be explained nor recommended. - -**If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.** - -Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the second one will still know you were using that other first VPN service. This will only slightly delay your de-anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de-anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. - -For more info, please see the following references: - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) - -- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) - -- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) - -- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) - -**In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** - -#### No VPN/Tor: - -If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high. - -Just do not, it is not worth it and too risky. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes. - -Do not forget to check back on [Adversaries (threats)] and [Appendix S: Check your network for surveillance/censorship using OONI]. - -If you have absolutely no other option and still want to do something, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] **(at your own risk).** - -#### Conclusion: - -| Connection Type | Anonymity | Ease of Access to online resources | Tor Stream isolation | Safer where Tor is suspicious/dangerous | Speed | Cost | Recommended | -|------------------------------------|-----------|------------------------------------|----------------------|-----------------------------------------|------------|---------------------------|--------------------------------------------------| -| Tor Alone | **Good** | **Medium** | **Possible** | **No** | **Medium** | **Free** | **Yes** | -| Tor over VPN | **Good+** | **Medium** | **Possible** | **Yes** | **Medium** | **Around 50€/y** | **If needed (Tor inaccessible)** | -| Tor over VPN over Tor | **Best** | **Medium** | **Possible** | **Yes** | **Poor** | **Around 50€/y** | **Yes** | -| VPN over Tor | **Good-** | **Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | -| Self-Hosted VPS VPN/Proxy over Tor | **Good-** | **Very Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | -| VPN/Proxy over Tor over VPN | **Good-** | **Good** | **No** | **Yes** | **Poor** | **Around 100€/y** | **If needed (convenience and Tor inaccessible)** | -| VPN/Proxy Alone | **Bad** | **Good** | **N/A** | **Yes** | **Good** | **Around 50€/y** | **No** | -| No Tor and VPN | **Bad** | **Unknown** | **N/A** | **No** | **Good** | **Around 100€ (Antenna)** | **No. At your own risk.** | - -Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor remains the best solution for anonymity and must be somewhere for anonymity. - -- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. - - - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). - -- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** - -- If cost is an issue, we recommend the Tor Only option if possible. - -- If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -For more information, you can also see the discussions here that could help decide yourself: - -- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) - -- Tails Documentation: - - - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) - - - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) - -- Whonix Documentation (in this order): - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) - - - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) - -- Some papers on the matter: - - - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) - -### Getting an anonymous VPN/Proxy: - -**Skip this step if you want to use Tor only or VPN is not an option.** - -See [Appendix O: Getting an anonymous VPN/Proxy] - -### Note about Plausible Deniability: - -Qubes OS uses LUKS for full disk encryption and it is technically possible to achieve a form of deniability by using detached LUKS headers. This is not yet integrated into this guide but you will find an evolving tutorial on how to achieve this here: and some more background information within the Linux Host OS section (see [Note about plausible deniability on Linux]). - -### Installation: - -You will follow the instructions from their own guide [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/installation-guide/): - -(Secure Boot is not supported as per their FAQ: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) so it should be disabled in the BIOS/UEFI settings.) - -- Download the latest Qubes OS 4.1.x installation ISO according to their hardware compatibility list. - -- Get and verify the Qubes OS Master Signing key: - -- Prepare a USB key with the Qubes OS ISO file - -- Install Qubes OS according to the installation guide: - - - **If you want to use Tor or VPN over Tor: Check the** "**Enabling system and template updates over the Tor anonymity network using Whonix" during the last step. This will force all Qubes OS updates to go through Tor. While this will significantly reduce your update speed, it will increase your anonymity from the start.** (If you are having issues connecting to Tor due to censorship or blocking, consider using Tor Bridges as recommended earlier. Just follow the tutorial provided here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)) - - - If you want to use Tor over VPN or cannot use any of those, leave it unchecked. - - - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/). Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though you know you are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. - -- If you are prevented from using Tor, there is no point in installing the Whonix VM templates. You can disable Whonix installation during the post-installation, initial setup wizard. - -To be sure your Qubes ISO hasn't been tampered with, you should get the Qubes master key fingerprint from multiple different sources. This guide can be used as one source. - -The Qubes master signing key fingerprint should match `427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494`. - -*Remember to read the guide to verifying signatures on the Qubes website: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/).* - -### Lid Closure Behavior: - -Unfortunately, Qubes OS does not support hibernation[^366] which is an issue regarding cold-boot attacks. To mitigate those, I highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features. - -### Anti Evil Maid (AEM): - -**Warning**, this step only works with Intel CPUs, a legacy BIOS, TPM 1.2. If you do not meet those requirements, skip this step. - -Anti Evil Maid is an implementation of a TPM-based static trusted boot with a primary goal to prevent Evil Maid attacks. Installing and using AEM requires attaching a USB drive directly to dom0. So the user must make a choice between protecting dom0 from a potentially malicious USB drive, and protecting the system from Evil Maid attacks. Note that AEM is only compatible with Intel CPUs and Legacy boot options. - -The preference for mitigating any evil maid attack is to maintain physical control of your device at all times. If that is not possible, then this might be relevant to your threat model. - -Before deciding to use this system, please read [Appendix B4: Important notes about evil-maid and tampering] - -See the following links for more details and installation instructions: - -- [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/anti-evil-maid/) - -- [[Archive.org]](https://web.archive.org/web/https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html) - -- [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) - -### Connect to a Public Wi-Fi: - -Remember this should be done from a safe place (see [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:] and [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]): - -- In the upper right corner, Left-click the network icon and note the Wi-Fi SSID you want to connect to - -- Now right-click the network icon and select Edit Connections - -- Add one using the + sign - -- Select Wi-Fi - -- Enter the SSID of the desired network you noted before (if needed) - -- Select Cloned Mac Address - -- Select Random to randomize your Mac Address - - - **Warning: This setting should work in most cases but can be unreliable on some network adapters. Please refer to this documentation if you want to be sure: ** [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md) - -- Save - -- Now again Left-click the connection account and connect to the desired Wi-Fi - -- If this is an Open Wi-Fi requiring registration: You will have to start a browser to register - - - After you are connected, Start a Disposable Fedora Firefox Browser - - - Go into the upper left Menu - - - Select Disposable, Fedora, Firefox - - - Open Firefox and register (anonymously) into the Wi-Fi - -### Upgrading Qubes OS from 4.0.x to 4.1.x (you should do it) - -Personally, we wouldn't do it in-place and do a fresh install. - -But if you really want to, it's technically possible by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/) - -### Updating Qubes OS: - -After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You must keep Qubes OS always updated before conducting any sensitive activities. Especially your Browser VMs. Normally, Qubes OS will warn you about updates in the upper right corner with a gear icon. As this might take a while in this case due to using Tor, you can force the process by doing the following: - -- Click the upper left Applications icon - -- Select Qubes Tools - -- Select Qubes Update - -- Check the "Enable updates for Qubes without known available updates" - -- Select all the Qubes - -- Click Next and wait for updates to complete - -- If you checked the Tor option during install, be patient as this might take a while over Tor - -### Upgrading Whonix from version 15 to version 16: - -Again, you should really do this ASAP. We would use a fresh install but it's technically possible to do it in-place, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16) - -Follow the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/Install). *If you're running Qubes 4.1.x, this is already done for you.* - -### Hardening Qubes OS: - -**Disclaimer: This section is under construction and will be worked on heavily in the next releases. This section is for more advanced users.** - -#### Application Sandboxing: - -While Qubes OS is already sandboxing everything by design, it is also useful to consider sandboxing apps themselves using AppArmor or SELinux. - -##### AppArmor: - -"AppArmor is a Mandatory Access Control framework. When enabled, AppArmor confines programs according to a set of rules that specify what files a given program can access. This initiative-taking approach helps protect the system against both known and unknown vulnerabilities" (Debian.org). - -Basically, AppArmor[^367] is an application sandboxing system. By default, it is not enabled but supported by Qubes OS. - -- About the Fedora VMs: - - - Fedora does not use AppArmor but rather SELinux so see the next section for that. - -- About the Debian VMs: - - - Head out and read [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) - -- About any other Linux VM: - - - Head out and read: - - - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/AppArmor) - - - [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) - -- About the Whonix VMs, you should consider enabling and using AppArmor, especially on the Whonix VMs of Qubes OS: - - - First, you should head out and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) - - - Secondly, you should head out again and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) - -##### SELinux: - -SELinux[^368] is similar to AppArmor. The differences between SELinux and AppArmor are technical details into which we will not get. - -Here is a good explanation of what it is: [[Invidious]](https://yewtu.be/watch?v=_WOKRaM-HI4) - -In this guide and the context of Qubes OS, it is important to mention it as it is the recommended method by Fedora which is one of the default systems on Qubes OS. - -So, head out and read [[Archive.org]](https://web.archive.org/web/https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/) - -You could make use of SELinux on your Fedora Templates. But this is up to you. Again, this is for advanced users. - -### Setup the VPN ProxyVM: - -**Skip this step if you do not want to use a VPN and just use Tor only or if VPN is not an option either.** - -This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or Proton VPN for instance). - -This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md)). If you are familiar with this process, you can follow their tutorial. - -Alternatively, Mullvad also have a help article that guides you through setting up a Proxy VM [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/). - -#### Create the ProxyVM: - -- Click the Applications icon (upper left corner) - -- Click Create Qubes VM - -- Name and label as you wish: I suggest "VPNGatewayVM" - -- Select Type: Standalone Qube copied from a template - -- Select Template: Debian-11 (the default) - -- Select Networking: - - - Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) - - - Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN - -- Advanced: Check provides network - -- Check "Start Qube automatically on boot" - -- Create the VM - - - If you are going for VPN over Tor, you need to go into the settings of the ProxyVM you made and select "sys-vpn" for networking. - - An easier way to setup your ProxyVM is to simply run a VPN client on the ProxyVM. - - Usually when you connect to your VPN provider's website, it'll tell you whether your traffic is being properly routed through the VPN. - - - If you are going for Tor over VPN, the opposite should be done, the ProxyVM should have its networking set as "sys-tor" and the "sys-tor" VM should have "sys-vpn" for its networking. - - Test the VM connectivity to the internet by launching a Browser within the ProxyVM. Visit [[Archive.org]](https://web.archive.org/web/https://check.torproject.org/) (It should say you are connected to Tor) - -#### Download the VPN configuration from your cash/Monero paid VPN provider: - -##### If you can use Tor: - -**Using Tor Browser (be careful not to use any Clearnet Browser for this),** download the necessary OpenVPN configuration files for Linux from your VPN provider. - -This can be done by using the Qubes OS integrated Tor Browser by accessing the Applications icon (upper left corner) and selecting the Disposable Tor Browser application. - -##### If you cannot use Tor: - -Launch a browser from a DisposableVM and download the necessary OpenVPN configuration files for Linux from your VPN provider. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option.][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -When you are done downloading the configuration files within the Disposable Browser (usually a zip file), copy them to your ProxyVM VPN Gateway machine (using right-click on the file and send to another AppVM). - -#### Configure the ProxyVM: - -**Skip this step if you are not going to use a VPN** - -- Click the upper left corner - -- Select the VPN VM you just created - -- Open the Files of the VPN VM - -- Go into "Qubesincoming" > dispXXXX (This was your Disposable Browser VM) - -- Double Click your downloaded zip file containing your OpenVPN configuration files to unzip it - -- Now select the VPN VM again and start a terminal - -- Install OpenVPN with the following command ```sudo apt-get install openvpn``` - -- Copy all the OpenVPN configuration files provided by your VPN provider in /etc/openvpn/ - -- For all the OpenVPN configuration files (for each location): - - - Edit each file using ```sudo nano configfile``` (do not forget sudo to edit the file within /etc) - - - Change the protocol from "udp" to "tcp" (Tor does not support UDP) - - - Change the port to a supported (by your VPN provider) TCP port (like 80 or 443) - - - Save and exit each file - -- Edit the OpenVPN config file (/etc/default/openvpn) by typing ```sudo nano /etc/default/openvpn``` - - - Change ```#AUTOSTART="all"``` to ```AUTOSTART="all"``` (in other words, remove the "#") - - - Save and Exit - -- Edit the Qubes firewall rules file (/rw/config/qubes-firewall-user-script) by typing "sudo nano /rw/config/qubes-firewall-user-script" - - - Add the following lines (without the quotes and remarks in parentheses) - - - ```virtualif=10.137.0.17``` - -> (This is the IP of the ProxyVM, this is not dynamic, and you might need to change it at reboot) - -- ```vpndns1=10.8.0.1``` - -> (This is the first DNS server of your VPN provider; it should not change) - -- ```vpndns2=10.14.0.1``` - -> (This is the second DNS server of your VPN provider; it should not change) - -- ```iptables -F OUTPUT``` - -- ```iptables -I FORWARD -o eth0 -j DROP``` - -- ```iptables -I FORWARD -i eth0 -j DROP``` - -- ```ip6tables -I FORWARD -o eth0 -j DROP``` - -- ```ip6tables -I FORWARD -i eth0 -j DROP``` - -> (These will block outbound traffic when the VPN is down, it is a kill switch, more information here [[Archive.org]](https://web.archive.org/web/https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux) ) - -- ```iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT``` - -- ```iptables -A OUTPUT -d 10.14.0.1 -j ACCEPT``` - -> (These will allow DNS requests to your VPN provider DNS to resolve the name of the VPN servers in the OpenVPN configuration files) - -- ```iptables -F PR-QBS -t nat``` - -- ```iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns1``` - -- ```iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns1``` - -- ```iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns2``` - -- ```iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns2``` - -> (These will redirect all DNS requests from the ProxyVM to the VPN provider DNS servers) - -- Restart the ProxyVM by typing "sudo reboot" - -- Test the ProxyVM VPN connectivity by starting a Browser within it and going to your VPN provider test page. It should now say you are connected to a VPN: - - - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/check/) - - - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/) (check the top banner) - - - Proton VPN: Follow their instructions here [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/vpn-ip-change/) - -#### VPN over Tor: - -##### Set up a disposable Browser Qube for VPN over Tor use: - -- Within the Applications Menu (upper left corner), Select the Disposable Fedora VM - -- Go into Qube Settings - -- Click Clone Qube and name it like "sys-VPNoverTor" for example - -- Again, within the Application Menu, Select the Clone you just created - -- Go into Qube Settings - -- Change the Networking to your ProxyVPN created earlier - -- Click OK - -- Start a Browser within the Whonix Workstation - -- Check that you have VPN connectivity, and it should work - -You should now have a Disposable Browser VM that works with your cash/Monero paid VPN over Tor. - -#### Tor Over VPN: - -Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead of sys-firewall: - -- Within the Applications Menu (upper left corner), Select the sys-whonix VM. - -- Go into Qube Settings - -- Change the Networking NetVM to your ProxyVPN created earlier instead of sys-firewall - -- Click OK - -- Create a Whonix Workstation Disposable VM (follow this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/DisposableVM)) - -- Launch a browser from the VM and Check that you have VPN connectivity, and it should work. - -Alternatively, you can also create any other type of disposable VM (but less secure than the Whonix one): - -- Within the Applications Menu (upper left corner), Select the Disposable Fedora VM - -- Go into Qube Settings - -- Click Clone Qube and name it like "sys-TorOverVPN" for example - -- Again, within the Application Menu, Select the Clone you just created - -- Go into Qube Settings - -- Change the Networking to your sys-whonix created earlier - -- Click OK - -- Start a Browser within the VM - -- Check that you have VPN connectivity, and it should work - -You should now have a Disposable Browser VM that works with Tor over a cash/Monero paid VPN. - -#### Any other combination? (VPN over Tor over VPN for instance) - -By now you should understand how easy it is to route traffic from one VM to the other with Qubes. - -You can create several ProxyVMs for VPN accesses and keep the Whonix one for Tor. You just need to change the NetVM settings of the various VMs to change the layout. - -You could have: - -- One VPN ProxyVM for the base Qubes OS connection - -- Use the sys-whonix VM (Whonix Gateway) getting its network from the first ProxyVM - -- A second VPN ProxyVM getting network from sys-whonix - -- Disposable VMs getting their NetVM from the second ProxyVM - -This would result in User > VPN > Tor > VPN > Internet (VPN over Tor over VPN). Experiment for yourself. Qubes OS is great for these things. - -### Setup a safe Browser within Qubes OS (optional but recommended): - -See: [Appendix V: What browser to use in your Guest VM/Disposable VM] - -#### Fedora Disposable VM: - -Within the Applications Menu (upper left), Select the Fedora-36 template: - -- Go into Qube Settings - -- Clone the VM and name it "fedora-36-brave" (this VM template will have Brave) - -- Again, go into the Applications Menu and select the clone you just created - -- Go into Qube Settings - -- Change its network to the ProxyVPN and Apply - -- Launch a terminal from the VM - -If you want to use Brave: apply the instructions from [[Archive.org]](https://web.archive.org/web/https://brave.com/linux/) and run the following commands: - -- ```sudo dnf install dnf-plugins-core``` - -- ```sudo dnf config-manager --add-repo -https://brave-browser-rpm-release.s3.brave.com/x86_64/``` - -- ```sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc``` - -- ```sudo dnf install brave-browser``` - -You should also consider hardening your browser, see [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] - -#### Whonix Disposable VM: - -Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) - -#### Additional browser precautions: - -- See: [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] - -- See: [Appendix A5: Additional browser precautions with JavaScript enabled] - -### Setup an Android VM: - -Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network connectivity. But this can also be set up as VPN over Tor over VPN. - -Since the Android-x86 does not work "well" with Qubes OS (my own experience). We will instead recommend using AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) - -#### If you can use Tor (natively or over a VPN): - -Later in the Qubes settings during creation: - -- Select Networking - -- Change to sys-whonix to put it behind the Whonix Gateway (over Tor). - -#### If you cannot use Tor: - -Just use the tutorials as is. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]. - -#### Installation: - -Basically, follow the tutorial here: - -- Click the Applications icon (upper left corner) - -- Click Create Qubes VM - -- Name and label as you wish: we suggest "Android" - -- Select Type: Standalone Qube copied from a template - -- Select Template: Debian-11 - -- Select Networking: - - - Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) - - - Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN - -- Start the Qube and open a Terminal - -Now you will have to follow the instructions from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox-modules): - -- Start by closing the AnBox Modules repository by running: - - - ```git clone https://github.com/anbox/anbox-modules.git``` - - - Go into the cloned directory - - - Run ```./INSTALL.sh``` (or follow the manual instructions on the tutorial) - -- Reboot the machine - -- Open a new terminal - -- Install Snap by running: - - - ```sudo apt install snapd``` - -Now you will follow their other tutorial from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox/blob/master/docs/install.md): - -- Install AnBox by running: - - - ```snap install --devmode --beta anbox``` - -- To update AnBox later, run: - - - ```snap refresh --beta --devmode anbox``` - -- Reboot the machine - -- Open a terminal again and start the emulator by running: - - - ```anbox.appmgr``` - -This should pop up an Android interface. Sometimes it will crash, and you might have to run it twice to make it work. - -If you want to install apps on this emulator: - -- Install ADB by running: - - - ```sudo apt install android-tools-adb``` - -- First start Anbox (run ```anbox.appmgr```) - -- Grab the APK of any app you want to install - -- Now install any APK by running: - - - ```adb install my-app.apk``` - -That's it, you should now have an Android Qube over Tor (or anything else) capable of running pretty much any App you can sideload with ADB. This is, for now, the easiest way to get Android emulation on Qubes OS. - -### KeePassXC: - -You will need somewhere to store your data (logins/passwords, identities, and TOTP[^369] information). - -For this purpose, KeePassXC is recommended because of its integrated TOTP feature. This is the ability to create entries for 2FA[^370] authentication with the authenticator feature. - -In the context of Qubes OS you should store your sensitive information within the vault Qube: - -- First, click the Applications icon (upper left) and select the vault Qube. - -- Click Qubes Settings - -- Select the Applications tab - -- From the list of available applications, add KeePassXC to the list of selected applications. - -You are done and can now skip the rest to go to the "[Creating your anonymous online identities][Creating new identities:]" part. - -### Tutorial for installing Windows based VMs on Qubes OS: - -See their tutorial here: [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools41.md) - -# Quick note: Correlation vs Attribution - -**Correlation** is a relationship between two or more variables or **[attributes](https://www.digitalshadows.com/blog-and-research/cyber-attacks-the-challenge-of-attribution-and-response/)**. How are attributions determined? During digital forensic and incident response (DFIR), analysts typically look for indicators of compromise (IoCs) following events that call them to act. These indicators usually consist of IP addresses, names, databases; all of which can prescribe a certain behavioral "tag" to an individual or group. This is called attribution. A principal in statistics is that "correlation does not infer causality". What this means is that, while you may leave certain traces on certain areas of a device or network, that only shows presence of action, i.e., not explicitly your presence. It doesn't show who you are, it only resolves that something occurred and *someone* has done *something*. - -Attribution is required to prove fault or guilt, and is the prime reason why people using the Tor network to access the dark web have been compromised: they left traces that were shown to be connected to their real identities. Your IP can be — but is usually not — a large enough indicator to attribute guilt. This is shown in the infamous NotPetya cyber attacks against the U.S., which were later also released upon Ukraine. Though the White House never *said* it was Russia's doing, they attributed the attack to Russia's [(GRU)](https://www.reuters.com/article/us-britain-russia-gru-factbox/what-is-russias-gru-military-intelligence-agency-idUSKCN1MF1VK) which is a direct office housing the Russian deniable warfare[^311] cyber divisions, uncommonly referred to as "spy makers" in the intelligence community (IC). - -_What is the point_, you may ask? Well, bluntly speaking, this a perfect example because NotPetya, which is now undoubtedly the work of Russian cyber operations against foreign countries and governments, has still never been formally attributed to Russia, only to a known group within Russia (colloquially dubbed [Cozy Bear](https://wikiless.org/wiki/Cozy_Bear)) which can not be confirmed nor denied given that it is highly compartmentalized within the structure of Russia's military. And it's also in part because of the efforts used to disguise itself as a common Ransomware, and because it routinely used the servers of hacked foreign assets not linked to Russia or to its internal networks. - -It's all to show you the lengths that state actors will go to. You may not be aware of it, but foreign governments use concealment techniques such as the ones discussed in the sections of this guide. They routinely use Tor, VPNs to conceal traffic; they use hacked devices and access to stolen equipment to perform cyber espionage every day and it makes attribution incredibly difficult, if not improbable, from a forensic examiner's point of view. The problem of correlation is trivial, and you can solve it by simply using IP hiding tools such as a VPN and the Tor network, but still be connected to your IRL name and IP through data leaks or other factors. You can not easily be attributed to your activities if you carefully follow and adopt the given techniques and skills discussed below. - -# Creating your anonymous online identities: - -## Understanding the methods used to prevent anonymity and verify identity: - -### Captchas: - -![image34](media/image34.png)![image35](media/image35.png) - -(Illustrations by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) - -Captcha[^371] stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" are Turing tests[^372] puzzles you need to complete before accessing a form/website. You will mostly encounter those provided by Google (reCAPTCHA service[^373]) and Cloudflare (hCaptcha[^374]). hCaptcha is used on 15% of the internet by their own metrics[^375]. - -They are designed to separate bots from humans but are also clearly used to deter anonymous and private users from accessing services. - -If you often use VPNs or Tor, you will quickly encounter many captchas everywhere[^376]. Quite often when using Tor, even if you succeed in solving all the puzzles (sometimes dozens in a row), you will still be denied after solving the puzzles. - -See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor) - -While most people think those puzzles are only about solving a little puzzle, it is important to understand that it is much more complex, and that modern Captchas uses advanced machine learning and risk analysis algorithms to check if you are human[^377]: - -- They check your browser, cookies, and browsing history using Browser fingerprinting[^378]. - -- They track your cursor movements (speed, accuracy) and use algorithms to decide if it is "human/organic". - -- They track your behavior before/during/after the tests to ensure you are "human"[^379]. - -It is also highly likely that those platforms could already reliably identify you based on the unique way you interact with those puzzles. This could work despite obfuscation of your IP address / Browser and clearing all cookies. - -Watch for example this DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) - -You will often experience several in a row (sometimes endlessly) and sometimes exceedingly difficult ones involving reading undecipherable characters or identifying various objects on endless pictures sets. You will also have more captchas if you use an ad-blocking system (uBlock for example) or if your account was flagged for any reason for using VPNs or Tor previously. - -You will also have (in my experience) more Captchas (Google's reCAPTCHA) if you do not use a Chromium-based browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser extension called Buster that could help you those [[Archive.org]](https://web.archive.org/web/https://github.com/dessant/buster). - -As for Cloudflare (hCaptcha), you could also use their Accessibility solution here ( [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/accessibility)) which would allow you to sign-up (with your anonymous identity created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution to mitigate hCaptcha would be to use their own solution called "Privacy Pass"[^380] [[Archive.org]](https://web.archive.org/web/https://privacypass.github.io/) in the form of a Browser extension you could install in your VM Browser. - -You should therefore deal with those carefully and force yourself to alter the way you are solving them (speed/movement/accuracy/...) to prevent "Captcha Fingerprinting". - -Fortunately, as far as we are aware, these are not yet officially/publicly used to de-anonymize users for third parties. - -To not have those issues, you should consider using a VPN over Tor. And the best option to avoid those is likely to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server. - -### Phone verification: - -Phone verification is advertised by most platforms to verify you are human. But do not be fooled, the main reason for phone verification is not only to check if you are human but also to be able to de-anonymize you if needed. - -Most platforms (including the privacy-oriented ones such as Signal/Telegram/Proton will require a phone number to register, and most countries now make it mandatory to submit a proof of ID to register[^381]. - -Fortunately, this guide explained earlier how to get a number for these cases: [Getting an anonymous Phone number][Getting an anonymous Phone number:]. - -### E-Mail verification: - -E-Mail verification is what used to be enough but is not anymore in most cases. What is important to know is that open e-mail providers (disposable e-mail providers for instance) are flagged as much as open proxies (like Tor). - -Most platforms will not allow you to register using an "anonymous" or disposable e-mail. As they will not allow you to register using an IP address from the Tor network. - -The key thing to this is that it is becoming increasingly difficult to sign-up for a free e-mail account anywhere without providing (you guessed it) ... a cell phone number. That same cell phone number can be used conveniently to track you down in most places. - -It is possible that those services (Proton for instance) might require you to provide an e-mail address for registration. In that case, we would recommend you create an e-mail address from these providers: - -- MailFence: - -- Disroot: - -- Autistici: - -- Envs.net: - -Keep in mind that those do not provide a zero-access design (a zero-access design is where only you can access your e-mail - not even the service's admins can read your messages). This means they can access your e-mail at rest in their database. - - -#### A note about Riseup: - -RiseUp's warrant canary has been renewed late, with their Twitter posting a cryptic message seeming to tell users not to trust them. -Due to the suspicious situation, this guide can no longer recommend them. - -*Also see: * - -For the [[Tor Mirror]](http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/) (It has come to my attention that the site now, unfortunately, requires an invitation from a current registered user) - -#### Protecting your anonymous online identities e-mails using Aliasing services: - -If you want to avoid communicating your anonymous e-mail addresses to various parties. We would strongly suggest considering using e-mail aliasing services such as: - -- (preferred first choice due to more options available to the free tier) - -- - -These services will allow creating random aliases for your anonymous e-mail (on Proton for example) and could increase your general privacy if you do not want to disclose that e-mail for any purpose. They are both recommended by Privacyguides.org and Privacytools.io. I'm recommending them as well. - -### User details checking: - -Obviously, Reddit does not do this (yet), but Facebook most likely does and will look for "suspicious" things in your details (which could include face recognition). - -Some examples: - -- IP address from a country different than your profile country. - -- Age in the profile not matching the picture age. - -- Ethnicity in the profile not matching the picture ethnicity. - -- Language not matching the country language. - -- Unknown in anyone else contacts (Meaning nobody else knows you). - -- Locking down privacy settings after signing up. - -- Name that does not match the correct ethnicity/language/country? - -### Proof of ID verification: - -The deal-breaker in most cases. As far as we know, only Facebook and LinkedIn (outside of financial services) have requested such verifications which involve sending pictures of some form of identification (passport, national ID card, driver's license ...). The only way to do this would involve creating fake official documents (forgery) using some decent Photoshop skills and this might be illegal in most places. - -Therefore, this is a line we are not going to help you cross within this guide. Some services are offering such services online, but we think they are *bad actors* and are overstepping their boundaries. - -In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated financial services may request proof of identification. So, the legality of asking for such documents is debatable and we beieve such platforms should not be allowed to require those. - -In few countries (like Germany), this practice is illegal and online platforms such as Facebook or LinkedIn are legally bound to allow you to use a pseudonym and remain anonymous. - -### IP Filters: - -As stated previously in this guide, many platforms will apply filters on the IPs of the users. Tor exit nodes are publicly listed, and VPN exit servers are "well known". There are many commercial and free services providing the ability to block those IPs with ease (hi Cloudflare). - -Many platforms' operators and administrators do not want traffic from these IPs as they often drive a lot of unlawful/malicious/unprofitable traffic to their platforms. These platforms usually argue using one of the following points: - -- "Think of the children!"; -- "Terrorism!"; -- "Russian troll propaganda!"; -- "Well, it's noise in the data we sell to advertisers!" (e.g., AdSense or Facebook Ads). - -"Yet we still pay traffic for them so let us just deny them all instead." - -Fortunately, those systems are not perfect, and you will (still) be able to get around those restrictions by switching identities (in the case of Tor) and trying to access the website each time until you find an Exit Node that is not yet blacklisted. - -Some platforms will allow you to log in with a Tor IP but not to sign up (See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). Those platforms will keep a convenient, permanent log of the IP which you used during sign-up - And some will keep such logs indefinitely, e.g., all the IPs which you have used to log in (hi Facebook). - -The tolerance is much higher with VPNs as they are not considered "open proxies", but that will not stop many platforms from making them hard to use by forcing increasingly difficult CAPTCHAs on most VPN users. - -For this reason, this guide does recommend the use of VPN over Tor (and not Tor over VPN) in certain use cases. **Remember that the best option to avoid those is to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS**. - -### Browser and Device Fingerprinting: - -Your Browser and Device Fingerprints[^382] are a set of properties/capabilities of your System/Browser. These are used on most websites for invisible user tracking but also to adapt the website user experience depending on their browser. For instance, websites will be able to provide a "mobile experience" if you are using a mobile browser or propose a specific language/geographic version depending on your fingerprint. Most of those techniques work with recent Browsers like Chromium-based[^251] browsers (such as Chrome/Edge) or Firefox[^252] unless taking specific measures. Browser and Device[^382] Fingerprinting are usually integrated into the Captcha services but also in other various services. - -Many platforms (like Google[^383]) will check your browser for various capabilities and settings and block browsers they do not like. This is one of the reasons we recommend using Chromium-based browsers such as Brave Browser over Tor Browser within this VM. - -It should also be noted that while some browsers and extensions will offer some fingerprint resistance, this resistance in itself can also be used to fingerprint you as explained here [[Archive.org]](https://web.archive.org/web/https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/) - -This guide will mitigate these issues by randomizing or hiding many of those fingerprinting identifiers by: - -- Using Virtualization (See [Appendix W: Virtualization]); - -- Using specific recommendations (See [Appendix A5: Additional browser precautions with JavaScript enabled]; - -- Using hardening [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:]); - -- and by using fingerprint-resistant browsers (like Brave or Tor Browser). - -Here are some of the things they check within recent browsers: - -- User-Agent: This is your Browser name and Version. - -- HTTP_ACCEPT Headers: This is the type of content your Browser can handle. - -- Time Zone and Time Zone Offset: Your time zone. - -- Screen Size and Color Depth: The resolution of your screen. - -- System Fonts: The typing fonts installed on your system. - -- Cookies support: If your browser supports cookies or not. - -- Hash of Canvas fingerprint and Hash of WebGL fingerprint: These are generated unique IDs based on your graphic rendering capabilities. - -- WebGL Vendor & Renderer: Name of your Video card - -- Do-Not-Track enabled or not: Well, yes, they can use your DNT information to track you - -- Language: The language of your Browser - -- Platform: The Operating System you are using - -- Touch Support: If your system supports touch (such as a phone/tablet or touchscreen-enabled laptop) - -- Ad Blocking use: If your browser block ads - -- AudioContext fingerprint: Like the Canvas and WebGL fingerprints these will fingerprint your audio capabilities. - -- CPU: What kind of CPU you are using and how many of them - -- Memory: How much memory you have in your System - -- Browser Permissions: Is your browser allowing some things like geolocation or microphone/webcam access. - -Most of the time, those fingerprints will, unfortunately, be unique or nearly unique to your browser/system. This means that even If you log out from a website and then log back in using a different username, your fingerprint might remain the same if you did not take precautionary measures. An adversary could then use such fingerprints to track you across multiple services even if you have no account on any of them and are using adblocking. These fingerprints could in turn be used to de-anonymize you if you keep the same fingerprint between services. - -Here are services you can use to check your browser fingerprints: - -- (Probably the best overall) - -- - -- - -- - -- - -- (Chromium based browsers only) - -Chances are you will find your browser fingerprint unique no matter what you do. - -### Human interaction: - -Some platforms will add this as a bonus step and require you to have an actual human interaction with a customer care representative. Usually by e-mail but sometimes by chat/phone. They will want to verify that you exist by asking you to reply to an e-mail/chat/phone call. - -It is annoying but quite easy to deal with in our case. We are not making bots. This guide is for humans making human accounts. - -### User Moderation: - -Many platforms will delegate and rely on their users to moderate the others and their content. These are the "report" features that you will find on most platforms. - -Getting reported thousands of times does not matter when you are Donald Trump or Kim Kardashian but if you as a sole "friendless" anonymous user gets reported even once, you might get suspended/flagged/banned instantly. - -### Behavioral Analysis: - -See [Your Digital Fingerprint, Footprint, and Online Behavior][Your Digital Fingerprint, Footprint, and Online Behavior:]. - -### Financial transactions: - -Simple and efficient, some platforms will require you to perform a financial transaction to verify your account sometimes under the pretext of verifying your age. This could be a credit card verification or an exceedingly small amount bank wire. Some will accept a donation in a main cryptocurrency like Bitcoin or Ethereum. - -While this might seem innocent, this is obviously an ID verification and de-anonymization method. This is just indirectly relying on third-party financial KYC[^240] regulations. - -This is for instance now the case on YouTube for some European Users[^384] but also used by services like Amazon that requires a valid payment method for creating an account. - -![image36](media/image36.png) - -### Sign-in with some platform: - -"Why do this user-verification ourselves when we can just ask others to deal with it?" - -You will notice this, and you probably already encountered this. Some apps/platforms will ask/require you to sign in with a well-known and well-used reputable platform instead of their own system (Sign-in with Google/Facebook/Apple/Twitter). - -This option is often presented as the "default one", hiding away the "Sign-in with e-mail and password" with clever Dark Patterns[^385] and unfortunately sometimes needed. - -This method will delegate the verification process on those platforms instead of assuming that you will not be able to create an anonymous Google/Facebook/Apple/Twitter account with ease. - -Fortunately, it is still possible to this day to create those. - -### Live Face recognition and biometrics (again): - -This is a common method used on some Crypto trading platforms and some dating Apps. - -Some platforms/apps will require you to take a live picture of yourself either doing something (a wink, holding an arm up ...) or showing a custom piece of information (a handwritten text, a passport, or ID) within the picture. Sometimes the platform/app will require several pictures to increase their certainty. - -![image37](media/image37.png) - -This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you with other means anyway) and some dating apps like Tinder[^386]. Unfortunately, this method is now also sometimes being used on Facebook[^387] and Instagram as part of their verification methods (tho we did not face it yet so far). - -![image38](media/image38.png) - -In some cases, these verifications must be done from your Smartphone and with an "in-app" camera to prevent you from sending a previously saved (edited) image. - -Recently even platforms such as PornHub decided to implement similar measures in the future[^388]. - -This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use "deep fake" technology software such as the open-source FaceSwap [[Archive.org]](https://web.archive.org/web/https://github.com/deepfakes/faceswap) to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo). - -Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]](https://web.archive.org/web/https://github.com/iperov/DeepFaceLive). - -### Manual reviews: - -These can be triggered by any of the above and just means someone (usually specialized employees) will review your profile manually and decide whether it is real or not based on their subjective opinion. - -Some countries have even developed hotlines where you can report any subversive content[^389]. - -Pros: Usually that verdict is "final", and you will probably avoid further issues if you are good. - -Cons: Usually that verdict is "final", and you will probably be banned without any appeal possibility if you are not good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when trying to appeal that specific identity (this happens on Instagram for instance where if your account gets "suspended" obviously by some manual review, trying to complete the appeal form will just throw an error and tell you to try again later (We have been trying this same appeal for that identity for the past 6 months at least). - -## Getting Online: - -Now that you have a basic understanding of all the ways you can be de-anonymized, tracked, and verified. Let us get started at evading these while staying anonymous. Remember: - -- You cannot trust ISPs - -- You cannot trust VPS providers - -- You cannot trust public Wi-Fi providers - -- You cannot trust Mobile Network providers - -- You cannot trust VPN providers - -- You cannot trust any Online Platform - -- You cannot trust Tor - -- You cannot trust your Operating System - -- You cannot trust your Laptop - -- You cannot trust your Smartphone (especially Android) - -- You cannot trust your Smart devices - -- Above all, you cannot trust people - -So what? Well instead of not trusting anyone or anything, we would advise to **"Trust but verify"**[^390] (or "Never trust, always verify" if you are more hardcore about it and want to apply Zero-Trust Security[^391]) instead. - -**Do not start this process unless:** - -- **You consulted your local law for compliance and the legality of your actions.** - -- **You are aware of your threat model.** - -- **You are in a safe place with public Wi-Fi without your smartphone or any other smart device on you. And preferably in a place without CCTV filming you (remember to [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]** **and [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:])** - -- **You are fully done and preparing one of the routes.** - -- **Again, it is crucially important to understand that you will be unable to create most accounts without a valid phone number. Therefore, most of your anonymity on mainstream platforms depends on the anonymity of your online phone number and/or the burner phone with its pre-paid SIM card (if you use one). If your phone number is not anonymous or your burner phone can be traced back to you then you can be de-anonymized. If you cannot get this anonymous phone number and/or a physical SIM with a Burner phone, then you will have to restrict yourself to platforms not asking for phone number verification.** - -**Remember to see [Appendix N: Warning about smartphones and smart devices]** - -### Creating new identities: - -This is the fun part where you will now create your identities from thin air. These identities do not exist but should be plausible and look "organic". They should ideally have a story, a "legend" (yes this is the real term for this[^392]). - -What is a legend? Well, it is a full back-story for your character: - -- Age - -- Sex - -- Gender - -- Ethnicity - -- Place of Birth and date of Birth - -- Place of residence - -- Country of origin - -- Visited Countries (for travels for instance) - -- Interests and hobbies - -- Education History - -- Work experience - -- Health information - -- Religion if any - -- Goals - -- Family history - -- Family composition if any (Children? Spouse? Husband?) - -- Relationship Status if any (Married? Single?) - -- Spoken Languages - -- Personality traits (Introvert, Extrovert ...) - -- ... - -All these should be crafted carefully for every single identity, and you should be incredibly careful to stick to the details of each legend when using those identities. Nothing can leak that could lead to your real persona. Nothing could leak that could compromise the consistency of your legend. Everything should always be consistent. - -Tools that can help with this: - -- - -- - -- (**Generated pictures using this tool have a watermark that you might need to remove using image editing software such as Gimp**) - - **Warning:** This tool requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics. - -Now is also the moment where you could finally consider getting an online phone number as explained in the [Online Phone Number (less recommended)] section. - -We will help you bit by listing a few tips we learned while researching over the years **(disclaimer: this is based on my individual experiences alone)**: - -- "Some animals are more equal than others". - - - Ethnicity is important and you will have fewer issues and attract less attention to verification algorithms if your identity is Caucasian/East-Asian than if it is Arabic/Black (yes, we tested this extensively and it is definitely an issue). - - - Age is important and you will have fewer issues if you are young (18-22) than if you are middle-aged or older. Platforms seem to be more lenient in not imposing restrictions on new younger audiences. - - - Sex/Gender is important, and you will have fewer issues if you are a female than if you are a male. - - - Country of origin is important, and you will have fewer issues if your identity is Norwegian than if it is Ukrainian, Nigerian, or Mexican. - - - Country of residence is important, and you will have fewer issues if your identity has its residence in Oslo or Paris than if you decide to live in Kyiv or Cairo. - - - Language is important and you will have fewer issues if you speak English or the language of your Identity than if you use a non-related language. Do not make a Norwegian-born Arabic 20-year-old female that speaks Ukrainian or Arabic. - -- Identities that are "EU residents" with an "EU IP" (VPN/Tor Exit IP) will benefit from GDPR protections on many platforms. Others will not. GDPR is your friend in most cases, and you should take this into account. - -- Similarly, origin IP geolocation (your IP/location when you go to "whatsmyipaddress.com") should match your identity location as much as possible (When using a VPN over Tor, you can pick this in the VPN client if you use the VPN over Tor approach or just create a new identity in Tor Browser or Brave Tor Tab until you get an appropriate Exit node, or configure Tor to restrict your Exit Nodes). Consider excluding any exit IP that is not located in Western Europe/US/Canada/Japan/South Korea/Australia/New Zealand as you will have fewer issues. Ideally, you should get a European Union IP to get additional GDPR protection and if possible, a German exit IP due to their legal stance on using anonymous accounts on online platforms. - -- Brave Browser (Chromium-based) with a Private Tor Tab has a better acceptance level than Tor Browser (Firefox based). You will experience fewer issues with captchas and online platforms[^383] if you use Brave than if you use Tor Browser (feel free to try this yourself). - -- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to or * and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]](https://web.archive.org/web/https://github.com/NVlabs/stylegan2). Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet. - -***Warning:** https://generated.photos/face-generator requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics. - -- **Bonus**, you could also make it more real by using this service (with an anonymous identity) [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/deep-nostalgia) to make a picture more lifelike. Here is an example: - -- Original: - -![image39](media/image39.png) - -- Result (see Online because PDFs do not work well with embedded media): - -![after-gif](media/after.gif) - -Slight issue tho: **MyHeritrage.com bans Tor Exit nodes so you might have again to consider VPN over Tor for this.** - -You could also achieve the same result without using MyHeritage and by doing it yourself using for example [[Archive.org]](https://web.archive.org/web/https://github.com/AliaksandrSiarohin/first-order-model) but this will require more manual operations (**and requires an NVIDIA GPU**). Other commercial products will soon be available such as: [[Archive.org]](https://web.archive.org/web/https://www.d-id.com/talkingheads/) with examples here: [[Invidious]](https://yewtu.be/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos). - -Note: If you make several pictures of the same identity using some of the tools mentioned above, be sure to compare the similarities using the Microsoft Azure Face Verification tool at . - -- Create in advance and store in KeePassXC each identity details that should include some crafted details as mentioned earlier. - -- Do not pick an occupation at a well-known private corporation/company as they have people in their HR departments monitoring activities in platforms such as LinkedIn and will report your profile as being fake if it does not match their database. Instead, pick an occupation as a freelancer or at a large public institution where you will face less scrutiny due to their decentralized nature. - -- Keep track (write down) of the background stories of your Identities. You should always use the same dates and answers everywhere. Everything should always match up. Even the stories you tell about your imaginary life should always match. If you say you work as an intern at the Department of Health one day and later on another platform, say you work as an intern at the Department of Transportation, people might question your identity. Be consistent. - -- Use a different phone number for each identity. Online platforms do keep track of phone number usage and if one identity/number gets flagged for violating Community Guidelines or Terms of Services, it might also get the other identities using the same number flagged/banned as well. - -- Adapt your language/writing to the identity to not raise suspicions and lower your chances of being fingerprinted by online platforms. Be especially careful with using pedantic words and figures of speech/quotes that could allow some people to guess your writing is very similar to that person with this Twitter handle or this Reddit user. See [Appendix A4: Counteracting Forensic Linguistics]. - -- **Always use TOTP 2FA (not SMS to prevent Sim Swapping attacks**[^395] **and to keep your identity working when your pre-paid card expires) using KeePassXC when available to secure your logins to various platforms.** - -- Remember [Appendix A2: Guidelines for passwords and passphrases]. - -Here is also a good guide on this specific topic: [[Archive.org]](https://web.archive.org/web/https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual) - -Note: If you are having trouble finding an exit node in the country of your choice you can force using specific countries for Exit Nodes (and therefore exit countries) on Tor by editing the torrc file on the Whonix Gateway or even the Tor Browser: - -- Whonix/Tails: Create/Edit a file ```/usr/local/etc/torrc.d/50_user.conf```[^396]. - -- On Tor Browser: Edit the torrc file located at ```Browser/TorBrowser/Data/Tor```[^397]. - -Once you are in the file, you can do the following: - -- Specify the Exit Nodes by adding those two lines (which will require an Exit Node in China/Russia/Ukraine: - - - ```ExitNodes {CH},{RU},{UA}``` - - - ```StrictNodes 1``` - -- Exclude specific Exit Nodes by adding this line (which will exclude all Exit Nodes from France/Germany/USA/UK): - - - ```ExcludeNodes {FR},{DE},{US},{UK}``` - -Always use uppercase letters for any setting. - -**Please note that this is restricting Onion Routing could limit your Anonymity if you are too restrictive. You can see a visualized list of available Exit Nodes here: ** [[Archive.org]](https://web.archive.org/web/https://www.bigdatacloud.com/insights/tor-exit-nodes) - -Here is the list of possibilities (this is a general list and many of those countries might not have Exit nodes at all): - -### Checking if your Tor Exit Node is terrible: - -**Skip this if you are using a VPN/Proxy over Tor (tho you can also do the same checks with a VPN exit node if you want).** - -Not all Tor Exit nodes are equal. This is mostly due to what type of "exit policy" their operator applies to them. Some Tor Exit nodes are seen are more or less "clean" and will only show up in the Tor Exit nodes lists. Some other Tor Exit nodes are seen as "dirty" and will show up in dozens of various blacklists. So how do you know if you are on a clean one or a bad one? It is not that simple. - -#### This process is very easy: - -This works whether you're using Tor Browser on a Host OS, in a VM, with Whonix or Qubes OS. - -- Go on the target website you want to sign up for in a tab - -- Click the Tor Circuit icon to the left of the "lock" icon in the upper left corner to view your route through the Tor network. - -- Look at the third IP (Exit IP) you are using in that tab for that website. (You can't copy the IP address, but you can type it into the browser address bar if needed.) - -- Open a new tab and go to MX Toolbox. - -- Put the Exit IP from the first tab in the search box. You will likely see "We notice you are on a blacklist." - -- Check the amount of blacklists the Tor Exit node is in. Ideally, it should only be in two. If it is in other lists, such as Spamhaus ZEN, you might run into issues: - - - DAN TOR - - - DAN TOREXIT - -If the Exit Node is "clean" (in few lists), proceed to go back to the first tab and open the site you want to use to sign up. - -### The Real-Name System: - -Unfortunately, not using your real identity is against the Terms of Services ("TOS") of many services, especially those owned by Microsoft and Facebook. But don't despair, as explained in the [Requirements][Pre-requisites and limitations:], it's still legal in Germany where the courts have upheld the legality of not using real names on online platforms (§13 VI of the German Telemedia Act of 2007[^1]'[^2]). **Fortunately, ToS cannot override laws** **(yet)**. - -This does not mean that it is illegal in other places but that it might be a breach of their TOS if you do not have the law on your side. **Remember this guide only endorses this for German users residing in Germany.** - -On my side, we strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]](https://wikiless.org/wiki/Facebook_real-name_policy_controversy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) - -Here are some more references about the German case for reference: - -- [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html) - -- [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules) - -- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) - -- [[Archive.org]](https://web.archive.org/web/https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf) - -- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) - -- [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI) - -Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and we are not lawyers. **Do this at your own risk.** - -Other countries where this was ruled illegal: - -- South Korea (see [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system)) - -- If you know any other, please let me know with references in the GitHub issues. - -Some platforms are bypassing this requirement altogether by requiring a valid payment method instead (see [Financial transactions:]). While this does not directly require a real name through their ToS, this has the same results as they usually only accept mainstream (not Monero/Cash) payment methods (such as Visa/MasterCard/Maestro or PayPal) which do require a real-name legally as part of their KYC[^240] regulations. The result is the same and even better than a simple real-name policy you could ignore in some countries such as Germany. - -### About paid services: - -If you intend to use paid services, privilege those accepting cash payments or Monero payments which you can do directly and safely while keeping your anonymity. - -If the service you intend to buy does not accept those but accepts Bitcoin (BTC), consider the following appendix: [Appendix Z: Paying anonymously online with BTC (or any other cryptocurrency)][Appendix Z: Online anonymous payments using cryptocurrencies]. - -### Overview: - -This section will show you an overview of the current various requirements on some platforms: - -- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org) **for better privacy instead of the usual mainstream ones.** - -- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **as well instead of the usual mainstream ones such as E-mail providers: ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/E-Mail#Anonymity_Friendly_Email_Provider_List) - -**The following overview does not mention the privacy practices of those platforms but only their requirements for registering an account. If you want to use privacy-aware tools and platforms, head on to ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/)**.** - -Legend: - -- "Unclear": Unclear due to lack of information or confusing information. - -- "Maybe": It did happen in a minority of my tests. - -- "Likely": It did happen in most of my tests. - -- "Yes" or "No": This either happened or never happened systematically in all my tests. - -- "Easy": The overall experience was straightforward with little to no obstacles. - -- "Medium": The overall experience has some obstacles, but it is still doable without too much hassle. - -- "Hard": The overall experience is a painful struggle with many obstacles. - -- "N/A": Not Applicable because it was not possible to test within the context of this guide - -- "Indirectly": This means they do require something but indirectly through a third-party system (Financial KYC for example). - - ------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ServiceAgainst ToSRequires PhoneRequires E-MailVPN Sign-upTor Sign-upCaptchas

ID or

-

Financial Checks

Facial ChecksManual ChecksOverall difficulty
AmazonNoNoYesYesYesNoYes*NoUnclearN/A
AppleYes*YesYesYesYesNoNoNoNoMedium
BinanceYes*NoYesYesNoYesNoNoNoMedium
BriarNoNoNoYesYesNoNoNoNoEasy
DiscordNoNoYesYesYesYesNoNoNoMedium
ElementNoNoNoYesYesYesNoNoNoEasy
FacebookYes*YesYesMaybeMaybeYesMaybeMaybeMaybeHard
GitHubNoNoYesYesYesYesNoNoNoEasy
GitLabNoNoYesYesYesYesNoNoNoEasy
GoogleNoLikelyLikelyYesYesYesMaybeNoMaybeMedium
HackerNewsNoNoNoYesYesYesNoNoNoEasy
InstagramUnclearLikelyYesYesYesYesNoMaybeMaybeMedium
JamiNoNoNoYesNoNoNoNoNoEasy
iVPNNoNoNoYesYesNoNoNoNoEasy
KrakenYes*NoYesYesNoNoNoNoNoMedium
LinkedInYes*YesYesYesYesYesMaybeMaybeMaybeHard
MailFenceNoNoYesYesMaybeYesNoNoNoMedium
MediumNoNoYesYesYesNoNoNoNoEasy
MicrosoftYes*MaybeMaybeYesYesYesNoNoNoMedium
MullvadNoNoNoYesYesNoNoNoNoEasy
NjallaNoNoNoYesYesNoNoNoNoEasy
OnionShareNoNoNoYesYesNoNoNoNoEasy
OnlyFansNoNoYesYesYesYesYes (for full functionalities)NoNoHard (for full functionalities)
Proton MailNoMaybeLikelyYesYesYesNoNoNoMedium
Proton VPNNoNoYesYesYesNoNoNoNoMedium
RedditNoNoNoYesYesNoNoNoNoEasy
SlashdotYes*NoNoYesYesYesNoNoNoMedium
TelegramNoYesNoYesYesNoNoNoNoEasy
TutanotaNoNoNoMaybeNoYesNoNoNoHard
TwitchNoNoYesYesYesYesNoNoNoEasy
TwitterNoYesYesYesYesYesNoNoMaybeMedium
WhatsAppYes*YesNoYesYesNoNoNoNoMedium
4chanNoNoNoNoNoYesNoNoNoHard
- -* **See [The Real-Name System][Checking if your Tor Exit Node is terrible:] for essential information. See below for details.** - -##### Below you'll find a list of "problematic services". If they're not below, it means there are no issues at all with anything (like Briar for example) - -#### Amazon: - -- Is this against their ToS? No, but yes [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280) - -"1. Amazon Services, Amazon Software - -A. Use of Amazon Services on a Product. To use certain Amazon Services on a Product, you must have your own Amazon.com account, be logged in to your account on the Product, **and have a valid payment method associated with your account.** " - -While it does not technically require a real name. It does require a valid payment method. Unfortunately, it will not accept "cash" or "Monero" as a payment method. So instead, they are relying on financial KYC (where a real-name policy is pretty much enforced everywhere). - -- Will they require a phone number? Yes, but see below - -- Can you create accounts through Tor? Yes, but see below - -Because of this valid payment method requirement, we could not test this. While this is seemingly not against their ToS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method anonymously which AFAIK is pretty much impossible or extremely difficult. - -So, AFAIK, it is not possible to create an anonymous Amazon account. - -#### Apple: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html) - -"IV. Your Use of the Service - -A. Your Account - -In order to use the Service, you must enter your Apple ID and password to authenticate your Account**. You agree to provide accurate and complete information when you register with, and as you use, the Service ("Service Registration Data"), and you agree to update your Service Registration Data to keep it accurate and complete".** - -- Will they require a phone number? Yes - -- Can you create accounts through Tor? Yes - -Note that this account will not allow you to set up an Apple mail account. For that, you will need an Apple device. - -#### Binance: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.binance.com/en/terms) - -- Will they require a phone number? No, they do require an e-mail - -- Can you create accounts through Tor? No - -#### Discord: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://discord.com/terms) - -- Will they require a phone number? No, but they do require an e-mail - -- Can you create accounts through Tor? We had no issues with that so far using the Desktop Client - -You might encounter more issues using the Web Client (Captchas). Especially with Tor Browser. - -I suggest using the Discord Client app on a VM through Tor or ideally through VPN/Proxy over Tor to mitigate such issues. - -#### Element: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://element.io/terms-of-service) - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Yes - -Expect some Captchas during account creation on some homeservers. - -#### Facebook: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.facebook.com/terms.php) - -"1. Who can use Facebook - -When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must: - -- Use the same name that you use in everyday life. - -- Provide accurate information about yourself. - -- Will they require a phone number? Yes, and probably more later - -- Can you create accounts through Tor? Yes, but it is very difficult and their onion address[^398] will not help. In most cases, you'll just have a random error at sign-up and your account suspended after sign-in." - -But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). - -Facebook is one of the most aggressive platforms with identity verification and is pushing hard their "real name policy". It is why this guide is only advised to German residents. - -Over our tests tho we were able to pinpoint a few tips: - -- It will be easier if you have an Instagram account first. - -- Signing up through Tor is almost impossible (even using their .onion address which is a joke) and will only succeed if you are " very lucky" (I assume if you are using an exit node that is not yet known by Facebook verification systems). In most cases, it will not allow registration at all and will just fail with "An error has occurred during registration". - -- Signing up through VPNs is more likely to succeed but might still result in the same error. So, you must be ready for a lot of trial and error here. - -- Signing up through a Self-Hosted VPN/Proxy is your best bet but make sure your profile/identity matches the IP geolocation. - -- My earlier entry in the guide about the Orwellian quote from Animal Farm is in full effect on Facebook. You will experience huge variation in acceptance depending on age/sex/ethnicity/nationality/... This is where you will have far fewer issues if you are making an account of a Young European Caucasian Female. You will almost certainly fail if you try making a Middle-Aged Male where my other accounts are still unsuspended/unbanned to this day. - -- Logging-in (after you sign-up) however works fine with VPN and Tor but might still trigger an account suspension for violating Community Guidelines or Terms of Services (despite you not using the account at all for anything else than signing-up/logging-in). Ideally, you should log-in back with the same IP from a self-hosted VPN/Proxy. - -I also suspect strongly based on my test that the following points have an impact on your likelihood of being suspended over time: - -- Not having friends - -- Not having interests and an "organic activity" - -- Not being in the contacts of any other user - -- Not being on other platforms (such as Instagram/WhatsApp) - -- Restricting your profile privacy settings too soon after signing-up - -If your account gets suspended, you will need to appeal the decision through a quite simple form that will require you to submit a "proof of ID". However, that proof of ID verification system is more lenient than LinkedIn and will allow you to send various documents which require far less Photoshop skills. - -It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If that is the case, we are afraid it is a dead-end for now unless you use a deepfake face swapping technique. - -If you do file an appeal, you will have to wait for Facebook to review it (I do not know whether this is automatic or human) and you will have to wait and hope for them to unsuspend your account. - -#### GitHub: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service) - -- Will they require a phone number? Nope, all good - -- Can you create accounts through Tor? Yes, but expect some captchas - -GitHub is straightforward and requires no phone number. - -Be sure to go into Settings > E-Mail and make your e-mail private as well as block any push that would reveal your e-mail. - -#### GitLab: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/) - -- Will they require a phone number? Nope, all good - -- Can you create accounts through Tor? Yes, but expect captchas - -GitLab is straightforward and requires no phone number. - -#### Google: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://policies.google.com/terms) - -- Will they require a phone number? Yes, they will. There is no escape here. - -- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required - -Proton is good ... but to appear less suspicious, it is simply better to also have a mainstream Google Mail account. - -As Proton, Google will also most likely require a phone number during sign-up as part of their verification process. However contrary to Proton, Google will store that phone number during the sign-up process and will also limit the number of accounts that can be created during the sign-up[^399]'[^400]. - -From my experience during my research, this count is limited to three accounts/phone numbers. If you are unlucky with your number (if it was previously used by another mobile user), it might be less. - -You should therefore use again your online phone number OR your burner phone and pre-paid SIM card to create the account. Do not forget to use the identity details you made up earlier (birthdate). When the account is created, please do take some time to do the following: - -- **(Trick)** Log into Google Mail on desktop and go into the Gmail Quick Settings > See all Setting > Forwarding and POP/IMAP > Add a forwarding address > Verify (using Proton) > Go back to Gmail and set the forwarding to forward and delete Google copy > Save. This step will allow you to check your Google Mail using Proton instead and will allow you to avoid triggering Google Security checks by Logging in from various VPN/Tor exit IP addresses in the future while storing your sensitive e-mail at Proton instead. This trick will allow you to receive all the e-mails from your Gmail addresses on your Proton (or other) address without needing to login into your Google accounts (reducing risks of it being suspended, especially if you use Tor). - -- Enable 2FA within the Google account settings. First, you will have to enable 2FA using the phone number. Then you will see the option appear to enable 2FA using an Authenticator app. Use that option and set it up with a new KeePassXC TOTP entry. When it is done, remove the phone 2FA from the Google account. This will prevent someone from using that phone number in the future (when you do not have it anymore) to recover/gain access to that account. - -- Add Proton as a recovery e-mail address for the account. - -- Remove the phone number from the account details as a recovery option. - -- Upload a Google profile picture you made earlier during the identity creation step. - -- Review the Google Privacy settings to disable as much as you can: - - - Activity logging - - - YouTube - -- Log out and do not touch it unless needed (as mentioned, you will use Proton to check your Gmail). - -Keep in mind that there are different algorithms in place to check for weird activity. If you receive any mail (on Proton) prompting about a Google Security Warning. Click it and click the button to say, "Yes it was me". It helps. - -Do not use that account for "sign-up with Google" anywhere unless necessary. - -Be extremely careful if you decide to use the account for Google activities (such as Google Maps reviews or YouTube Comments) as those can easily trigger some checks (Negative reviews, Comments breaking Community Guidelines on YouTube). - -If your account gets suspended [^401] (this can happen on sign-up, after signing-up or after using it in some Google services), you can still get it unsuspended by submitting[^402] an appeal/verification (which will again require your Phone number and possibly an e-mail contact with Google support with the reason). **Suspension of the account does not disable the e-mail forwarding, but the suspended account will be deleted after a while.** - -After suspension, if your Google account is restored, you should be fine. - -If your account gets banned, you will have no appeal and the forwarding will be disabled. Your phone number will be flagged, and you will not be able to use it to sign-up on a different account. Be careful when using those to avoid losing them. They are precious. - -It is also possible that Google will require an ID check through indirect financial KYC or ID picture check if you try to access/publish mature content on their platform[^403]. - -#### Instagram: - -- Is this against their ToS? **Maybe?** We are not sure [[Archive.org]](https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp) - -"**You can't impersonate others or provide inaccurate information. You do not have to disclose your identity on Instagram, but you must provide us with accurate and up-to-date information (including registration information)**. **Also, you may not impersonate someone you are not, and you can't create an account for someone else unless you have their express permission".** - -This one is a bit of an Oxymoron don't you think? So, we are not sure whether it is allowed or not. - -- Will they require a phone number? Maybe but less likely over VPN and very likely over Tor - -- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required - -It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity (within the app or through an e-mail request). If that is the case, we are afraid it is a dead-end for now. - -It is no secret that Instagram is part of Facebook however it is more lenient than Facebook when it comes to user verification. It is quite unlikely you will get suspended or banned after signing up. But it could help. - -For instance, we noticed that you will face fewer issues creating a Facebook account if you already have a valid Instagram account. You should always create an Instagram account before trying Facebook. - -Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be able to enable Authenticator 2FA from the web for a reason we do not know. - -After sign-up, do the following: - -- Upload a picture of your generated identity if you want. - -- Go into your Settings - -- Make the account private (initially at least) - -- Do not show activity status - -- Do not allow sharing - -#### Jami: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://jami.net/privacy-policy/) - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Nope it does not work for some technical reason - -#### Kraken: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.kraken.com/legal) - -- Will they require a phone number? No, they do require an e-mail - -- Can you create accounts through Tor? Yes - -#### LinkedIn: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement) - -"To use the Services, you agree that: (1) you must be the "*Minimum Age*" (described below) or older; (2) **you will only have one LinkedIn account, which must be in your real name**; and (3) you are not already restricted by LinkedIn from using the Services. **Creating an account with false information is a violation of our terms**, including accounts registered on behalf of others or persons under the age of sixteen. " - -But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). - -- Will they require a phone number? Yes, they will. - -- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required - -LinkedIn is far less aggressive than twitter but will nonetheless require a valid e-mail (preferably again your Gmail) and a phone number in most cases (tho not always). - -LinkedIn however is relying a lot on reports and user/customer moderation. You should not create a profile with an occupation inside a private corporation or a small startup company. The company employees are monitoring LinkedIn activity and receive notifications when new people join. They can then report your profile as fake, and your profile will then be suspended or banned pending appeal. - -LinkedIn will then require you to go through a verification process that will, unfortunately, require you to send an ID proof (identity card, passport, driver's license). This ID verification is processed by a company called Jumio[^404] that specializes in ID proofing. This is most likely a dead end as this would force you to develop some strong Photoshop skills. - -Instead, you are far less likely to be reported if you just stay vague (say you are a student/intern/freelance) or pretend you work for a large public institution that is too large for anyone to care or check. - -As with Twitter and Google, you should do the following after signing up: - -- Disable ads - -- Disable notifications - -- Disable lookup by phone/e-mail - -- Upload a picture of your identity - -#### MailFence: - -- Is this against their ToS? No - -- Will they require a phone number? No, but they require an e-mail - -- Can you create accounts through Tor? Maybe. From my tests, the signing-up verification e-mails are not sent when using Tor to sign-up. No issues however when using a VPN over Tor or a Proxy over Tor. - -#### Medium: - -- Is this against their ToS? No, unless it is about crypto [[Archive.org]](https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f) - -- Will they require a phone number? No, but they require an e-mail - -- Can you create accounts through Tor? No issues with that so far - -Signing-in does require an e-mail every time. - -#### Microsoft: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/) - -"i. Creating an Account. You can create a Microsoft account by signing up online. **You agree not to use any false, inaccurate, or misleading information when signing up for your Microsoft account".** - -But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). - -- Will they require a phone number? Likely but not always. Depending on your luck with your Tor exit node, they may only require e-mail verification. If you use a VPN over Tor, they will likely only ask for an e-mail. - -- Can you create accounts through Tor? Yes, you can but expect captchas, at least e-mail verification, **and likely phone verification.** - -So yes, it is still possible to create an MS account without a phone number and using Tor or VPN, but you might have to cycle through a few exit nodes to achieve this. - -After signing up you should set up 2FA authentication within the security options and using KeePassXC TOTP. - -#### OnlyFans: - -- Is this against their ToS? No, it looks fine [[Archive.org]](https://web.archive.org/web/https://onlyfans.com/terms) - -- Will they require a phone number? No, they do require an e-mail - -- Can you create accounts through Tor? Yes, you can - -Unfortunately, you will be extremely limited with that account and to do anything you will need dot complete their verification process which requires a KYC type financial transaction check. So, not very useful. - -#### Proton: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://proton.me/legal/terms) - -- Will they require a phone number? Maybe. This depends on the IP you are coming from. If you come from Tor, it is likely. From a VPN, it is less likely. - -- Can you create accounts through Tor? Yes, but highly likely that a phone number will be required when only an e-mail or a captcha will be required over a VPN. They even have a ".onion" address at . - -You obviously need an e-mail for your online identity and disposable e-mails are pretty much banned everywhere. - -Proton is a free e-mail provider based in Switzerland that advocates security and privacy. - -They are recommended by Privacyguides.org[^405]. Their only apparent issue is that they do require (in most cases) a phone number or another e-mail address for registration (when you try to register from a VPN or Tor at least). - -They claim they do not store/link the phone/e-mail associated with the registration but only store a hash that is not linked to the account[^406]. If their claim is true and the hash is not linked to your account, and that you followed my guide about the phone number, you should be reasonably safe from tracking. - -This e-mail account can be used for creating a Google/Gmail account. - -#### Reddit: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.redditinc.com/policies) - -- Will they require a phone number? No, they will not. - -- Can you create accounts through Tor? Yes - -Reddit is simple. All you need to register is a valid username and a password. Normally they do not even require an e-mail (you can skip the e-mail when registering, leaving it blank). - -No issues whatsoever signing up over Tor or VPN besides the occasional Captchas. - -Consider reading this reddit post: [[Archive.org]](https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/) - -#### Slashdot: - -- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/) - -"8. Registration; Use of Secure Areas and Passwords - -Some areas of the Sites may require you to register with us. When and if you register, you agree to (a) provide accurate, current, and complete information about yourself as prompted by our registration form (including your e-mail address) and (b) to maintain and update your information (including your e-mail address) to keep it accurate, current, and complete. You acknowledge that should any information provided by you be found to be untrue, inaccurate, not current, or incomplete, we reserve the right to terminate this Agreement with you and your current or future use of the Sites (or any portion thereof)". - -- Will they require a phone number? No - -- Can you create accounts through Tor? Yes - -#### Telegram: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://telegram.org/tos) - -- Will they require a phone number? Yes unfortunately - -- Can you create accounts through Tor? Yes, but sometimes you randomly get banned without any reason - -Telegram is quite straightforward, and you can download their portable Windows app to sign-up and log in. - -It will require a phone number (that can only be used once) and nothing else. - -In most cases, we had no issues whether it was over Tor or VPN, but we had a few cases where our telegram account was just banned for violating terms of services (not sure which one?). This again despite not using them for anything. - -They provide an appeal process through e-mail, but we had no success with getting any answer. - -Their appeal process is just sending an e-mail to [[Archive.org]](https://web.archive.org/web/mailto:recover@telegram.org) stating your phone number and issue and hope they answer. - -After signing up you should do the following: - -- Go into Edit profile - -- Set a Username - -- Go into Settings (Desktop App) - -- Set the Phone Number visibility to Nobody - -- Set Last Seen & Online to Nobody - -- Set Forwarded Messages to Nobody - -- Set Profile photos to Contacts - -- Set Calls to Contacts - -- Set Group & Channels to Contacts - -#### Tutanota: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://tutanota.com/terms/) - -- Will they require a phone number? No, but they do require an e-mail. - -- Can you create accounts through Tor? Not really, almost all Tor Exit nodes are banned AFAIK - -#### Twitter: - -- Is this against their ToS? No - -- Will they require a phone number? Extremely likely, possibly now a requirement in all cases. - -- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required after a while. - -Twitter is extremely aggressive in preventing anonymity on its network. You should sign-up using e-mail and password (not phone) and not using "Sign-in with Google". Use your Gmail as the e-mail address. - -More than likely, your account will be suspended immediately during the sign-up process and will require you to complete a series of automated tests to unlock. This will include a series of captchas, confirmation of your e-mail and Twitter handle, or other information. In some cases, it will also require your phone number. - -In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter what. In that case, you will have to pick up and hear the verification code. We suspect this is another method of preventing automated systems and malicious users from selling text receiving services over the internet. - -Twitter will store all this information and link it to your account including your IP, e-mail, and phone number. You will not be able that phone number to create a different account. - -Once the account is restored, you should take some time to do the following: - -- Upload the identity profile picture. - -- Enable 2FA from the security settings using a new KeePassXC TOTP entry, save the security codes in KeePassXC as well. - -- Disable Photo tagging - -- Disable E-mail lookup - -- Disable Phone lookup - -- Disable all personalized advertising settings - -- Disable geolocation of tweets - -- **Caution:** Remove the phone number from the account (at your own risk, this often leads to suspension of the account) - -- Follow some people based - -- Log out and leave it be. - -After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for "suspicious activity" or "violating community guidelines" despite you not using it at all (not even a single tweet/follow/like/retweet or DM) but this time by another system. We call this the "Double-tap". - -This time you will need to submit an appeal using a form[^407], provide a good reason and wait for the appeal to be processed by Twitter. During that process, you may receive an e-mail (on Proton) asking you to reply to a customer service ticket to prove that you do have access to your e-mail and that it is you. This will be directed toward your Gmail address but will arrive on your Proton. - -Do not reply from Proton as this will raise suspicions, you must sign in to Gmail (unfortunately) and compose a new mail from there copy-pasting the E-Mail, Subject, and Content from Proton. As well as a reply confirming you have access to that e-mail. - -After a few days, your account should get unsuspended "for good". No issues after that but keep in mind they can still ban your account for any reason if you violate the community guidelines. The phone number and e-mail will then be flagged, and you will have no other option but to get a new identity with a new number to sign-up again. Do not use this account for trolling. - -#### Twitch: - -- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.twitch.tv/p/en/legal/terms-of-service/) - -- Will they require a phone number? No, but they do require an e-mail. - -- Can you create accounts through Tor? Yes - -Note that you will not be able to enable 2FA on Twitch using only e-mail. This feature requires a phone number to enable. - -#### WhatsApp: - -- Is this against their ToS? **Yes** [[Archive.org]](https://web.archive.org/web/https://www.whatsapp.com/legal/updates/terms-of-service-eea) - -"**Registration**. You must register for our Services **using accurate information**, provide your current mobile phone number, and, if you change it, update your mobile phone number using our in-app change number feature. You agree to receive text messages and phone calls (from us or our third-party providers) with codes to register for our Services". - -- Will they require a phone number? Yes, they do. - -- Can you create accounts through Tor? No issues with that so far. - -#### 4chan: - -- Is this against their ToS? No - -- Will they require a phone number? No, they will not. - -- Can you post there with Tor or VPN? Not likely. - -4chan is 4chan ... This guide will not explain 4chan to you. They block Tor exit nodes and known VPN IP ranges. - -You are going to have to find a separate way to post there using at least seven proxies[^408] that are not known by 4chan blocking system (hint: Anonymous VPS using Monero is probably your best option). - -![image40](media/image40.png) - -#### Crypto Wallets: - -Use any crypto wallet app within the Windows Virtual Machine. But be careful not to transfer anything toward an Exchange or a known Wallet. Crypto is in most cases NOT anonymous and can be traced back to you when you buy/sell any (remember the [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:] section). - -**If you really want to use Crypto, use Monero which is the only one with reasonable privacy/anonymity.** - -Ideally, you should find a way to buy/sell crypto with cash from an unknown person. - -#### What about those mobile-only apps (WhatsApp/Signal)? - -There are only three ways of securely using those anonymously (that we would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, "tedious" to say the least. - -- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/). As for myself, we will recommend the use of: - - - Android-x86 on Virtualbox (see [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html)) that you can also set up easily. - - - AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) that you can also set up rather easily including on the Whonix Workstation, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) - -- **Not recommended:** Using a non-official app (such as Wassapp for WhatsApp) to connect from the Windows VM to the app. Use at your own risk as you could get banned for violating the terms of services by using a non-official App. - -- **Not recommended and most complicated:** Have a burner Smartphone that you will connect to the VM layered network through Tethering/Sharing of the connection through Wi-Fi. We will not detail this here, but it is an option. - -There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not even possible on IOS as far as we know). By reliable, we mean being sure that the smartphone will not leak anything such as geolocation or anything else from booting up to shutting down. - -#### Anything else: - -You should use the same logic and security for any other platform. - -It should work in most cases with most platforms. **The hardest platform to use with full anonymity is Facebook.** - -This will obviously not work with banks and most financial platforms (such as PayPal or Crypto Exchanges) requiring actual real official and existing identification. This guide will not help you there as this would be illegal in most places. - -### How to share files privately and/or chat anonymously: - -There are plenty of messaging apps everywhere. Some have excellent UI and UX and terrible Security/Privacy. Some have excellent Security/Privacy but terrible UI and UX. It is not easy to pick the ones that you should use for sensitive activities. So, this section will help you do that. - -Before going further, there are also some key basic concepts you should understand: - -#### End-to-end Encryption: - -End-to-end Encryption[^409] (aka e2ee) is a rather simple concept. It just means only you and your destination know each-others public encryption keys and no one in between that would be eavesdropping would be able to decrypt the communication. - -However, the term is often used differently depending on the provider: - -- Some providers will claim e2ee but forget to mention what is covered by their protocols. For instance, is metadata also protected within their e2ee protocol? Or is it just the content of the messages? - -- Some providers do provide e2ee but only as an opt-in option (disabled by default). - -- Some providers do offer e2ee with 1 to 1 messaging but not with group messaging. - -- Some providers will claim the use of e2ee, but their proprietary apps are closed source where no one can verify the claim and the strength of the encryption used. - -For these reasons, it is always important to check the claims of various apps. Open-Source apps should always be preferred to verify what kind of encryption they are using and if their claims are true. If not open source, such apps should have an openly available independent (made by a reputable third party) report confirming their claims. - -#### Roll your own crypto: - -See the [Bad Cryptography][Bad Cryptography:] section at the start of this guide. - -**Always be cautious of apps rolling their own crypto until it has been reviewed by many in the crypto community (or even better published and peer-reviewed academically)**. Again, this is harder to verify with closed-source proprietary apps. - -It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, auditing, testing... And since you are probably not a cryptanalyst (and we are not either), chances are high we are not competent to assess the cryptography of some apps. - -#### Forward Secrecy: - -Forward Secrecy[^410] (FS aka PFS for Perfect Forward Secrecy) is a property of the key agreement protocol of some of those messaging apps and is a companion feature of e2ee. This happens before you establish communication with the destination. The "Forward" refers to the future in time and means that every time you establish a new e2ee communication, a new set of keys will be generated for that specific session. The goal of forward secrecy is to maintain the secrecy of past communications (sessions) even if the current one is compromised. If an adversary manages to get hold of your current e2ee keys, that adversary will then be limited to the content of the single session and will not be able to easily decrypt past ones. - -This has some user experience drawbacks like for instance, a new device could not be able to conveniently access the remotely stored chat history without additional steps. - -**So, in short, Forward Secrecy protects past sessions against future compromises of keys or passwords.** - -More on this topic on this YouTube video: [[Invidious]](https://yewtu.be/watch?v=zSQtyW_ywZc) - -Some providers and apps claiming to offer e2ee do not offer FS/PFS sometimes for usability reasons (group messaging for instance is more complex with PFS). It is therefore important to prefer open-source apps providing forward secrecy to those that do not. - -#### Zero-Access Encryption at rest: - -Zero-Access Encryption[^411] at rest is used when you store data at some provider (let us say your chat history or chat backups) but this history or backup is encrypted on your side and cannot be read or decrypted by the provider hosting it. - -Zero-Access encryption is an added feature/companion to e2ee but is applied mainly to data at rest and not communications. - -Examples of this issue would be iMessage and WhatsApp, see the [Your Cloud backups/sync services][Your Cloud backups/sync services:] at the start of this guide. - -So again, it is best to prefer Apps/Providers that do offer Zero-Access Encryption at rest and cannot read/access any of your data/metadata even at rest and not only limited to communications. - -Such a feature would have prevented important hacks such as the Cambridge Analytica scandal[^412] if it were implemented. - -#### Metadata Protection: - -Remember the [Your Metadata including your Geo-Location][Your Metadata including your Geo-Location:] section. End-to-end Encryption is one thing, but it does not necessarily protect your metadata. - -For Instance, WhatsApp might not know what you are saying but they might know who you are talking to, how long and when you have been talking to someone, who else is in groups with you, and if you transferred data with them (such as large files). - -End-to-end Encryption does not in itself protect an eavesdropper from harvesting your metadata. - -This data can also be protected/obfuscated by some protocols to make metadata harvesting substantially harder for eavesdroppers. This is the case for instance with the Signal Protocol which does offer some added protection with features like: - -- The Sealed Sender option[^413]. - -- The Private Contact Discovery[^414]. - -- The Private Group System[^415]. - -Other Apps like Briar or OnionShare will protect metadata by using the Tor Network as a shield and storing everything locally on-device. Nothing is stored remotely, and all communications are either direct using proximity wi-fi/Bluetooth or remotely through the Tor network. - -Most apps however and especially closed-source proprietary commercial apps will collect and retain your metadata for various purposes. And such metadata alone is enough to figure out a lot of things about your communications. - -Again, it is important to prefer open-source apps with privacy in mind and various methods in place to protect not only the content of communications but all the associated metadata. - -#### Open-Source: - -Finally, Open-Source apps should always be preferred because they allow third parties to check actual capabilities and weaknesses vs claims of marketing departments. Open-Source does not mean the app should be free or non-commercial. It just means transparency. - -#### Comparison: - - -------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
App0e2ee1Roll Your Own Crypto

Perfect

-

Forward Secrecy

Zero-Access Encryption at-rest5Metadata Protection (obfuscation, encryption…)Open-SourceDefault Privacy SettingsNative Anonymous Sign-up (no e-mail or phone)Possible through TorPrivacy and Security Track Record ***De-centralizedAdditional notes

Berty

-

(avoid)

YesNoYesYesYesYes 13GoodYesYesGoodYes (peer to peer)Not sufficiently reviewed by this project, cannot recommend
Briar (preferred)YesNo 1YesYesYes (strong)YesGoodYesNatively3GoodYes (peer to peer)

Cwtch

-

(preferred)

YesNoYesYesYes (strong)YesGoodYesNativelyGoodYes (peer to peer)

Discord

-

(avoid)

NoClosed-source7NoNoNoNoBadE-Mail RequiredVirtualizationBadNo
Element / Matrix.org (preferred)Yes (opt-in)NoYesYesPoor2YesGoodYesVia Proxy3 or VirtualizationGoodPartial (federated servers)
Facebook Messenger (avoid)Partial (Only 1to1 / opt-in)Closed-source7YesNoNoNoBadE-Mail and Phone requiredVirtualizationBadNo
OnionShare (preferred)YesNoTBD8TBD8Yes (strong)YesGoodYesNativelyGoodYes (peer to peer)
Apple Messages (aka iMessage)YesClosed-source7NoPartialNoNoGoodApple device RequiredMaybe Virtualization using real Apple device IDBadNo
IRCYes (OTR plugins)NoNoNoNoYesBadYesVia Proxy3 or VirtualizationGoodNo

Jami

-

(preferred)

YesNo3YesYesPartialYesGoodYesVia Proxy3 or Virtualization9GoodPartialTor breaks some features
KakaoTalk (avoid)YesClosed-source7No4NoNoNoBadNo (but possible)VirtualizationBadNo
KeybaseYesNoPartial (exploding message)NoNoYesGoodE-Mail RequiredNo
Kik (avoid)NoClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
Line (avoid)Partial (opt-in)Closed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
Pidgin with OTR (avoid)Yes (OTR5)NoYesNoNoYesBadYesVia Proxy3 or VirtualizationBad6No
Tox (avoid)YesNoNoNoNoYesGoodYesVia Proxy3 or VirtualizationMedium7YesKnown cryptographic weaknesses14

Session

-

(Preferred only on iOS)

YesNoNoYesYesYesGoodYesVia Proxy3 or Virtualization10GoodYesLacks PFS, deniability
SignalYesNoYesYesYes (moderate)YesGoodPhone RequiredVirtualizationGoodNoRequires burner or anonymous VOIP number for anonymous usage
Skype (avoid)Partial (Only 1to1 / opt-in)Closed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
SnapChat (avoid)NoClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNoDeleted/expired messages are easily recoverable15,16
Teams (avoid)YesClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
TelegramPartial (Only 1to1 / opt-in)Yes (MTProto8)Partial (secret chats only)YesNoPartial5Medium (e2ee off by default)Phone RequiredVia Proxy3 or VirtualizationMedium9No
Viber (avoid)Partial (Only 1to1)Closed-source7YesNoNoNoBadNo (but possible)VirtualizationBadNo
WeChat (avoid)NoClosed-source7NoNoNoNoBadNoVirtualizationBadNo
WhatsApp (avoid)YesClosed-source7YesNoNoNoBadPhone RequiredVirtualizationBadNo
Wickr MePartial (Only 1to1)NoYesNoYes (moderate)NoGoodYesVirtualizationGoodNo
Gajim (XMPP) (preferred)YesNoYesNoNoYesGoodYesVia Proxy3 or VirtualizationGoodPartial
Zoom (avoid10)Disputed11NoTBD8NoNoNoBadE-Mail RequiredVirtualizationBad12NoMalware risk17
MollyYesNoYesYesYes (moderate)YesGoodPhone RequiredVirtualizationGoodNoRequires phone number. Security hardened fork of Signal client. Security may be delayed for up to a week
-
-
-
    -
  1. Briar Documentation, Bramble Transport Protocol version 4 https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md [Archive.org]↩︎

  2. -
  3. Serpentsec, Matrix https://web.archive.org/web/https://serpentsec.1337.cx/matrix↩︎

  4. -
  5. Wikipedia, GnuTLS, https://en.wikipedia.org/wiki/GnuTLS [Wikiless] [Archive.org]↩︎

  6. -
  7. KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A Security and Privacy Audit of KakaoTalk’s End-to-End Encryption www.diva-portal.org/smash/get/diva2:1046438/FULLTEXT01.pdf [Archive.org]↩︎

  8. -
  9. Wikipedia, OTR https://en.wikipedia.org/wiki/Off-the-Record_Messaging [Wikiless] [Archive.org]↩︎

  10. -
  11. Pidgin Security Advisories, https://www.pidgin.im/about/security/advisories/ [Archive.org]↩︎

  12. -
  13. Whonix Forum, Tox Integration https://forums.whonix.org/t/tox-qtox-whonix-integration/1219 [Archive.org]↩︎

  14. -
  15. Telegram Documentation, MTProto Mobile Protocol https://core.telegram.org/mtproto [Archive.org]↩︎

  16. -
  17. Wikipedia, Telegram Security Breaches, https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches [Wikiless] [Archive.org]↩︎

  18. -
  19. TechCrunch, Maybe we shouldn’t use Zoom after all, https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ [Archive.org]↩︎

  20. -
  21. The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing https://theintercept.com/2020/03/31/zoom-meeting-encryption/ [Tor Mirror] [Archive.org]↩︎

  22. -
  23. Serpentsec, Secure Messaging: Choosing a chat app https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app↩︎

  24. -
  25. Berty, Development, https://berty.tech↩︎

  26. -
  27. Tox Handshake Vulnerable to KCI, https://github.com/TokTok/c-toxcore/issues/426↩︎

  28. -
  29. The Guardian, Deleted Snapchat photos recovered 'within days' by forensics company, https://www.theguardian.com/technology/2013/may/09/snapchat-photos-not-deleted↩︎

  30. -
  31. The Guardian, Snapchat's expired snaps are not deleted, just hidden, https://web.archive.org/web/20131115224243/https://www.theguardian.com/media-network/partner-zone-infosecurity/snapchat-photos-not-deleted-hidden↩︎

  32. -
  33. The Guardian, ‘Zoom is malware’: why experts worry about the video conferencing platform, https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing↩︎

  34. -
-
- -**Legend:** - -1. The mention "preferred" or "avoid" refers to the use of those apps for sensitive communications. This is just my opinion, and you can make your own using the resources above and others. Remember "Trust but verify". - -2. e2ee refers to "end-to-end encryption" - -3. Additional steps might be needed for securing Tor Connectivity - -4. Their ability and willingness to fight for privacy and not cooperate with various adversaries - -5. Only the client apps are open-source, not the server-side apps - -6. This means the data is fully encrypted at rest (and not only during transit) and unreadable by any third party without a key you only know (including backups) - -7. Unverifiable because it is proprietary closed source. - -8. To Be Determined, unknown at the time of this writing - -9. Jami will require you to enable DHTProxy in their options to work and it will be limited to text only. - -10. Session also uses their own Onion Routing solution called LokiNet - -**Some apps like Threema and Wire were excluded from this comparison due to not being free and not accepting anonymous cash methods such as Cash/Monero.** - -#### Conclusion: - -**Remember: [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:].** - -We will recommend these options in that order (as also recommend by Privacyguides.org[^416]'[^417] except for Session and Cwtch): - -- macOS: - - - Native Tor Onion Routing Support (**preferred**): - - - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - - - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) - -- Windows: - - - Native Tor Onion Routing Support (**preferred**): - - - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - - - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) - -- Linux: - - - Native Tor Onion Routing Support (**preferred**): - - - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/))* - - - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - - - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) - -* Note that for Jami to work over Tor, you will have to enable the local DHTProxy option within Jami Settings. This will only work for text messages and not for calls/videos) - -** Note that these options (Briar, Cwtch, and OnionShare) do not support multi-devices yet. Your information is strictly stored on the device/OS where you are setting it up. Do not use those on a non-persistent OS unless you want ephemeral use. - -Any safe options for mobile devices? **Yes, but these are not endorsed/recommended except Briar on Android. Remember also that this guide discourages the use of smartphones for sensitive activities in general.** - -- Android: - - - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/)) - - - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**) - -- iOS: - - - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]](https://web.archive.org/web/https://getsession.org/). Why is it not recommended these days within the privacy community? **See: [Appendix B7: Caution about Session messenger][Appendix B7: Caution about Session messenger] to find out why we are cautious about Session Messenger**. - -**Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).** - -WhileWedo not recommend most of the messaging platforms for the various reasons outlined above (phone number and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this guide (virtualization behind a Tor Gateway on a non-persistent OS). - -The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto choices but also because they allow convenient anonymous sign-up without going through the many hassles of having a phone number/e-mail verification method and are open source. Those should be privileged in most cases. - -You can also consult the following external resources for more comparisons (**we do not necessarily endorse their opinions**): - -- SecuChart, [[Archive.org]](https://web.archive.org/web/https://bkil.gitlab.io/secuchart/) [[Repository]](https://github.com/bkil/secuchart) (Maintained open-source project) -- Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) - - Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_instant_messaging_protocols) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols) -- Whonix Documentation, Instant Messenger Chat [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat) (Outdated, Unmaintained but contains insightful information) - -- **Outdated, or unmaintained, or abandoned resources scheduled for removal from our guide in next release:** - - - Secure Messaging Apps [[Archive.org]](https://web.archive.org/web/https://www.securemessagingapps.com/) - - Proton Blog, [[Archive.org]](https://web.archive.org/web/2022053117143/https://proton.me/blog/whatsapp-alternatives) - - SecureChart.org, [[Archive.org]](https://web.archive.org/web/https://securechatguide.org/featuresmatrix.html) - - Messenger-Matrix.de at [[Archive.org]](https://web.archive.org/web/https://www.messenger-matrix.de/messenger-matrix-en.html) - -**We do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, we strongly recommend against using Signal if possible. The same recommendation applies to popular forks of Signal such as Molly ([[Archive.org]](https://web.archive.org/web/https://molly.im))** - -### How to share files publicly but anonymously: - -**Warning: before sharing anything publicly, make sure your files are curated of any information that could compromise your identity. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:].** - -Consider the following platforms: - -- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) - -- Proton Drive (): Paid. Requires users to have "Proton Unlimited" or "Mail Plus". Proton Drive is E2EE and recommended by PrivacyGuides.org - - Like Proton and Proton VPN, it's not easy to sign up anonymously. When you try to register through Tor, they request verification either by phone number, or by providing a donation - -- Filen (): free tier limited to 10GB total - -Consider the use of IPFS[^421]: - -- Pinata (): Free tier limited to 1GB total - -### Redacting Documents/Pictures/Videos/Audio safely: - -You might want to self-publish some information safely and anonymously in the form of writing, pictures, videos, ... - -For all these purposes here are a few recommendations: - -- Ideally, you should not use proprietary software such as Adobe Photoshop, Microsoft Office... - -- Preferably, you should use open-source software instead such as LibreOffice, Gimp... - -While the commercial alternatives are feature-rich, they are also proprietary closed-source and often have various issues such as: - -- Sending telemetry information back to the company. - -- Adding unnecessary metadata and sometimes watermarks to your documents. - -- These apps are not free, and any leak of any metadata could be traced back to you since you had to buy these somewhere. - -It is possible to use commercial software for making sensitive documents, but you should be extra careful with all the options in the various Apps (commercial or free) to prevent any data leak from revealing information about you. - -Here is a comparative table of recommended/included software compiled from various sources (PrivacyGuides.org, Whonix, Tails, Prism-Break.org, and me). Keep in mind my recommendation considers the context of this guide with only sporadic online presence on a need basis. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TypeWhonixPrism-Break.orgPrivacyGuides.orgTailsThis guide
Offline Document EditingLibreOfficeN/ALibreOffice*LibreOffice

LibreOffice,

-

Notepad++

Online Document Editing (collaboration)N/ACryptpad.fr

Cryptpad.fr,

-

Etherpad.org,

-

Privatebin.net

N/A

Cryptpad.fr,

-

Etherpad.org,

-

Privatebin.net

Pictures EditingFlameshot (L)N/AN/AGIMPGIMP
Audio EditingAudacityN/AN/AAudacityAudacity
Video EditingFlowblade (L)N/AN/AN/A

Flowblade (L)

-

Olive (?)

-

OpenShot (?)

-

ShotCut (?)

Screen RecorderVokoscreenN/AN/AN/AVokoscreen
Media PlayerVLCN/AN/AVLCVLC
PDF ViewerRistretto (L)N/AN/AN/ABrowser
PDF RedactionPDF-Redact Tools (L)N/AN/APDF-Redact Tools (L)

LibreOffice,

-

PDF-Redact Tools (L)

- -**Legend:** * Not recommended but mentioned. N/A = Not Included or absence of recommendation for that software type. (L)= Linux Only but can maybe be used on Windows/macOS through other means (HomeBrew, Virtualization, Cygwin). (?)= Not tested but open-source and could be considered. - -**In all cases, we strongly recommend only using such applications from within a VM or Tails to prevent as much leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:]).** - -### Communicating sensitive information to various known organizations: - -You might be interested in communicating information to some organization such as the press anonymously. - -If you must do so, you should take some steps because you cannot trust any organization to protect your anonymity[^422]. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:]. - -For this, we strongly recommend the use of SecureDrop[^423] ( [[Archive.org]](https://web.archive.org/web/https://securedrop.org/)) which is an open-source project from the Freedom of the Press Foundation. - -- Do take a moment to their read their "source guide" here: [[Archive.org]](https://web.archive.org/web/https://docs.securedrop.org/en/stable/source.html) - -- Ideally, you should use SecureDrop over Tor and you will find a curated list of those here [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites#securedrop) - -If not SecureDrop is not available, you could consider any other means of communication, but you should privilege those that are encrypted end to end. **Do not ever do this from your real identity but only from a secure environment using an anonymous identity.** - -Without SecureDrop you could consider: - -- Using e-mail with GPG encryption provided your recipient has published a GPG key somewhere. You can look this up here: - - - On their verified Social Media accounts (Twitter) if they provided it. - - - On (Tor address ) - - - On open PGP directories such as: **(be careful as those are public directories and anyone can upload any key for any e-mail address, you will have to cross-check the signature with other platforms to be sure it is theirs).** - - - - - - - - - - -- Using any other platform (even Twitter DMs) but again using GPG to encrypt the message for the recipient. - -What you should avoid: - -- Do not send physical materials using the post due to the risk of leaving DNA/Fingerprints or other traceable information (see [Cash-Paid VPN (preferred)][Cash/Monero-Paid VPN:]). - -- Do not use methods linked to a phone number (even a burner one) such as Signal/WhatsApp/Telegram. - -- Do not use any kind of voice/video communication. - -- Do not leak any clues about your real identity when exchanging messages. - -- Do not meet people in real life unless you have absolutely no other option (this is a last resort option). - -If you intend to break your anonymity to protect your safety: - -- Assess the risks very carefully first. - -- Inform yourself carefully on the legality/safety of your intent and the consequences for you and others. Think about it carefully. - -- Possibly reach out to a **trusted** lawyer before doing so. - -### Maintenance tasks: - -- You should sign-up carefully into your accounts from time to time to keep them alive. - -- Check your e-mail regularly for security checks and any other account notification. - -- Check regularly the eventual appearance of compromise of any of your identities using [[Archive.org]](https://web.archive.org/web/https://haveibeenpwned.com/) (obviously from a safe environment). - -# Backing up your work securely: - -**Do not ever upload encrypted file containers with plausible deniability (hidden containers within them) to most cloud services (iCloud, Google Drive, OneDrive, Dropbox) without safety precautions. This is because most cloud services keep backups/versioning of your files, and such backups/versioning of your encrypted containers can be used for differential analysis to prove the existence of a hidden container.** - -Instead, this guide will recommend other methods of backing up your stuff safely. - -## Offline Backups: - -These backups can be done on an external hard drive or a USB key. Here are the various possibilities. - -### Selected Files Backups: - -#### Requirements: - -For these back-ups, you will need a USB key or an external hard drive with enough storage capacity to store the files you want to back up. - -#### Veracrypt: - -For this purpose, we will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, security, and portability. - -#### Normal File containers: - -The process is fairly simple and all you will need is to follow Veracrypt tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html) - -In this container, you can then store sensitive data manually and or use any backup utility you want to backup files from the OS to that container. - -You can then store this container anywhere safely. - -#### Hidden File containers with plausible deniability: - -The process is also fairly simple and similar to the earlier tutorial except for this time you will use the Veracrypt wizard to create a Hidden Veracrypt Volume instead of a Standard Veracrypt Volume. - -You can create a Hidden volume within an existing Standard Volume or just use the wizard to create a new one. - -Let us say you want a container of 8GB, the Wizard will first create an "outer volume" where you will be able to store decoy information when prompted. Some decoy files (somewhat sensible, plausible but not what you want to hide) should be stored in the decoy volume. - -Then Veracrypt will ask you to create a smaller hidden container (for instance 2GB or 4GB) within the outer volume where you can store your actual hidden files. - -When you select the file for mounting in Veracrypt, depending on which password you provide, it will mount the Outer decoy volume or the Hidden volume. - -You can then mount your hidden volume and use it to store sensitive files normally. - -**Be careful when mounting the Outer decoy volume to update its content. You should protect the hidden volume from being overwritten when doing this as working in the decoy volume could overwrite data in the hidden volume.** - -To do this, when mounting the Decoy Volume, select Mount Options and Check the "Protect hidden volume" option and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt documentation: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) - -**Be extremely cautious with these file containers:** - -- **Do not store multiple versions of them or store them anywhere where some versioning is being done (by the file system or the storage system). These file containers should be identical everywhere you store them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one you are using. If you do not take this precaution, an adversary could compare two different versions of this container and prove the existence of hidden data. Follow carefully the recommendations here ** [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html)**. Remember the [Local Data Leaks and Forensics:] section.** - -- We strongly recommend storing such containers on external USB keys that you will only mount from your guest VMs and never from your Host OS. **After each modification to the files, you should clean the free space on the USB disk and make sure that any backup of such containers is absolutely identical on each key and your computer. See the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives][How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section of this guide for help on doing this.** - -- If you have time, **We will even recommend that you delete wipe the keys completely before making any modification on such containers on your computer (if you do not work from the USB key directly).** This is to prevent an adversary that would seize your assets before you could update the keys from having multiple versions of the containers that could lead to proving the existence of hidden data using forensics techniques. - -- **Do not ever store such containers on cloud storage platforms that have backups and where you have no direct control over permanent deletion. They might keep "old versions" of your files which can then also be used by forensics to prove the existence of hidden data.** - -- If you are mounting the hidden volume from your Host OS (**not recommended**), you should erase all traces of this hidden volume everywhere after use. There could be traces in various places (system logs, file systems journaling, recent documents in your applications, indexing, registry entries...). Refer to the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide to remove such artifacts. Especially on Windows. Instead, you should mount them on your Guest VMs. With Virtualbox for instance, you could take a snapshot of the VM before opening/working the hidden volume and then restore the snapshot before opening/working on it after use. This should erase the traces of its presence and mitigate the issue. Your Host OS might keep logs of the USB key being inserted but not of the hidden volume usage. Therefore, we do not recommend using these from your host OS. - -- Do not store these on external SSD drives if you are not sure you can use Trim on them (see the [Understanding HDD vs SSD][Understanding HDD vs SSD:] section). - -### Full Disk/System Backups: - -**TLDR version: Just use Clonezilla as it worked reliably and consistently with all my tests on all operating systems except for Macs where you should probably use native utilities (Time Machine/Disk utility instead) to avoid compatibility issues and since you are using Native macOS encryption. When using Windows, do not back up a partition containing a hidden OS in case you use Plausible Deniability** (as explained before, this backup could allow an adversary to prove the existence of the hidden OS by comparing the last backup to the current system where data will have changed and defeat plausible deniability, use file containers instead). - -You will have two options here: - -- (Not recommended) Doing your backup from the live operating system using a backup utility (commercial utilities such as EaseUS Todo Free, Macrium Reflect...) or native utilities like macOS Time Machine, QubesOS Backup, Ubuntu Déjà Dup, or Windows Backup...). - - - This backup can be done while the Operating System is running. - - - This backup will not be encrypted using the disk encryption but using the Backup utility encryption algorithm (which you will have to trust and cannot really control for most). Alternatively, you could encrypt the backup media yourself separately (for instance with Veracrypt). We are not aware of any free or non-free utility that natively supports Veracrypt. - - - Some utilities will allow for differential/incremental backups instead of full backups. - - - These backup utilities will not be able to restore your encrypted drive as-is as they do not support those encrypted file systems natively. And so, these will require more work to restore your system in an encrypted state (re-encryption after restoring). - -- (Recommended) Doing it offline from a boot drive (such as with the free open-source Clonezilla). - - - This backup can only be done while the Operating System is not running. - - - This backup will back up the encrypted disk as-is and therefore will be encrypted by default with the same mechanism (it is more like a fire and forget solution). The restore will also restore the encryption as-is and your system will immediately be ready to use after a restore. - - - This method will not allow incremental/differential back-ups (meaning you will have to re-do a full backup every time). - - - This method is the easiest to manage. - -We made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déjà Dup...) and personally we do not think it is worth it. Instead, we would recommend that you periodically back up your system with a simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour depending on the speed of your destination media. - -For backing up single files while you work, we recommend using file containers or encrypted media directly and manually as explained in the earlier section. - -#### Requirements: - -You will need a separate external drive with at least the same or more free space available than your source disk. If your laptop has a 250GB disk. You will need at least 250GB of free disk space for the full image backup. Sometimes this will be reduced significantly with compression by the backup utility but as a safety rule, you should have at least the same or more space on your backup drive. - -#### Some general warnings and considerations: - -- If you use Secure Boot, you will need a backup utility that supports Secure Boot which includes Clonezilla AMD64 versions. - -- Consider the use of exFAT as the file system for your backup drives as those will provide better compatibility between various OSes (macOS, Linux, and Windows) vs NTFS/HFS/ext4... - -#### Linux: - -##### Ubuntu (or any other distro of choice): - -We will recommend the use of the open-source Clonezilla utility for convenience and reliability but there are many other native Linux utilities and methods you could use for this purpose. - -So, you should follow the steps in [Appendix E: Clonezilla] - -##### QubesOS: - -Qubes OS recommends using their own utility for backups as documented here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/backup-restore/). But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. - -So, you should follow the steps in [Appendix E: Clonezilla] - -#### Windows: - -We will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial utilities that offer the same functionality, but we do not see any advantage in using any of them vs Clonezilla. - -Some warnings: - -- If you use Bitlocker for encryption with TPM[^424] enabled, you might need to save your Bitlocker Key (safely) somewhere as well as this might be needed to restore your drive if your HDD/SSD or other hardware parts changed. Another option would be to use Bitlocker without the use of TPM which would not require this option. But again, we do not recommend using Bitlocker at all. - -- You should always have a backup of your Veracrypt rescue disk at hand somewhere to be able to resolve some issues that might still appear after a restore. Remember this rescue disk does not contain your passphrase or any sensitive information. You can store it as is. - -- If you changed the HDD/SSD after a failure, Windows 10/11 may refuse to boot if your hard drive ID is changed. You should also save this ID before backing up as you might need to change the ID of the new drive as Windows 10/11 might require a matching ID before booting. See [Appendix F: Diskpart] - -- **In case you are using Plausible Deniability on Windows. DO NOT back up the hidden OS partition as this image could be used by Forensics to prove the existence of the hidden volume as explained earlier. It is okay to back up the Decoy OS partition without issues, but you should never back up the partition containing the Hidden OS.** - -Follow the steps in [Appendix E: Clonezilla] - -#### macOS: - -we would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh21241/mac) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0). - -So, plug in an external drive and it should prompt you to use it as a Time Machine backup. - -**You should however consider formatting this drive as exFAT so that it is also usable by other OSes conveniently (Windows/Linux) without added software using this guide: ** [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac) - -It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from the recovery options and you will be also able to use this disk for backing up other devices. - -It is possible to also use Clonezilla to clone your Mac Hard Drive, but it could bring hardware compatibility issues and probably will not add much in terms of security. So, for macOS, We are not specifically recommending Clonezilla. - -## Online Backups: - -### Files: - -This is a tricky one. The problem is that it depends on your threat model. - -- **TLDR: Do not store file containers with plausible deniability (Veracrypt) online.** If you use containers with plausible deniability, you should never store them on any platform where you do not have full control over the deletion process as the platform will most likely have backups of previous versions for some time. And again, these previous versions could allow forensics to prove the existence of hidden data and defeat plausible deniability. This includes platforms like DropBox, Google Drive, OneDrive, or others. The only acceptable online storage of those could be "cold storage" (meaning you will never change those files again and just keep them away untouched compared to any local version). - -- If you use normally encrypted backups without plausible deniability, you could store them pretty much anywhere if they are properly encrypted locally before uploading (for example with Veracrypt, using strong passphrases and encryption). **Do not ever trust the encryption of any online provider. Only trust your own local encryption (using Veracrypt for instance).** For these cases, you could store your backups pretty much anywhere in the accounts of your online identities (iCloud, Google Drive, DropBox...) if they are strongly encrypted locally before uploading. But you could also prefer privacy caring services such as Cryptpad.fr (1GB). - -Obviously do not ever do/access those backups from unsecured/unsafe devices but only from the secure environments, you picked before. - -#### Self-hosting: - -Self-hosting (using Nextcloud for instance) is also a possibility provided you do have an anonymous hosting - -**Please see [Appendix A1: Recommended VPS hosting providers].** - -Please also consider [Appendix B2: Monero Disclaimer]. - -#### Cloud-hosting: - -For smaller files, consider: - -- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) - -- Filen (): free tier limited to 10GB total - -We are currently not aware of any online storage/hosting platform accepting cash payments unlike providers mentioned before. - -If you do intend to store sensitive data on "mainstream platforms" (Dropbox, Google Drive, OneDrive...), **remember not to ever store plausible deniability containers on those and remember to encrypt and check (for metadata...) anything locally before uploading there**. Either with software like Veracrypt or with a software like Cryptomator (). Do not ever upload non-encrypted files on those platforms and repeating myself, only access them from a secure shielded VM. - -### Information: - -If you just want to save information (text), we will recommend the use of secure and private pastebins[^425]. Mostly we will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/productivity/#paste-services) ) : - -- - -- - -On these providers, you can just create a password-protected pad with the information you want to store. - -Just create a pad, protect it with a password and write your info in it. Remember the address of the pad. - -## Synchronizing your files between devices Online: - -To that, the answer is very simple and a clear consensus for everyone: [[Archive.org]](https://web.archive.org/web/https://syncthing.net/) - -Just use SyncThing, it is the safest and most secure way to synchronize between devices, it is free and open-source, and it can easily be used in a portable way without install from a container that needs syncing. - -# Covering your tracks: - -## Understanding HDD vs SSD: - -![image41](media/image41.png) - -If you intend to wipe your whole HDD laptop, the process is rather straightforward. The data is written at a precise location on a magnetic (hard) platter (why it is called a hard drive) and your OS knows precisely where it is on the platter, where to delete it, and where to overwrite it for secure deletion using simple processes (like just overwriting that location over and over until no traces are left). - -On the other hand, if you are using an SSD drive, the process is not as simple as the drive uses several internal mechanisms to extend its lifespan and performance. Three of those processes are of particular interest when it comes to us in this guide. SSD drives are divided themselves into two main categories: - -- ATA Drives (usually SATA and usually 2.5" format as the image above). - -- NVMe Drives (usually M.2 format as the illustration below). - -Here are examples of the most common formats: - -![image42](media/image42.png) - -All of these are sold as internal and external drives within enclosures. - -The methods and utilities to manage/wipe them will vary depending on the type of drive you are using. So, it is important you know which one you have inside your laptop. - -**On most recent laptops, chances are high that it will be one of the middle options (M.2 SATA or M.2 NVMe).** - -### Wear-Leveling. - -These drives use a technique called wear leveling[^426]. At a high level, wear leveling works as follows. The space on every disk is divided into blocks that are themselves divided into pages, like the chapters in a book are made of pages. When a file is written to disk, it is assigned to a certain set of pages and blocks. If you wanted to overwrite the file in an HDD, then all you would have to do is tell the disk to overwrite those blocks. But in SSDs and USB drives, erasing and re-writing the same block can wear it out. Each block can only be erased and rewritten a limited number of times before that block just will not work anymore (the same way if you keep writing and erasing with a pencil and paper, eventually the paper might rip and be useless). To counteract this, SSDs and USB drives will try to make sure that the number of times each block has been erased and rewritten is about the same so that the drive will last as long as possible (thus the term wear leveling). As a side effect, sometimes instead of erasing and writing the block, a file was originally stored on, the drive will instead leave that block alone, mark it as invalid, and just write the modified file to a different block. This is like leaving the chapter in the book unchanged, writing the modified file on a different page, and then just updating the book's table of contents to point to the new location. All of this occurs at a very low level in the electronics of the disk, so the operating system does not even realize it has happened. This means, however, that even if you try to overwrite a file, there is no guarantee the drive will actually overwrite it, and that's why secure deletion with SSDs is so much harder. - -Wear-leveling alone can therefore be a disadvantage for security and an advantage for adversaries such as forensics examiners. This feature makes classic "secure deletion" counter-productive and useless and is why this feature was removed on some Operating Systems like macOS (as from version 10.11 El Capitan) where you could enable it before on the Recycle Bin. - -Most of those old secure deletion utilities were written with HDD in mind and have no control over wear-leveling and are completely pointless when using an SSD. Avoid them on an SSD drive. - -### Trim Operations: - -So, what now? Well here comes the Trim[^427] operation. When you delete data on your SSD, your OS should support what is called a Trim operation command and **could (should)** issue this Trim command to the SSD drive periodically (daily, weekly, monthly...). This Trim command will then let know the SSD drive controller that there are pages within blocks containing data that are now free to be really deleted without deleting anything itself. - -Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide (macOS, Windows 10/11, Ubuntu, Qubes OS 4.1.x ...). - -If Trim operations are not done regularly (or at all), then the data is never deleted pro-actively and at some point, all the blocks and pages will be occupied by data. Your OS will not see this and will just see free space as you delete files, but your SSD controller will not (this is called Write Amplification[^428]). This will then force the SSD controller to erase those pages and blocks on the fly which will reduce the write performance. This is because while your OS/SSD can write data to any free page in any bock, erasure is only possible on entire blocks, therefore, forcing your SSD to perform many operations to write new data. Overwriting is just not possible. This will defeat the wear-leveling system and cause performance degradation of your SSD over time. Every time you delete a file on an SSD, your OS should issue a Trim command along with the deletion to let the SSD controller know the pages containing the file data are now free for deletion. - -**So, Trim itself does not delete any data but just marks it for deletion.** Data deleted without using Trim (if Trim has been disabled/blocked/delayed for instance) will still be deleted at some point by the SSD garbage collection or if you want to overwrite what the OS sees at free space. But it might stick around for a bit longer than if you use Trim. - -Here is an illustration from Wikipedia showing how it works on an SSD drive: - -![image43](media/image43.png) - -As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by a Trim operation when deleting a file). As explained on [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)); the erase operation can only be done on entire blocks (and not on single pages). - -In addition to marking files for deletion (on reputable SSD drives), Trim usually makes those unreadable using a method called "Deterministic Read After Trim" or "Deterministic Zeroes After Trim". This means that if an adversary tries to read data from a trimmed page/block and somehow manages to disable garbage collection, the controller will not return any meaningful data. - -**Trim is your ally and should always be enabled when using an SSD drive and should offer sufficient reasonable protection**. And this is also the reason you should not use Veracrypt Plausible deniability on a Trim enabled SSD as this feature is incompatible with Trim[^429]. - -### Garbage Collection: - -Garbage collection[^430] is an internal process running within your SSD drive that looks for data marked for erasure. This process is done by the SSD controller, and you have no control over it. If you go back to the illustration above, you will see that Garbage collection is the last step and will notice that some pages are marked for deletion in a specific block, then copy the valid pages (not marked for deletion) to a different free destination block and then will be able to erase the source block entirely. - -Garbage collection in itself does NOT require Trim to function, but it will be much faster and more efficient if Trim is performed. Garbage collection is one of the processes that will actually erase data from your SSD drive permanently. - -### Conclusion: - -So, the fact is that it is very unlikely[^431]'[^432] and difficult for a forensic examiner to be able to recover data from a Trimmed SSD but it is not completely impossible either[^433]'[^434]'[^435] if they are fast enough and have access to extensive equipment, skills, and motivation[^436]. - -Within the context of this guide which also uses full disk encryption. Deletion and Trim should be reasonably secure enough on any SSD drive and will be recommended as the standard method of deletion. - -## How to securely wipe your whole Laptop/Drives if you want to erase everything: - -![image44](media/image44.png) - -So, you want to be sure. To achieve 100% secure deletion on an SSD drive, you will need to use specific SSD techniques (If you are using an HDD drive, skip this part and go to your OS of choice): - -- Easy options for less experienced users: - - - If available, just use the Secure Erase option available from your BIOS/UEFI (ATA/NVME Secure Erase or Sanitize). - - It's worth noting that this relies on your drive's firmware. Some drive manufacturers have messed up the implementation, causing data to still be recoverable. - - - Just re-install a fresh operating system (delete/quick format the drive) and re-encrypt it. The full disk encryption process should erase all previous data from the disk. - - - Buy PartedMagic[^437] for 11$ and use it to erase any disk. - -- Technical options for more advanced users: - - - Overwrite the entire drive's contents - - HDDs: - - Overwrite the drive's contents using a tool like [srm](https://www.howtogeek.com/425232/how-to-securely-delete-files-on-linux/), [wipe](https://linux.die.net/man/1/wipe), [shred, etc.](https://recoverit.wondershare.com/harddrive-tips/format-and-wipe-linux-disk.html). Ideally you want to use the Gutmann method, which was created for most effective data erasure on all drives. This method also works on SSDs, although it is overkill. - - Simply overwriting the drive's contents is not always enough. Dedicated secure deletion tools are designed to perform multiple passes to more effectively wipe data. This is expecially important on older drives. we recommend using either `wipe` or `srm`. - - If using `wipe`, just use its default options (`wipe /dev/sdX`), as the defaults are tuned to most effectively wipe data on HDDs. - - If using `srm`, make sure to manually specify that it should perform a Gutmann wipe (`srm -G /dev/sdX`). - - SSDs: - - Overwrite the drive's contents. Tools like wipe or shred are often overkill, as they perform up to 35 passes. While they work, most SSDs require no more than a couple passes. - - Use `wipe` with only a couple passes: `wipe -qQ2 /dev/sdX`. - - `-qQ2` means 2 passes. Replace `2` with the desired number of passes. - - Use `srm` with a 3-pass overwrite: `srm -P /dev/sdX`. - - Use `dd`: `dd if=/dev/urandom of=/dev/sdX bs=8M status=progress conv=fsync`. This command will overwrite the drive with random data. To perform multiple passes (I recommend at least 2), simply run the command again until you're satisfied. - - The reason you run it twice is because SSDs have hidden ("overprovisioned") storage which can contain remnants of deleted data. Wiping twice forces the drive to wipe its overprovisioned storage. This is only guaranteed to work if each pass writes different data (which is why we wipe with random data on each pass). - - `bs=8M` writes 8MiB blocks at a time. This doesn't affect the quality of the data deletion, but adjusting it could affect how long it takes to wipe the drive. - - - ATA/NVMe Secure Erase: This method will remove the mapping table that keeps track of allocated data on the storage Blocks but does not destroy the actual data. - - - ATA/NVMe Sanitize Crypto Scramble (aka Instant Secure Erase, Crypto Erase), which applies to self-encrypting SSD drives: This method will change the encryption key of the self-encrypting SSD drive and render all the data stored in it unreadable. - - - ATA/NVMe Sanitize Block Erase: This method performs an actual block erase on every storage block and will destroy the data and change the encryption key if present. - - - ATA/NVMe Sanitize Overwrite **(terribly slow, could be dangerous and not recommended)**: This method performs a block erase and then overwrite every storage block (it is the same as Block Erase but will overwrite data in addition). This method is overkill and not necessary. - -- Physical Destruction: - - HDDs: - - 1. Open the drive (with a screwdriver, usually Torx T8) - - 2. Remove platters (with a screwdriver, usually Torx T6) - - 3. Rub the platters with a rare earth magnet - - 4. Break/Deform/Crush the platters - - 5. Burn the platters or cook them in an oven (**do not** skip this step) - - 6. Separate the debris - - 7. Throw away in separate places - - - SSDs: - - Ideally you should wipe the drive through other means first, as this method alone is not known to be secure against all attackers - - 1. Open the drive - - 2. Break/Crush the board and memory cells - - 3. Burn them - - 4. Separate the debris - - 5. Throw away in separate places - - - Bonus: See [[Invidious]](https://yewtu.be/watch?v=-bpX8YvNg6Y) - -For maximum overkill paranoia security, Sanitize Block Erase option should be preferred but Secure Erase is probably more than enough when considering your drive is already encrypted. Unfortunately, are no **free** easy (bootable with a graphical menu) all-in-one tools available and you will be left with either going with drive manufacturers provided tools, the free manual hdparm[^438] , and nvme-cli[^439] utilities or going with a commercial tool such as PartedMagic. - -This guide will therefore recommend the use of the free utilities hdparm and nvme-cli using a Live System Rescue system. - -If you can afford it, just buy Parted Magic for 11$ which provides an easy-to-use graphical tool for wiping SSD drives using the option of your choice[^440]'[^441]. - -**Note:** **Again, before proceeding, you should check your BIOS as some will offer a built-in tool to securely erase your drive (ATA/NVMe Secure Erase or ATA/NVMe Sanitize). If this is available, you should use that, and the following steps will not be necessary. Check this before going ahead to avoid the hassle, see [Appendix M: BIOS/UEFI options to wipe disks in various Brands]).** - -### Linux (all versions including Qubes OS): - -#### System/Internal SSD: - -- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option ("ATA/NVMe Secure Erase" or "ATA/NVMe Sanitize"). Do not use wipe with passes on an SSD drive. - -- Option B: See [Appendix D: Using System Rescue to securely wipe an SSD drive] - -- Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new encrypted data. **This method will be terribly slow compared to Option A and B as it will slowly overwrite your whole SSD. Also, note that this might not be the default behavior when using LUKS. You might have to check the option to also encrypt the empty space for this effectively wipe the drive.** - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### External SSD: - -First please see [Appendix K: Considerations for using external SSD drives] - -Trim should be sufficient in most cases and you could just use the blkdiscard command to force an entire device trim as explained here: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive) - -If your USB controller and USB SSD disk support Trim and ATA/NVMe secure erase, you could wipe them cautiously using hdparm using the same method as the System Disk above except you will not install Linux on it obviously. Keep in mind tho that this is not recommended (see Considerations above). - -If it does not support Trim and/or ATA secure erase, you could (not securely) wipe the drive normally (without passes like an HDD) and re-encrypt it completely using your utility of choice (LUKS or Veracrypt for instance). The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. - -Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or from the command line using secure-delete using this tutorial [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)). - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### Internal/System HDD: - -- Option A: Check if your BIOS/UEFI has a built-in option and use them and if it does, use the correct option (Wipe + Passes in the case of an HDD). - -- Option B: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] - -- Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new encrypted data. **This method will be terribly slow compared to Option A and B as it will slowly overwrite your whole HDD.** - -#### External/Secondary HDD and Thumb Drives: - -- Option A: Follow one of these tutorials: - - - [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) - - - [[Archive.org]](https://web.archive.org/web/https://linoxide.com/linux-command/commands-wipe-disk-linux/) - - - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Securely_wipe_disk) - -I recommend using dd or shred for this purpose. - -- Option B: Install and use BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or follow this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) - -- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] - -### Windows: - -Unfortunately, you will not be able to wipe your Host OS using the Microsoft built-in tools within the settings. This is because your bootloader was modified with Veracrypt and will make the operation fail. In addition, this method would not be effective with an SSD drive. - -#### System/Internal SSD: - -- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option ("ATA/NVMe Secure Erase" or "ATA/NVMe Sanitize"). Do not use wipe with passes on an SSD drive. - -- Option B: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives.][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] - -- Option C: See [Appendix D: Using System Rescue to securely wipe an SSD drive] - -- Option D: Wipe your disk and re-install Windows before performing new full disk encryption (using Veracrypt or Bitlocker) to overwrite all sectors with new encrypted data. **This method will be slower compared to Option A and B as it will overwrite your whole SSD.** - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### External SSD: - -First please see [Appendix K: Considerations for using external SSD drives] - -Use the manufacturer-provided tools if possible. Those tools should provide support for safe secure erase or sanitize over USB and are available for most brands: See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives.][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] - -If you are not sure about the Trim support on your USB disk, (not securely) wipe it normally (simple quick format will do) and then encrypt the disk again using Veracrypt or Bitlocker. The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. - -Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit or PrivaZer free space erase options). See [Extra Tools Cleaning]. - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### Internal/System HDD: - -- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option (Wipe + Passes). - -- Option B: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] - -- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] - -#### External/Secondary HDD and Thumb Drives: - -- Option A: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] - -- Option B: Use external tools such as: - - - Eraser (open-source): [[Archive.org]](https://web.archive.org/web/https://eraser.heidi.ie/download/) - - - KillDisk Free: [[Archive.org]](https://web.archive.org/web/http://killdisk.com/killdisk-freeware.htm) - -- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] - -### macOS: - -#### System/Internal SSD: - -Unfortunately, the macOS Recovery disk utility will not be able to perform a secure erase of your SSD drive as stated in Apple documentation [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac). - -In most cases, if your disk was encrypted with Filevault and you just perform a normal erase, it should be "enough" according to them. It is not according to me, so you have no option besides re-installing macOS again and re-encrypt it with Filevault again after re-installing. This should perform a "crypto erase" by overwriting your earlier install and encryption. This method will be quite slow, unfortunately. - -If you want to do a faster secure erase (or have no time to perform a re-install and re-encryption), you can try using the method described in [Appendix D: Using System Rescue to securely wipe an SSD drive][Appendix D: Using System Rescue to securely wipe an SSD drive] **(This will not work on M1 Macs)**. **Be careful tho as this will also erase your recovery partition which is needed to reinstall macOS.** - -#### External SSD: - -First please see [Appendix K: Considerations for using external SSD drives] - -If your USB controller and USB SSD disk support Trim and ATA secure erase, and if Trim is enabled on the disk by macOS, you can just wipe the whole disk normally and data should not be recoverable on recent disks. - -If you are not sure about Trim support or want more certainty, you can (not securely) wipe it using macOS disk utility before fully re-encrypting them again using these two tutorials from Apple: - -- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) - -- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac) or using Veracrypt full disk encryption. - -The full disk re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### External HDD and Thumb Drives: - -Follow this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) and use the secure erase option from Disk Utility which should work fine on HDD and Thumb drives. - -## How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives: - -The same principles from the earlier chapters apply to this one. The same issues arise too. - -With an HDD drive, you can securely delete files by just deleting them and then apply one or more "passes" to overwrite the data in question. This can be done with many utilities on all OSes. - -With an SSD drive, however, again everything becomes a bit complicated because you are never sure anything is really deleted due to wear leveling, reliance on the Trim operation, and garbage collection of the drive. An adversary that has the decryption key of your SSD (whether it is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your drive and then attempt a recovery using classic recovery utilities[^442] and could succeed if the data were not trimmed properly. But this is again highly unlikely. - -Since the Trim operation is not continuous on most recent hard drives but scheduled, simply forcing a Trim operation should be enough. But again, the only way to be 100% sure a file is securely deleted from your unlocked encrypted SSD is to again overwrite all the free space after deletion of the files in question or to decrypt/re-encrypt the drive. But this is overkill and not necessary. A simple disk-wide Trim should be sufficient. - -**Remember tho that no matter the deletion method you use for any file on any medium (HDD drive, SSD, USB Thumb drive). It will probably leave other traces (logs, indexing, shellbags ...) within your system and those traces will also need to be cleaned. Also, remember that your drives should be fully encrypted and so this is most likely an extra measure. More on that later in the [Some additional measures against forensics][Some additional measures against forensics:] section.** - -### Windows: - -**Remember you cannot use Trim at all if you are using Plausible Deniability on an SSD drive against all recommendations.** - -#### System/Internal SSD drive: - -At this stage, and just delete the file permanently (empty the recycle bin) and trim/garbage collection will do the rest. This should be sufficient. - -If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10/11), you could also force a disk-wide Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]). - -If data were deleted by some utility (for instance by Virtualbox when reverting a snapshot), you could also issue a disk-wide Trim to clean anything remaining using the same Optimize tool. - -Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again to force a Trim. You are done. That is probably enough in my opinion. - -![image45](media/image45.png) - -If you want more security and do not trust the Trim operation, then you will have no option but to either: - -- Decrypt and re-encrypt (using Veracrypt or Bitlocker) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - -- Trim and then fill up the entire free space of the disk using a utility such as BleachBit or PrivaZer. - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### Internal/External HDD or a USB Thumb Drive: - -Please refer to [Appendix H: Windows Cleaning Tools] and pick a utility before going ahead. - -The process is quite simple depending on the tool you picked from the Appendix: - -- Right-click a file/folder: - - - PrivaZer: Delete without a trace - - - BleachBit: Shred with BleachBit (or see this tutorial from the EFF [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-windows)) - -In the case of USB thumb drives, consider wiping free space using one of the above utilities after file deletion or wiping them completely using Eraser / KillDisk as instructed previously. - -#### External SSD drive: - -First please see [Appendix K: Considerations for using external SSD drives] - -If Trim is supported and enabled by Windows for your external SSD drive. There should be no issue in securely deleting data normally just with normal delete commands. Additionally, you could also force a Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]): - -Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again to force a Trim. You are done. That is probably enough in my opinion. - -If Trim is not supported or you are not sure, you might have to ensure secure data deletion by: - -- Filling up all the free space after any deletion (using BleachBit or PrivaZer for instance). - -- Decrypt and Re-encrypt the disk with a different key after each deletion (using Veracrypt or Bitlocker). - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -### Linux (non-Qubes OS): - -#### System/Internal SSD drive: - -Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to Trim operations and garbage collection. - -If you do not want to wait for the periodic Trim (set to Weekly by default in Ubuntu), you could also force a disk-wide Trim by running ```fstrim --all``` from a terminal. This will issue an immediate trim and should ensure sufficient security. This utility is part of the ```util-linux``` package on Debian/Ubuntu and should be installed by default on Fedora. - -If you want more security and do not trust the Trim operation, then you will have no option but to either: - -- Decrypt and re-encrypt (using LUKS for instance following this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption)) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - -- Trim using ```fstrim --all``` and then fill up the entire free space of the disk using a utility such as: - - - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - - - Install secure-delete package and use sfill on the root of the drive: - - - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: - - - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` - - - ```dd if=/dev/zero of=zero.file bs=1024``` - - - ```sync ; sleep 60 ; sync``` - - - ```rm zero.small.file``` - - - ```rm zero.file``` - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### Internal/External HDD drive or a Thumb Drive: - -- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) - -- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). - -#### External SSD drive: - -First please see [Appendix K: Considerations for using external SSD drives] - -If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue an ```fstrim --all``` from the terminal to trim the drive. This utility is part of the "util-linux" package on Debian/Ubuntu and should be installed by default on Fedora. - -If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility such as: - -- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - -- Fill the free space using one of those methods: - - - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - - - Install secure-delete package and use sfill on the root of the drive: - - - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: - - - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` - - - ```dd if=/dev/zero of=zero.file bs=1024``` - - - ```sync ; sleep 60 ; sync``` - - - ```rm zero.small.file``` - - - ```rm zero.file``` - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -### Linux (Qubes OS): - -#### System/Internal SSD drive: - -As with other Linux distros, normal deletion and trim should be sufficient on most SSD drives. So just permanently delete the file (and empty any recycle bin) and it should be unrecoverable due to periodic Trim operations and garbage collection. - -Please follow this documentation to Trim within Qubes OS: [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md) - -As with other Linux Systems, if you want more security and do not trust the Trim operation then you will have no option but to either: - -- Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. We didn't find a reliable tutorial on how to do this safely on Qubes OS but it is possible this tutorial could work: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) (at your own risk, this has not been tested yet). - -- Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) and then trim using "fstrim --all" and then fill up the entire free space of the disk using a utility such as: - - - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - - - Install secure-delete package and use sfill on the root of the drive: - - - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: - - - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` - - - ```dd if=/dev/zero of=zero.file bs=1024``` - - - ```sync ; sleep 60 ; sync``` - - - ```rm zero.small.file``` - - - ```rm zero.file``` - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -#### Internal/External HDD drive or a Thumb Drive: - -Use the same method as Linux from a Qube connected to that specific USB device - -- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) - -- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). - -#### External SSD drive: - -First please see [Appendix K: Considerations for using external SSD drives] - -If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue a "fstrim --all" from the terminal to trim the drive. Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) to enable trim on a drive. - -If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility from a Qube connected to the USB device in question: - -- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - -- Fill the free space using one of those methods: - - - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - - - Install secure-delete package and use sfill on the root of the drive: - - - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: - - - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` - - - ```dd if=/dev/zero of=zero.file bs=1024``` - -Repeat these steps on any other partition if there are separate partitions on the same SSD drive before deleting the files. - -- ```sync ; sleep 60 ; sync``` - -- ```rm zero.small.file``` - -- ```rm zero.file``` - -Repeat these steps on any other partition if there are separate partitions on the same SSD drive. - -**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** - -### macOS: - -#### System/Internal SSD drive: - -Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to trim operations and garbage collection. - -- If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes data[^443] according to their documentation. - -"Does Apple File System support TRIM operations? - -Yes. TRIM operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are performed only after metadata changes are persisted to stable storage". - -- If your file system is HFS+, you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)) - -![image46](media/image46.png) - -#### System/Internal, External HDD drive or a Thumb Drive: - -Unfortunately, Apple has removed the secure erase options from the trash bin even for HDD drives[^444]. So, you are left with using other tools: - -- Permanent Eraser [[Archive.org]](https://web.archive.org/web/http://www.edenwaith.com/products/permanent%20eraser/) - -- From the terminal, you can use the "rm --P filename" command which should erase the file and overwrite it as explained in this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos). - -In the case of USB thumb drives, consider wiping them completely using Disk Utility as instructed previously. - -#### External SSD drive: - -First please see [Appendix K: Considerations for using external SSD drives] - -If Trim is supported and enabled by macOS for your external SSD drive. There should be no issue in securely deleting data. - -If Trim is not supported, you might have to ensure secure data deletion by: - -- Filling up all the free space after any deletion using the Linux Method above (dd). - -- Decrypt and Re-encrypt the disk with a different key after each deletion (using Disk Utility or Veracrypt). - -## Some additional measures against forensics: - -Note that the same SSD issue discussed in the earlier section will arise here. You can never really be 100% sure your SSD data is deleted when you ask it to do so unless you wipe the whole drive using specific methods above. - -We are not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. Without doing that, you will have to trust the SSD Trim operation **which in my opinion is enough**. **It is reasonable and again very unlikely that forensics will be able to restore your files after a Deletion with Trim.** - -In addition, most of these measures here should not be needed since your whole drive should be encrypted and therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these are just "bonus measures" for weak/unskilled adversaries. - -Consider also reading this documentation if you're going with Whonix [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) as well as their general hardening tutorial for all platforms here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) - -### Removing Metadata from Files/Documents/Pictures: - -#### Pictures and videos: - -On Windows, macOS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties. - -**ExifTool is natively available on Tails and Whonix Workstation.** - -##### ExifCleaner: - -Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. - -##### ExifTool: - -It is actually simple, just install exiftool and run: - -- To display metadata: ```exiftool filename.jpg``` - -- To remove all metadata: ```exiftool -All= filename.jpg``` - -**Remember that ExifTool is natively available on Tails and Whonix Workstation.** - -##### Windows Native tool: - -Here is a tutorial to remove metadata from a Picture using OS provided tools: [[Archive.org]](https://web.archive.org/web/https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos) - -##### Cloaking/Obfuscating to prevent picture recognition: - -Consider the use of Fawkes [[Archive.org]](https://web.archive.org/web/https://sandlab.cs.uchicago.edu/fawkes/) ( [[Archive.org]](https://web.archive.org/web/https://github.com/Shawn-Shan/fawkes)) to cloak the images from picture recognition tech on various platforms. - -Or if you want online versions, consider: - -- [[Archive.org]](https://web.archive.org/web/https://lowkey.umiacs.umd.edu/) - -- [[Archive.org]](https://web.archive.org/web/https://adversarial.io/) - -#### PDF Documents: - -##### PDFParanoia (Linux/Windows/macOS/QubesOS): - -Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/kanzure/pdfparanoia) which will remove metadata and watermarks on any PDF. - -##### ExifCleaner (Linux/Windows/macOS/QubesOS): - -Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. - -##### ExifTool (Linux/Windows/macOS/QubesOS): - -It is actually simple, just install exiftool and run: - -- To display metadata: ```exiftool filename.pdf``` - -- To remove all metadata: ```exiftool -All= filename.pdf``` - -#### MS Office Documents: - -First, here is a tutorial to remove metadata from Office documents: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f). Make sure however that you do use the latest version of Office with the latest security updates. - -Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties - -##### ExifCleaner: - -Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. - -##### ExifTool: - -It is actually simple, just install exiftool and run: - -- To display metadata: ```exiftool filename.docx``` - -- To remove all metadata: ```exiftool -All= filename.docx``` - -#### LibreOffice Documents: - -- select Files in the upper menu - - - Select Properties - - - Uncheck "Apply User Data" - - - Uncheck "Save Preview image with the Document" - - - Click "Reset Properties" - - - Make sure there is nothing on the Description and Custom Properties tabs - -- Select Tools in the upper menu - - - Select Options - - - Select Security - - - Click "Security Options and Warning" - - - Check: - - - "When printing" - - - "When saving or sending" - - - "When creating PDF files" - - - "Remove personal information on saving" - -In addition, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing additional properties - -##### ExifCleaner: - -Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. - -##### ExifTool: - -It is actually simple, jut install exiftool and run: - -- To display metadata: ```exiftool filename.odt``` - -- To remove all metadata: ```exiftool -All= filename.odt``` - -#### All-in-one Tool: - -Another option good tool to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]](https://web.archive.org/web/https://0xacab.org/jvoisin/mat2)) which you can use on Linux quite easily. I never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. - -So, we would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then use from your other VMs to analyze various files from a convenient web interface. For this see [Appendix L: Creating a mat2-web guest VM for removing metadata from files] - -![image47](media/image47.png) - -Mat2 is also pre-installed on the Whonix Workstation VM[^446] and available on Tails by default[^447]. - -### Tails: - -Tails is great for this; you have nothing to worry about even if you use an SSD drive. Shut it down and it is all gone as soon as the memory decays. - -### Whonix: - -Note that it's possible to run Whonix in Live mode leaving no traces when you shut down the VMs, consider reading their documentation here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Live_Mode) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning). - -### macOS: - -#### Guest OS: - -Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a Trim command on your Mac using Disk Utility by executing a first-aid on the Host OS again as explained at the end of the next section. - -#### Host OS: - -Most of the info from this section can also be found at this nice guide [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - -##### Quarantine Database (used by Gatekeeper and XProtect): - -macOS (up to and including Big Sur) keeps a Quarantine SQL Database of all the files you ever downloaded from a Browser. This database is located at ```~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2```. - -You can query it yourself by running the following command from terminal: ``` sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 "select * from LSQuarantineEvent" ``` - -This is a goldmine for forensics, and you should disable this: - -- Run the following command to clear the database completely: ```:>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2``` - -- Run the following command to lock the file and prevent further download history from being written there: ```sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2``` - -Lastly, you can also disable Gatekeeper altogether by issuing the following command in the terminal[^448]: - -- ```sudo spctl --master-disable``` - -Refer to this section of this guide for further information [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - -In addition to this convenient database, each saved file will also carry detailed file system HFS+/APFS attributes showing for instance when it was downloaded, with what, and from where. - -You can view these just by opening a terminal and typing ```mdls filename``` and ```xattr -l filename``` on any downloaded file from any browser. - -To remove such attributes, you will have to do it manually from the terminal: - -- Run ```xattr -d com.apple.metadata:kMDItemWhereFroms filename``` to remove the origin - - - You can also just use -dr to do it recursively on a whole folder/disk - -- Run ```xattr -d com.apple.quarantine filename``` to remove the quarantine reference - - - You can also just use -dr to do it recursively on a whole folder/disk - -- Verify by running ```xattr --l filename``` and there should be no output - -(Note that Apple has removed the convenient xattr --c option that would just remove all attributes at once so you will have to do this for each attribute on each file) - -**These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy (right?), and we are not aware of any convenient tool that will deal with those at the moment.** - -Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are set by the browsers. So, we tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the results as of the date of this guide: - -| **Browser** | **Quarantine DB Entry** | **Quarantine File Attribute** | **Origin File Attribute** | -|------------------------------|------------------------------|-------------------------------|---------------------------| -| **Safari (Normal)** | **Yes** | **Yes** | **Yes** | -| **Safari (Private Window)** | **No** | **No** | **No** | -| **Firefox (Normal)** | **Yes** | **Yes** | **Yes** | -| **Firefox (Private Window)** | **No** | **No** | **No** | -| **Chrome (Normal)** | **Yes** | **Yes** | **Yes** | -| **Chrome (Private Window)** | **Partial (timestamp only)** | **No** | **No** | -| **Brave (Normal)** | **Partial (timestamp only)** | **No** | **No** | -| **Brave (Private Window)** | **Partial (timestamp only)** | **No** | **No** | -| **Brave (Tor Window)** | **Partial (timestamp only)** | **No** | **No** | -| **Tor Browser** | **No** | **No** | **No** | - -As you can see for yourself the easiest mitigation is to just use Private Windows. These do not write those origin/quarantine attributes and do not store the entries in the QuarantineEventsV2 database. - -Clearing the QuarantineEventsV2 is easy as explained above. Removing the attributes takes some work. **Brave is the only tested browser that will not store those attributes by default in normal operations.** - -##### Various Artifacts: - -In addition, macOS keeps various logs of mounted devices, connected devices, known networks, analytics, documents revisions... - -See this section of this guide for guidance on where to find and how to delete such artifacts: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - -Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]](https://web.archive.org/web/https://www.titanium-software.fr/en/onyx.html). Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. - -##### Force a Trim operation after cleaning: - -- If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes data. - -- If your file system is HFS+ (or any other than APFS), you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)). - -![image46](media/image46.png) - -### Linux (Qubes OS): - -Please consider their guidelines [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md) - -If you are using Whonix on Qubes OS, please consider following some of their guides: - -- Whonix System Hardening guide [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) - -- Enabling App Armor on Qubes [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) - -- Also, consider the use of Linux Kernel Guard [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) - -### Linux (non-Qubes): - -#### Guest OS: - -Revert to an earlier snapshot of the Guest VM on Virtualbox (or any other VM software you are using) and perform a trim command on your laptop using ```fstrim --all```. This utility is part of the ```util-linux``` package on Debian/Ubuntu and should be installed by default on Fedora. Then switch to the next section. - -#### Host OS: - -Normally you should not have traces to clean within the Host OS since you are doing everything from a VM if you follow this guide. - -Nevertheless, you might want to clean some logs. Consider having a look this convenient (but unfortunately unmaintained) tool: [[Archive.org]](https://web.archive.org/web/https://github.com/sundowndev/covermyass) - -After cleaning up, make sure you have the fstrim utility installed (should be by default on Fedora) and part of the ```util-linux``` package on Debian/Ubuntu. Then just run ```fstrim --all``` on the Host OS. This should be sufficient on SSD drives as explained earlier. - -Consider the use of Linux Kernel Guard as an added measure [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) - -### Windows: - -#### Guest OS: - -Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a trim command on your Windows using the Optimize as explained at the end of the next section - -#### Host OS: - -Now that you had a bunch of activities with your VMs or Host OS, you should take a moment to cover your tracks. **Most of these steps should not be undertaken on the Decoy OS in case of the use of plausible deniability. This is because you want to keep decoy/plausible traces of sensible but not secret activities available for your adversary. If everything is clean, then you might raise suspicion.** - -##### Diagnostic Data and Telemetry: - -First, let us get rid of any diagnostic data that could still be there: - -- After each use of your Windows devices, go into Settings, Privacy, Diagnostic & Feedback, and Click Delete. - -Then let us re-randomize the MAC addresses of your Virtual Machines and the Bluetooth Address of your Host OS. - -- After each shutdown of your Windows VM, change its MAC address for next time by going into Virtualbox > Select the VM > Settings > Network > Advanced > Refresh the MAC address. - -- After each use of your Host OS Windows (your VM should not have Bluetooth at all), Go into the Device Manager, Select Bluetooth, Disable the Device and Re-Enable the device (this will force a randomization of the Bluetooth Address). - -##### Event logs: - -Windows Event logs will keep many various pieces of information that could contain traces of your activities such as the devices that were mounted (including Veracrypt NTFS volumes for instance[^333]), your network connections, app crash information, and various errors. It is always best to clean those up regularly. Do not do this on the Decoy OS. - -- Start, search for Event Viewer, and launch Event Viewer: - - - Go into Windows logs. - - - Select and clear all five logs using a right-click. - -##### Veracrypt History: - -By default, Veracrypt saves a history of recently mounted volumes and files. You should make sure Veracrypt never saves History. Again, do not do this on the Decoy OS if you are using plausible deniability for the OS. We need to keep the history of mounting the decoy Volume as part of the plausible deniability: - -- Launch Veracrypt - -- Make sure the "Never saves history" checkbox is checked (this should not be checked on the Decoy OS) - -Now you should clean the history within any app that you used including Browser history, Cookies, Saved Passwords, Sessions, and Form History. - -##### Browser History: - -- Brave (in case you did not enable cleaning on exit) - - - Go into Settings - - - Go into Shields - - - Go into Clear Browsing Data - - - Select Advanced - - - Select "All Time" - - - Check all the options - - - Clear Data - -- Tor Browser - - - Just close the Browser and everything is cleaned - -##### Wi-Fi History: - -Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you "forgot" those in the Wi-Fi settings. As far as we know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way: - -- Launch Regedit using this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11) - -- Within Regedit, enter this to the address bar: ```Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles``` - -- There you will see a bunch of folders to the right. Each of those folders is a "Key". Each of those keys will contain information about your current known Wi-Fi or past networks you used. You can explore them one by one and see the description on the right side. - -- Delete all those keys. - -##### Shellbags: - -As explained earlier, Shellbags are basically histories of accessed volumes/files on your computer. Remember that shellbags are exceptionally useful sources of information for forensics[^325] and you need to clean those. Especially if you mounted any "hidden volume" anywhere. Again, you should not do this on the Decoy OS: - -- Download Shellbag Analyzer & Cleaner from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php) - - - Launch it - - - Analyze - - - Click Clean and select: - - - Deleted Folders - - - Folders on Network / External devices - - - Search Results - - - Select advanced - - - Check all except the two backup options (do not backup) - - - Select SSD cleanup (if you have an SSD) - - - Select one pass (All zero) - - - Clean - -##### Extra Tools Cleaning: - -After cleaning those earlier traces, you should also use third-party utilities that can be used to clean various traces. These include the traces of the files/folders you deleted. - -Please refer to [Appendix H: Windows Cleaning Tools] before continuing. - -###### PrivaZer: - -Here are the steps for PrivaZer: - -- Download and install PrivaZer from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download.php) - - - Run PrivaZer after install - - - Do not use their Wizard - - - Select Advanced User - - - Select Scan in Depth and pick your Target - - - Select Everything you want to Scan and push Scan - - - Select What you want to be cleaned (skip the shell bag part since you used the other utility for that) - - - **You should just skip the free space cleaning part if using an SSD and instead just use the native Windows Optimize function (see below) which should be more than enough. We would only use this on an HDD drive.** - - - (If you did select Free Space cleaning) Select Clean Options and make sure your type of Storage is well detected (HDD vs SSD). - - - (If you did select Free Space cleaning) Within Clean Options **(Be careful with this option as it will erase all the free space on the selected partition, especially if you are running the decoy OS. Do not erase the free space or anything else on the second partition as you risk destroying your Hidden OS)** - - - If you have an SSD drive: - - - Secure Overwriting Tab: We would just pick Normal Deletion + Trim (Trim itself should be enough[^342]). Secure Deletion with Trim[^339] (1 pass) might be redundant and overkill here if you intend to overwrite the free space anyway. - - - Free Space Tab: Personally, and again "just to be sure", we would select Normal Cleanup which will fill the entire free space with Data. We do not really trust Smart Cleanup as it does not actually fill all the free space of the SSD with Data. But again, this is probably not needed and overkill in most cases. - - - If you have an HDD drive: - - - Secure Overwriting Tab: We would just pick Secure Deletion (1 pass). - - - Free Space: We would just pick Smart Cleanup as there is no reason to overwrite sectors without data on an HDD drive. - - - Select Clean and Pick your flavor: - - - Turbo Cleanup will only do normal deletion (on HDD/SSD) and will not clean free space. It is not secure on an HDD nor an SSD. - - - Quick Cleanup will do secure deletion (on HDD) and normal deletion + trim (on SSD) but will not clean free space. This is secure enough for SSD but not for HDD. - - - Normal Cleanup will do secure deletion (on HDD) and normal deletion + trim (on SSD) and will then clean the whole free space (Smart Cleanup on HDD and Full Cleanup on SSD) and should be secure. This option is the best for HDD but completely overkill for SSD. - - - Click Clean and wait for cleaning to finish. Could take a while and will fill your whole free space with data. - -###### BleachBit: - -Here are the steps for BleachBit: - -- Get and install the latest version from BleachBit here [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download) - -- Run BleachBit - -- Clean at least everything within those sections: - - - Deep Scan - - - Windows Defender - - - Windows Explorer (including Shellbags) - - - System - - - Select any other traces you want to remove from their list - - - Again, as with the earlier utility, we would not clean the free space on an SSD drive because we think the Windows native "optimize" utility is enough (see below) and that filling up the free space on a trim enabled SSD is just completely overkill and unnecessary. - - - Click Clean and wait. This will take a while and will fill your whole free space with data on both HDD and SSD drives. - -##### Force a Trim with Windows Optimize (for SSD drives): - -With this Native Windows 10/11 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them. - -Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation ( [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/20220804150134/https://en.wikipedia.org/wiki/Trim_(computing))). - -![image45](media/image45.png) - -## Removing some traces of your identities on search engines and various platforms: - -Chances are your actions (such as posts on various platforms, your profiles) will be indexed (and cached) by many search engines. - -Contrary to widespread belief, it is possible to have some but not all this information removed by following some steps. While this might not remove the information on the websites themselves, it will make it harder for people to find it using search engines: - -- First, you will have to delete your identities from the platform themselves if you can. Most will allow this but not all. For some, you might have to contact their support/moderators and for others, there will be readily available forms to do so. - -- If they do not allow the removal/deletion of profiles, there might be a possibility for you to rename your identity. Change the username if you can and all account information with bogus information including the e-mail. - -- If allowed, you can also sometimes edit past posts to remove the information within those. - -You can check some useful information about how to and get delete various accounts on these websites: - -- [[Archive.org]](https://web.archive.org/web/https://justdeleteme.xyz/) - -- [[Archive.org]](https://web.archive.org/web/https://justgetmydata.com/) - -When you are done with this part, you should now handle search engines and while you may not be able to have the information deleted, you can ask them to update/remove outdated information which could then remove some cached information. - -### Google: - -**Unfortunately, this will require you to have a Google account to request the update/removal (however this can be done with any Google account from anyone). There is no way around this except waiting.** - -Go to their "Remove outdated content from Google Search" page here: [[Archive.org]](https://web.archive.org/web/https://search.google.com/search-console/remove-outdated-content) and submit a request accordingly. - -If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. - -These requests might take several days to process. Be patient. - -### Bing: - -**Unfortunately, this will require you to have a Microsoft account to request the update/removal (however this can be done with any Microsoft account from any identity). There is no way around this except waiting.** - -Go to their "Content Removal" page here: [[Archive.org]](https://web.archive.org/web/https://www.bing.com/webmasters/tools/contentremoval) and submit a request accordingly. - -If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. - -This might take several days to process. Be patient. - -### DuckDuckGo: - -DuckDuckGo does not store a cached version of pages[^449] and will instead forward you to a Google/Bing cached version if available. - -In addition, DuckDuckGo source most of their searches from Bing (and not Google)[^450] and therefore removing the content from Bing should in time have it removed it from DuckDuckGo too. - -### Yandex: - -**Unfortunately, this will require you to have a Yandex account to request removals (however this can be done with any Yandex account from any identity). There is no way around this except waiting.** - -Once have your Yandex account, head to the Yandex Webmaster tools [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/) and then select Tools and Delete URL [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/tools/del-url/) - -There you could input the URL that does not exist anymore if you had them deleted. - -This will only work with pages that have been deleted and therefore will not work with removing the cache of existing records. For that unfortunately there is no tool available to force a cache update, but you can still try their feedback tool: - -Search for the page that was changed (where your profile was deleted/changed) and click the arrow next to the result. Select Complain. And submit a complaint about the page not matching the search result. Hopefully, this will force Yandex to re-crawl the page and re-index it after some time. This could take days or weeks. - -### Qwant: - -As far as we know, there is no readily available tool to force this, and you will have to wait for the results to get updated if there is any. If you know a way, please report this to us through the GitHub issues. - -### Yahoo Search: - -Yes, Yahoo Search still exists but as per their help page [[Archive.org]](https://web.archive.org/web/https://help.yahoo.com/kb/SLN4530.html), there is no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks. - -### Baidu: - -As far asWeknow, there is no readily available tool to force this unless you control the website (and do it through their webmaster tools). Therefore, you will have to wait for the results to get updated if there is any. If you know a way, please report this to me through the GitHub issues. - -### Wikipedia: - -As far asWeknow, there is no way to remove information from Wikipedia articles themselves but if you just want to remove traces of your username from it (as a user that contributed), you can do so by following these steps: [[Wikiless]](https://wikiless.org/wiki/Wikipedia:Courtesy_vanishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing) - -This will not remove any information about your online identities that could appear in other articles but only your own identity on Wikipedia as a user. - -### Archive.today: - -Some information can sometimes be removed on demand (sensitive information for example) as you can see many examples here: - -This is done through their "ask" page here: - -### Internet Archive: - -You can remove pages from internet archives but **only if you own the website in question** and contact them about it. Most likely you will not be able to remove archives from say "Reddit posts" or anything alike. But you could still ask and see what they answer. - -As per their help page - -"How can we exclude or remove my site's pages from the Wayback Machine? - -You can send an e-mail request for us to review to info@archive.org with the URL (web address) in the text of your message". - -### Others: - -Have a look at those websites: - -- - -- [[Archive.org]](https://web.archive.org/web/https://inteltechniques.com/workbook.html) - -# Some low-tech old-school tricks: - -## Hidden communications in plain sight: - -You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure operating systems ...) can make you suspicious just by using them. Using could be the equivalent of stating openly "I something to hide" to an observer which could then motivate some adversaries to investigate/survey you further. - -So, there are other ways you could exchange or send messages online to others in case of need without disclosing your identity or establishing direct communication with them. These have been in use by various organizations for decades and can be of help if you do not want to attract attention by using secure tech while still communicating some sensitive information without attracting attention. - -A commonly used technique that combines the idea of a Dead Drop[^451] and Secure Communication Obfuscation[^452] through Steganography[^453] and/or Kleptography[^454] and has many names such as Koalang[^455] or "Talking Around" or even "Social Steganography". This technique is very old and still widely used nowadays by teenagers to bypass parental control. It is hiding in plain sight. - -Here is one example if you want to let someone know something is wrong and they should go dark? That they should immediately wipe all their data, get rid of their burner phones and sensitive information? - -What if you want to let someone you trust (friends, family, lawyers, journalists ...) know that you are in trouble, and they should look out for you? - -All this without revealing the identity of the person you are sending the message to nor disclosing the content of that message to any third party and without raising suspicions and without using any of the secure methods mentioned above. - -Well, you could just use any online public platform for this (Instagram, Twitter, Reddit, any forum, YouTube ...) by using in-context (of the chosen platform/media) agreed upon (between you and your contact) coded messages that only your contact would understand. - -This could be a set of specific emojis or a specifically worded mundane comment. Or even just a like on a specific post from a known influencer you usually watch and like. While this would look completely normal to anyone, this could mean a lot to a knowledgeable reader who could then take appropriate agreed-upon actions. You could also hide the message using Steganography using for instance . - -You do not even have to go that far. A simple "Last seen" time on a specific account could be enough to trigger a message agreed upon. If your interlocutor sees that this account was online. It could mean there is an issue. - -## How to spot if someone has been searching your stuff: - -There are some old tricks that you can use to spot if people have been messing with your stuff while you were away. - -One trick for instance is quite simple and just requires a wire/cable. Simply lay objects on your desk/night table or in your drawers following a straight line. You can use a simple USB cable as a tool to align them. - -Make a line with your cable and place objects along the line. When you are back, just check those places and check if the objects are still placed along the line. This allows you not to remember precisely where your things were without taking pictures. - -Fortunately, modern technology has made this even simpler. If you suspect someone might be looking through your stuff while you are away, you can just take a picture of the area with your phone before leaving. When you are back, just compare the areas with your pictures and everything should be exactly where you left it. If anything moved, then someone was there. - -It will be extremely hard and time-consuming for an adversary to search through your stuff and then replace it exactly as you left it with complete precision. - -What if it is a printed document or book and you want to know if someone read it? Even simpler. Just carefully make a note within the document with a pencil. And then erase it with any pencil eraser as if you wanted to correct it. The trick is to carefully leave the eraser traces/residues on the area you erased/pencil written areas and close the document. You could also take a picture of the residues before closing the document. - -Most likely if someone went through your document to read it and re-placed it carefully, this residue will fall off or be moved significantly. It is a simple old-school trick that could tell you someone searched a document you had. - -# Some last OPSEC thoughts: - -Wait, what is OPSEC? Well, OPSEC means Operations Security[^456]. The basic definition is: "OPSEC is the process of protecting individual pieces of data that could be grouped together to give the bigger picture." - -The important step here, and probably the easiest one, is a lesson you can take from the movie Fight Club: the first rule is that you **do not** talk about Fight Club. This applies to many aspects of your online operational security or OPSEC. Taking your time to go through this guide will reward you with the tools and knowledge to embrace a fuller, more secure experience on the internet. Rest assured that this guide will reveal things to you that will frustrate your enemy. You will learn how to protect your operating systems and lockdown your critical information and ensure mission success. But the one thing you must adhere to is this rule of thumb - do not talk about operation details. The biggest adversarial threat to you is OSINT (discussed below and throughout the document). The enemy will gather information on you based on what they observe about you and your activities online and in real life. - -Adversaries take many forms. To some, they are actors of a foreign government, while to others they may be simply a rival company's employee looking to find disgruntled workers to target for further pressuring. To most, the general task of OPSEC is that this is your ship - you must not do anything or say anything to sink your own ship. Simply expressing your frustration with your boss or your work conditions or your equipment, might be enough to generate not only a behavior profile but also a vector of attack. A disgruntled employee, in this example, is what generally provides enough information to warrant pressuring of that employee for further information and possibly even extortion, blackmail, or worse. Failure to implement basic OPSEC can lead to failure at various points. It can lead to serious injury or even death if your threat model is a determined attacker, foreign actor, and so on. - -You must live by the simple rule that "loose lips sink ships" - but also that they are usually your lips which will do the sinking. OPSEC is often just applying common sense and being cautious about your activities including in the physical world: - -## Digital and Online OPSEC - -- **Remember to use passphrases or suits of words instead of short passwords and use a different one for each service. See [Appendix A2: Guidelines for passwords and passphrases].** - -- Make sure you are not keeping a copy of this guide anywhere unsafe after. The sole presence of this guide will most likely defeat all your plausible deniability possibilities. - -- OSINT "yourself" and your identities from time to time by looking for them yourself online using various search engines to monitor your online identities. You can even automate the process somewhat using various tools such as Google Alerts [[Archive.org]](https://web.archive.org/web/https://www.google.com/alerts). - -- Do not ever use biometrics alone to safeguard your secrets. Biometrics can be used without your consent. - -- Do check the signatures and hashes of software and documents you download before installing/viewing them. - -- Do not have the same behavior such as visiting the same links on the clearnet then visit the same with the your anoynous online identity. Watch this DEF CON 25 presentation if you didn't before: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo). - -- Encrypt everything but do not take it for granted. Remember the 5$ wrench. - -## Physical and IRL OPSEC - -- Remember the ["Physically Tamper protect your laptop"][Physically Tamper protect your laptop:] section. - -- See ["Appendix B4: Important notes about evil-maid and tampering"][Appendix B4: Important notes about evil-maid and tampering] - -- Remember the [How to spot if someone has been searching your stuff][How to spot if someone has been searching your stuff:] section. - - -- Consider the use of Haven [[Archive.org]](https://web.archive.org/web/https://guardianproject.github.io/haven/) on some old android phone to keep watch on your home/room while you are away. - -- Remember [Appendix N: Warning about smartphones and smart devices]. Do not forget your smart devices can compromise your anonymity. - -- Do not ever travel with those devices if you must pass strong border checks and where they could be illegal or raise suspicion. - -- Do not plug any equipment in that laptop unless you trust it. Use a USB data blocker for charging. - -- Remember the first rule of fight club and do not talk to anyone about your sensitive activities using your real identity. - -- Keep a normal life and do not be weird. If you spend all your online time using Tor to access the internet and have no social network accounts at all ... You are already suspicious and attracting unnecessary attention. - -- Keep plausible deniability as an option but remember it will not help against the 5$ wrench either. - -- Never ever leave your laptop unattended/on/unlocked anywhere when conducting sensitive activities. Remember the story of Ross Ulbricht and his arrest [[Wikiless]](https://wikiless.org/wiki/Ross_Ulbricht) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Ross_Ulbricht). - -- Check for tampering regularly (not only your devices but also your home/room). - -- If you can, do not talk to the police/authorities (at least if you are in the US) [[Invidious]](https://yewtu.be/watch?v=d-7o9xYp7eE) without a lawyer. Remain silent. - -- Know and always have at your disposal the details of a lawyer that could help you as a last resort in case things go wrong. - -- Keep your situation awareness high but not too high as to appear suspicious. - -- Consider using a physical security key (e.g., YubiCo YubiKey) for various protections against account compromise. **(Not covered in this version of the guide but is a work in progress for later versions.)** - -- Read the tips here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) - -- **Have common sense, do not be dumb, look and learn from others' mistakes, watch/read these:** - - - Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep Making [[Scribe.rip]](https://scribe.rip/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) [[Archive.org]](https://web.archive.org/web/https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) - - - 2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still Matters [[Invidious]](https://yewtu.be/watch?v=IqZZU9lFlF4) - - - 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack [[Invidious]](https://yewtu.be/watch?v=zXmZnU2GdVk) - - - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]](https://yewtu.be/watch?v=eQ2OZKitRwc) ([Slides](https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf) [[Archive.org]](https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf)) - - - 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev [[Invidious]](https://yewtu.be/watch?v=6Chp12sEnWk) - - - 2017, [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) - - - 2015, DEF CON 22, Zoz, Don't Fuck It Up! [[Invidious]](https://yewtu.be/watch?v=J1q4Ir2J8P8) - - - 2020, Bad Opsec, How Tor Users Got Caught, [[Invidious]](https://yewtu.be/watch?v=GR_U0G-QGA0) - - - 2022, Master of OpSec Masters: A View Through the Prism of Time, [[Archive.org]](https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q) - - 2022, How can you become a one-man-army OSINT specialist? [[Archive.org]](https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) - - -It is recommended that you learn about the common ways people mess up OPSEC [[Archive.org]](https://web.archive.org/web/20220717064253/https://dan-kir.github.io/2022/05/26/OPSEC-notes.html). Whatever you do, take OPSEC seriously, and [Don't Fuck It Up!](https://www.youtube.com/watch?v=J1q4Ir2J8P8) - -**FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER THAN TECHNICAL FAILURES.** - -# What to do if you detected tampering or searching ? - -- In the case of a laptop, they likely placed a key-logger, and possible network and gps capabilities. We recommend to open your laptop take the drive (which should be fully encrypted) and leave for a safe place and abandonning the laptop. Do not try to remove the "bug" as this could put you in physical danger. - -- If you detected searching of your room, home... Again we recommend leaving for a safe place while abandoning everything in the room that could also be "bugged". - -- Do your best to not let your adversary suspect or know you detected the search and/or the tampering. Be creative. Call a friend for example just to tell you're gonna go to the supermarket to buy food. - -# **If you think you got burned:** - -## If you have some time: - -- Don't Panic. - -- Delete everything you can from the internet related to that specific identity (accounts, comments ...). - -- Delete everything offline you have related to that identity including the backups. - -- (If using a physical SIM) Destroy the SIM card and trash it in a random trash can somewhere. - -- (If using a physical Burner Phone) Erase then destroy the Burner phone and trash it in a random trashcan somewhere. - -- Securely erase the laptop hard drive and then ideally proceed to physically destroy the HDD/SSD/Laptop and trash it somewhere. - -- Do the same with your backups. - -- Keep the details of your lawyer nearby or if needed, call them in advance to prepare your case if needed. - -- Return to your normal activities and hope for the best. - -## If you have no time: - -- Don't Panic. - -- Try to shut down/hibernate the laptop as soon as possible and hope for the best. If you are fast enough, your memory should decay or be cleaned, and your data should be mostly safe for the time being. - -- Contact a lawyer if possible and hope for the best and if you cannot contact one (yet), **try to remain silent (if your country allows it) until you have a lawyer to help you and if your law allows you to remain silent.** - -Keep in mind that many countries have specific laws to compel you to reveal your passwords that could override your "right to remain silent". See this Wikipedia article: [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) and this other visual resource with law references [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/). - -# A small final editorial note: - -After reading this whole guide, we hope you will have gained some additional beneficial insight about privacy and anonymity. It is clear now, in my humble opinion, that the world we live in has only a few safe harbors remaining where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references should, we hope, reveal to you how far down we are in the rabbit hole. - -You should also know that most of the digital information described in length in this guide can be forged or tampered with by a motivated adversary for any purpose. Even if you do manage to keep secrets from prying eyes, anyone can fabricate anything to fit their narrative: - -- IP logs, DNS logs, Geolocation logs, and Connection logs can be forged or tampered with by anyone using a simple text editor without leaving traces. - -- Files and their properties can be created, altered, and timestamped by anyone using simple utilities without leaving traces. - -- EXIF information of pictures and videos can be altered by anyone using simple utilities without leaving traces. - -- Digital Evidence (Pictures, Videos, Voice Recordings, E-Mails, Documents...) be crafted, placed, removed, or destroyed with ease without leaving traces. - -You should not hesitate to question this type of information from any source in this age of disinformation. - -**"A lie can travel halfway around the world while the truth is putting on its shoes"**[^457] - -Please keep thinking for yourself, use critical thinking, and keep an open mind. "Sapere Aude" (Dare to know!). - -**"In the end the Party would announce that two and two made five, and you would have to believe it" -- George Orwell, 1984, Book One, Chapter Seven.** - -Consider helping others (see [Helping others staying anonymous][Helping others staying anonymous:]) - -# Donations: - -**This project has no funding or sponsoring, and donations are more than welcome.** - -See: - -**(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of the repository if you do not know how to do that)**. - -# Helping others staying anonymous: - -If you want to give a hand to users facing censorship and oppression, please consider helping them by helping the Tor Network. You can do so in several ways: - -- The Easiest: - - - Using the Snowflake addon on your browser ( [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/)) - -- Slightly more work: - - - Running a Tor relay node ( [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/)) - - - See [Recommended VPS hosting providers] - - - Additional Tutorial: [[Archive.org]](https://web.archive.org/web/https://torrelay.ca/) - -If you want a bit more challenge, you can also run a Tor Exit node anonymously using the recommended VPS providers above. - -For this, see [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/tips-running-exit-node) - -This project for instance is running several Tor Exit nodes using donations to fund. You can see them here: - -# Acknowledgments: - -- **Very Special Thanks to Edward Snowden and who inspired me to write this guide (buy and read his book please ** [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography))**)** - -- **Huge thanks to the people who donated to this project anonymously** - -- **Special Thanks to LiJu09 for helping with the Light theme of the website (****)** - -- **Special Thanks to Simplelogin.io people for providing a free lifetime premium access to their service** - -- Thanks to GitHub for hosting this project and the many people who starred it - -- Thanks to Njal.la for providing a domain name and VPS hosting anonymously - -- Thanks to 1984.is for providing VPS hosting anonymously - -- Thanks to all the people who contributed and shared this guide with others - -- Thanks to the people at the Internet Archive and Archive.today projects - -- Thanks to the people at the Monero project - -- Thanks to the people at the Zcash project - -- Thanks to the people at the Wikipedia project - -- Thanks to the people at the Tails project - -- Thanks to the people at the HiddenVM project - -- Thanks to the people at the Whonix project - -- Thanks to the people at the Qubes OS project - -- Thanks to the people at the Veracrypt project - -- Thanks to the people at the Tor and OONI Projects - -- Thanks to the people at the Briar project - -- Thanks to the people at the OnionShare project - -- Thanks to the people at the Element/Matrix project - -- Thanks to the people at the Jami project - -- Thanks to the people at the KeePass and KeePassXC projects - -- Thanks to the people at the Fawkes project - -- Thanks to the people at the VirtualBox project - -- Thanks to the people at the ExifCleaner, Mat2, and ExifTool projects - -- Thanks to the people at the Go Incognito Project from Techlore - -- Thanks to Didier Stevens for his pdf-tools - -- Thanks to the people at the EFF - -- Thanks to the people at the SANS - -- Thanks to the people at the OWASP Project - -- Thanks to the people at the Privacyguides.org project - -- Thanks to the people at BlackHat, DEF CON, and CCC - -- Thanks to the people at Bellingcat and other OSINT/Forensics researchers **(and sorry for making their life more difficult with this guide)** - -- Thanks to the makers of the Social Dilemma documentary **(go watch it if you did not yet)** - -- Thanks to Michael Bazzell and his great OSINT books which we recommend you **buy** at - -- Thanks to Randall Munroe at XKCD for his great and insightful webcomics. - -- Thanks to the people at the various few commercial entities who do take privacy seriously - -- Thanks to the whole open-source community and especially the Linux community - -- Thanks to the many researchers, journalists, lawyers, and individuals referenced in this guide for their various research and projects - -- Thanks to the following individuals for their input and help: - - - NobodySpecial, - - - Mahanihaka - -# Appendix A: Windows Installation - -This is the Windows 10/11 installation process that should be valid for any Windows 10/11 install within this guide. - -### Windows 10 (See below for Windows 11) - -## Installation: - -DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). - -- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. - -- Click "Install Now" - -- Select "I don't have a product key" - -- Select the flavor you want: - - - Host OS: Use - - - You intend to use Plausible Deniability: Windows Home - - - You do not intend to use Plausible Deniability: Windows Pro - - - VM OS: Use Windows Pro or Windows Pro N - -- Select Custom - -- Storage: - - - If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, **select the whole disk** and proceed with the installation (skip the next step). - - - If this is part of a plausible deniability encryption set up on the Host OS: - - - If you are installing Windows for the first time (Hidden OS): - - - Delete the current partitions - - - Create the First partition with at least 50GB of disk space (about a third of the total disk space). - - - Create a second partition with the remaining two-thirds of the total disk space. - - - If you are installing Windows for the second time (Decoy OS): - - - Do not Delete the current partitions - - - Install Windows on the first partition you created during the first install. - - - Proceed with the install in the first partition - -- Start the install process - -- Select the Region "United States" - -- Skip the additional Keyboard Layout - -- Select "I don't have internet" - -- Select "Continue with limited setup" - -- Create a username of your choice. - -- Use a password of your choice. - -- Select all three security questions and answer whatever you want (not real data). - -- Do not use Online Speech Recognition - -- Do not let the app use your location - -- Do not enable "find my device" - -- Only send "required diagnostic data" - -- Do not improve Inking and Typing - -- Do not get any improved tailored experience. - -- Do not let apps use Advertising ID - -- Select "Now" at the Cortana prompt - -## Privacy Settings: - -- When the install is finished, get into Settings > Go on the top left menu icon and sekect Privacy and Security - - - When the install is finished, get into Settings > Privacy and do the following: - - - General: All Off - - - Speech: Off - - - Inking and Typing: Off - - - Diagnostic: Required level at off, options on OFF, **Delete your data**, frequency set to Never - - - Activity History: all Off and Clear the history - - - Location, all Off (change button) and clear it - - - Camera: Disable it (change button) - - - Microphone: Disable it (change button) - - - Voice Activation: All Off - - - Notification: Disable it (change button) - - - Account info: Disable it (change button) - - - Contact info: Disable it (change button) - - - Calendar access: Disable it (change button) - - - Phone calls: Disable it (change button) - - - Call History: Disable it (change button) - - - E-mail: Disable it (change button) - - - Tasks: Disable it (change button) - - - Messaging: Disable it (change button) - - - Radios: Disable it (change button) - - - Other devices: Set to Off - - - Background Apps: Disable it (change button) - - - App Diagnostics: Disable it (change button) - - - Automatic file download disabled - - - Documents: Disable it (change button) - - - Pictures: Disable it (change button) - - - Videos: Disable it (change button) and set to off - - - File system: Disable it (change button) - - - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. - - - Modify the list and remove all locations. - - - Go into Advanced and click Rebuild. - - - (Host OS only) Disable Bluetooth in the settings: - - - Go into Settings - - - Go into Devices - - - Select Bluetooth and turn it off - -- (Host OS Only) Tape the Webcam and Microphone anyway for extra paranoia. - -- (Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. - -### Windows 11 - -## Installation: - -DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). - -- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. For this task, you can also follow this excellent tutorial by Oracle [[Archive.org]](https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox) - -- Select your language, currency and keyboard layout - -- Click "Install Now" - -- (Only for VirtualBox VM Install) Push Shift and F10 at the same time - -- (Only for VirtualBox VM Install) Launch "regedit" in the command prompt - -- (Only for VirtualBox VM Install) When the Registry Editor opens, navigate to ```HKEY_LOCAL_MACHINE\SYSTEM\Setup```, right-click on the "Setup" key and select "New => Key". When prompted to name the key, enter "LabConfig" and press enter. - -- (Only for VirtualBox VM Install) Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" - -- Select "I don't have a product key" - -- Accept the agreement - -- Select the flavor you want: - - - Host OS: Use - - - You intend to use Plausible Deniability: Windows Home - - - You do not intend to use Plausible Deniability: Windows Pro - - - VM OS: Use Windows Pro or Windows Pro N - -- Select Custom Install - -- Storage: - - - If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, **select the whole disk** and proceed with the installation (skip the next step). - - - If this is part of a plausible deniability encryption set up on the Host OS: - - - If you are installing Windows for the first time (Hidden OS): - - - Delete the current partitions - - - Create the First partition with at least 50GB of disk space (about a third of the total disk space). - - - Create a second partition with the remaining two-thirds of the total disk space. - - - If you are installing Windows for the second time (Decoy OS): - - - Do not Delete the current partitions - - - Install Windows on the first partition you created during the first install. - - - Proceed with the install in the first partition - -- Start the install process - -- Select the Region "United States" - -- Select the Keyboard Layout and skip a second layout - -- Select "I don't have internet" - -- Select "Continue with limited setup" - -- Create a username of your choice. - -- Use a password of your choice. - -- Select all three security questions and answer whatever you want (not real data). - -- Ddisable Location - -- Disable find my device - -- Disable optional diagnostic data - -- Only send "required diagnostic data" - -- Do not improve Inking and Typing - -- Disable the tailored experience. - -- Disable the Advertising ID - -- Click Accept - -## Privacy Settings: - -- When the install is finished, get into Settings > Privacy and do the following: - - - General: All Off - - - Speech: Off - - - Inking and Typing: Off - - - Diagnostic: Required level at off, options on OFF, **Delete your data**, frequency set to Never - - - Activity History: all Off and Clear the history - - - Location, all Off (change button) and clear it - - - Camera: Disable it (change button) - - - Microphone: Disable it (change button) - - - Voice Activation: All Off - - - Notification: Disable it (change button) - - - Account info: Disable it (change button) - - - Contact info: Disable it (change button) - - - Calendar access: Disable it (change button) - - - Phone calls: Disable it (change button) - - - Call History: Disable it (change button) - - - E-mail: Disable it (change button) - - - Tasks: Disable it (change button) - - - Messaging: Disable it (change button) - - - Radios: Disable it (change button) - - - Other devices: Set to Off - - - Background Apps: Disable it (change button) - - - App Diagnostics: Disable it (change button) - - - Automatic file download disabled - - - Documents: Disable it (change button) - - - Music Library: Disable it (change button) - - - Pictures: Disable it (change button) - - - Videos: Disable it (change button) and set to off - - - File system: Disable it (change button) - - - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. - - - Modify the list and remove all locations. - - - Go into Advanced and click Rebuild. - - - (Host OS only) Disable Bluetooth in the settings: - - - Go into Settings - - - Go into Devices - - - Select Bluetooth and turn it off - -- (Host OS Only) Tape the Webcam and Microphone anyway for extra paranoia. - -- (Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. - -# Appendix B: Windows Additional Privacy Settings - -As written earlier in this guide and as noted by PrivacyGuides.org[^458], Windows 10/11 is a privacy nightmare. And disabling everything during and after the installation using the settings available to you is not enough. The amount of telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need to download and use a couple of utilities to (hopefully) force Windows 10/11 into not sending data back to Microsoft. - -Here are the steps in detail: - -- **DO NOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you are, you should be re-installing this Windows Machine without connecting to a network and use a local account instead.** - -- Do these steps from a different computer. Do not connect Windows 10/11 to the internet before those settings are applied. You can download and copy those to the USB key (for transfer onto a Windows 10/11 fresh installation) or if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable Host to Guest). - - -- (For more advanced users) Download and install W10Privacy from [[Archive.org]](https://web.archive.org/web/https://www.w10privacy.de/english-home/) - - - Open the app as Administrator (right-click > more > run as administrator) - - Check all the recommended (Green) settings and save. - - Optional but recommended (but could break things, use at your own risk), also check the orange/red settings, and save. - - Reboot - -- Download and run WindowsSpyBlocker from [[Archive.org]](https://web.archive.org/web/https://crazymax.dev/WindowsSpyBlocker/download/) - - - Type 1 and go into Telemetry - - Type 1 and go into Firewall - - Type 2 and add Spy Rules - - Reboot - -- Also, consider using ShutUp10++ from [[Archive.org]](https://web.archive.org/web/https://www.oo-software.com/en/shutup10) - - - Enable at least all the recommended settings - -- Finally, again for users with moderate skills, consider installing Safing Portmaster from [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster) **(Warning: there might be issues with some VPN clients. See: ** [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/) - -- Go back one last time to the settings to delete Diagnostic and Delete all Data. - -These measures added to the settings during installation should be hopefully sufficient to prevent Microsoft from snooping on your OS. - -**You will need to update and re-run those utilities frequently and after any Windows major update as they tend to silently re-enable telemetry using those updates.** - -**As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See ** [[Archive.org]](https://web.archive.org/web/https://github.com/beerisgood/windows10_hardening) (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) - -# Appendix C: Windows Installation Media Creation (Windows 10) or Download (Windows 11) - -## Windows 10 - -These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions: - - [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/software-download/windows10) - -- Download the tool and execute it from your Download folder. - -- Agree to the terms - -- Select the process to Create an installation Media. - -- Select Windows 10 64 Bits edition with the language of your choice. - -- Pick which process you want: - - - If installing on a physical computer: Select USB Flash Drive. - - - If installing on a Virtual Machine: Select ISO file and save it. - -- Proceed - -## Windows 11 - -- Go to https://www.microsoft.com/software-download/windows11 and download the ISO. - -# Appendix D: Using System Rescue to securely wipe an SSD drive - -These instructions are valid for all Operating Systems: - -- System Rescue: - - - Create a System Rescue USB disk following these instructions [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/) (download the ISO and write to a USB stick with Rufus). - - - Disable Secure Boot in your BIOS/UEFI settings and change the boot order to the USB disk (System Rescue bootloader is not signed and will not boot with secure boot enabled). - - - Follow the instructions to change the keyboard layout by typing "stkmap". - - - (optional) Run startx afterward to start a graphical environment. - -- SATA SSD: - - - (If you ran startx) Open a terminal - - - ATA Secure Erase: - - - Follow one of these tutorials - - - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) - - - [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) - - - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/wipe_drives_hdparm.html) - - - ATA Sanitize: - - - Follow this tutorial [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/ata_sanitize_hdparm.html) - -- NVMe SSD: - - - (If you ran startx) Open a terminal - - - Follow one of these tutorials: - - - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) - - - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-secure-erase.html) - - - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-sanitize.html) - -# Appendix E: Clonezilla - -- Get Clonezilla by just following these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/liveusb.php) (I recommend the Alternative version AMD64 that should work with most recent laptops) - -- Boot from Clonezilla - -- Follow these steps to make a backup: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image) - - - **If you are backing up a disk with simple Encryption, encryption of the backup is not required since you are backing up an already encrypted disk, but you can still encrypt the backup anyway if you want additional security (and slower backup).** - - - **If you intend to back up a device with plausible deniability encryption, we strongly recommend against it as this backup image could be used to prove the existence of the hidden volume using forensics techniques as explained earlier. Do not make an image backup of the partition containing your hidden OS.** - -- You are done, if you need to restore, follow these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image) - -Each backup could take a while depending on the speed of your laptop and the speed of your external drive. In my experience, expect about 1 hour per backup depending on the drive size and the write speed of your backup media (my tests were done backing up 256GB SSDs on a USB 3.0 7200rpm HDD). - -# Appendix F: Diskpart - -Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, You will use Diskpart to show the Disk ID but also change it if necessary. - -This could be needed if you restore a backup on a new HDD/SSD that has an ID that differs from the one backed up and Windows could refuse to boot. - -Diskpart can be run from any Windows environment using a command prompt. This includes recovery disks created by utilities such as Macrium Reflect, any Windows Installation media, EaseUS Todo Free rescue disks. - -- **Displaying the disk ID** - - - Run Diskpart to enter the Diskpart utility - - - Issue the ```list disk``` command to list the disks - - - Issue the ```sel disk x``` (replace x with your system disk) to select your system disk - - - Issue the ```detail disk``` to show the details of this disk - - - Take note of the disk ID (this should be done BEFORE backing up your disks). - -- **Changing the disk ID** - - - This step should only be done if, after restoring a full disk backup to a new hard drive, Windows refuses to boot - - - Issue the same commands as above on the target new disk - - - Issue, in addition, the command ```uniqueid disk id=02345678``` (where you replace the id by the one you noted before) - -# Appendix G: Safe Browser on the Host OS - -## If you can use Tor: - -This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat)**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** - -This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive activities. - -Refer to [Appendix Y: Installing and using desktop Tor Browser]. - -If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges as explained here: [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/) - -**Use this browser for all the next steps within the host OS unless instructed otherwise.** - -## If you cannot use Tor: - -Because it is too dangerous/risky/suspicious. We would recommend as a last resort using Firefox, or Brave only using Private Windows for now. - -See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] before continuing. - -Only do this from a different safe public Wi-Fi every time (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) and using a long-range connection (See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]). - -Clean all the data from the browser after each use. - -**Use this method for all the next steps within the host OS unless instructed otherwise.** - -# Appendix H: Windows Cleaning Tools - -In this guide we will recommend two-third native tools and two third-party tools: - -- Native Tools: - - - Windows 10/11 Disk Cleanup Utility: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68) - -> This tool will clean up a bunch of things natively. It is not enough, and we instead recommend using the third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly itself and BleachBit will use its own mechanisms. - -- Windows 10/11 Optimize Utility (Defrag on HDD Drives): [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a) (yes the tutorial is for Windows 10 but should work on 11 too) - -> For security, this tool is particularly useful on SSD drives at this "Optimize" function will in fact force a Disk wide Trim operation to occur. This will most likely be more than enough to make sure any deleted data that was not trimmed before for any reason will be this time. Deleted data with Trim is very unlikely to be recovered as explained before in this guide. - -- Third-Party Tools: - - - The open-source utility BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/) - - - The closed-source utility PrivaZer [[Archive.org]](https://web.archive.org/web/https://privazer.com/) - -I prefer PrivaZer because it has more customization and smarter features, but we would understand if you do not trust them and prefer open-source software in which case we would recommend BleachBit which offers a bit less customization but similar functionalities. - -Both these tools can be used for cleaning many things such as: - -- The Windows USN journal which stores plenty of information. - -- The Windows System Resource Usage Monitor (SRUM)[^461]. - -- Various histories of various programs (such as the recent lists). - -- Various logs - -- The free (unallocated) space of your hard drive][^462]. - -- Secure deletion of files - -- Secure wiping of USB drives - -Both these utilities can delete files and can overwrite the free space after deletion to improve secure deletion even on SSD drives. Remember this can reduce the lifespan of your SSD drives a bit. - -# Appendix I: Using ShredOS to securely wipe an HDD drive: - -Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/))) for this but we will recommend the use of ShredOS. - -Feel free to go with DBAN instead if you want (using this tutorial: [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148)), the process is basically the same but will not work out of the box with UEFI laptops. - -If you want to go with System-Rescue, just head to their website and follow the instructions. - -## Windows: - -- Download ShredOS from [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) - -- Unzip the ISO file - -- Download Rufus from [[Archive.org]](https://web.archive.org/web/https://rufus.ie/) - -- Launch Rufus - -- Select the ShredOS IMG file - -- Write it to a USB key - -- When done, reboot and boot the USB key (you might have to go into your BIOS settings to change the boot order for this). - -- Follow the instructions on the screen - -## Linux: - -- Follow instructions on [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) - -- Reboot and boot the USB key - -- Follow the instructions on the screen - -# Appendix J: Manufacturer tools for Wiping HDD and SSD drives: - -**Always check your laptop BIOS/UEFI for native utilities first.** - -**Be sure to use the right wipe mode for the right disk. Wipe and Passes are for HDD drives. There are specific options for SSD drives (such as ATA Secure Erase or Sanitize).** - -Unfortunately, most of these tools are Windows only. - -## Tools that provide a boot disk for wiping from boot: - -- SanDisk DashBoard: [[Archive.org]](https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information) - -- Seagate SeaTools: [[Archive.org]](https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/) - -- Samsung Magican: [[Archive.org]](https://web.archive.org/web/https://www.samsung.com/semiconductor/minisite/ssd/download/tools/) - -- Kingston SSD Manager: [[Archive.org]](https://web.archive.org/web/https://www.kingston.com/unitedstates/en/support/technical/ssdmanager) - -- Lenovo: - - - Most likely native utility available within the BIOS/UEFI, please check - - - Drive Erase Utility: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad) - -- Crucial Storage Executive: [[Archive.org]](https://web.archive.org/web/https://www.crucial.com/support/storage-executive) - -- Western Digital Dashboard: [[Archive.org]](https://web.archive.org/web/https://support.wdc.com/downloads.aspx?p=279) - -- HP: Follow instructions on [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd) - -- Transcend SSD Scope: [[Archive.org]](https://web.archive.org/web/https://www.transcend-info.com/Support/Software-10/) - -- Dell: - - - Most likely native utility available within the BIOS/UEFI, please check [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt) - -## Tools that provide only support from running OS (for external drives). - -- Toshiba Storage Tools: [[Archive.org]](https://web.archive.org/web/https://www.toshiba-storage.com/downloads/) - -# Appendix K: Considerations for using external SSD drives - -**I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, we recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).** - -Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) - -Some might be very efficient[^464] but many are gimmicky gadgets. - -If you want to use an external SSD drive for sensitive storage: - -- Please consider the support for: - - - Trim operations and ATA/NVMe secure erase operations from your Laptop USB controller. - - - Trim operations and ATA/NVMe secure erase operations from your USB SSD disk itself. - -- Always use full disk encryption on those disks - -- **Use the manufacturer-provided tools to securely erase them if possible.** - -- Consider manually wiping data on them after use by doing a full decryption/encryption or filling them completely with random data. - -So how to check if your external USB SSD supports Trim and other ATA/NVMe operations from your Host OS? - -## Windows: - -### Trim Support: - -It is possible Windows will detect your external SSD properly and enable Trim by default. Check if Optimize Works using the Windows Native disk utility as explained in the internal SSD section of Windows. - -### ATA/NVMe Operations (Secure Erase/Sanitize): - -**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo [[Archive.org]](https://web.archive.org/web/https://element.io/) but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. - -If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section. - -## Linux: - -### Trim Support: - -Follow this good tutorial: [[Archive.org]](https://web.archive.org/web/https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux) - -### ATA/NVMe Operations (Secure Erase/Sanitize): - -**It is not "recommended". Please read the disclaimers here ** [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) **and here ** [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) - -But this seems to be based on anecdotal experiences. So, if you are sure your external SSD supports Trim (see vendor documentation). You could just **try at your own risk** to use nvme-cli or hdparm to issue secure erases. - -See also this tutorial [[Archive.org]](https://web.archive.org/web/https://code.mendhak.com/securely-wipe-ssd/) - -**Your mileage may vary. Use at your own risk.** - -## macOS: - -### Trim Support: - -According to Apple Documentation[^455], Trim is supported on APFS (asynchronously) and HFS+ (through period trim or first-aid). - -So, if it is supported (and enabled on your external SSD), you should be able to issue a Trim on a non-APFS drive using Disk Utility and First Aid which should issue a Trim. - -If your disk supports it but it is not enabled in macOS. You could try issuing a "sudo trimforce enable" command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789)) - -If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]](https://web.archive.org/web/https://cindori.org/trimenabler/) which claims support for external drives. - -### ATA/NVMe Operations (Secure Erase/Sanitize): - -We are not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options: - -- Use a bootable System Rescue USB Linux to do it - -- Just decrypt and re-encrypt the drive using Disk Utility or Veracrypt - -- Fill up the free space of the disk using the Linux method (dd) - -# Appendix L: Creating a mat2-web guest VM for removing metadata from files - -Download the latest Debian testing amd64 netinst ISO from [[Archive.org]](https://web.archive.org/web/https://www.debian.org/CD/netinst/) - -**(Get testing to get the latest mat2 release, stable is a few versions back)** - -This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway, Whonix will not easily allow communications between VMs on its network by default. You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later, or install it from a VM within a VM then move it to host OS for Host-Only usage like we show below: - -1. Create a new machine with any name like **Mat2**. -2. Select **Linux** for the Type. -3. Select **Debian (64-bit)** as the Version. -4. Leave the default options and click **Create**. -5. Select the VM and click **Settings**. -6. Select **System** and disable the **Floppy disk** on the Motherboard tab. -7. Select the Processor tab and **enable PAE/NX**. -8. Select **Audio** and **disable Audio**. -9. Select **USB** and **disable the USB controller**. -10. Select **Storage** and select the CD drive to mount the Debian Netinst ISO. -11. Select **Network** and **Attach to NAT**. -12. Launch the VM. -13. Select **Install** (not Graphical install). -14. Select **Language**, **Location**, and **Keyboard layout** as you wish. -15. Wait for the network to configure (automatic DHCP). This takes a few seconds. -16. Pick a name like **Mat2**. -17. Leave the **domain** empty. -18. Set a **root** password as you wish (preferably a good one). -19. Create a new **user** and **password** as you wish (preferably a good one). -20. Select the **Time Zone** of your choice. -21. Select **Guided - Use the entire disk**. -22. Select the only disk available (**/dev/sda** in our case). -23. Select **All files in one partition**. -24. Confirm and write changes to the disk. -25. Select **No** to scan any other CD or DVD. -26. Select any region and any mirror of your choice and leave **proxy** blank. -27. Select **No** to take part in any survey. -28. Select **only System Standard Utilities**. Uncheck everything else using **space**. -29. Select **Yes** to install GRUB bootloader. -30. Select **/dev/sda** and continue. -31. Complete the install and reboot. -32. Log in with your **user** or **root**. You should never use root directly as a best security practice but in this case, it is okay. -33. Update your install by running ```apt upgrade```. It should be upgraded since it is a net install, but we're double checking. -34. Install the necessary packages for mat2 by running ```apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```. -35. Go to the **/var/www** directory by running ```cd /var/www/```. -36. **Clone mat2-web** from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```. -37. **Create a directory for uploads** by running ```mkdir ./mat2-web/uploads/```. -38. **Give permissions to Apache2** to read the files by running ```chown -R www-data:www-data ./mat2-web```. -39. **Enable apache2 uwsgi proxy** by running ```/usr/sbin/a2enmod proxy_uwsgi```. -40. **Upgrade pip** by running ```python3 -m pip install pip --upgrade```. -41. **Install these Python modules** by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```. -42. **Move to the config directory** of mat2 by running ```cd /var/www/mat2-web/config/```. -43. **Copy the apache2 config file** to **/etc** by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```. -44. **Remove the default config file** by running ```rm /etc/apache2/sites-enabled/000-default.conf```. -45. **Edit the apache2 config file** provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```. -46. **Remove the first line** ```Listen 80``` by typing **Ctrl+K** to cut the line. -47. **Change the uwsgi path** from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and type **Ctrl+X** to exit, followed by **Y** then **Enter**. -48. **Copy the uwsgi config file** to **/etc** by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```. -49. **Edit the uwsgi config file** by typing ```nano /etc/uwsgi/apps-enabled/uwsgi.ini``` and change **uid** and **guid** to ```nobody``` and ```nogroup``` respectively. Save and exit with **Ctrl+X**, followed by **Y**, then **Enter**. -50. Run ```chown -R 777 /var/www/mat2-web``` to change ownership to **mat2-web**. -51. **Restart uwsgi** by running ```systemctl restart uwsgi```. There should be no errors. -52. **Restart apache2** by running ```systemctl restart apache2```. There should be no errors. -53. Now navigate to **Settings** > **Network** > **Attached to** and **select Host-only Adapter**. Click **OK** to save. -54. Reboot the VM via **Machine** > **Reset**. Confirm the reset. -55. Log into the VM as the **user** from **Step 19** and type ```ip a```. Note the IP address it was assigned under link/ether, the one that has **192.168.\*.\***. -56. From the VM Host OS, **open a Browser** and navigate to the IP of your Debian VM. It will be something like: **http://192.168.1.55**. -57. You should now see a Mat2-Web website running smoothly. -58. **Shutdown the Mat2 guest VM** by running ```shutdown -h now``` to halt the machine. -59. **Take a snapshot of the VM** within Virtualbox while the guest VM is shutdown. - -**Restart the Mat2 VM* and you are ready to use Mat2-web to remove metadata from most files!** - -After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files. This VM does not require any internet access unless you want to update it, in which case, you need to place it back on the **NAT network** and do the next steps. - -For updates of Debian, **start the VM** and run ```apt update``` followed by ```apt upgrade```. - -For updates of mat2-web, type ```cd /var/www/mat2-web``` and run ```git pull```. - -After updates, shutdown, change to the **Host-only Adapter**, take a new snapshot, remove the earlier one. - -You are done. - -Now you can just start this small Mat2 VM when needed. Browse to it from your Guest VM and use the interface to remove any metadata from most files. After each use of this VM, you should revert to the Snapshot to erase all traces. - -**Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.** - -# Appendix M: BIOS/UEFI options to wipe disks in various Brands - -Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS for various brands: - -- Lenovo ThinkPads: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/be/en/solutions/migr-68369) - -- HP (all): [[Archive.org]](https://web.archive.org/web/https://support.hp.com/gb-en/document/c06204100) - -- Dell (all): [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe) - -- Acer (Travelmate only): [[Archive.org]](https://web.archive.org/web/https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks) - -- Asus: no option AFAIK except maybe for some ROG models. - -- Gigabyte: no option AFAIK - -- Honor: no option AFAIK - -- Huawei: no option AFAIK - -# Appendix N: Warning about smartphones and smart devices - -When conducting sensitive activities, remember that: - -- **You should not bring your real smartphone or smart devices with you (even turned off).** Correlation attacks are possible on the Cell Networks to find which phone "turned off" before your burner phone "turned on". While this might not work the first time, after a few times, the net will tighten, and you will get compromised. It is better to leave your main smartphone at home online (see this article (Russian, use Google Translate link): [[Google Translate]](https://translate.google.com/translate?hl=&sl=ru&tl=en&u=https%3A%2F%2Fbiboroda.livejournal.com%2F4894724.html&anno=2) [[Archive.org]](https://web.archive.org/web/https://biboroda.livejournal.com/4894724.html)**)** - -- **Again, do not take them with you unless it is absolutely necessary.** **If you really must,** you could consider powering it off and removing the battery or, if not possible, the use of a faraday cage[^466] bag to store your devices. There are many such faraday "signal blocking" bags available for sale and some of these have been studied[^467] for their effectiveness. If you cannot afford such bags, you can probably achieve a "decent result" with one or several sheets of aluminum foil (as shown in the previously linked study). - - - Warning: consider that sensor data itself can also be reliably used to track you[^468]'[^469]. - - - Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. - - - **This could also include your car which could for example have a cell network device (including at least an IMEI) and a functionality to call emergency services** - -Additionally, if using a smartphone as a burner, know that they send a lot of diagnostics by default. Enough to potentially identify you based on your device usage patterns (a technique known as biometric profiling). You should avoid using your burner unless absolutely necessary, to minimize the information that can be collected and used to identify you. - -**Lastly, you should also consider this useful sheet from the NSA about Smartphone security: .** - -**Note: Please do not consider commercial gimmicky all-in devices for anonymity. The only way to achieve proper OPSEC is by doing it yourself. See those examples to see why it is not a clever idea:** - -- **AN0M: ** [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history) - -- **Encrochat: ** [[Wikiless]](https://wikiless.org/wiki/EncroChat) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/EncroChat) - -- **Sky ECC: ** [[Wikiless]](https://wikiless.org/wiki/Sky_ECC) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC) - -**You should never rely on an external commercial service to ensure your first line of anonymity. But you will see that paid services can still be used later from an already anonymous identity if bought anonymously while observing good operational security.** - -# Appendix O: Getting an anonymous VPN/Proxy - -If you follow our advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (for example Monero). You will later be able to use this VPN to connect to various services anonymously but **never directly from your IP**. This VPN can never be used in any other non-anonymous context without jeopardzing your anonymity. - -There are, two viable options: - -## Cash/Monero-Paid VPN: - -There are three VPN companies recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/vpn/)) that accept cash payments: Mullvad, iVPN, and Proton VPN. - -Here are their logging policies: - -- Mullvad: [[Archive.org]](https://web.archive.org/web/20230804185207/https://mullvad.net/en/help/no-logging-data-policy/) - - - Audit by Radically Open Security, August 2023 [[Archive.org]](https://web.archive.org/web/20230809102621/https://mullvad.net/en/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security/) - -- iVPN: [[Archive.org]](https://web.archive.org/web/20230803174609/https://www.ivpn.net/privacy) - - - Audit by Cure53, March 2023 [[Archive.org]](https://web.archive.org/web/20230703163859/https://www.ivpn.net/blog/ivpn-infrastructure-audit-concluded/) - -- ProtonVPN: [[Archive.org]](https://web.archive.org/web/20230731142926/https://protonvpn.com/support/no-logs-vpn/) - - - Audits by SEC Consult, [[Archive.org]](https://web.archive.org/web/20230805163006/https://protonvpn.com/blog/open-source/) - -In addition, we will also mention a newcomer to watch: Safing SPN [[Archive.org]](https://web.archive.org/web/https://safing.io/spn/)) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN". This possibility is "provisional" and at your own risk. Note that Safing SPN is not available on macOS at the moment, nor is it free, but we think was worth mentioning. - -We are not affiliated with any brands as pointed out in our [Constitution](/constitution.html). Personally, for now, we would recommend Mullvad due to personal experience. - -**We would not recommend Proton VPN as much because they do require an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also has a tendency to require phone number verification for users who register over Tor.** - -How does this work? - -- Access the VPN website with a Safe Browser (see [Appendix G: Safe Browser][Appendix G: Safe Browser on the Host OS]) - -- Go to iVPN, Mullvad, or Safing website and create a new Account ID (on the login page). - -- This page will give you an account ID, a token ID (for payment reference), and the details of where to send the money by post. - -- Send the required cash amount for the subscription you want in a sealed postal envelope to their offices, including a paper with the Token ID without a return address, or pay with Monero if available. If they do not accept Monero but do accept BTC, consider [Appendix Z: Paying anonymously online with BTC][Appendix Y: Installing and using desktop Tor Browser] - -- Wait for them to receive the payment and enable your account (this can take a while). - -- Open Tor Browser. - -- Check your account status and proceed when your account is active. - -For extra-security consider: - -- Wearing gloves while manipulating anything to avoid leaving fingerprints[^470] and touch DNA[^471]. - - A less-obvious alternative could be to put super glue on your fingertips, to avoid making it obvious you're wearing gloves. However, this can prevent effective use of touchscreens, as well as failing to as effectively prevent you from touch DNA. Also, if spotted, it can be quite suspicious to be caught with super glue on your fingers. - -- Do not use any material/currency that was manipulated by someone that can be related to you in any way. - -- Do not use the currency you just got from an ATM that could record dispensed bills serial numbers. - -- Be careful if you print anything that it is not watermarked by your printer (See [Printing Watermarking]). - -- Do not lick the envelope or the stamps[^472] if you use them to avoid leaving DNA traces. - -- Make sure there are no obvious DNA traces in or on the materials (like hairs). - -- Consider doing the whole operation outdoor to reduce the risks of residual DNA traces from your environment or you contaminating the materials. - - The more people frequent a space, the lower the risk, as your DNA will be obscured by the DNA of other people as they pass through - -- Security cameras can be a risk. Try to cover your face. Also, gait recognition may be a concern. See [Gait Recognition and Other Long-Range Biometrics] - -**Do not in any circumstance use this new VPN account unless instructed or connect to that new VPN account using your known connections. This VPN will only be used later in a secure way as we do not trust VPN providers' "no-logging policies". This VPN provider should ideally never know your real origin IP (your home/work one for instance).** - -## Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux): - -The other alternative is setting up your own VPN/Proxy using a VPS (Virtual Private Server) on a hosting platform that accepts Monero (recommended). - -**This will offer some advantages as the chances of your IP being block-listed somewhere are lower than known VPN providers.** - -This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial system and then pick a hosting (list here [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/)) or from a local reseller using cash from . - -**Do not in any circumstance use this new VPS/VPN/Proxy using your known connections. Only access it through Tor using Whonix Workstation for instance (this is explained later). This VPN will only be used later within a Virtual Machin over the Tor Network in a secure way as we do not trust VPN providers' "no-logging policies". This VPN provider should never know your real origin IP.** - -Please see [Appendix A1: Recommended VPS hosting providers] - -### VPN VPS: - -There are plenty of tutorials on how to do this like this one [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/vpn/guides/create-your-own-vpn-server) - -### Socks Proxy VPS: - -This is also an option obviously if you prefer to skip the VPN part. - -It is probably the easiest thing to set up since you will just use the SSH connection you have to your VPS and no further configuration should be required besides setting the browser of your guest VM to use the proxy in question. - -Here are a few tutorials on how to do this very quickly: - -- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/) - -- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) - -- (Windows) [[Archive.org]](https://web.archive.org/web/https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/) - -- (Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/) - -Here is my basic tutorial: - -#### Linux/macOS: - -Here are the steps: - -- Get your anonymous VPS set-up - -- From a terminal, SSH to your server by running: ```ssh -i ~/.ssh/id_rsa -D 8080 -f -C -q -N username@ip_of_your_server``` - -- Configure your browser to use localhost:8080 as a Socks Proxy for Browsing - -- Done! - -Explanation of arguments: - -- -i: The path to the SSH key to be used to connect to the host - -- -D: Tells SSH that we want a SOCKS tunnel on the specified port number (you can choose a number between 1025 and 65536) - -- -f: Forks the process to the background - -- -C: Compresses the data before sending it - -- -q: Uses quiet mode - -- -N: Tells SSH that no command will be sent once the tunnel is up - -#### Windows: - -Here are the steps: - -- Get your anonymous VPS set-up - -- Download and install Putty from [[Archive.org]](https://web.archive.org/web/https://www.putty.org/) - -- Set the following options in Putty and connect to your server - -![image51](media/image51.png) - -- Connect to your VPS using those settings - -- Configure your Browser to use localhost:8080 as a Socks Proxy - -- Done! - -# Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option - -**USE EXTREME CAUTION: THIS IS HIGHLY RISKY.** - -There might be worst-case situations where using Tor and VPNs are not possible due to extensive active censorship or blocking. Even when using Tor Bridges (see [Appendix X: Using Tor bridges in hostile environments]) - -Now, there might also be situations where simply using Tor or a VPN alone could be suspicious and could be dangerous for your safety. If this is the case, you could be in a very hostile environment where surveillance and control are high. - -But you still want to do something anonymously without disclosing/leaking any information. - -In that case, my last resort recommendation is to connect safely **from a distance** to a Public Wi-Fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) using your laptop and Tails "unsafe browser". See [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/Unsafe_Browser/). - -**If Tor usage alone is suspicious or risky, you should NOT allow Tails to try establishing a Tor connection at start-up by doing the following:** - -- At startup open the Additional Settings. - -- Enable Unsafe Browser. - -- Change the Connection from Direct to "Configure a Tor Bridge or Local Proxy" - -- After Start-up, Connect to a safe Network - -- When prompted, just quit the Tor Connection Wizard (to not establish a Tor connection) - -- Start and use the Unsafe Browser - -**We would strongly recommend the use of a long-range "Yagi" type directional Antenna with a suitable USB Wi-Fi Adapter. At least this will allow you to connect to public Wi-Fis from a "safe distance" but keep in mind that triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be used during an extended period (minutes at best). See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:].** - -Using Tails should prevent local data leaks (such as MAC addresses or telemetry) and allow you to use a Browser to get what you want (utilities, VPN account) before leaving that place as fast as possible. - -You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile environments if you want data persistence but this might be riskier. We would not risk it personally unless there was absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable VM in all cases. Never from the Host OS. - -**If you resort to this, please keep your online time as short as possible (minutes and not hours).** - -**Be safe and extremely cautious. This is entirely at your own risk.** - -Consider reading this older but still relevant guide [[Archive.org]](https://web.archive.org/web/https://archive.flossmanuals.net/bypassing-censorship/index.html) - -# Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance: - -It is possible to access/connect to remote distant Public Wi-Fis from a distance using a cheap directional Antenna that looks like this: - -![image52](media/image52.png) - -These antennas are widely available on various online shops for a cheap price (Amazon, AliExpress, Banggood ...). The only issue is that they are not discrete, and you might have to find a way to hide it (for instance in a Poster cardboard container in a Backpack). Or in a large enough Bag. Optionally (but riskier) you could even consider using it from your home if you have a nice Window view to various places where some Public Wi-Fi is available. - -Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently high power to use them. - -**We would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]](https://web.archive.org/web/https://www.alfa.com.tw/)**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]](https://web.archive.org/web/https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/)). - -See this post for a comparison of various adapters: [[Archive.org]](https://web.archive.org/web/https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html) (Usually those antennas are used by Penetration Testers to probe Wi-Fis from a distance and are often discussed within the scope of the Kali Linux distribution). - -The process is simple: - -- Plugin and install your USB adapter on your Host OS. - -- **Do not forget to randomize your MAC Address in case you bought this adapter online to prevent traceability (this is enabled by default in Tails).** - -- Connect the Long-Range Antenna to the USB adapter (in place of the supplied one). - -- Get to a convenient spot where you have a distant view of a place with Public Wi-Fi available (this can be a rooftop for instance), but you could also imagine hiding the Antenna in some bag and just sit on a bench somewhere. - -- Point the Directional Antenna in the direction of the Public Wi-Fi. - -- Connect to the Wi-Fi of your choice. - -**Do not forget tho that this will only delay a motivated adversary. Your signal can be triangulated easily by a motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you're connecting to (for instance using a device such as AirCheck ** [[Invidious]](https://yewtu.be/watch?v=8FV2QZ1BPnw)**, also see their other products here ** [[Archive.org]](https://web.archive.org/web/https://www.netally.com/products/)**). These products can easily be deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes.** - -Ideally, this should "not be an issue" since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security. - -# Appendix R: Installing a VPN on your VM or Host OS - -Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor): - -- Whonix Tutorial (should work with any VPN provider): [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) (use the Linux configurations below to get the necessary configuration files) - -- Windows Tutorials: - - - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-windows/) - - - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-windows) - - - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/windows) - - - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-windows-vpn-application/) - -- macOS: - - - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-and-use-mullvad-app-macos/) - - - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-macos/) - - - Safing: Not available on macOS - - - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-mac-vpn-application/) - -- Linux: - - - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-linux/) - - - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-linux/) - - - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/linux) - - - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/linux-vpn-setup/) - -**Important note: Tor does not support UDP, and you should use TCP instead with the VPN client in the Tor over VPN cases (on the VMs).** - -In all cases, you should set the VPN to start from boot and enable the "kill switch" if you can. This is an extra step since this guide proposes solutions that all fall back on the Tor network in case of VPN failure. - -Here are some guides provided by the recommended VPN providers in this guide: - -- Windows: - - - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/) - - - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/what-is-kill-switch/) - - - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/using-mullvad-vpn-app/) - -- Whonix Workstation: Coming Soon, it is certainly possible, but we did not find a suitable and easy tutorial yet. It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. - -- macOS: - - - Mullvad same as Windows, the option should be in the provided VPN client - - - iVPN same as Windows, the option should be in the provided VPN client - - - Proton VPN same as Windows with the client, the option should be in the provided VPN client [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/blog/macos-vpn-kill-switch/) - -- Linux: - - - Mullvad: - - - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/wireguard-and-mullvad-vpn/) - - - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/linux-openvpn-installation/) - - - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md) - - - iVPN: - - - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/) - - - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/) - -# Appendix S: Check your network for surveillance/censorship using OONI - -So, what is OONI? OONI stands for Open Observatory of Network Interference and is a sub-project of the Tor Project[^296]. - -First OONI will allow you to check online for surveillance/censorship in your country just by looking at their Explorer that features test results from other people. This can be done here: - -But these tests are limited and could not apply to your personal situation. If that is the case, you could consider running the OONI Probe yourself and running the tests yourself. - -The problem is that your network providers will be able to see those tests and your attempts at connecting to various services if the network is monitored. The other issue is that there are solutions to prevent OONI from working properly[^473]. - -While this might not be important in a normal environment, this could put you at risk in a hostile environment. **So, running these tests can be risky.** - -**If you are in such a hostile environment where you suspect network activity is actively monitored and the simple fact of trying to access some resources can put you at risk, you should take some precautions before even attempting this:** - -- **Do not run the tests from your home/work network.** - -- **Do not run these tests from a known device or a smartphone but only for a secured OS on an ideally dedicated laptop.** - - - **You will not be able to do this from Tails as Tails will try to connect to Tor by default** - - - **You should only do this with the Qubes OS route or the Whonix Route of this guide after completing one of the routes.** - -- **Only consider running these tests quickly from a Public Wi-Fi from a safe distance (see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]).** - -The probe can be found here: [[Archive.org]](https://web.archive.org/web/https://ooni.org/install/) for various platforms (iOS, Android, Windows, macOS, and Linux). - -# Appendix T: Checking files for malware - -## Integrity (if available): - -Usually, integrity checks[^474] are done using hashes of files (usually stored within checksum files). Older files could use CRC[^475], more recently MD5[^476] but those present several weaknesses (CRC, MD5 [^477] that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts). - -This is because they do not prevent Collision[^478] well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content. - -For this reason, it is usually recommended to use SHA-based [^479] hashes and the most used is probably the SHA-2[^480] based SHA-256 for verifying file integrity. SHA is much more resistant to collisions[^481] than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary. - -If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. Note that SHA-1 is not recommended, but is better than not having a hash to compare. - -This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone). - -In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity. - -So how to check checksums? (In this case SHA-256 but you could change to SHA-512 - -- Windows[^482]: - - - Open a Command Prompt - - - Run ```certutil -hashfile filename.txt sha256``` (replace sha256 by sha1 or sha512 or md5) - - - Compare your result to one from a source you trust for that file - -- macOS : - - - Open a Terminal - - - SHA: Run ```shasum -a 256 /full/path/to/your/file``` (replace 256 by 512 or 1 for SHA-1) - - - MD5: Run ```md5 /full/path/to/your/file``` - - - Compare your result to one from a source you trust for that file - -- Linux: - - - Open a Terminal - - - Run ```shasum /full/path/to/your/file``` (replace shasum by sha256sum, sha512sum or md5sum) - - - Compare your result to one from a source you trust for that file - -**Remember that checksums are just checksums. Having a matching checksum does not mean the file is safe.** - -## Authenticity (if available): - -Integrity is one thing. Authenticity is another thing. This is a process where you can verify some information is authentic and from the expected source. This is usually done by signing information (using GPG[^484] for instance) using public-key cryptography[^485]. - -Signing can serve both purposes and allow you to check for both integrity and authenticity. - -If available, you should always verify the signatures of files to confirm their authenticity. - -In essence: - -- Install GPG for your OS: - - - Windows: gpg4win ( [[Archive.org]](https://web.archive.org/web/https://www.gpg4win.org/)) - - - macOS: GPGTools ( [[Archive.org]](https://web.archive.org/web/https://gpgtools.org/)) - - - Linux: It should be pre-installed in most distributions - -- Download the Signature key from a trusted source. If someone is not giving you a key directly, you should check for multiple versions on other websites to confirm you are using the right key (GitHub, GitLab, Twitter, Keybase, Public Keys Servers...). - -- Import the trusted key (replace keyfile.asc by the filename of the trusted key): - - - Windows: - - - From a Command Prompt, Run ```gpg --import keyfile.asc``` - - - macOS: - - - From a Terminal, Run ```gpg --import keyfile.asc``` - - - Linux: - - - From a Terminal, Run ```gpg --import keyfile.asc``` - -- Verify the file signature against the imported (trusted) signature (replace filetoverify.asc by the signature file that was associated with the file, replace filetoverify.txt by the actual file to verify): - - - Windows: - - - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` - - - The result should show the signature is good and match the trusted signature you imported earlier. - - - macOS: - - - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` - - - The result should show the signature is good and match the trusted signature you imported earlier. - - - Linux: - - - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` - - - The result should show the signature is good and match the trusted signature you imported earlier. - -For some other tutorials, please see: - -- [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/how-to-verify-signature/) - -- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/vm/index.en.html) (See Basic OpenPGP verification). - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Verify_the_Whonix_images) - -All these guides should also apply to any other file with any other key. - -## Security (checking for actual malware): - -**Every check should ideally happen in sandboxed/hardened Virtual Machines. This is to mitigate the possibilities for malware to access your Host computer.** - -### Anti-Virus Software: - -You might be asking yourself, what about Anti-Virus solutions? Well, no ... these are not perfect solutions against many modern malware and viruses using polymorphic code[^486]. But it does not mean they cannot help against less sophisticated and known attacks. It depends on how to use them as AV software can become an attack vector in itself. - -Again, this is all a matter of threat modeling. Can AV software help you against the NSA? Probably not. Can it help you against less resourceful adversaries using known malware? Probably. - -Some will just argue against them broadly like Whonix[^487] but this topic is being discussed and disputed even at Whonix[^488] by other members of their community. - -Contrary to popular myths perpetuating the idea that only Windows is subject to malware and that detection tools are useless on Linux and macOS: - -- Yes, there are viruses and malware for Linux[^489]'[^490]'[^491]'[^492]'[^493] - -- Yes, there are viruses and malware for macOS[^501]'[^494][^495]'[^496][^497] - -My take on the matter is on the pragmatic side. There is still room for some AV software for some selective and limited use. But it depends on which one and how you use them: - -- Do not use AV software with real-time protection as they often run with administrator privileges and can become an attack vector. - -- Do not use Commercial AV software that uses any "cloud protection" or sends extensive telemetry and samples to their company. - -- Do use Open-Source non-real-time offline Anti-Virus/Anti-Malware tools as an added measure to scan some files such as: - - - Windows/Linux/macOS/Qubes OS: ClamAV ( [[Archive.org]](https://web.archive.org/web/https://www.clamav.net/)) - - - Linux/Qubes OS: RFXN Linux Malware Detect ( [[Archive.org]](https://web.archive.org/web/https://github.com/rfxn/linux-malware-detect)) - - - Linux/Qubes OS: Chkrootkit ( [[Archive.org]](https://web.archive.org/web/http://www.chkrootkit.org/)) - -- You could also use online services for **non-sensitive files*** such as VirusTotal () or Hybrid-analysis (). - - - You could also just check the VirusTotal database for the hash of your file if you don't want to send it over (see [[Archive.org]](https://web.archive.org/web/https://developers.virustotal.com/v3.0/docs/search-by-hash) (See the [Integrity (if available):] section again for guidance on how to generate hashes). - - - Other tools are also available for non-sensitive files and a convenient list is right here: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) - -* **Please be aware that while VirusTotal might seem very practical for scanning various files, their "privacy policy" is problematic (see ** [[Archive.org]](https://web.archive.org/web/https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy)**) and states:** - -"When you submit Samples to the Services, if you submit Samples to the Services, You will collect all of the information in the Sample itself and information about the act of submitting it". - -**So, remember that any document you submit to them will be kept, shared, and used commercially including the content. So, you should not do that with sensitive information and rely on various local AV scanners (that do not send samples online).** - -So, if you are in doubt: - -- For non-sensitive files, we do encourage you to check any documents/images/videos/archives/programs you intend to open with VirusTotal (or other similar tools) because ... Why not? (Either by uploading or checking hashes). - -- For sensitive files, we would recommend at least an offline unprivileged ClamAV scan of the files. - -For instance, this guide's PDF files were submitted to VirusTotal because it is meant to be public knowledge and we see no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check. - -### Manual Reviews: - -You can also try to check various files for malware using various tools. This can be done as an extra measure and is especially useful with documents rather than apps and various executables. - -These methods require more tinkering but can be useful if you want to go the extra length. - -#### PDF files: - -Again, regarding the PDFs of this guide and as explained in the README of my repository, you could check for anomalies using PDFID which you can download at [[Archive.org]](https://web.archive.org/web/https://blog.didierstevens.com/programs/pdf-tools/): - -- Install Python 3 (on Windows/Linux/macOS/Qubes OS) - -- Download PDFID and Extract the files - -- Run "python pdfid.py file-to-check.pdf" and you should see these at 0 in the case of the PDF files in this repository: - -``` - -/JS 0 #This indicates the presence of Javascript - -/JavaScript 0 #This indicates the presence of Javascript - -/AA 0 #This indicates the presence of automatic action on opening - -/OpenAction 0 #This indicates the presence of automatic action on opening - -/AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript - -/JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content - -/RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash - -/Launch 0 #This counts the launch actions - -/EmbeddedFile 0 #This indicates there are embedded files within the PDF - -/XFA 0 #This indicates the presence of XML Forms within the PDF - -``` - -Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious: - -- **Qubes OS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-app-linux-pdf-converter) which will convert your PDF into a flattened image file. This should theoretically remove any malicious code in it. Note that this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). - -- **(Deprecated) Linux/Qubes OS** (or possibly macOS through Homebrew or Windows through Cygwin): Consider not using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/pdf-redact-tools) which will also turn your PDF into a flattened image file. Again, this should theoretically remove any malicious code in it. Again, this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). **Note that this tool is deprecated and relies on a library called "ImageMagick" which is known for several security issues**[^498]**. You should not use this tool even if it is recommended in some other guides.** - -- **Windows/Linux/Qubes/OS/macOS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^499]. Consider installing this within a Linux VM for convenience instead of a Windows OS). - -#### Other types of files: - -Here are some various resources for this purpose where you will find what tool to use for what type: - -- **For Documents/Pictures:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^500]. Consider installing this within a Linux VM for convenience instead of a Windows OS). - -- **For Videos:** Be extremely careful, use an up-to-date player in a sandboxed environment. Remember [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) - -- This practical cheat sheet from SANS: [[Archive.org]](https://web.archive.org/web/https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf) (warning, many of those tools might be harder to use on Windows and you might consider using them from a Linux OS such as Tails, Whonix Workstation, or a Linux distribution of your choice as explained later in this guide. There are also other guides out there[^501] that might be of use). - -- This GitHub repository with various resources on malware analysis: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) - -- This interesting PDF detailing which tool to use for which file type [[Archive.org]](https://web.archive.org/web/https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf) - -**Even with all those resources, keep in mind you might still get advanced malware if those are not detected by those various tools. Be careful and remember to handle these files within isolated Virtual Machines, if possible, to limit the attack surface and vectors.** - -# Appendix U: How to bypass (some) local restrictions on supervised computers - -There might be situations where the only device you have at your disposal is not really yours such as: - -- Using a Work computer with restrictions in place on what you can do/run. - -- Misuse of Parental control features to monitor your computer usage (despite you being a non-consenting Adult). - -- Misuse of various monitoring apps to monitor your computer usage against your will. - -The situation might look desperate, but it is not necessarily the case as there are some safe ways to bypass these depending on how well your adversaries did their job securing your computer. - -## Portable Apps: - -There are plenty of methods you could use to bypass those restrictions locally. One of them would be to use portable apps[^502]. Those apps do not require installation on your system and can be run from a USB key or anywhere else. - -**But this is not a method we would recommend.** - -This is because those portable apps will not necessarily hide themselves (or be able to hide themselves) from the usage reports and forensic examination. This method is just too risky and will probably arise issues if noticed if you are in such a hostile environment. - -Even the most basic controls (supervision or parental) will send out detailed app usage to your adversary. - -## Bootable Live Systems: - -This method is the one we would recommend in those cases. - -It is relatively easy for your adversary to prevent this by setting up firmware BIOS/UEFI (see [Bios/UEFI/Firmware Settings of your laptop][Bios/UEFI/Firmware Settings of your laptop:]) controls but usually most adversaries will overlook this possibility which requires more technical knowledge than just relying on Software. - -This method could even decrease suspicion and increase your plausible deniability as your adversaries think they have things under control and that everything appears normal in their reports. - -This method only depends on one security feature (that they probably did not turn on in most cases): Boot Security. - -Boot Security is divided into several types: - -- Simple BIOS/UEFI password preventing the change of the boot order. This means you cannot start such a live system in place of your supervised OS without providing the BIOS/UEFI password. - -- Secure Boot. This is a "standard" feature preventing you from starting unsigned systems from your computer. While this feature could be configured to only allow your supervised system, usually by default it will allow running an entire range of signed systems (signed by Microsoft or the Manufacturer for instance). - -Secure Boot is relatively easy to bypass as there are plenty of Live Systems that are now Secure Boot compliant (meaning they are signed) and will be allowed by your laptop. - -The BIOS/UEFI password on the other hand is much harder to bypass without risks. In that case, you are left with two options: - -- Guess/Know the password so that you can change the boot order of your laptop without raising suspicions - -- Reset the password using various methods to remove the password. **we would not recommend doing this because if your adversaries went the extra length of enabling this security feature, they probably will be suspicious if it were disabled, and this might increase suspicion and decrease your plausible deniability considerably.** - -Again, this feature is usually overlooked by most unskilled/lazy adversaries and in my experience left disabled. - -**This is your best chance into bypassing local controls without traces.** - -The reason is that most of the controls are within your main Operating System software and only monitor what happens within the Operating System. Those measures will not be able to monitor what happened at the Hardware/Firmware level before the Operating System loads. - -## Precautions: - -While you might be able to bypass local restrictions easily using a Live System such as Tails, remember that your network might also be monitored for unusual activities. - -Unusual network activities showing up from a computer at the same time your computer is seemingly powered off might raise suspicions. - -If you are to resort to this, you should never do so from a monitored/known network but only from a safe different network. Ideally a safe public wi-fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]). - -**Do not use a live system on a Software supervised/monitored device on a known network.** - -**Refer to the Tails route to achieve this. See [The Tails route][The Tor Browser route:] and [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] sections.** - -# Appendix V: What browser to use in your Guest VM/Disposable VM - -**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:] for all browsers except Tor Browser.** - -There are 6 possibilities of browser to use on your guest/disposable VM: - -- Brave (Chromium-based) - -- Edge (Chromium-based, Windows Only) - -- Firefox - -- Safari (macOS VM only) - -- Tor Browser - -Here is a comparison table of one fingerprinting test of various browsers with their native settings (**but Javascript enabled for usability, except for Tor Safest mode**). - -**Disclaimer: these tests while nice are not conclusive of the real fingerprinting resistance. But they can help compare browsers between each other.** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Browser

https://coveryourtracks.eff.org/

-

Fingerprinting Test with real Ad

Safari (Normal)*Fail (Unique)
Safari (Private Window) *Fail (Unique)
Edge (Normal)**Fail (Unique)
Edge (Private Window) **Fail (Unique)
Firefox (Normal)Fail (Unique)
Firefox (Private Window)Fail (Unique)
Chrome (Normal)Fail (Unique)
Chrome (Private Window)Fail (Unique)
Brave (Normal)Passed (Randomized)
Brave (Private Window)Passed (Randomized)
Brave (Tor Window)Passed (Randomized)
Tor Browser (Normal mode)Partial
Tor Browser (Safer mode)Partial
Tor Browser (Safest mode)Unknown (Result did not load)
- -- \*: macOS only. \*\*: Windows only. - -Another useful resource to be considered for comparing browsers is: [[Archive.org]](https://web.archive.org/web/https://privacytests.org/) - -## Brave: - -**This is my recommended/preferred choice for a Browser within your guest VMs. This is not my recommended choice for a Browser within your Host OS where we strictly recommend Tor Browser as they recommend it themselves**[^503]**.** - -Why Brave despite the controversies[^504]? - -- You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences trying to create plenty of online identities using various browsers. You will have to trust me on that. - -- You will enjoy native ad-blocking where none is available in others by default without adding extensions[^505]. - -- Performance is arguably better than Firefox[^506]. - -- Brave is arguably better at fingerprinting resistance than others[^507]. - -- Security of Chromium-based Browser is arguably better and more secure than Firefox[^508]'[^509]. Within the context of this guide, security should be privileged to prevent any vulnerability or exploit from gaining access to the VM. - -- Comparison of both by Mozilla: [[Archive.org]](https://web.archive.org/web/https://www.mozilla.org/en-US/firefox/browsers/compare/brave/) - -- Comparison of both by Techlore: [[Invidious]](https://yewtu.be/watch?v=qkJGF3syQy4) - -- The whole traffic will be routed over a VPN over Tor anyway. So even if you mistakenly opt-in for some telemetry, it is not so important. Remember that in this anonymity threat model, we are mostly after anonymity and security. The privacy of our online identities does not matter that much unless the privacy issue is also a security issue that could help deanonymize you. - -- Brave was found to be sending no identifiable telemetry compared to other browsers[^510]. - -## Ungoogled-Chromium: - -**This browser is considered a security liability due to their systemic lagging on security patches**[^511]**.** - -**It is strongly advised not to use Ungoogled-Chromium.** - -## Edge: - -This is for Windows users only. Edge is a solid choice too. - -- You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences trying to create plenty of online identities using various browsers. You will have to trust me on that. - -- Better Security than Firefox as it is Chromium-based[^512]'[^513]. - -- Better Performance than Firefox. - -- The whole traffic will be router through Tor anyway. - -- Can benefit from additional security using Microsoft Defender Application Guard (MDAG)[^514]. Note that this feature cannot be enabled in a Virtualbox VM unfortunately. - -- Native tracker blocking (Similar to Brave Shields). - -Cons: - -- You will have to disable some telemetry within the Browser - -## Safari: - -The macOS default browser. - -Pros: - -- It is a Browser with decent security and sandboxing capabilities. - -Cons: - -- It is macOS only (obviously) - -- It requires signing-in into the App Store to install extensions (impossible within the scope of this guide since it is a VM) - -- Even if you could, it lacks the best Extensions available for Firefox and Chrome. - -Overall, we would not recommend using Safari on a macOS VM but instead, go for another Browser such as Brave or Firefox. - -## Firefox: - -And of course, lastly, you could go with Firefox, - -Pros: - -- Well, it is out of the "Chromium" world and not taking part in expanding Chromium market share - -- In addition to being out of the Chromium world, it is also completely out of the Google world (despite the Mozilla Foundation being almost entirely funded by Google[^515]). - -- An impressive amount of customization through extensions for every possible need. - -- Firefox can be severely hardened to almost match the security of Chromium-based browsers. - -Cons: - -- Poorer performance compared to Chromium. - -Security (especially sandboxing) of Firefox is arguably weaker than Chromium-based browsers[^516]. - -- You will experience more captchas (this is based on my tests). - -## Tor Browser: - -If you are extra paranoid and want to use Tor Browser and have "Tor over VPN over Tor", you could go with Tor Browser within the VM as well. This is completely pointless/useless. - -We would not recommend this option. It is just silly. - -# Appendix V1: Hardening your Browsers: - -In this section, we'll discuss hardening your browsers. This has a heavy focus on the difference between Tracking Reduction and Tracking Evasion, and the pros and cons of either. First, let's define what they are [as described by Rohan Kumar](https://seirdy.one/posts/2022/06/25/two-types-of-privacy/): - -- Tracking reduction (TR) - - TR aims to reduce the amount of data collected about an exposed user. It reduces a footprint’s spread primarily by blocking trackers. Sometimes this can increase the size of a footprint. - -- Tracking evasion (TE) - - TE reduces the amount of data exposed by a user. Rather than eliminating data collection itself, TE prevents useful data from being made available in the first place. In other words, it reduces a footprint’s size. - -Browsers that provide Tracking Reduction are to be used for a more casual [Threat Model][Appendix B3: Threat modeling resources] whereas Tracking Evasion is more complex. But both need to be explored. Tracking Reduction focuses on browsing with less tracking. It involves things like content-blocking, firewalls, opt-outs, flipping telemetry buttons, etc. If you're this far into the guide, you likely have a very good understanding of this already. Tracking Evasion, however, involves techniques like using the portable Tor Browser Bundle to anonymize your footprint and online identity, avoiding identifiable extensions, and using randomized keystroke delays. It's more about minimizing your online footprint, to give you a less fingerprintable browsing environment and internet usage. - -A brief mention of this is necessary in determining operation needs for both. You need a certain level of understanding in both to achieve good standards and develop better browsing habits. This can and will overall provide you with a more viable solution to public trackers, government organizations looking to trace/track your browsing habits back to you, even just trolls attempting to doxx you. - -The following are the recommended safest routes for each browser according to the current versions of their respective software and the ability each one has to become more secure. In the guide we will provide both Tracking Reduction & Evasion and it will not require you to write even a single line of code. - -## Brave: - -- Download and install Brave browser from [[Archive.org]](https://web.archive.org/web/https://brave.com/download/) - -- **Open** Brave Browser - -- Go into **Settings** > **Appearances** (`brave://settings/appearance`) - - - (optional) **Disable** "Show autocomplete suggestions in address bar" - - - **Disable** "Show Brave Suggested Sites" - - - **Disable** "Show Brave Rewards icon in address bar" - - - **Enable** "Always show full URLs" - -- Go into **Settings** > **Shields** (`brave://settings/shields`) - - - Set Shields to **Advanced** - - - Set "Trackers and Ads blocking" to **Aggressive** - - - Set "Upgrade connections to HTTPS" to **Strict** - - - **Enable** "Block scripts" - - - Set "Block fingerprinting" to **Standard** or **Strict, may break sites** - - - Set "Block cookies" to **Only cross-site** - -- Go into **Settings** > **Social media blocking** (`brave://settings/socialBlocking`) - - - **Uncheck** the Facebook, Twitter, and LinkedIn embeds - -- Go to **Settings** > **Search engine** (`brave://settings/search`) - - - Set "Normal Window" and "Private Window" to use a more private and trackerless search engine - - - See [Appendix A3: Search Engines] for best options - - - **Disable** "Web Discovery Project" - - - **Disable** "Index other search engines" - -- Go into **Settings** > **Extensions** (`brave://settings/extensions`) - - - **Disable** everything - -- Go into **Settings** > **Wallet** (`brave://settings/wallet`) - - - **Disable** "Show Brave Wallet icon on toolbar" - - - Set **Default Ethereum wallet** to "None" - - - Set **Default Solana wallet** to "None" - -- Go into **Settings** > **Privacy and Security** (`brave://settings/privacy`) - - - **Disable** everything except "Private window with Tor" - - - (optional) Turn on **Automatically redirect .onion sites** - - - Set **WebRTC handling policy** to "Disable non-proxied UDP" - - - Go into **Clear Browsing Data** (`brave://settings/clearBrowserData`) - - - Select **On Exit** - - - Check all options - - - **Click** "Save" - - - Go into **Cookies and other site data** (`brave://settings/cookies`) - - - **Check** "Block third-party cookies" or "Block all cookies" (not recommended) - - - **Enable** "Clear cookies and site data when you close all windows" - - - Under "Sites that can always use cookies", check that you need any of these - -- Open a new Tab - -- **Click** "Customize" in the lower right corner - - - **Disable** everything in Customize Dashboard except maybe the clock - -- Go into **Settings** > **Shields** > **Content filtering** (`brave://settings/shields/filters`) - - - Select any additional adblocking filter you want - - - Recommended: **CJX's Annoyance**, **Easylist-Cookie**, **Fanboy's Annoyances**, **Fanboy's Social**, **Fanboy's Mobile Notifications**, and **uBlock Annoyances** - - - Add custom filter lists - - - Add the [ClearURLs for uBo (unofficial)](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/ClearURLs%20for%20uBo/clear_urls_uboified.txt) which uses the rules found in ClearURLs below - - - Add the [AdGuard URL Tracking Protection](https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt) which enables generic `$removeparam` rules - - - To keep all applied filters, **click** "Save" - -- Do not ever enable Brave Rewards (button should now be hidden on all sites) - -Addons to consider on Brave if you want additional protections: - -- LocalCDN () - - - Alternatively, DecentralEyes () - -- PrivacyBadger () - -- NoScript () - -- Either ClearURLs () **OR** the custom list above - -- LibRedirect () - -That's it and you should be pretty much covered. For full paranoia, you can also just "Block Scripts" to disable Javascript. Note that even disabling Javascript might not protect you fully[^517]. If you choose to disable JS, use the NoScript extension, not the Brave setting. - -## Ungoogled-Chromium: - -**This browser is considered a security liability due to their systemic lagging on security patches**[^518]**.** - -**It is strongly advised not to use Ungoogled-Chromium.** - -## Edge: - -Windows only: - -- Open Edge - -- Go into Settings - -- Go to Profiles and make sure everything is unchecked in every section (Personal Info, Passwords, Payment info, Profile preferences) - -- Go to Privacy, search, and services: - - - Go to Tracking Prevention: - - - Set to Strict or at least Balanced - - - Set to always use Strict with InPrivate Windows - - - Go to Privacy: - - - Enable send Do Not Track - - - Disable the options for the website to check your payment methods - - - Go to Optional Diagnostic Data: - - - Disable it - - - Go to Personalize your Web Experience: - - - Disable it - - - Go to Security - - - Disable everything - - - Go to Services - - - Disable everything - - - In Address Bar and Search: - - - Disable everything and change the search engine (see [Appendix A3: Search Engines]) - - - Go to Cookies and Sites Permissions: - - - Within All Permissions: - - - Within Cookies, make sure "Block Third-Party Cookies" is checked - - - Block everything except: - - - Javascript - - - Images - -Enable Application Guard for Edge (only on Host OS, not possible within a VirtualBox VM): - -**Skip if this is a VM** - -- Open Control Panel. - -- Click on Programs - -- Click on Turn Windows features on or off link - -- Check the Windows Defender Application Guard option - -- Click OK. - -- Click Restart. - -- Now you can open Edge and open a new "Application Guard" Window. - -That's about it for Edge but you are also free to add extensions from the Chrome Store such as: - -- uBlock Origin () - -- LocalCDN () - - - Alternatively, DecentralEyes () - -- PrivacyBadger () - -- HTTPS Everywhere () - -- NoScript () - -- ClearURLs () - -- LibRedirect () - - -## Safari: - -macOS Only: - -- Open Safari - -- Click the Safari top left Menu - -- Click Preferences - - - On the General Tab: - - - Change New Windows to "Empty Page" - - - Change New Tabs to "Empty page" - - - Change the Remove History after to "1 day" - - - Change the Remove Download list items to "When Safari Quits" or "When Successful Download" - - - Uncheck "Open Safe Files After Downloading" - - - On the Security Tab: - - - Disable "Warn when visiting a Fraudulent Website" (this sends the URLs your visit to Google for screening) - - - On the Privacy Tab: - - - Uncheck "Web Advertising" - - - On the Advanced Tab: - - - Check the "Show full website address" - -Consider [Appendix A5: Additional browser precautions with JavaScript enabled] - -That's about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App Store which you cannot do from a macOS VM. Again, we would not recommend sticking to Safari in a macOS VM but instead switching to Brave or Firefox. - -## Firefox: - -### Normal settings: - -- Open Firefox - -- On the Firefox Home Page: - - - Click Personalize - - - Uncheck/Disable Everything - -- Open Settings: - - - Go into Search - - - Change the search engine (See [Appendix A3: Search Engines]) - - - Go into Privacy & Security - - - Set to Custom - - - Cookies: Select All Third-Party Cookies - - - Tracking Content: In all Windows - - - Check Cryptominers - - - Check Fingerprinters - - - Set always send "Do Not Track" - - - Go to Logins and Passwords - - - Uncheck "Ask to save logins and passwords for websites" - - - Go to Permissions - - - Location: check block new requests - - - Camera: check block new requests - - - Microphone: check block new requests - - - Notifications: check block new requests - - - Autoplay: select Disable Audio and Video - - - Virtual Reality: check block new requests - - - Check Block Pop-ups - - - Check Warn when websites try to install add-ons - - - Go to Firefox Data Collection and Use - - - Disable everything - - - Go to HTTPS-Only Mode - - - Enable it on all Windows - -### Advanced settings: - -Consider [Arkenfox/user.js](https://github.com/arkenfox/user.js/), a heavily maintained and very easy to use browser config which uses a "user.js" to set all the privacy settings and disk avoidance values. Below we recommend that if you are not setting the Arkenfox config, at least setting the **about:config** values below. Arkenfox applies many others but these are the bare minimum for your protection while browsing. Remember: doing nothing and using a browser with its defaults will already be leaking many identifiable and trackable characteristics which are unique to you. See [Browser and Device Fingerprinting][Browser and Device Fingerprinting:] for more details on why default settings in browsers are unsafe. - -Those settings are explained on the following resources in order of recommendation if you want more details about what each setting does: - -1. [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Firefox/Privacy) **(most recommended)** - -2. [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide) - -Here are most of the steps combined from the sources above (some have been omitted due to the extensions recommended later below): - -- Navigate to "about:config" in the URL bar - -- Click Accept the Risk and Continue - - - Safe Settings (should not break anything) - - - Disable Firefox Pocket - - - Set "extensions.pocket.enabled" to false - - - Disable All Telemetry - - - Set "browser.newtabpage.activity-stream.feeds.telemetry" to false - - - Set "browser.ping-centre.telemetry" to false - - - Set "browser.tabs.crashReporting.sendReport" to false - - - Set "devtools.onboarding.telemetry.logged" to false - - - Set "toolkit.telemetry.enabled" to false - - - Search for "toolkit.telemetry.server" and clear it - - - Set "toolkit.telemetry.unified" to false - - - Set "beacon.enabled" to false - - - Disable Pre-Fetching - - - Set "network.dns.disablePrefetch" to true - - - Set "network.dns.disablePrefetchFromHTTPS" to true - - - Set "network.predictor.enabled" to false - - - Set "network.predictor.enable-prefetch" to false - - - Set "network.prefetch-next" to false - - - Set "browser.urlbar.speculativeConnect.enabled" to false - - - Disable Javascript in PDFs - - - Set "pdfjs.enableScripting" to false - - - Disable obsolete SSL encryption - - - Set "security.ssl3.rsa_des_ede3_sha" to false - - - Set "security.ssl.require_safe_negotiation" to true - - - Disable Firefox Accounts - - - Set "identity.fxaccounts.enabled" to false - - - Disable Geolocation - - - Set "geo.enabled" to false - - - Disable Web Notifications - - - Set "dom.webnotifications.enabled" to false - - - Disable Copy/Paste Notifications - - - Set "dom.event.clipboardevents.enabled" to false - - - Disable Microphone/Camera status fetching - - - Set "media.navigator.enabled" to false - - - Enable "Do Not Track" - - - Set "privacy.donottrackheader.enabled" to true - - - Disable SafeBrowsing - - - Set "browser.safebrowsing.malware.enabled" to false - - - Set "browser.safebrowsing.phishing.enabled" to false - - - Set "browser.safebrowsing.downloads.remote.enabled" to false - - - Moderate Settings (could break some websites) - - - Disable WebRTC (this will break all websites with video/audio communications) - - - Set "media.peerconnection.enabled" to false - - - Set "media.navigator.enabled" to false - - - Disable WebGL (this will break some media intensive websites) - - - Set "webgl.disabled" to true - - - Disable DRM - - - Set "media.eme.enabled" to false - - - Set "media.gmp-widevinecdm.enabled" to false - - - Set Cookiies Behavior - - - Set "network.cookie.cookieBehavior" to 1 - - - Set "network.http.referer.XOriginPolicy" to 2 - - - Change referer policy - - - Set "network.http.referer.XOriginTrimmingPolicy" to 2 - - - Change Session Storage behavior - - - Set "browser.sessionstore.privacy_level" to 2 - - - Disable Connection Tests for Captive Portals - - - Set "network.captive-portal-service.enabled" to false - - - Disable "Trusted Recursive Resolver" - - - Set/Create "network.trr.mode" and set it to 5 - - - Advanced (this will break some websites) - - - Set "privacy.resistFingerprinting" to true - - - Set "privacy.trackingprotection.fingerprinting.enabled" to true - - - Set "privacy.trackingprotection.cryptomining.enabled" to true - - - Set "privacy.trackingprotection.enabled" to true - - - Set "browser.send_pings" to false - - - Set "change privacy.firstparty.isolate" to true - - - Set "network.http.referer.XOriginPolicy" to "2" or use **Smart Referer** below - - - Set "change network.cookie.lifetimePolicy" to 2 (this deletes all cookies after each session) - -### Addons to install/consider: - -- uBlock Origin () - -- Smart Referer () - - - Set "network.http.referer.XOriginPolicy" value of "2" to "0" (so the extension works). **Disable** the whitelist (uncheck the **Use default whitelist** box) and set **Domain name matching** to **Strict**. - -- NoScript () - - - Blocks **all** scripts by default, no exceptions. Necessary in regular browser if you want to block all script executions. Not necessary in Tor Browser. - - - Within the options, change **Default** options to check everything except "ping", "unrestricted CSS", and "LAN". This will re-enable JavaScript and other web features, to prevent many websites from breaking - -- LibRedirect () - - - Redirect less privacy friendly websites like YouTube and Wikipedia to more privacy friendly open-source alternatives - -- Skip Redirect () - -### Bonus resources: - -Here are also two recent guides to harden Firefox: - -- [[Archive.org]](https://web.archive.org/web/https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/) - -- [[Archive.org]](https://web.archive.org/web/https://ebin.city/~werwolf/posts/firefox-hardening-guide/) - -# Appendix W: Virtualization - -So, you might ask yourself, what is Virtualization[^519]? - -Basically, it is like the Inception movie with computers. You have emulated software computers called Virtual Machines running on a physical computer. And you can even have Virtual Machines running within Virtual machines if you want to (but this will require a more powerful laptop in some cases). - -Here is a little basic illustration of what Virtualization is: - -![image53](media/image53.png) - -Each Virtual Machine is a sandbox. Remember the reasons for using them are to prevent the following risks: - -- Mitigate local data leaks and easier clean-up in case something gets messed up or it is suspected to be compromised. - -- Reduce malware/exploit attack surfaces (if your VM is compromised, the adversary still must figure out he is in a VM and then gain access to the Host OS which is not so trivial). - -- Mitigate online data leaks by being able to enforce strict network rules on Virtual Machines for accessing the network (such as passing through the Tor Network). - -## Nested virtualization risks - -**There is an inherently larger attack surface when nesting virtualization.** - -Here's some host information that can be leaked through the Virtual Machine: - -- Organizationally unique identifier or OUI - the unique identifier assigned to VMWare Guest VMs; - -- Virtual Windows registry keys like `ProductID` might show the Host Machine's environment: - `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProductId XXXXX-123-1234567-12345` - -- HDD, GPU, and mouse drivers can be exposed through: `HKEY_LOCAL_MACHINE\System\CurrentControlSet\` - -- Registry entries will show that this is a virtual mouse: `%WINDIR%\system32\drivers\vmmouse.sys` - -- Descriptor Table Registers: - - - Since it's a Virtual Machine using the same CPU cores, the descriptor values are relocated due to there only being space for one of each identifier per CPU. This is a dead giveaway and is used in detection by advanced malware. It's employed by malware architects to tell when the program is being ran in a forensics environment (e.g., Remnux or Flare VM) - popular tools/OS that are used by experts to analyze malware. - -- Guest VMs also indirectly access the same hardware as the Host OS. - -See for more techniques used by malware to detect virtualization. These techniques are mostly prevented by appending some settings to your VM config file (.vmx). - - -# Appendix X: Using Tor bridges in hostile environments - -In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk. - -In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/) yourself, as this would greatly help reduce the amount of censorship in the world. - -Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521]. - -*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) - -Here is the definition from the Tor Browser Manual[^523]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges". - -Some of those are called "Meek" bridges and are using a technique called "Domain Fronting" where your Tor client (Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would appear you are connecting to a normal website such as Microsoft.com. See for more information. - -As per their definition from their manual: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". Snowflake bridges make it appear like your connections are phone calls to random internet users. This is a type of "domain fronting" [^524]. See ["domain fronting"](https://www.bamsoftware.com/papers/fronting/#sec:introduction) from the link in the previous paragraph for a detailed explanation of these types of secret "bridges". - -Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/). - -First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges ( [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/)): - -- (Recommended if blocked but **safe**) Try to get an obfs4 bridge in the Tor connection options. - -- (Recommended if blocked but **safe**) Try to get a snowflake bridge in the Tor connection options. - -- **(Recommended if hostile/risky environment)** Try to get a meek bridge in the Tor connection options (might be your only option if you are for instance in China). - -![image54](media/image54.png) - -(Illustration from Tor Browser Bridge Configuration) - -If none of those build-in methods are working, you could try getting a manual bridge either from: - -- (for a meek bridge) - -- (for an obfs4 bridge) - -This website obviously could be blocked/monitored too so you could instead (if you have the ability) ask someone to do this for you if you have a trusted contact and some e2e encrypted messaging app. - -Finally, you could also request a bridge request by e-mail to with the subject empty and the body being: "get transport obfs4" or "get transport meek". There is some limitation with this method tho as it is only available from a Gmail e-mail address or Riseup. - -- See: [A note about Riseup:] Riseup has potentially been compromised. Use it at your own risk. - -Hopefully, these bridges should be enough to get you connected even in a hostile environment. - -If not, consider [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] - -# Appendix Y: Installing and using desktop Tor Browser - -## Installation: - -This is valid for Windows, Linux, and macOS. - -- Download and install Tor Browser according to the instructions from [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/download/) - -- Open Tor Browser - -## Usage and Precautions: - -- After opening Tor Browser, you will see an option to **Connect**, a checkbox to **Always connect automatically** and a button to **Configure connection**. The Tor Network settings are there for you to possibly configure Bridges to connect to Tor if you are experiencing issues connecting to Tor due to Censorship or Blocking. As explained here: [Appendix X: Using Tor bridges in hostile environments], this is now done automatically by the Tor Browser on Desktop. - -![image55](media/image55.png) - -- Personally, in the case of censorship or blocking, we would recommend using Meek-Azure bridges if needed. And Snowflake bridges as a second option. - -![image56](media/image56.png) - -- At this point, still before connecting, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. - -![image57](media/image57.png) - -- Standard (the default): - - - All features are enabled (including JavaScript) - -- Safer: - - - JavaScript is disabled on non-HTTPS websites - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -- Safest: - - - Javascript is disabled everywhere - - - Some fonts and symbols are disabled - - - Any media playback is "click to play" (disabled by default) - -We would recommend the "Safest" level by default. The "Safer" level should be enabled if you think you need access to a website not working without JavaScript. The Safest mode will most likely break many websites that rely actively on JavaScript. - -If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. - -**Optional and not recommended by the Tor Project**: If you are not using the "Safest" level, we will diverge from some but agree with others (for instance the Tails project and others[^525]) and will actually recommend some modifications of the default Tor Browser in the addition of two extensions: - -- uBlock Origin (as it is the case on Tails) while leaving the extension on the default settings: - - - Head over to within Tor Browser and install the extension. - -- LibRedirect: This is very practical if you use the "Safest" mode as Invidious instances require no JavaScript. - - - Head over to within Tor Browser and install the extension. - -Let's keep in mind that even 3 letters agencies recommend blocking ads for their internal users in order to improve security[^526]. - -If you did not go for the above **personal and not officially recommended options**, the Safer level should still be used with some extra precautions while using some websites: see [Appendix A5: Additional browser precautions with JavaScript enabled]. - -Now, you are really done, and you can now surf the web anonymously from your desktop device. - -# Appendix Z: Online anonymous payments using cryptocurrencies - -There are many services that you might want to use (VPS hosting, mail hosting, domain names...) but require payment of some kind. - -As mentioned before in this guide multiple times, we strongly recommend the use of services accepting cash (that you could send anonymously through the postal services) or Monero which you can buy and use directly and safely. - -- But what if the service you want does not accept Monero but does accept a more mainstream cryptocurrency such as Bitcoin (BTC) or Ethereum (ETH)? - - -**Bitcoin and other "mainstream cryptocurrencies" are not anonymous at all (Remember [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:]) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.** - -- **Stay away from so-called "private" mixers, tumblers and coinjoiners.** You might think this is a good idea, but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, they are also dangerous. They take custody of your coins. Use Monero to anonymize your crypto. Do not use a normal KYC-enabled exchange to buy/sell your Monero (such as Kraken), since this information on your purchases and withdrawals (for intended use) are retained in the exchange. Instead, use a P2P exchange that doesn't require KYC such as what can be found on . - - -- **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services].** - -## Using Bitcoin anonymously option: - -Despite this, it is possible to safely anonymize Bitcoin through the use of non-custodial collaborative transactions and privacy-preserving spending tools. This is possible with a protocol called [ZeroLink](https://code.samourai.io/whirlpool/Whirlpool/-/blob/whirlpool/THEORY.md) and an implementation called Whirlpool which as two clients that utilize it and provide the necessary spending tools, detailed below. So, you might be wondering how? Well, it is actually pretty simple: - -1. Purchase Bitcoin at a non-KYC exchange (such as one found on ) - -2. Create a wallet with [Samourai Wallet](https://www.samouraiwallet.com/) (Android) or [Sparrow Wallet](https://www.sparrowwallet.com/) (Desktop). Both of these use the Whirlpool protocol to gain the user forward-facing on-chain privacy on Bitcoin. - -3. Deposit coins into the wallet and follow the relevant instructions ([Samourai](https://docs.samourai.io/wallet/usage), [Sparrow](https://www.sparrowwallet.com/docs/mixing-whirlpool.html)) to remove their historic links. - -4. Funds should only be spent from the Postmix account, as that is the account with the coins that have gained anonymity through Whirlpool. - -- **You should run your own node when using Bitcoin and always use that for connecting from your wallet. You do not need to purchase separate hardware to do so, and it's simple to [do so by using the Tor Network](https://bitcoincoredocs.com/tor.html) as well.** - -## Using Monero anonymously option: - -1. Purchase Monero at a non-KYC exchange (such as one found on ) - -2. Create a Monero wallet on one of your anonymized VMs (for example, on the Whonix Workstation which includes a Monero GUI wallet natively or using the Monero GUI wallet from on other OSes) - -3. Transfer your Monero from the wallet from which you bought it to the wallet on your VM. We cannot stress enough how import it is to have two separate wallets for this process, even for handling Monero. - - -4. On the same VM (for instance again the Whonix Workstation), create a Bitcoin Wallet (again this is provided natively within the Whonix Workstation) - -5. From an anonymized browser (such as Tor Browser), use a non-KYC (Know Your Customer) service swapping service (see [Appendix A8: Crypto Swapping Services without Registration and KYC]) and convert your Monero to BTC and transfer those to the BTC Wallet you have on your anonymized VM - -6. You should now have an anonymized Bitcoin wallet that can be used for purchasing services that do not accept Monero. - -**You should never access this wallet from a non-anonymized environment. Always use well-thought OPSEC with your BTC transactions. Remember those can be traced back to you.** - -The origin of those BTC cannot be traced back to your real identity due to the use of Monero **unless Monero is broken** or if you consolidate outputs from spending at separate merchants. It is recommended to use privacy preserving wallets in the [Bitcoin section](Using Bitcoin anonymously option:). Please do read [Appendix B2: Monero Disclaimer]. - -**Regarding Zcash: this section previously included use of Zcash but it has been removed in light of newer, more accurate information.** - -## Warning about special tumbling, mixing, coinjoining privacy wallets and services: [Wikiless](https://wikiless.org/wiki/Cryptocurrency_tumbler) [Archive.org](https://web.archive.org/web/https://wikiless.org/wiki/Cryptocurrency_tumbler) - -Centralized "private" tumblers, mixers and coinjoiners are not recommended since they do not provide anonymity in a way that truly unlinks an output from its history. Here are some references about this issue: - - -- [Mixing detection on Bitcoin transactions using statistical patterns.](https://arxiv.org/pdf/2204.02019.pdf) [Archive.org](https://web.archive.org/web/https://arxiv.org/pdf/2204.02019.pdf) -- [An Analysis Of Bitcoin Laundry Services](https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail) [Archive.org](https://web.archive.org/web/https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail) -- [Mixing Strategies in Cryptocurrencies and An Alternative Implementation](https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation) [Archive.org](https://web.archive.org/web/https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation) - -Mixing BTC in this way should prevent any chain analysis on future transactions. This will *not* however hide any past transactions or the fact you purchased BTC from a KYC exchange. Instead we recommend to use Bitcoin wallets that utilize Whirlpool or Monero (preferred). - - -## When converting from BTC to Monero: - -**Now, as part of any process above, if you want to convert BTC back to Monero**, we recommend not using a swapping service but instead recommend using the new Monero Atomic Swap Tool: . This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. - -# Appendix A1: Recommended VPS hosting providers - -We will only recommend providers that accept Monero as payment and here is my personal shortlist: - -- **Njalla (my personal favorite but quite expensive, recommended by PrivacyGuides.org.** - -- **1984.is (my second favorite, much less expensive) .** - -- To be considered at your own risk (untested): - - - (warning, this might be against their ToS as they require personal identification on registration) - - - - - - (warning, this provider is rather "edgy" and could offend some people) - -Also consider these lists: - -- Tor Project: [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/community-resources/good-bad-isps/) - -- PrivacyGuides.org: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/providers/hosting/) - -Lastly, you could pick one (at your own risk) from the list here that does accept Monero: [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/) - -**Please do read [Appendix B2: Monero Disclaimer].** - -If the service does not accept Monero but does accept BTC, consider the following appendix: [Appendix Z: Paying anonymously online with BTC][Appendix Y: Installing and using desktop Tor Browser]. - -# Appendix A2: Guidelines for passwords and passphrases - -My opinion (and the one of many[^528]'[^529]'[^530]'[^531]'[^532]'[^533]) is that passphrases are generally better than passwords. So instead of thinking of better passwords, forget them altogether and use passphrases instead (when possible). Or just use a password manager with very long passwords (such as KeePassXC, the preferred password manager in this guide). - -The well-known shown-below XKCD [[Archive.org]](https://web.archive.org/web/https://xkcd.com/936/) is still valid despite some people disputing it (See [[Archive.org]](https://web.archive.org/web/https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength)). Yes, it is quite old now and is a little bit outdated and might be misinterpreted. But generally, it is still valid and a good argument for using passphrases instead of passwords. - -![image58](media/image58.png) - -(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) - -Here are some recommendations (based on Wikipedia[^534]): - -- Long enough to be hard to guess (typically four words is a minimum, five or more is better). - -- Not a famous quotation from literature, holy books, et cetera. - -- Hard to guess by intuition---even by someone who knows the user well. - -- Easy to remember and type accurately. - -- For better security, any easily memorable encoding at the user's own level can be applied. - -- Not reused between sites, applications, and other different sources. - -- Do not use only "common words" (like "horse" or "correct") - -Here is a nice website showing you some examples and guidelines: - -Watch this insightful video by Computerphile: [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) - -**Use a different one for each service/device if possible. Do not make it easy for an adversary to access all your information because you used the same passphrase everywhere.** - -**You might ask how? Simple: use a password manager such as the recommended KeePassXC. Only remember the passphrase to unlock the database and then store everything else in the KeePassXC database. Within KeePassXC you can then create extremely long passwords (30+ random characters) for each different service.** - -# Appendix A3: Search Engines - -Which search engine to pick in your VMs? - -We will not go into too many details. Just pick one from PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/search-engines/)). - -Personally, my favorites are: - -- (because you can easily use operators such as "!g" to google or "!b" to Bing) - -- - -- SearX () instances listed here: - -Note that some of those have a convenient ".onion" address: - -- DuckDuckGo: - -In the end, we were often not satisfied with the results of both those search engines and still ended up on Bing or Google. - -# Appendix A4: Counteracting Forensic Linguistics - -**Note that this information is taken and adapted from a Dread Post available here:** - -No plagiarism is intended but some important adaptations and modifications have been made to improve the source post in various ways. - -## Introduction: - -Stylometry is our personal and unique writing style. No matter who you are, you have a unique finger printable, and traceable writing style. This has been understood for a while now, and a branch of forensics is built off of this principle: forensic linguistics. In this field, the particular name for forensic linguistics applied to internet crime is called "Writeprint". Writeprint primarily aims to determine author identification over the internet by comparing a suspect's text to a known collection of writer invariant (normally written) texts, and even without comparison texts, this forensic technique can yield personal information about an author such as gender, age, and personality. - -## What does an adversary look for when examining your writing? - -1. Lexical features: analysis of word choice. - -2. Syntactic features: analysis of writing style, sentence structure, punctuation, and hyphenation. - -3. Structural features: analysis of structure and organization of writing. - -4. Content-specific words: analysis of contextually significant writing such as acronyms. - -5. Idiosyncratic features: analysis of grammatical errors, this is the most important factor to consider because it provides relatively high accuracy in author identification - -## Examples: - -You might think that this is not something that an adversary pays attention to? Think again! There have been multiple cases where adversaries such as law enforcement have used Writeprint techniques to help catch and sentence people. Here are some examples: - -- The OxyMonster case ( [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/)): - - - Public data revealed that Vallerius (a.k.a OxyMonster) has Instagram and Twitter accounts. Agents compared the writing style of "OxyMonster" on the Dream Market forum while in a senior Moderator role to the writing style of Vallerius on his public Instagram and Twitter accounts. Agents discovered many similarities in the use of words and punctuation to including the word "cheers;'' double exclamation marks; frequent use of quotation marks; and intermittent French post. - -Do not use the same writing style for your sensitive activities as for your normal activities. In particular, pay close attention to your use of common phrases, and punctuations. Also, as a side note: limit the amount of reference material that an adversary can use as comparison text, you do not want to find yourself in trouble because of your political Twitter post, or that Reddit post you made years ago, do you? - -- Here is another example from the book American Kingpin, about how a DEA agent investigated the writing style of DPR (Dread Pirate Roberts a.k.a Ross Ulbricht, founder of the Silk Road Dark Market) from a unique perspective: For one, Ross Ulbricht used the word "epic" a lot, which showed that he was likely young. He also used emoji smiley faces in his writing, though he never used a hyphen as the nose, writing them as ":)" rather than the old-fashioned ":-)". Yet the one attribute about Ulbricht that stood out was that rather than writing "yes" or "yeah" on the site's forums, Ulbricht instead always typed "yea". - -Pay attention to the little things that might add up. If you usually reply with "ok" to people, maybe try to reply with "okay" for your sensitive activities. You should NEVER use words or phrases from your sensitive activities (even if they are not in a public post) for normal purposes, and vice versa. Ross Ulbricht used "frosty" as the name for his Silk Road servers, and for his YouTube account, which helped convince law enforcement that Dread Pirate Roberts was in fact, Ross Ulbricht. - -## How to counteract the efforts of your adversary: - -1. Reduce the amount of comparison text for adversaries to compare you with. This goes with having a small online footprint for your normal activities. - -2. Use a word processor (such as LibreWriter) to fix any grammatical/spelling errors that you regularly encounter. - -3. Reduce or change the idioms that you use while conducting sensitive activities. - -4. Understand how your identity affects your writing style: Is your alias younger? Older? More educated? Or less educated? If your identity is older, maybe speak in a more JRR Tolkien style of writing. - -5. Pay attention to how your slang and spelling might identify you. If you are from the UK, you should say "maths", but if you are from the US you say "math". It does not matter how you say "maths", all that matters is that it can be used to profile you. This also applies to slang as many regions each have different and extremely particular slang. You do not ask someone from the USA for a "rubber" and expect them to give you an "eraser" as an example. - -6. Pay attention to your use of emoticons and emojis. In the previous example, the DEA agent was able to make a correct assumption that Ulbricht was likely young because he did not use a hyphen when making a smiley emoticon. - -7. Pay attention to how you structure your writing. Do you use two spaces after a period? Do you constantly use parenthesis in your writing? Do you use the oxford comma? - -8. Consider what symbols you use in your writing. Do you use €, £ or $? Do you use "dd-mm-yyyy" or "mm-dd-yyyy" for dates? Do you use "08:00 pm" or "20:00" for time? - -## What different linguistic choices could say about you: - -### Emoticons: - -1. Russians for example use ")" instead of ":-)" or ":)" to express a smiley face. - -2. Scandinavians use "=)" instead of ":-)" or ":)" for a smiley face. - -3. Younger people generally do not use a hyphen in their smiley faces and just use ":)". - -### Structural features: - -1. Two spaces after a period give off the impression that you are quite older because this is how typing was taught to people learning to type with typewriters. - -2. In the US people write numbers out with commas between numbers to the left of the starting number and with periods between numbers to the right of the starting number. This is in contrast to how people write out numbers on the rest of the planet. - -US: 1,000.00$ - -> Europe: 1.000,00€ - -### Spelling slang and symbols: - -1. Obviously, people in different nations use different slang. This is even more pronounced when you use slang that is not as well known in other places such as someone from the UK mentioning a "headmaster" when in other nations it is referred to as a "principal". - -2. Spelling is another important factor that is similar to slang, except it is harder to control. If you want to pretend that you are from the USA, but you actually live in Australia, it only takes one time of spelling "colour" as color to let people understand that something is up. - -3. Some people also spell words in a particular way that is not regional for example you might spell "ax" as "axe" or vice versa. - -4. Of course, the symbols you use on your keyboard can give a lot of information away, such as £'s or $'s. - -## Techniques to prevent writeprinting: - -Here are some techniques in order of use: - -### Spelling and grammar checking: - -This helps prevent some fingerprinting done using your spelling and grammar mistakes - -#### Offline using a word processor: - -Use a word processor such as LibreWriter and use the spelling and grammar checks features to fix mistakes you might have typed. - -#### Online using an online service: - -If you do nothave a word processor available or don't want to use one, you can also use an online spelling and grammar checker such as Grammarly (this requires an e-mail and an account creation). - -### Translation technique: - -**Disclaimer: a study archived here: seems to indicate the translation technique is inefficient to prevent stylometry. This step might be useless.** - -After being done with spelling and grammar fixes. Use a website or software such as Google Translate (or for a more privacy-friendly version, ) to translate between several different languages before translating back to your original language. These translations back and forth will alter your messages and make fingerprinting more difficult. - -### Search and replace: - -Finally, and optionally, add some salt by purposefully adding some mistakes to your messages. - -First decide upon a list of words that you frequently do not misspell, maybe the words "grammatical", "symbol", and "pronounced" (this list should include more words). **Do not use an AutoCorrect automatic replace option for this as it might correct when it does not make sense.** Instead, use Search and Replace and do this manually for each word. **Do not use "Replace All" either and review each change.** This is just the first step, for providing misinformation against linguistic fingerprinting. - -Next, find a list of words that you commonly use in your writing. Let us say that we love to use contractions when wew rite, maybe we always use words such as: "can't", "don't", "shouldn't", "won't", or "let's". Well, maybe go into LibreWriter and use "Search and Replace" to replace all contractions with the full versions of the words ("can't" > "cannot", "don't" > "do not", "shouldn't" > "should not", "won't" > "will not", "let's" > "let us"). This can make a large difference in your writing and give a difference in how people and most importantly your adversaries perceive you. You can change most words to be different, as an example you can change "huge" to "large". Just make sure these words fit with your identity. - -Now, consider changing your words choices to fit a geographic location. Maybe you live in the US, and you want to give the impression that your identity is from the UK. For example, you can make use of location-based spelling and lexicon. This is risky, and one mistake can give it away. - -First off, you need to decide where you want to give the impression of your location. Here is an example to give off the impression that you are from the US, or the UK. First, you will need to understand a thing or two about where your identity is "from", do not pretend that you are from the UK, yet have no idea about it other than it exists. - -After you have decided upon a good location that your identity is from, research the differences in language between the two languages (in this case between UK English and US English). Thanks to the internet, this is quite easy, and you can find Wikipedia pages conveniently highlighting the regional differences of a language between two nations. Pay attention to how certain words are spelled ("metre" > "meter") and what words are exchanged with each other ("boot" > "trunk"). Now that you have a list of words that can be exchanged with each other, and a list of spelling that are different, use the "Search and Replace" in your editor and change the words such as "colour" into "color", and "lorry" into "truck". **Again, do not use an AutoCorrect feature or "Replace All" as some changes might not make sense. Review each proposed change. As an example, if you were to use AutoCorrect or "Replace all" on the word "boot" to change into "trunk", this would make perfect sense in the context of cars. But it would not make any sense in the context of shoes.** - -### Final advice: - -Understand that you have to constantly think of what you type and how you type while conducting sensitive activities. - -Understand that altering your writing style for such purposes can ultimately change your baseline writing style, ironically making your writing traceable over longer periods. - -Proofread yourself at least one time after you are done writing anything to verify you made no mistakes in your process. Trust (yourself) but verify anyway. - -You might also consider the use of something like AnonyMouth [[Archive.org]](https://web.archive.org/web/https://github.com/psal/anonymouth) which is a tool that you can use to anonymize your documents, developed by PSAL, Drexel University's Privacy, Security, and Automation Laboratory [[Archive.org]](https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page). Such tools can prove invaluable. - -## Bonus links: - -- [[Archive.org]](https://web.archive.org/web/https://seirdy.one/posts/2022/07/09/stylometric-fingerprinting-redux/): Stylometric fingerprinting redux - -- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Stylometry): Whonix documentation about stylometry. - -- [[Wikiless]](https://wikiless.org/wiki/Forensic_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Forensic_linguistics): Gives a brief rundown of the basics of forensic linguistics, not too informative. - -- [[Wikiless]](https://wikiless.org/wiki/Writeprint) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Writeprint): Gives a brief and informative rundown of forensic linguistics applied to internet investigations. - -- [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Stylometry): Gives a brief overview of Stylometry. - -- [[Wikiless]](https://wikiless.org/wiki/Content_similarity_detection) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Content_similarity_detection): We would recommend reading this, quite informative. - -- [[Wikiless]](https://wikiless.org/wiki/Author_profiling) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Author_profiling): Read through this as well if you are interested in this topic. - -- [[Wikiless]](https://wikiless.org/wiki/Native-language_identification) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Native-language_identification): This is less important if you use a translator, but if you do not use a translator to communicate on forums that are not in your native language, consider giving this a quick read through. - -- [[Wikiless]](https://wikiless.org/wiki/Computational_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Computational_linguistics): Only read through this if this topic is interesting to you. - -- [[Archive.org]](https://web.archive.org/web/https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf): Explains how authorities used forensic linguistics to help arrest OxyMonster (pages 13 -- 14). - -- [[Wikiless]](https://wikiless.org/wiki/Ted_Kaczynski#After_publication) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Ted_Kaczynski#After_publication): May have an IQ of 167, but he was caught primarily based on forensic linguistics. - -- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube. - -- [[Archive.org]](https://web.archive.org/web/https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. - -- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf): This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. We would advise reading the slides or watching the presentation on YouTube. - -# Appendix A5: Additional browser precautions with JavaScript enabled - -To avoid Browser and User Fingerprinting through JavaScript but while keeping JavaScript enabled, some additional safety measures should be observed at least on some websites: - -These recommendations are similar to the ones at the beginning of the guide and especially valid for certain websites. Mostly, the recommendation is to use privacy-friendly front-end instances and alternative services for a variety of services: - -- For YouTube links, use an Invidious instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious)) - - - We recommend [https://yewtu.be] - -- For Twitter links, use a Nitter instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter)) - - - We recommend [https://nitter.net] - -- For Wikipedia links, use a Wikiless instance ( [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless)) - -- For Reddit, use a LibReddit instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/spikecodes/libreddit)) - -- For Maps, consider using - -- For Translation, consider using SimplyTranslate at - -- For Search Engines use privacy-focused search engines such as: - - - StartPage: - - - DuckDuckGo: - - - SearX () instances: list available here: - -**(Optional)** Consider the use of the [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/) extension to automate the use of the above services. - -# Appendix A6: Mirrors - -Find it online at: - -- Original: - -- Tor Onion Mirror: - -- Archive.org: - -- Archive.today: - -- Archive.today over Tor: - -- PDF: [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf) [[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.pdf) - -- OpenDocument Text (ODT) version at: [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt) [[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.odt) - - -# Appendix A7: Comparing versions - -If you want to compare an older version of the PDF with a newer version, consider these online tools (note that we do not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public): - -- - -- - -- - -If you want to compare the older version of the ODT format with a newer version, use the LibreWriter compare features as explained here: [[Archive.org]](https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html) - -# Appendix A8: Crypto Swapping Services without Registration and KYC - -## General Crypto Swapping: - -**Skip to next section for BTC to Monero. Do not use swapping services for BTC to Monero.** - -Here is a small list of non-KYC crypto swapping services, remember they all have a cost and fees: - -- - -- - -- Kilo Swap (Onion Hidden Service): - -**Consider having a look at which is an open-source project listing non-KYC exchanges/swapping services (repository at ).** - -## BTC to Monero only: - -**Do not use any swapping service, use their Atomic Swap feature.** See this Monero Atomic Swap Tool: . - -This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. - -# Appendix A9: Installing a Zcash wallet: - -Remember this should only be done on a secure environment such as VM behind the Whonix Gateway. - -## Debian 11 VM: - -- Load the Debian VM - -- Open a browser - -- Go to and download from a listed mirror. - -- Go to and download from a listed mirror. - -- Go to the ZecWallet Lite Website to download the latest DEB package (change the download directory to /home/user for convenience) - -- Open a Terminal window and run the following commands (with the updated downloaded version if needed): - - - **```**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**```** - - - **```**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**```** - - - **```**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**```** - -- Click the upper left menu, find then launch ZecWallet Lite - -## Ubuntu 20.04/21.04/21.10 VM: - -- Load the Ubuntu VM - -- Open a browser - -- Go to the ZecWallet Lite Website to download the latest DEB package - -- Open a Terminal window - -- Go to your download directory and run the following command (with the updated downloaded version if needed), for example: ```sudo apt install ./Zecwallet_Lite_1.7.5_amd64.deb``` - -- Click the upper left menu, find then launch ZecWallet Lite - -## Windows 10/11 VM: - -- Load the Windows VM - -- Open a browser - -- Go to - -- Download and install the latest Windows installer - -- Launch ZecWallet Lite - -## Whonix Workstation 16 VM: - -- Load the Whonix Workstation VM - -- Open Tor Browser - -- Go to and download from a listed mirror. - -- Go to and download from a listed mirror. - -- Go to the ZecWallet Lite Website to download the latest DEB package (change the download directory to /home/user for convenience) - -- Open a Terminal window and run the following commands (with the updated downloaded version if needed): - - - **```**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**```** - - - **```**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**```** - - - **```**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**```** - -- Click the upper left menu and go to Development, then launch ZecWallet Lite - -# Appendix B1: Checklist of things to verify before sharing information: - -Here is a checklist of things to verify before sharing information to anyone: - -- Check the files for any metadata: see [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:] - -- Check the files for anything malicious: see [Appendix T: Checking files for malware] - -- Check the files for any watermarking: see [Watermarking][Watermarking:] - -- Check any writing for possible forensics analysis: see [Appendix A4: Counteracting Forensic Linguistics] - -- Have a look at this part of the Whonix documentation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing) - -- Carefully assess the potential consequences and risks of communicating any sensitive information for you and others (legally, ethically, and morally). Remember ... Do not be evil. Legal is not necessarily Good. - -**After curating the files for anything you want to leave out. Double-check and even Triple check them. Then you could consider sending them to an organization such as a press organization or others.** - -# Appendix B2: Monero Disclaimer - -First, please read this small introduction video to Monero: [[Invidious]](https://yewtu.be/watch?v=H33ggs7bh8M) - -The anonymity of Monero depends on its crypto algorithms. If you do use Monero from a KYC Exchange. You can be almost certain that you are safe today. But you might not be in the long-term future if Monero algorithms are ever broken[^535] (think Quantum Computing). Do keep in mind that KYC regulations might force operators (such as Crypto Exchanges) to keep your financial records for up to 10 years and that you, therefore, need Monero algorithms to not be broken for the next 10 years as well. - -You may want to watch this insightful video for more details: [[Invidious]](https://yewtu.be/watch?v=j02QoI4ZlnU) - -Also please consider reading: [Privacy Limitations in Anonymity Networks with Monero](https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) [[Archive.org]](https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) - -**Use these at your own risk, sending cash payments to providers accepting cash (through the postal service) is always a better solution if/when possible.** - -# Appendix B3: Threat modeling resources - -Here are various threat modeling resources if you want to go deeper in threat modeling. - -We recommend the LINDDUN threat modeling method [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/): - - Researchers created an online tool to help make your threat model at [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go). - - It is synergistic with STRIDE below. - - It is focused on privacy but is clearly perfectly suitable for anonymity. - - It is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled readers. - - It is used in the making of the Threat Modeling Manifesto: [[Archive.org]](https://web.archive.org/web/https://www.threatmodelingmanifesto.org/) - -LINDDUN threat modeling tutorials and resources: - - **We recommend the following quick tutorial video from "The Hated One" YouTube channel with the approval and review from LINDDUN designers: ** [[Invidious]](https://yewtu.be/watch?v=6AXkJ3dot2s>) to get started. - - More resources for deeper understanding and usage: - - - You can read more here: [A Lightweight Approach to Privacy Threat Modeling](https://sion.info/assets/pdf/publications/WuytsIWPE2020.pdf) - - Here are two videos from [Dr. K. Wuyts](https://www.semanticscholar.org/author/Kim-Wuyts/3190241) (imec-DistriNet, KU Leuven) explaining the process: - - [Privacy & prejudice: on privacy threat modeling misconceptions](https://www.youtube.com/watch?v=zI4SFyq_Xjw) [[Invidious]](https://yewtu.be/watch?v=zI4SFyq_Xjw) - - [Privacy Threat Model Using LINDDUN](https://www.youtube.com/watch?v=C9F8X1j9Zpg) [[Invidious]](https://yewtu.be/watch?v=C9F8X1j9Zpg>) - -![image59](media/image59.png) -(Illustration from [LINDDUN2015](https://lirias.kuleuven.be/retrieve/295669)) - -Here are alternative resources and methodologies if LINDDUN doesn't suit you: - -- Online Operations Security: [https://github.com/devbret/online-OPSEC](https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC) -- Microsoft's STRIDE: [[Wikiless]](https://wikiless.org/wiki/STRIDE_%28security%29) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/STRIDE_%28security%29) -- PASTA: [[Archive.org]](https://web.archive.org/web/https://versprite.com/tag/pasta-threat-modeling/) -- Threat Modeling: 12 Available Methods: [[Archive.org]](https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/) -- Threat Modelling: [[Archive.org]](https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/) - -# Appendix B4: Important notes about evil-maid and tampering - -Your context needs to be taken into account. - -Preventing an evil-maid attack attack or tampering might lead to bad consequences. Your adversary might then resort to other means to obtain the key. - -On the other hand, allowing the attack but detecting it will not let your adversary know that you are aware of the tampering. You can then take steps safely to not reveal information and possibly leave. - -See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some tips. - -# Appendix B5: Types of CPU attacks: - -Select security issues plague many Intel CPUs, such as transient execution attacks (formerly called speculative execution side channel methods). Here you can check your CPU against affected micro-processors with known bugs [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). - -The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. - -Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the -Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) [[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf) - -Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) [[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf). This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years. - -#### Some other microarchitecture bugs: - -- [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). -- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. -- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. -- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. -- [Downfall](https://downfall.page/) [[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/) - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes. -- [Phantom & Inception](https://comsec.ethz.ch/research/microarch/inception/) [[Archive.org]](https://web.archive.org/web/20230809095321/https://comsec.ethz.ch/research/microarch/inception/) - Attacks that leak arbitrary data using seemingly "phantom" instructions on AMD Zen CPUs; "[making] it take wrong actions based on supposedly self conceived experiences", an allusion to the Inception movie, one we have made before. - -# Appendix B6: Warning for using Orbot on Android - -While this is often misunderstood, Orbot on Android does not make your Tor-enabled apps go through Tor if you add them to the list. Orbot is acting as a device-wide VPN (also known as a "transparent proxy"). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity. - -What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot). - -Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node). - -This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor). - -"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged." - -And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: - -"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." - -# Appendix B7: Caution about Session Messenger - -Here are our reasons: - -- The company is based in Australia which has very *unfavorable* privacy laws.[^536]' [^537] -- They push their own cryptocurrency, Oxen, which creates a conflict of interest. -- They use LokiNet, which requires Oxen to run nodes to route Session traffic, and it costs 15,000 $OXEN or 3,750 $OXEN for a shared node[^538], which is about ~$1,800 US dollars or ~$500 US dollars, respectively. - - The price of running nodes essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. But there is a stakeless fork of Lokinet. - - Session's developers claim this to be an attempt to prevent [sybil attacks](https://en.wikipedia.org/wiki/Sybil_attack), but many have argued that this only encourages such attacks; by doing so, guaranteeing only governments and other well-funded organizations (the people these networks normally try to protect against) will ever have the financial resources to run nodes. (Eh, it's all pretty debatable. But $OXEN is privacy-focused.) -- They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability)[^418] in favor of long-term message keys and self-deleting cryptographic signatures, which provide much weaker security guarantees. [^539] - - This *might* not be as bad, if the nodes are free to run, but they're not. -- Session has been audited[^419] with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some, for example Techlore.[^420] -- Their funding is completely opaque. - -In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available, we will recommend going away from Session messenger as soon as possible. It is a last resort. - ---- - -# References: - -[^1]: English translation of German Telemedia Act [[Archive.org]](https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf). Section 13, Article 6, "The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility. ". - -[^2]: Wikipedia, Real-Name System Germany [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system) - -[^3]: Wikipedia, Don't be evil [[Wikiless]](https://wikiless.org/wiki/Don%27t_be_evil) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Don%27t_be_evil) - -[^4]: YouTube, WarGames - "The Only Winning Move" [[Invidious]](https://yewtu.be/watch?v=6DGNZnfKYnU) - -[^5]: Wikipedia, OSINT [[Wikiless]](https://wikiless.org/wiki/Open-source_intelligence) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Open-source_intelligence) - -[^6]: YouTube Internet Historian Playlist, HWNDU [[Invidious]](https://yewtu.be/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY) - -[^7]: Wikipedia, 4chan [[Wikiless]](https://wikiless.org/wiki/4chan) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/4chan) - -[^8]: PIA, See this good article on the matter [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/) (disclaimer: this is not an endorsement or recommendation for this commercial service). - -[^9]: Medium.com, Privacy, Blockchain and Onion Routing [[Scribe.rip]](https://scribe.rip/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) [[Archive.org]](https://web.archive.org/web/https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) - -[^10]: This World of Ours, James Mickens [[Archive.org]](https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf) - -[^11]: XKCD, Security [[Archive.org]](https://web.archive.org/web/https://xkcd.com/538/) - -[^12]: Wikipedia, Threat Model [[Wikiless]](https://wikiless.org/wiki/Threat_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Threat_model) - -[^13]: Bellingcat [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/) - -[^14]: Wikipedia, Doxing [[Wikiless]](https://wikiless.org/wiki/Doxing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Doxing) - -[^15]: YouTube, Internet Historian, The Bikelock Fugitive of Berkeley [[Invidious]](https://yewtu.be/watch?v=muoR8Td44UE) - -[^16]: BBC News, Tor Mirror [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-50150981) - -[^17]: GitHub, Real World Onion websites [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites) (updated extremely often) - -[^18]: Tor Project, Who Uses Tor [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) - -[^19]: Whonix Documentation, The importance of Anonymity [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anonymity) - -[^20]: Geek Feminism [[Archive.org]](https://web.archive.org/web/https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F) - -[^21]: Tor Project, Tor Users [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) - -[^22]: PrivacyHub, Internet Privacy in the Age of Surveillance [[Archive.org]](https://web.archive.org/web/https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/) - -[^23]: PIA Blog, 50 Key Stats About Freedom of the Internet Around the World [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/) - -[^24]: Wikipedia, IANAL [[Wikiless]](https://wikiless.org/wiki/IANAL) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IANAL) - -[^25]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) - -[^26]: Wikipedia, IP Address [[Wikiless]](https://wikiless.org/wiki/IP_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IP_address) - -[^27]: Wikipedia; Data Retention [[Wikiless]](https://wikiless.org/wiki/Data_retention) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Data_retention) - -[^28]: Wikipedia, Tor Anonymity Network [[Wikiless]](https://wikiless.org/wiki/Tor_(anonymity_network)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tor_(anonymity_network)) - -[^29]: Wikipedia, VPN [[Wikiless]](https://wikiless.org/wiki/Virtual_private_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_private_network) - -[^30]: Ieee.org, Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/8418599) - -[^31]: Wikipedia, DNS [[Wikiless]](https://wikiless.org/wiki/Domain_Name_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_Name_System) - -[^32]: Wikipedia, DNS Blocking [[Wikiless]](https://wikiless.org/wiki/DNS_blocking) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_blocking) - -[^33]: CensoredPlanet [[Archive.org]](https://web.archive.org/web/https://censoredplanet.org/) - -[^34]: ArXiv, Characterizing Smart Home IoT Traffic in the Wild [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.08288.pdf) - -[^35]: Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole [[Archive.org]](https://web.archive.org/web/https://labzilla.io/blog/force-dns-pihole) - -[^36]: Wikipedia, DNS over HTTPS: [[Wikiless]](https://wikiless.org/wiki/DNS_over_HTTPS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_HTTPS) - -[^37]: Wikipedia, DNS over TLS, [[Wikiless]](https://wikiless.org/wiki/DNS_over_TLS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_TLS) - -[^38]: Wikipedia, Pi-Hole [[Wikiless]](https://wikiless.org/wiki/Pi-hole) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pi-hole) - -[^39]: Wikipedia, SNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) - -[^40]: Wikipedia, ECH [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) - -[^41]: Wikipedia, eSNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) - -[^42]: Usenix.org, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/foci19-paper_chai_0.pdf) - -[^43]: Wikipedia, CDN [[Wikiless]](https://wikiless.org/wiki/Content_delivery_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Content_delivery_network) - -[^44]: Cloudflare, Good-bye ESNI, hello ECH! [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/encrypted-client-hello/) - -[^45]: ZDNET, Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/) - -[^46]: ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) - -[^47]: Wikipedia, OCSP [[Wikiless]](https://wikiless.org/wiki/Online_Certificate_Status_Protocol) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) - -[^48]: Madaidans Insecurities, Why encrypted DNS is ineffective [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/encrypted-dns.html) - -[^49]: Wikipedia, OCSP Stapling [[Wikiless]](https://wikiless.org/wiki/OCSP_stapling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OCSP_stapling) - -[^50]: Chromium Documentation, CRLSets [[Archive.org]](https://web.archive.org/web/https://dev.chromium.org/Home/chromium-security/crlsets) - -[^51]: ZDNet, Chrome does certificate revocation better [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/chrome-does-certificate-revocation-better/) - -[^52]: KUL, Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf) - -[^53]: ResearchGate, Oblivious DNS: Practical Privacy for DNS Queries [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries) - -[^54]: Nymity.ch, The Effect of DNS on Tor's Anonymity [[Archive.org]](https://web.archive.org/web/https://nymity.ch/tor-dns/) - -[^55]: Wikipedia, RFID [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) - -[^56]: Wikipedia, NFC [[Wikiless]](https://wikiless.org/wiki/Near-field_communication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Near-field_communication) - -[^57]: Samsonite Online Shop, RFID accessories [[Archive.org]](https://web.archive.org/web/https://shop.samsonite.com/accessories/rfid-accessories/) - -[^58]: Google Android Help, Android Location Services [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/3467281?hl=en) - -[^59]: Apple Support, Location Services and Privacy [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT207056) - -[^60]: 2016 International Conference on Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs for crowd localization [[Archive.org]](https://web.archive.org/web/http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf) - -[^61]: Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense [[Archive.org]](https://web.archive.org/web/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/) - -[^62]: Medium.com, The Perils of Probe Requests [[Scribe.rip]](https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5) [[Archive.org]](https://web.archive.org/web/https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5) - -[^63]: State University of New York, Towards 3D Human Pose Construction Using Wi-Fi [[Archive.org]](https://web.archive.org/web/https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf) - -[^64]: Digi.Ninja, Jasager [[Archive.org]](https://web.archive.org/web/https://digi.ninja/jasager/) - -[^65]: Hak5 Shop, Wi-Fi Pineapple [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/wifi-pineapple) - -[^66]: Wikipedia, Deautentication Attack [[Wikiless]](https://wikiless.org/wiki/Wi-Fi_deauthentication_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack) - -[^67]: Wikipedia, Capture Portal [[Wikiless]](https://wikiless.org/wiki/Captive_portal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Captive_portal) - -[^68]: HackerFactor Blog, Deanonymizing Tor Circuits [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html) - -[^69]: KU Leuven, Website Fingerprinting through Deep Learning [[Archive.org]](https://web.archive.org/web/https://distrinet.cs.kuleuven.be/software/tor-wf-dl/) - -[^70]: KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning [[Archive.org]](https://web.archive.org/web/https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf) - -[^71]: Internet Society, Website Fingerprinting at Internet Scale [[Archive.org]](https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf) - -[^72]: KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf) - -[^73]: DailyDot, How Tor helped catch the Harvard bomb threat suspect [[Archive.org]](https://web.archive.org/web/https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/) - -[^74]: ArsTechnica, How the NSA can break trillions of encrypted Web and VPN connections [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/) - -[^75]: Wikipedia, Sybil Attack [[Wikiless]](https://wikiless.org/wiki/Sybil_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sybil_attack) - -[^76]: ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/) - -[^77]: ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries [[Archive.org]](https://web.archive.org/web/https://www.pnas.org/content/early/2020/11/24/2011893117) - -[^78]: CryptoEngineering, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) - -[^79]: Apple Support [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210515) - -[^80]: XDA, Samsung's Find My Mobile app can locate Galaxy devices even when they're offline [[Archive.org]](https://web.archive.org/web/https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/) - -[^81]: Apple Support, If your Mac is lost or stolen [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204756) - -[^82]: Wikipedia, BLE [[Wikiless]](https://wikiless.org/wiki/Bluetooth_Low_Energy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Bluetooth_Low_Energy) - -[^83]: Cryptography Engineering Blog, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) - -[^84]: Wikipedia, IMEI [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) - -[^85]: Wikipedia, IMSI [[Wikiless]](https://wikiless.org/wiki/International_mobile_subscriber_identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_mobile_subscriber_identity) - -[^86]: Android Documentation, Device Identifiers [[Archive.org]](https://web.archive.org/web/https://source.android.com/devices/tech/config/device-identifiers) - -[^87]: Google Privacy Policy, Look for IMEI [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy/embedded?hl=en-US) - -[^88]: Wikipedia, IMEI and the Law [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) - -[^89]: Bellingcat, The GRU Globetrotters: Mission London [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/) - -[^90]: Bellingcat,"V" For "Vympel": FSB's Secretive Department "V" Behind Assassination Of Georgian Asylum Seeker In Germany [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/) - -[^91]: Wikipedia, CCTV [[Wikiless]](https://wikiless.org/wiki/Closed-circuit_television) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Closed-circuit_television) - -[^92]: Apple, Transparency Report, Device Requests [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html) - -[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) - -[^94]: Wikipedia, IMSI Catcher [[Wikiless]](https://wikiless.org/wiki/IMSI-catcher) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher) - -[^95]: Wikipedia, Stingray [[Wikiless]](https://wikiless.org/wiki/Stingray_phone_tracker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stingray_phone_tracker) - -[^96]: Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous 'Stingrays' Become 'Obsolete' [[Archive.org]](https://web.archive.org/web/https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778) - -[^97]: Wikipedia, MITM [[Wikiless]](https://wikiless.org/wiki/Man-in-the-middle_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack) - -[^98]: Purism, Librem 5 [[Archive.org]](https://web.archive.org/web/https://shop.puri.sm/shop/librem-5/) - -[^99]: Wikipedia, MAC Address [[Wikiless]](https://wikiless.org/wiki/MAC_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MAC_address) - -[^100]: Acyclica Road Trend Product Sheet, [[Archive.org]](https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf) - -[^101]: ResearchGate, Tracking Anonymized Bluetooth Devices [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf) - -[^102]: Wikipedia, CPU [[Wikiless]](https://wikiless.org/wiki/Central_processing_unit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Central_processing_unit) - -[^103]: Wikipedia, Intel Management Engine [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) - -[^104]: Wikipedia, AMD Platform Security Processor [[Wikiless]](https://wikiless.org/wiki/AMD_Platform_Security_Processor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor) - -[^105]: Wikipedia, IME, Security Vulnerabilities [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) - -[^106]: Wikipedia, IME, Assertions that ME is a backdoor [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) - -[^107]: Wikipedia, IME, Disabling the ME [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) - -[^108]: Libreboot, [[Archive.org]](https://web.archive.org/web/https://libreboot.org/) / Coreboot, [[Archive.org]](https://web.archive.org/web/20220501042320/https://www.coreboot.org/) - -[^109]: Apple, Differential Privacy White Paper [[Archive.org]](https://web.archive.org/web/https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) - -[^110]: Wikipedia, Differential Privacy [[Wikiless]](https://wikiless.org/wiki/Differential_privacy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Differential_privacy) - -[^111]: Continuing Ed, The All-Seeing "i": Apple Just Declared War on Your Privacy [[Archive.org]](https://web.archive.org/web/https://edwardsnowden.substack.com/p/all-seeing-i) - -[^112]: Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) - -[^113]: Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained -- sources [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT) - -[^114]: ZDnet, I asked Apple for all my data. Here's what was sent back [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/apple-data-collection-stored-request/) - -[^115]: De Correspondent, Here's how we found the names and addresses of soldiers and secret agents using a simple fitness app [[Archive.org]](https://web.archive.org/web/https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27) - -[^116]: Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online [[Archive.org]](https://web.archive.org/web/https://www.websiteplanet.com/blog/gethealth-leak-report/) - -[^117]: Wired, The Strava Heat Map and the End of Secrets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/) - -[^118]: Bellingcat, How to Use and Interpret Data from Strava's Activity Map [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/) - -[^119]: The Guardian, Fitness tracking app Strava gives away location of secret US army bases [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases) - -[^120]: Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ [[Archive.org]](https://web.archive.org/web/https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/) - -[^121]: Washington Post, Alexa has been eavesdropping on you this whole time [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59) - -[^122]: Washington Post, What does your car know about you? We hacked a Chevy to find out [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/) - -[^123]: Using Metadata to find Paul Revere ( [[Archive.org]](https://web.archive.org/web/https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/)) - -[^124]: Wikipedia, Google SensorVault, [[Wikiless]](https://wikiless.org/wiki/Sensorvault) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sensorvault) - -[^125]: NRKBeta, My Phone Was Spying on Me, so I Tracked Down the Surveillants [[Archive.org]](https://web.archive.org/web/https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/) - -[^126]: New York Times [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html) - -[^127]: Sophos, Google data puts innocent man at the scene of a crime [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/) - -[^128]: Wikipedia, Geofence Warrant [[Wikiless]](https://wikiless.org/wiki/Geo-fence_warrant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Geo-fence_warrant) - -[^129]: Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard) - -[^130]: TechCrunch, Google says geofence warrants make up one-quarter of all US demands [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/08/19/google-geofence-warrants/) - -[^131]: TechDirt, Google Report Shows 'Reverse Warrants' Are Swiftly Becoming Law Enforcement's Go-To Investigative Tool [[Archive.org]](https://web.archive.org/web/https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml) - -[^132]: Vice.com, Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon) - -[^133]: Wikipedia, Room 641A [[Wikiless]](https://wikiless.org/wiki/Room_641A) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Room_641A) - -[^134]: Wikipedia, Edward Snowden [[Wikiless]](https://wikiless.org/wiki/Edward_Snowden) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Edward_Snowden) - -[^135]: Wikipedia, Permanent Record [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)) - -[^136]: Wikipedia, XKEYSCORE [[Wikiless]](https://wikiless.org/wiki/XKeyscore) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/XKeyscore) - -[^137]: ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA [[Archive.org]](https://web.archive.org/web/https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html) - -[^138]: Wikipedia, MUSCULAR [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)) - -[^139]: Wikipedia, SORM [[Wikiless]](https://wikiless.org/wiki/SORM) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SORM) - -[^140]: Wikipedia, Tempora [[Wikiless]](https://wikiless.org/wiki/Tempora) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tempora) - -[^141]: Wikipedia, PRISM [[Wikiless]](https://wikiless.org/wiki/PRISM_(surveillance_program)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) - -[^142]: Justsecurity, General Hayden [[Archive.org]](https://web.archive.org/web/https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/) - -[^143]: IDMB, The Social Dilemma [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt11464826/) - -[^144]: ArsTechnica, How the way you type can shatter anonymity---even on Tor [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/) - -[^145]: Wikipedia, Stylometry [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stylometry) - -[^146]: Paul Moore Blog, Behavioral Profiling: The password you can't change. [[Archive.org]](https://web.archive.org/web/https://paul.reviews/behavioral-profiling-the-password-you-cant-change/) - -[^147]: Wikipedia, Sentiment Analysis [[Wikiless]](https://wikiless.org/wiki/Sentiment_analysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sentiment_analysis) - -[^148]: EFF, CoverYourTracks [[Archive.org]](https://web.archive.org/web/https://coveryourtracks.eff.org/) - -[^149]: Berkeley.edu, On the Feasibility of Internet-Scale Author Identification [[Archive.org]](https://web.archive.org/web/https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf) - -[^150]: Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users) - -[^151]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) - -[^152]: SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics [[Archive.org]](https://web.archive.org/web/https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics) - -[^153]: ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/) - -[^154]: Bellingcat MH17 - Russian GRU Commander 'Orion' Identified as Oleg Ivannikov [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/) - -[^155]: Facebook Research, Deepface [[Archive.org]](https://web.archive.org/web/https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/) - -[^156]: Privacy News Online, Putting the "face" in Facebook: how Mark Zuckerberg is building a world without public anonymity [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/) - -[^157]: CNBC, "Facebook has mapped populations in 23 countries as it explores satellites to expand internet" [[Archive.org]](https://web.archive.org/web/https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html) - -[^158]: MIT Technology Review, This is how we lost control of our faces, [[Archive.org]](https://web.archive.org/web/https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/) - -[^159]: Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/) - -[^160]: Brown Institute, Open-Source Investigation, [[Archive.org]](https://web.archive.org/web/https://brown.columbia.edu/open-source-investigation/) - -[^161]: NewScientist, Facebook can recognize you in photos even if you're not looking [[Archive.org]](https://web.archive.org/web/https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/) - -[^162]: Google Patent, Techniques for emotion detection and content delivery [[Archive.org]](https://web.archive.org/web/https://patents.google.com/patent/US20150242679) - -[^163]: APNews, Chinese 'gait recognition' tech IDs people by how they walk [[Archive.org]](https://web.archive.org/web/https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a) - -[^164]: The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape [[Archive.org]](https://web.archive.org/web/https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/) - -[^165]: City Security Magazine, Gait recognition: a useful identification tool [[Archive.org]](https://web.archive.org/web/https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/) - -[^166]: Vice.com, Tech Companies Are Training AI to Read Your Lips [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips) - -[^167]: New Atlas, Eye tracking can reveal an unbelievable amount of information about you [[Archive.org]](https://web.archive.org/web/https://newatlas.com/science/science/eye-tracking-privacy/) - -[^168]: TechCrunch, Facial recognition reveals political party in troubling new research [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/) - -[^169]: Nature.com, Facial recognition technology can expose political orientation from naturalistic facial images [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf) - -[^170]: Slate [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html) - -[^171]: The Conversation [[Archive.org]](https://web.archive.org/web/https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804) - -[^172]: The Verge [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy) - -[^173]: ZDNET [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/) - -[^174]: CNET [[Archive.org]](https://web.archive.org/web/https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/) - -[^175]: Oosto [[Archive.org]](https://web.archive.org/web/https://oosto.com/) - -[^176]: BuzzFeed.news, Surveillance Nation [[Archive.org]](https://web.archive.org/web/https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition) - -[^177]: Wired, Clearview AI Has New Tools to Identify You in Photos [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/) - -[^178]: NEC, Neoface [[Archive.org]](https://web.archive.org/web/https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html) - -[^179]: The Guardian, Met police deploy live facial recognition technology [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology) - -[^180]: YouTube, The Economist, China: facial recognition and state control [[Invidious]](https://yewtu.be/watch?v=lH2gMNrUuEY) - -[^181]: CNN, Want your unemployment benefits? You may have to submit to facial recognition first [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html) - -[^182]: Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/) - -[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) - -[^184]: Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems) - -[^185]: BBC, WhatsApp photo drug dealer caught by 'groundbreaking' work [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/uk-wales-43711477) - -[^186]: CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html) - -[^187]: Vice.com, Cops Got a Drug Dealer's Fingerprints From Photos of His Hand on WhatsApp [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers) - -[^188]: Kraken Blog, [[Archive.org]](https://web.archive.org/web/https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/) - -[^189]: JUSTIA Patent, Identification of taste attributes from an audio signal [[Archive.org]](https://web.archive.org/web/https://patents.justia.com/patent/10891948) - -[^190]: PYMNTS, Iris Scan Serves As Traveler ID At Dubai Airport [[Archive.org]](https://web.archive.org/web/https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/) - -[^191]: IMDB, Gattaca 1997, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0119177/) - -[^192]: IMDB, Person of Interest 2011 [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt1839578) - -[^193]: IMDB, Minority Report 2002, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0181689) - -[^194]: Wikipedia, Deepfake [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) - -[^195]: Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future [[Archive.org]](https://web.archive.org/web/https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278) - -[^196]: Wikipedia, Deepfake Events [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) - -[^197]: Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/) - -[^198]: Joseph Steinberg, How To Prevent Facial Recognition Technology From Identifying You [[Archive.org]](https://web.archive.org/web/https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/) - -[^199]: NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms [[Archive.org]](https://web.archive.org/web/https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf) - -[^200]: BBC, Facial recognition identifies people wearing masks [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-55573802) - -[^201]: University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer Vision [[Archive.org]](https://web.archive.org/web/http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download) - -[^202]: Wikipedia, Phishing [[Wikiless]](https://wikiless.org/wiki/Phishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Phishing) - -[^203]: Wikipedia, Social Engineering [[Wikiless]](https://wikiless.org/wiki/Social_engineering_(security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Social_engineering_(security)) - -[^204]: BBC, Spy pixels in emails have become endemic [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-56071437) - -[^205]: Vice, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) - -[^206]: Wikipedia, Exploit [[Wikiless]](https://wikiless.org/wiki/Exploit_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Exploit_(computer_security)) - -[^207]: Wikipedia, Freedom Hosting [[Wikiless]](https://wikiless.org/wiki/Freedom_Hosting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Freedom_Hosting) - -[^208]: Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/09/freedom-hosting-fbi/) - -[^209]: Wikipedia, 2020 United States federal government data breach [[Wikiless]](https://wikiless.org/wiki/2020_United_States_federal_government_data_breach) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach) - -[^210]: BBC, China social media: WeChat and the Surveillance State [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907) - -[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/) - -[^212]: Wikipedia, Sandbox [[Wikiless]](https://wikiless.org/wiki/Sandbox_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security)) - -[^213]: Wired, Why the Security of USB Is Fundamentally Broken [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2014/07/usb-security/) - -[^214]: Wikipedia, Stuxnet [[Wikiless]](https://wikiless.org/wiki/Stuxnet) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stuxnet) - -[^215]: Superuser.com, How do I safely investigate a USB stick found in the parking lot at work? [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work) - -[^216]: The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden) - -[^217]: Wikipedia, Rootkit [[Wikiless]](https://wikiless.org/wiki/Rootkit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rootkit) - -[^218]: Wikipedia, Userspace [[Wikiless]](https://wikiless.org/wiki/User_space) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/User_space) - -[^219]: Wikipedia, Firmware [[Wikiless]](https://wikiless.org/wiki/Firmware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Firmware) - -[^220]: Wikipedia, BIOS [[Wikiless]](https://wikiless.org/wiki/BIOS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BIOS) - -[^221]: Wikipedia, UEFI [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) - -[^222]: Bellingcat, Joseph Mifsud: Rush for the EXIF [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/) - -[^223]: Zoom Support, Adding a watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark) - -[^224]: Zoom Support, Audio Watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark) - -[^225]: CreativeCloud Extension, IMATAG [[Archive.org]](https://web.archive.org/web/https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html) - -[^226]: NexGuard, [[Archive.org]](https://web.archive.org/web/https://dtv.nagra.com/nexguard-forensic-watermarking) - -[^227]: Vobile Solutions, [[Archive.org]](https://web.archive.org/web/https://www.vobilegroup.com) - -[^228]: Cinavia, [[Archive.org]](https://web.archive.org/web/https://www.cinavia.com/languages/english/pages/technology.html) - -[^229]: Imatag, [[Archive.org]](https://web.archive.org/web/https://www.imatag.com/) - -[^230]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) - -[^231]: IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/4428921) - -[^232]: ScienceDirect, Robust audio watermarking using perceptual masking [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking) - -[^233]: IEEExplore, Spread-spectrum watermarking of audio signals [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio) - -[^234]: Google Scholar, source camera identification [[Archive.org]](https://web.archive.org/web/https://scholar.google.com/scholar?q=source+camera+identification) - -[^235]: Wikipedia, Printing Steganography [[Wikiless]](https://wikiless.org/wiki/Machine_Identification_Code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Machine_Identification_Code) - -[^236]: MIT, SeeingYellow, [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220224174025/http://seeingyellow.com/) - -[^237]: arXiv, An Analysis of Anonymity in the Bitcoin System [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1107.4524.pdf) - -[^238]: Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/) - -[^239]: CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops [[Archive.org]](https://web.archive.org/web/https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/) - -[^240]: Wikipedia, KYC [[Wikiless]](https://wikiless.org/wiki/Know_your_customer) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer) - -[^241]: arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1906.05754.pdf) - -[^242]: YouTube, Breaking Monero [[Invidious]](https://yewtu.be/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y) - -[^243]: Monero, Monero vs Princeton Researchers, [[Archive.org]](https://web.archive.org/web/https://monero.org/monero-vs-princeton-researchers/) - -[^244]: Wikipedia, Cryptocurrency Tumbler [[Wikiless]](https://wikiless.org/wiki/Cryptocurrency_tumbler) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cryptocurrency_tumbler) - -[^245]: Wikipedia, Security Through Obscurity [[Wikiless]](https://wikiless.org/wiki/Security_through_obscurity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security_through_obscurity) - -[^246]: ArXiv, Tracking Mixed Bitcoins [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2009.14007.pdf) - -[^247]: SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight) - -[^248]: Magnet Forensics, Magnet AXIOM [[Archive.org]](https://web.archive.org/web/https://www.magnetforensics.com/products/magnet-axiom/cloud/) - -[^249]: Cellebrite, Unlock cloud-based evidence to solve the case sooner [[Archive.org]](https://web.archive.org/web/https://www.cellebrite.com/en/ufed-cloud/) - -[^250]: Property of the People, Lawful Access to Secure Messaging Apps Data, [[Archive.org]](https://web.archive.org/web/https://propertyofthepeople.org/document-detail/?doc-id=21114562) - -[^251]: Chromium Documentation, Technical analysis of client identification mechanisms [[Archive.org]](https://web.archive.org/web/https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms) - -[^252]: Mozilla Wiki, Fingerprinting [[Archive.org]](https://web.archive.org/web/https://wiki.mozilla.org/Fingerprinting) - -[^253]: Grayshift, [[Archive.org]](https://web.archive.org/web/https://www.grayshift.com/) - -[^254]: Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions [[Archive.org]](https://web.archive.org/web/https://securephones.io/main.pdf) - -[^255]: Loup-Vaillant.fr, Rolling Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://loup-vaillant.fr/articles/rolling-your-own-crypto) - -[^256]: Dhole Moments, Crackpot Cryptography and Security Theater [[Archive.org]](https://web.archive.org/web/https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/) - -[^257]: Vice.com, Why You Don't Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto) - -[^258]: arXiv, MIT, You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2107.04940.pdf) - -[^259]: YouTube, Great Crypto Failures [[Invidious]](https://yewtu.be/watch?v=loy84K3AJ5Q) - -[^260]: Cryptography Dispatches, The Most Backdoor-Looking Bug I've Ever Seen [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) - -[^261]: Citizenlab.ca, Move Fast and Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/) - -[^262]: Jack Poon, The myth of military grade encryption [[Scribe.rip]](https://scribe.rip/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) [[Archive.org]](https://web.archive.org/web/https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) - -[^263]: Congruent Labs, Stop calling it "Military-Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.congruentlabs.co/military-grade-encryption/) - -[^264]: IronCoreLabs Blog, "Military Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588) - -[^265]: Wikipedia, BLAKE2, [[Wikiless]](https://wikiless.org/wiki/BLAKE_(hash_function)#BLAKE2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2) - -[^266]: Wikipedia, AES Instruction Set, [[Wikiless]](https://wikiless.org/wiki/AES_instruction_set) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AES_instruction_set) - -[^267]: Wikipedia, ChaCha Variants, [[Wikiless]](https://wikiless.org/wiki/Salsa20#ChaCha_variant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant) - -[^268]: Wikipedia, Serpent, [[Wikiless]](https://wikiless.org/wiki/Serpent_(cipher)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Serpent_(cipher)) - -[^269]: Wikipedia, TwoFish, [[Wikiless]](https://wikiless.org/wiki/Twofish) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Twofish) - -[^270]: Lacatora, The PGP Problem [[Archive.org]](https://web.archive.org/web/https://latacora.singles/2019/07/16/the-pgp-problem.html) - -[^271]: Wikipedia, Shor's Algorithm, [[Wikiless]](https://wikiless.org/wiki/Shor%27s_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Shor%27s_algorithm) - -[^272]: Wikipedia, Gag Order, [[Wikiless]](https://wikiless.org/wiki/Gag_order) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gag_order) - -[^273]: Wikipedia, National Security Letter [[Wikiless]](https://wikiless.org/wiki/National_security_letter) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/National_security_letter) - -[^275]: ArsTechnica, VPN servers seized by Ukrainian authorities weren't encrypted [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) - -[^276]: BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/) - -[^277]: CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case [[Archive.org]](https://web.archive.org/web/https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/) - -[^278]: Heise Online (German), [[Archive.org]](https://web.archive.org/web/https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html) - -[^279]: PCMag, Did PureVPN Cross a Line When It Disclosed User Information? [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information) - -[^280]: Internet Archive, Wipeyourdata, "No logs" EarthVPN user arrested after police finds logs [[Archive.org]](https://web.archive.org/web/https://archive.is/XNuVw) - -[^281]: Wikipedia, Lavabit Suspension and Gag order, [[Wikiless]](https://wikiless.org/wiki/Lavabit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit) - -[^282]: Internet Archive, Invisibler, What Everybody Ought to Know About HideMyAss - -[^283]: Wikipedia, Warrant Canary [[Wikiless]](https://wikiless.org/wiki/Warrant_canary) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary) - -[^284]: Washington Post, The intelligence coup of the century [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/) - -[^285]: Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices [[Archive.org]](https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432) - -[^286]: Wikipedia, Das Leben der Anderen [[Wikiless]](https://wikiless.org/wiki/The_Lives_of_Others) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others) - -[^287]: Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/air-gap-researcher-mordechai-guri/) - -[^288]: Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They're Doing [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/) - -[^289]: Scientific American, A Shiny Snack Bag's Reflections Can Reconstruct the Room around It [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/) - -[^290]: Scientific American, Footstep Sensors Identify People by Gait [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/) - -[^291]: Ben Nassi, Lamphone [[Archive.org]](https://web.archive.org/web/https://www.nassiben.com/lamphone) - -[^292]: The Guardian, Laser spying: is it really practical? [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices) - -[^293]: ArsTechnica, Photos of an NSA "upgrade" factory show Cisco router getting implant [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/) - -[^294]: Wikipedia, Rubber-hose Cryptanalysis [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) - -[^295]: Defuse.ca, TrueCrypt's Plausible Deniability is Theoretically Useless [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) - -[^296]: Wikipedia, OONI, [[Wikiless]](https://wikiless.org/wiki/OONI) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI) - -[^297]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) - -[^298]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) - -[^299]: Usenix.org, Shedding too much Light on a Microcontroller's Firmware Protection [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf) - -[^300]: TorProject.org, Can I run Tor Browser on an iOS device? [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-3/) - -[^301]: Wikipedia, Tails [[Wikiless]](https://wikiless.org/wiki/Tails_(operating_system)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tails_(operating_system)) - -[^302]: Vice.com, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) - -[^303]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) - -[^304]: YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s) - -[^305]: Qubes OS, Anti-Evil Maid, [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) - -[^306]: QubesOS FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) - -[^307]: Wikipedia, Secure Boot [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) - -[^308]: Wikipedia, Booting [[Wikiless]](https://wikiless.org/wiki/Booting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Booting) - -[^309]: Wired, Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/12/better-data-security-nail-polish/) - -[^310]: Wikipedia, Virtual Machine [[Wikiless]](https://wikiless.org/wiki/Virtual_machine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_machine) - -[^311]: Wikipedia, Plausible Deniability [[Wikiless]](https://wikiless.org/wiki/Plausible_deniability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability) - -[^312]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) - -[^313]: PrivacyGuides.org, Don't use Windows 10 - It's a privacy nightmare [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) - -[^314]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) - -[^315]: Wikipedia, Key Disclosure Laws [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) - -[^316]: GP Digital, World map of encryption laws and policies [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/) - -[^317]: Wikipedia, Bitlocker [[Wikiless]](https://wikiless.org/wiki/BitLocker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BitLocker) - -[^318]: Wikipedia, Evil Maid Attack [[Wikiless]](https://wikiless.org/wiki/Evil_maid_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Evil_maid_attack) - -[^319]: Wikipedia, Cold Boot Attack [[Wikiless]](https://wikiless.org/wiki/Cold_boot_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cold_boot_attack) - -[^320]: CITP 2008 () [[Invidious]](https://yewtu.be/watch?v=JDaicPIgn9U) - -[^321]: ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems) - -[^322]: SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500) - -[^323]: SourceForge, Veracrypt Forum [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/) - -[^324]: Microsoft, BitLocker Countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) - -[^325]: SANS, Windows ShellBag Forensics in-depth [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545) - -[^326]: University of York, Forensic data recovery from the Windows Search Database [[Archive.org]](https://web.archive.org/web/https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf) - -[^327]: A forensic insight into Windows 10 Jump Lists [[Archive.org]](https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf) - -[^328]: Wikipedia, Gatekeeper [[Wikiless]](https://wikiless.org/wiki/Gatekeeper_(macOS)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gatekeeper_(macOS)) - -[^329]: Alpine Linux Wiki, Setting up a laptop [[Archive.org]](https://web.archive.org/web/https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop) - -[^330]: Wikipedia Veracrypt [[Wikiless]](https://wikiless.org/wiki/VeraCrypt) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VeraCrypt) - -[^331]: OSTIF Veracrypt Audit, 2016 - -[^332]: Veracrypt Documentation, Unencrypted Data in RAM [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html) - -[^333]: Veracrypt Documentation, Data Leaks [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html) - -[^334]: Dolos Group, From Stolen Laptop to Inside the Company Network [[Archive.org]](https://web.archive.org/web/https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network) - -[^335]: Trammell Hudson's Projects, Understanding TPM Sniffing Attacks [[Archive.org]](https://web.archive.org/web/https://trmm.net/tpm-sniffing/) - -[^336]: Jon Aubrey, attacking laptops that are protected by Microsoft Bitlocker drive encryption [[Nitter]](https://nitter.net/SecurityJon/status/1445020885472235524) - -[^337]: F-Secure Labs, Sniff, there leaks my BitLocker key [[Archive.org]](https://web.archive.org/web/https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/) - -[^338]: Microsoft, BitLocker Countermeasures, Attacker countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) - -[^339]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) - -[^340]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) - -[^341]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) - -[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]](https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds) - -[^343]: WindowsCentral, Trim Tutorial [[Archive.org]](https://web.archive.org/web/https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance) - -[^344]: Veracrypt Documentation, Trim Operation [[Archive.org]](https://web.archive.org/web/https://veracrypt.eu/en/docs/trim-operation/) - -[^345]: Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf) - -[^346]: Milan Broz's Blog, TRIM & dm-crypt ... problems? [[Archive.org]](https://web.archive.org/web/http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html) - -[^347]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) - -[^348]: Wikipedia, Virtualbox [[Wikiless]](https://wikiless.org/wiki/VirtualBox) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VirtualBox) - -[^349]: VirtualBox Ticket 17987 [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/ticket/17987) - -[^350]: Whonix Documentation, Spectre Meltdown [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) - -[^351]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) - -[^352]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) - -[^353]: Wikipedia, Whonix [[Wikiless]](https://wikiless.org/wiki/Whonix) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Whonix) - -[^354]: Oracle Virtualbox Manual, Snapshots [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html) - -[^355]: Utica College, Forensic Recovery Of Evidence From Deleted Oracle Virtualbox Virtual Machines - -[^356]: Wikipedia, Spectre [[Wikiless]](https://wikiless.org/wiki/Spectre_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)) - -[^357]: Wikipedia, Meltdown [[Wikiless]](https://wikiless.org/wiki/Meltdown_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)) - -[^358]: Whonix Documentation, Stream Isolation, By Settings [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation#By_Settings) - -[^359]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) - -[^360]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) - -[^361]: Whonix Documentation, Bridged Adapters Warning [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking) - -[^362]: Qubes OS, FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution) - -[^363]: Qubes OS, System Requirements [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/system-requirements/) - -[^364]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) - -[^365]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) - -[^366]: Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk (Issue #2414) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-issues/issues/2414) - -[^367]: Wikipedia, AppArmor [[Wikiless]](https://wikiless.org/wiki/AppArmor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AppArmor) - -[^368]: Wikipedia, SELinux [[Wikiless]](https://wikiless.org/wiki/Security-Enhanced_Linux) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security-Enhanced_Linux) - -[^369]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) - -[^370]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) - -[^371]: Wikipedia, Captcha [[Wikiless]](https://wikiless.org/wiki/CAPTCHA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA) - -[^372]: Wikipedia, Turing Test [[Wikiless]](https://wikiless.org/wiki/Turing_test) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Turing_test) - -[^373]: Google reCAPTCHA [[Archive.org]](https://web.archive.org/web/https://www.google.com/recaptcha/about/) - -[^374]: hCaptcha [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/) - -[^375]: hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service) - -[^376]: Nearcyan.com, You (probably) don't need ReCAPTCHA [[Archive.org]](https://web.archive.org/web/https://nearcyan.com/you-probably-dont-need-recaptcha/) - -[^377]: ArsTechnica, "Google's reCAPTCHA turns "invisible," will separate bots from people without challenges" [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/) - -[^378]: BlackHat Asia 2016, "I'm not a human: Breaking the Google reCAPTCHA" [[Archive.org]](https://web.archive.org/web/https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf) - -[^379]: Google Blog [[Archive.org]](https://web.archive.org/web/https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html) - -[^380]: Cloudflare Blog, Cloudflare supports Privacy Pass [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/cloudflare-supports-privacy-pass/) - -[^381]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) - -[^382]: Wikipedia, Device Fingerprinting [[Wikiless]](https://wikiless.org/wiki/Device_fingerprint) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint) - -[^383]: Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications [[Archive.org]](https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html) - -[^384]: Google Help, Access age-restricted content & features [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/10071085) - -[^385]: Wikipedia, Dark Pattern [[Wikiless]](https://wikiless.org/wiki/Dark_pattern) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dark_pattern) - -[^386]: The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight) - -[^387]: DigitalInformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification [[Archive.org]](https://web.archive.org/web/https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html) - -[^388]: Vice.com, PornHub Announces 'Biometric Technology' to Verify Users [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id) - -[^389]: Variety, China Launches Hotline to Report Online Comments That 'Distort' History or 'Deny' Its Cultural Excellence [[Archive.org]](https://web.archive.org/web/https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/) - -[^390]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) - -[^391]: Wikipedia, Zero-trust Security Model [[Wikiless]](https://wikiless.org/wiki/Zero_trust_security_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model) - -[^392]: Wikipedia, Espionage, Organization [[Wikiless]](https://wikiless.org/wiki/Espionage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Espionage) - -[^393]: Medium.com, Kyle McDonald, How to recognize fake AI-generated images [[Scribe.rip]](https://scribe.rip/@kcimc/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) [[Archive.org]](https://web.archive.org/web/https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) - -[^394]: Jayway Blog, Using ML to detect fake face images created by AI [[Archive.org]](https://web.archive.org/web/https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/) - -[^395]: Wikipedia, Sim Swapping [[Wikiless]](https://wikiless.org/wiki/SIM_swap_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SIM_swap_scam) - -[^396]: Whonix Documentation, Tor Configuration [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tor) - -[^397]: Tor Browser Documentation, Editing Torrc [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/tbb-editing-torrc/) - -[^398]: Facebook Onion Website - -[^399]: Google Help [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/114129?hl=en) - -[^400]: Google Help, Customer Matching Process [[Archive.org]](https://web.archive.org/web/https://support.google.com/google-ads/answer/7474263?hl=en) - -[^401]: Google, Your account is disabled [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/40695) - -[^402]: Google, Request to restore the account [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/contact/disabled2) - -[^403]: Google Help, Update your account to meet age requirements [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/1333913?hl=en) - -[^404]: Jumio, ID verification features [[Archive.org]](https://web.archive.org/web/https://www.jumio.com/features/) - -[^405]: Privacyguides.org recommended E-mail Providers [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/email/) - -[^406]: Proton Registration Human Verification [[Archive.org]](https://web.archive.org/web/https://proton.me/support/human-verification) - -[^407]: Twitter Appeal Form - -[^408]: KnowYourMeme, Good Luck, I'm Behind 7 Proxies [[Archive.org]](https://web.archive.org/web/https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies) - -[^409]: Wikipedia, end-to-end encryption [[Wikiless]](https://wikiless.org/wiki/End-to-end_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/End-to-end_encryption) - -[^410]: Wikipedia, Forward Secrecy [[Wikiless]](https://wikiless.org/wiki/Forward_secrecy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Forward_secrecy) - -[^411]: Proton Blog, What is zero-access encryption? [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/zero-access-encryption/) - -[^412]: Wikipedia, Cambridge Analytica Scandal [[Wikiless]](https://wikiless.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) - -[^413]: Signal Blog, Technology preview: Sealed sender for Signal [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/sealed-sender/) - -[^414]: Signal Blog, Private Contact Discovery [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/private-contact-discovery/) - -[^415]: Signal Blog, Private Group System [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/signal-private-group-system/) - -[^416]: Privacyguides.org, File-Sharing [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/file-sharing/) - -[^417]: Privacyguides.org, Real-Time Communication [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/real-time-communication/) - -[^418]: GetSession.org, The Session Protocol: What's changing --- and why [[Archive.org]](https://web.archive.org/web/https://getsession.org/session-protocol-explained/) - -[^419]: Quarkslab, Audit of Session Secure Messaging Application [[Archive.org]](https://web.archive.org/web/https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html) - -[^420]: Techlore, Top 5 BEST Messengers For Privacy [[Invidious]](https://yewtu.be/watch?v=aVwl892hqb4) - -[^421]: Wikipedia, IPFS [[Wikiless]](https://wikiless.org/wiki/InterPlanetary_File_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/InterPlanetary_File_System) - -[^422]: Praxis Films, Open Letter from Laura Poitras [[Archive.org]](https://web.archive.org/web/https://www.praxisfilms.org/open-letter-from-laura-poitras/) - -[^423]: Wikipedia, SecureDrop [[Wikiless]](https://wikiless.org/wiki/SecureDrop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SecureDrop) - -[^424]: Wikipedia, TPM [[Wikiless]](https://wikiless.org/wiki/Trusted_Platform_Module) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trusted_Platform_Module) - -[^425]: Wikipedia, Pastebin [[Wikiless]](https://wikiless.org/wiki/Pastebin) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pastebin) - -[^426]: Wikipedia, Wear Leveling [[Wikiless]](https://wikiless.org/wiki/Wear_leveling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wear_leveling) - -[^427]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) - -[^428]: Wikipedia, Write Amplification [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) - -[^429]: Wikipedia, Trim Disadvantages [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) - -[^430]: Wikipedia, Garbage Collection [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) - -[^431]: Techgage, Too TRIM? When SSD Data Recovery is Impossible [[Archive.org]](https://web.archive.org/web/https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/) - -[^432]: ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function) - -[^433]: ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives [[Archive.org]](https://web.archive.org/web/https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/) - -[^434]: Forensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools [[Archive.org]](https://web.archive.org/web/https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/) - -[^435]: ResearchGate, Solid State Drive Forensics: Where Do We Stand? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand) - -[^436]: BleepingComputer, Firmware attack can drop persistent malware in hidden SSD area [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/) - -[^437]: Wikipedia, Parted Magic [[Wikiless]](https://wikiless.org/wiki/Parted_Magic) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Parted_Magic) - -[^438]: Wikipedia, hdparm [[Wikiless]](https://wikiless.org/wiki/Hdparm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Hdparm) - -[^439]: GitHub, nvme-cli [[Archive.org]](https://web.archive.org/web/https://github.com/linux-nvme/nvme-cli) - -[^440]: PartedMagic Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/secure-erase/) - -[^441]: Partedmagic NVMe Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/nvme-secure-erase/) - -[^442]: UFSExplorer, Can I recover data from an encrypted storage? [[Archive.org]](https://web.archive.org/web/https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php) - -[^443]: Apple Developer Documentation [[Archive.org]](https://web.archive.org/web/https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html) - -[^444]: EFF, How to: Delete Your Data Securely on macOS [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos) - -[^445]: Privacyguides.org, Productivity tools [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/productivity/) - -[^446]: Whonix Documentation, Scrubbing Metadata [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Metadata) - -[^447]: Tails documentation, MAT [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/) - -[^448]: GitHub, Disable Gatekeeper on macOS Big Sur (11.x) [[Archive.org]](https://web.archive.org/web/https://disable-gatekeeper.github.io/) - -[^449]: DuckDuckGo help, Cache [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/) - -[^450]: DuckDuckGo help, Sources [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/) - -[^451]: Wikipedia, Dead Drop [[Wikiless]](https://wikiless.org/wiki/Dead_drop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dead_drop) - -[^452]: Wikipedia, Secure Communication Obfuscation [[Wikiless]](https://wikiless.org/wiki/Obfuscation) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Obfuscation) - -[^453]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) - -[^454]: Wikipedia, Kleptography [[Wikiless]](https://wikiless.org/wiki/Kleptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Kleptography) - -[^455]: Wikipedia, Koalang [[Wikiless]](https://wikiless.org/wiki/Koalang) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang) - -[^456]: Wikipedia, OPSEC [[Wikiless]](https://wikiless.org/wiki/Operations_security) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Operations_security) - -[^457]: Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes [[Archive.org]](https://web.archive.org/web/https://quoteinvestigator.com/2014/07/13/truth/) - -[^458]: Privacyguides.org, Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) - -[^461]: Medium.com, Digging into the System Resource Usage Monitor (SRUM) [[Scribe.rip]](https://scribe.rip/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) [[Archive.org]](https://web.archive.org/web/https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) - -[^462]: SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/) - -[^463]: DBAN, [[Archive.org]](https://web.archive.org/web/https://dban.org/) - -[^464]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) - -[^466]: Wikipedia, Faraday Cage, [[Wikiless]](https://wikiless.org/wiki/Faraday_cage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Faraday_cage) - -[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]](https://web.archive.org/web/20211011220410/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf) - -[^468]: arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1512.05616.pdf) - -[^469]: Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences [[Archive.org]](https://web.archive.org/web/https://dl.acm.org/doi/pdf/10.1145/3309074.3309076) - -[^470]: YouTube, Fingerprinting Paper - Forensic Education [[Invidious]](https://yewtu.be/watch?v=sO98kDLkh-M) - -[^471]: Wikipedia, Touch DNA, [[Wikiless]](https://wikiless.org/wiki/Touch_DNA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Touch_DNA) - -[^472]: TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss..... [[Archive.org]](https://web.archive.org/web/https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps) - -[^473]: GitHub, Mhinkie, OONI-Detection [[Archive.org]](https://web.archive.org/web/https://github.com/mhinkie/ooni-detection) - -[^474]: Wikipedia, File Verification [[Wikiless]](https://wikiless.org/wiki/File_verification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/File_verification) - -[^475]: Wikipedia, CRC [[Wikiless]](https://wikiless.org/wiki/Cyclic_redundancy_check) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cyclic_redundancy_check) - -[^476]: Wikipedia, MD5 [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) - -[^477]: Wikipedia, MD5 Security [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) - -[^478]: Wikipedia, Collisions [[Wikiless]](https://wikiless.org/wiki/Collision_(computer_science)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_(computer_science)) - -[^479]: Wikipedia, SHA [[Wikiless]](https://wikiless.org/wiki/Secure_Hash_Algorithms) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Secure_Hash_Algorithms) - -[^480]: Wikipedia, SHA-2 [[Wikiless]](https://wikiless.org/wiki/SHA-2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SHA-2) - -[^481]: Wikipedia, Collision Resistance [[Wikiless]](https://wikiless.org/wiki/Collision_resistance) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_resistance) - -[^482]: GnuPG Gpg4win Wiki, Check integrity of Gpg4win packages [[Archive.org]](https://web.archive.org/web/https://wiki.gnupg.org/Gpg4win/CheckIntegrity) - -[^484]: Wikipedia, GPG [[Wikiless]](https://wikiless.org/wiki/GNU_Privacy_Guard) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/GNU_Privacy_Guard) - -[^485]: Wikipedia, Public-Key Cryptography [[Wikiless]](https://wikiless.org/wiki/Public-key_cryptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Public-key_cryptography) - -[^486]: Wikipedia, Polymorphic Code [[Wikiless]](https://wikiless.org/wiki/Polymorphic_code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Polymorphic_code) - -[^487]: Whonix Documentation, Use of AV, [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Malware_and_Firmware_Trojans) - -[^488]: Whonix Forums, [[Archive.org]](https://web.archive.org/web/https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8) - -[^489]: AV-Test Security Report 2018-2019, [[Archive.org]](https://web.archive.org/web/https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf) - -[^490]: ZDNet, ESET discovers 21 new Linux malware families [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/) - -[^491]: NakeSecurity, EvilGnome -- Linux malware aimed at your desktop, not your servers [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/) - -[^492]: Immunify, HiddenWasp: How to detect malware hidden on Linux & IoT [[Archive.org]](https://web.archive.org/web/https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot) - -[^493]: Wikipedia, Linux Malware [[Wikiless]](https://wikiless.org/wiki/Linux_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Linux_malware) - -[^494]: Wikipedia, macOS Malware [[Wikiless]](https://wikiless.org/wiki/MacOS_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MacOS_malware) - -[^495]: MacWorld, List of Mac viruses, malware and security flaws [[Archive.org]](https://web.archive.org/web/https://www.macworld.co.uk/feature/mac-viruses-list-3668354/) - -[^496]: JAMF, The Mac Malware of 2020 [[Archive.org]](https://web.archive.org/web/https://resources.jamf.com/documents/macmalware-2020.pdf) - -[^497]: macOS Security and Privacy Guide, [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) - -[^498]: ImageTragick.com, [[Archive.org]](https://web.archive.org/web/https://imagetragick.com/) - -[^499]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) - -[^500]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) - -[^501]: Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet [[Archive.org]](https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/) - -[^502]: Wikipedia, Portable Applications [[Wikiless]](https://wikiless.org/wiki/Portable_application) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Portable_application) - -[^503]: Brave Help, What is a Private Window with Tor Connectivity? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor) - -[^504]: BlackGNU, Brave, the false sensation of privacy [[Archive.org]](https://web.archive.org/web/https://blackgnu.net/brave-is-shit.html) - -[^505]: Brave Help Center, What is "Shields"? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields) - -[^506]: VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave [[Archive.org]](https://web.archive.org/web/https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/) - -[^507]: Brave.com, Brave, Fingerprinting, and Privacy Budgets [[Archive.org]](https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/) - -[^508]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) - -[^509]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) - -[^510]: ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home) - -[^511]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) - -[^512]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) - -[^513]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) - -[^514]: Microsoft.com, Microsoft Edge support for Microsoft Defender Application Guard [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard) - -[^515]: PcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox) - -[^516]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) - -[^517]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) - -[^518]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) - -[^519]: Wikipedia, Virtualization [[Wikiless]](https://wikiless.org/wiki/Virtualization) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtualization) - -[^520]: Tor Project, Project Snowflake [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/) - -[^521]: GitHub, Obfs4 Repository [[Archive.org]](https://web.archive.org/web/https://github.com/Yawning/obfs4/) - -[^523]: Tor Browser Manual, Pluggable Transport [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/circumvention/) - -[^524]: Wikipedia, Domain Fronting [[Wikiless]](https://wikiless.org/wiki/Domain_fronting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_fronting) - -[^525]: GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569) - -[^526]: Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous) - -[^528]: NIST, NIST Has Spoken - Death to Complexity, Long Live the Passphrase! [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/) - -[^529]: ZDnet, FBI recommends passphrases over password complexity [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/) - -[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) - -[^531]: Proton Blog, Let's settle the password vs. passphrase debate once and for all [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase) - -[^532]: YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) [[Invidious]](https://yewtu.be/watch?v=yzGzB-yYKcc) - -[^533]: YouTube, How to Choose a Password -- Computerphile [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) - -[^534]: Wikipedia, Passphrase [[Wikiless]](https://wikiless.org/wiki/Passphrase#Passphrase_selection) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection) - -[^535]: Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world [[Archive.org]](https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf) - -[^536]: Wikipedia, Privacy in Australian Law [[Wikiless]](https://wikiless.org/wiki/Privacy_in_Australian_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Privacy_in_Australian_law) - -[^537]: Parliament of Autralia, Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, [[Archive.org]](https://web.archive.org/web[/https://en.wikipedia.org/wiki/Privacy_in_Australian_law](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623)) - -[^538]: Lokinet Documentation, Service Nodes, [[Archive.org]](https://web.archive.org/https://loki.network/service-nodes/) - -[^539]: Session Documentation, Session protocol explained, [[Archive.org]](https://web.archive.org/[https://loki.network/service-nodes/](https://getsession.org/session-protocol-explained)) - - [Appendix A1: Recommended VPS hosting providers]: #appendix-a1-recommended-vps-hosting-providers - [Appendix A2: Guidelines for passwords and passphrases]: #appendix-a2-guidelines-for-passwords-and-passphrases - [Appendix A3: Search Engines]: #appendix-a3-search-engines - [Appendix A4: Counteracting Forensic Linguistics]: #appendix-a4-counteracting-forensic-linguistics - [Appendix A5: Additional browser precautions with JavaScript enabled]: #appendix-a5-additional-browser-precautions-with-javascript-enabled - [Appendix A6: Mirrors]: #appendix-a6-mirrors - [Appendix A7: Comparing versions]: #appendix-a7-comparing-versions - [Appendix A8: Crypto Swapping Services without Registration and KYC]: #appendix-a8-crypto-swapping-services-without-registration-and-kyc - [Appendix A9: Installing a Zcash wallet:]: #appendix-a9-installing-a-zcash-wallet - [Appendix B1: Checklist of things to verify before sharing information:]: #appendix-b1-checklist-of-things-to-verify-before-sharing-information - [Appendix B2: Monero Disclaimer]: #appendix-b2-monero-disclaimer - [Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources - [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering - [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks - [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android - [Appendix B7: Caution about Session Messenger]: #appendix-b7-caution-about-session-messenger - [Appendix A: Windows Installation]: #appendix-a-windows-installation - [Appendix B: Windows Additional Privacy Settings]: #appendix-b-windows-additional-privacy-settings - [Appendix C: Windows Installation Media Creation]: #appendix-c-windows-installation-media-creation - [Appendix D: Using System Rescue to securely wipe an SSD drive]: #appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive - [Appendix E: Clonezilla]: #appendix-e-clonezilla - [Appendix F: Diskpart]: #appendix-f-diskpart - [Appendix G: Safe Browser on the Host OS]: #appendix-g-safe-browser-on-the-host-os - [Appendix H: Windows Cleaning Tools]: #appendix-h-windows-cleaning-tools - [Appendix I: Using ShredOS to securely wipe an HDD drive:]: #appendix-i-using-shredos-to-securely-wipe-an-hdd-drive - [Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]: #appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives - [Appendix K: Considerations for using external SSD drives]: #appendix-k-considerations-for-using-external-ssd-drives - [Appendix L: Creating a mat2-web guest VM for removing metadata from files]: #appendix-l-creating-a-mat2-web-guest-vm-for-removing-metadata-from-files - [Appendix M: BIOS/UEFI options to wipe disks in various Brands]: #appendix-m-biosuefi-options-to-wipe-disks-in-various-brands - [Appendix N: Warning about smartphones and smart devices]: #appendix-n-warning-about-smartphones-and-smart-devices - [Appendix O: Getting an anonymous VPN/Proxy]: #appendix-o-getting-an-anonymous-vpnproxy - [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]: #appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option - [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]: #appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance - [Appendix R: Installing a VPN on your VM or Host OS]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os - [Appendix S: Check your network for surveillance/censorship using OONI]: #appendix-s-check-your-network-for-surveillancecensorship-using-ooni - [Appendix T: Checking files for malware]: #appendix-t-checking-files-for-malware - [Appendix U: How to bypass (some) local restrictions on supervised computers]: #appendix-u-how-to-bypass-some-local-restrictions-on-supervised-computers - [Appendix V: What browser to use in your Guest VM/Disposable VM]: #appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm - [Appendix V1: Hardening your Browsers:]: #appendix-v1-hardening-your-browsers - [Appendix W: Virtualization]: #appendix-w-virtualization - [Appendix X: Using Tor bridges in hostile environments]: #appendix-x-using-tor-bridges-in-hostile-environments - [Appendix Y: Installing and using desktop Tor Browser]: #appendix-y-installing-and-using-desktop-tor-browser - [Appendix Z: Online anonymous payments using cryptocurrencies]: #appendix-z-online-anonymous-payments-using-cryptocurrencies - [(Optional) VM kill switch:]: #optional-vm-kill-switch - [**If you think you got burned:**]: #if-you-think-you-got-burned - [1]: #pick-your-connectivity-method-1 - [2]: #getting-an-anonymous-vpnproxy-1 - [3]: #keepassxc-1 - [4]: #windows-3 - [5]: #macos-3 - [6]: #whonix-1 - [7]: #macos-4 - [8]: #linux-qubes-os-1 - [9]: #windows-4 - [10]: #installation-5 - [11]: #windows-5 - [12]: #windows-6 - [13]: #linux-3 - [14]: #trim-support-1 - [15]: #atanvme-operations-secure-erasesanitize-1 - [16]: #macos-5 - [17]: #trim-support-2 - [18]: #atanvme-operations-secure-erasesanitize-2 - [19]: #manual-reviews-1 - [20]: #brave-1 - [21]: #ungoogled-chromium-1 - [22]: #edge-1 - [23]: #safari-1 - [24]: #firefox-1 - [25]: #installation-6 - [26]: #introduction-1 - [A small final editorial note:]: #a-small-final-editorial-note - [ATA/NVMe Operations (Secure Erase/Sanitize):]: #atanvme-operations-secure-erasesanitize - [About paid services:]: #about-paid-services - [Acknowledgments:]: #acknowledgments - [Addons to install/consider:]: #addons-to-installconsider - [Advanced settings:]: #advanced-settings - [Adversarial considerations:]: #adversarial-considerations - [Adversaries (threats)]: #threats - [Android Virtual Machine:]: #android-virtual-machine - [Android:]: #android - [Anti Evil Maid (AEM):]: #anti-evil-maid-aem - [Anti-Virus Software:]: #anti-virus-software - [Archive.today:]: #archive.today - [Authenticity (if available):]: #authenticity-if-available - [BTC to Monero only:]: #btc-to-monero-only - [Backing up your work securely:]: #backing-up-your-work-securely - [Bad Cryptography:]: #bad-cryptography - [Baidu:]: #baidu - [Behavioral Analysis:]: #behavioral-analysis - [Bing:]: #bing - [Bios/UEFI/Firmware Settings of your laptop:]: #biosuefifirmware-settings-of-your-laptop - [Bonus links:]: #bonus-links - [Bonus resources:]: #bonus-resources - [Bootable Live Systems:]: #bootable-live-systems - [Brave:]: #brave - [Browser and Device Fingerprinting:]: #browser-and-device-fingerprinting - [Budget/Material limitations:]: #budgetmaterial-limitations - [Captchas:]: #captchas - [Cash/Monero-Paid VPN:]: #cashmonero-paid-vpn - [Checking if your Tor Exit Node is terrible:]: #checking-if-your-tor-exit-node-is-terrible - [Communicating sensitive information to various known organizations:]: #communicating-sensitive-information-to-various-known-organizations - [Conclusion:]: #conclusion-4 - [Connect to a Public Wi-Fi:]: #connect-to-a-public-wi-fi - [Contents:]: #contents - [Covering your tracks:]: #covering-your-tracks - [Creating new identities:]: #creating-new-identities - [Creating your anonymous online identities:]: #creating-your-anonymous-online-identities - [Debian 11 VM:]: #debian-11-vm - [Donations:]: #donations - [DuckDuckGo:]: #duckduckgo - [E-Mail verification:]: #e-mail-verification - [Edge:]: #edge - [Emoticons:]: #emoticons - [Examples:]: #examples - [Extra Tools Cleaning]: #extra-tools-cleaning - [Files:]: #files - [Final advice:]: #final-advice - [Final step:]: #final-step - [Financial transactions:]: #financial-transactions - [Find some safe places with decent public Wi-Fi:]: #find-some-safe-places-with-decent-public-wi-fi - [Firefox:]: #firefox - [Full Disk/System Backups:]: #full-disksystem-backups - [Gait Recognition and Other Long-Range Biometrics]: #gait-recognition-and-other-long-range-biometrics - [Garbage Collection:]: #garbage-collection - [General Crypto Swapping:]: #general-crypto-swapping - [General Preparations:]: #general-preparations - [Get a USB key:]: #get-a-usb-key - [Get a dedicated laptop for your sensitive activities:]: #get-a-dedicated-laptop-for-your-sensitive-activities - [Getting Online:]: #getting-online - [Getting an anonymous Phone number:]: #getting-an-anonymous-phone-number - [Getting an anonymous VPN/Proxy:]: #getting-an-anonymous-vpnproxy - [Getting used to using better passwords:]: #getting-used-to-using-better-passwords - [Google:]: #google-1 - [Hardening Linux]: #hardening-linux - [Hardening Qubes OS:]: #hardening-qubes-os - [Hardening macOS]: #hardening-macos - [Helping others staying anonymous:]: #helping-others-staying-anonymous - [Hidden communications in plain sight:]: #hidden-communications-in-plain-sight - [How to counteract the efforts of your adversary:]: #how-to-counteract-the-efforts-of-your-adversary - [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:]: #how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives - [How to securely wipe your whole Laptop/Drives if you want to erase everything:]: #how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything - [How to share files privately and/or chat anonymously:]: #how-to-share-files-privately-andor-chat-anonymously - [How to share files publicly but anonymously:]: #how-to-share-files-publicly-but-anonymously - [How to spot if someone has been searching your stuff:]: #how-to-spot-if-someone-has-been-searching-your-stuff - [Human interaction:]: #human-interaction - [IP Filters:]: #ip-filters - [If you can use Tor:]: #if-you-can-use-tor-2 - [If you cannot use Tor:]: #if-you-cannot-use-tor-7 - [If you have no time:]: #if-you-have-no-time - [If you have some time:]: #if-you-have-some-time - [Important Warning:]: #important-warning - [Information:]: #information - [Installation:]: #installation-3 - [Integrity (if available):]: #integrity-if-available - [Internet Archive:]: #internet-archive - [Introduction:]: #introduction - [KeepassXC:]: #keepassxc - [Lid Closure Behavior:]: #lid-closure-behavior - [Limitations:]: #limitations - [Linux (Qubes OS):]: #linux-qubes-os - [Linux (all versions including Qubes OS):]: #linux-all-versions-including-qubes-os - [Linux (non-Qubes OS):]: #linux-non-qubes-os - [Linux (non-Qubes):]: #linux-non-qubes - [Linux Host OS:]: #linux-host-os - [Linux Virtual Machine (Whonix or Linux):]: #linux-virtual-machine-whonix-or-linux - [Linux:]: #linux-2 - [Live Face recognition and biometrics (again):]: #live-face-recognition-and-biometrics-again - [Local Data Leaks and Forensics:]: #local-data-leaks-and-forensics - [Maintenance tasks:]: #maintenance-tasks - [Malicious USB devices:]: #malicious-usb-devices - [Malicious/Rogue Wi-Fi Access Points:]: #maliciousrogue-wi-fi-access-points - [Malware and Exploits in your apps and services:]: #malware-and-exploits-in-your-apps-and-services - [Malware and backdoors in your Hardware Firmware and Operating System:]: #malware-and-backdoors-in-your-hardware-firmware-and-operating-system - [Malware in your files/documents/e-mails:]: #malware-in-your-filesdocumentse-mails - [Malware, exploits, and viruses:]: #malware-exploits-and-viruses - [Manual reviews:]: #manual-reviews - [Microarchitectural Side-channel Deanonymization Attacks:]: #microarchitectural-side-channel-deanonymization-attacks - [Nested virtualization risks]: #nested-virtualization-risks - [No logging but logging anyway policies:]: #no-logging-but-logging-anyway-policies - [Normal settings:]: #normal-settings - [Note about Plausible Deniability:]: #note-about-plausible-deniability - [Note about plausible deniability on Linux]: #note-about-plausible-deniability-on-linux - [Notes:]: #notes - [Offline Backups:]: #offline-backups - [Online Backups:]: #online-backups - [Online Phone Number (less recommended)]: #online-phone-number - [Others:]: #others - [Overview:]: #overview - [Persistent Plausible Deniability using Whonix within Tails:]: #persistent-plausible-deniability-using-whonix-within-tails - [Phishing and Social Engineering:]: #phishing-and-social-engineering - [Phone verification:]: #phone-verification - [Physically Tamper protect your laptop:]: #physically-tamper-protect-your-laptop - [Pick your connectivity method:]: #pick-your-connectivity-method - [Pick your guest workstation Virtual Machine:]: #pick-your-guest-workstation-virtual-machine - [Picking your Host OS (the OS installed on your laptop):]: #picking-your-host-os-the-os-installed-on-your-laptop - [Picking your route:]: #picking-your-route - [Pixelized or Blurred Information:]: #pixelized-or-blurred-information - [Portable Apps:]: #portable-apps - [Pre-requisites and limitations:]: #pre-requisites-and-limitations - [Pre-requisites:]: #pre-requisites - [Precautions:]: #precautions - [Printing Watermarking]: #printing-watermarking - [Privacy Settings:]: #privacy-settings - [Proof of ID verification:]: #proof-of-id-verification - [Properties and Metadata:]: #properties-and-metadata - [Quick note: Correlation vs Attribution:]: #quick-note-correlation-vs-attribution - [Qwant:]: #qwant - [Redacting Documents/Pictures/Videos/Audio safely:]: #redacting-documentspicturesvideosaudio-safely - [References:]: #references - [Removing Metadata from Files/Documents/Pictures:]: #removing-metadata-from-filesdocumentspictures - [Removing some traces of your identities on search engines and various platforms:]: #removing-some-traces-of-your-identities-on-search-engines-and-various-platforms - [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]: #route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial - [Safari:]: #safari - [Search and replace:]: #search-and-replace - [Security (checking for actual malware):]: #security-checking-for-actual-malware - [Selected Files Backups:]: #selected-files-backups - [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):]: #self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux - [Setup a safe Browser within Qubes OS (optional but recommended):]: #setup-a-safe-browser-within-qubes-os-optional-but-recommended - [Setup an Android VM:]: #setup-an-android-vm - [Setup the VPN ProxyVM:]: #setup-the-vpn-proxyvm - [Sign-in with some platform:]: #sign-in-with-some-platform - [Skills:]: #skills - [Socks Proxy VPS:]: #socks-proxy-vps - [Some Advanced targeted techniques:]: #some-advanced-targeted-techniques - [Some Devices can be tracked even when offline:]: #some-devices-can-be-tracked-even-when-offline - [Some additional measures against forensics:]: #some-additional-measures-against-forensics - [Some bonus resources:]: #some-bonus-resources - [Some laptop recommendations:]: #some-laptop-recommendations - [Some last OPSEC thoughts:]: #some-last-opsec-thoughts - [Some low-tech old-school tricks:]: #some-low-tech-old-school-tricks - [Spelling and grammar checking:]: #spelling-and-grammar-checking - [Spelling slang and symbols:]: #spelling-slang-and-symbols - [Steps for all other routes:]: #steps-for-all-other-routes - [Steps for all routes:]: #steps-for-all-routes - [Structural features:]: #structural-features - [Synchronizing your files between devices Online:]: #synchronizing-your-files-between-devices-online - [Tails:]: #tails - [Techniques to prevent writeprinting:]: #techniques-to-prevent-writeprinting - [The Detached Headers Way]: #the-detached-headers-way - [The Qubes Route:]: #the-qubes-route - [The Real-Name System:]: #the-real-name-system - [The Tails route:]: #the-tails-route - [The Tor Browser route:]: #the-tor-browser-route - [The Veracrypt Way]: #the-veracrypt-way - [The Whonix route:]: #the-whonix-route - [The Wi-Fi and Bluetooth devices around you:]: #the-wi-fi-and-bluetooth-devices-around-you - [Timing limitations:]: #timing-limitations - [Tools that provide a boot disk for wiping from boot:]: #tools-that-provide-a-boot-disk-for-wiping-from-boot - [Tools that provide only support from running OS (for external drives).]: #tools-that-provide-only-support-from-running-os-for-external-drives. - [Tor Browser settings on Tails:]: #tor-browser-settings-on-tails - [Tor Browser:]: #tor-browser - [Tor over VPN:]: #tor-over-vpn-1 - [Tor over VPN]: #tor-over-vpn - [Translation technique:]: #translation-technique - [Trim Operations:]: #trim-operations - [Trim Support:]: #trim-support - [Ubuntu 20.04/21.04/21.10 VM:]: #ubuntu-20.0421.0421.10-vm - [Understanding HDD vs SSD:]: #understanding-hdd-vs-ssd - [Understanding some basics of how some information can lead back to you and how to mitigate some:]: #understanding-some-basics-of-how-some-information-can-lead-back-to-you-and-how-to-mitigate-some - [Understanding the methods used to prevent anonymity and verify identity:]: #understanding-the-methods-used-to-prevent-anonymity-and-verify-identity - [Ungoogled-Chromium:]: #ungoogled-chromium - [Updating Qubes OS:]: #updating-qubes-os - [Updating Whonix from version 15 to version 16:]: #updating-whonix-from-version-15-to-version-16 - [Usage and Precautions:]: #usage-and-precautions - [User Moderation:]: #user-moderation - [User details checking:]: #user-details-checking - [Using Bitcoin anonymously option:]: #using-bitcoin-anonymously-option - [Using Monero anonymously option:]: #using-monero-anonymously-option - [VPN VPS:]: #vpn-vps - [VPN client installation (cash/Monero paid):]: #vpn-client-installation-cashmonero-paid - [Virtualbox Hardening recommendations]: #virtualbox-hardening-recommendations - [Virtualbox on your Host OS:]: #virtualbox-on-your-host-os - [Warning about special tumbling, mixing, coinjoining privacy wallets and services]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg - [Watermarking:]: #watermarking - [Wear-Leveling.]: #wear-leveling. - [What different linguistic choices could say about you:]: #what-different-linguistic-choices-could-say-about-you - [What does an adversary look for when examining your writing?]: #what-does-an-adversary-look-for-when-examining-your-writing - [When converting from BTC to Monero:]: #when-converting-from-btc-to-monero - [Whonix Virtual Machines:]: #whonix-virtual-machines - [Whonix Workstation 16 VM:]: #whonix-workstation-16-vm - [Whonix:]: #whonix - [Wikipedia:]: #wikipedia - [Windows 10/11 VM:]: #windows-1011-vm - [Windows 10/11 Virtual Machine:]: #windows-1011-virtual-machine - [Windows Host OS:]: #windows-host-os - [Windows, Linux, and macOS:]: #windows-linux-and-macos - [Windows:]: #windows-2 - [Yahoo Search:]: #yahoo-search - [Yandex:]: #yandex - [Your Anonymized Tor/VPN traffic:]: #your-anonymized-torvpn-traffic - [Your Bluetooth MAC address:]: #your-bluetooth-mac-address - [Your CPU:]: #your-cpu - [Your Cloud backups/sync services:]: #your-cloud-backupssync-services - [Your Clues about your Real Life and OSINT:]: #your-clues-about-your-real-life-and-osint - [Your Cryptocurrencies transactions:]: #your-cryptocurrencies-transactions - [Your DNS and IP requests:]: #your-dns-and-ip-requests - [Your Digital Fingerprint, Footprint, and Online Behavior:]: #your-digital-fingerprint-footprint-and-online-behavior - [Your Face, Voice, Biometrics, and Pictures:]: #your-face-voice-biometrics-and-pictures - [Your Hardware Identifiers:]: #your-hardware-identifiers - [Your IMEI and IMSI (and by extension, your phone number):]: #your-imei-and-imsi-and-by-extension-your-phone-number - [Your IP address:]: #your-ip-address - [Your Metadata including your Geo-Location:]: #your-metadata-including-your-geo-location - [Your Network:]: #your-network - [Your Operating Systems and Apps telemetry services:]: #your-operating-systems-and-apps-telemetry-services - [Your RFID enabled devices:]: #your-rfid-enabled-devices - [Your Smart devices in general:]: #your-smart-devices-in-general - [Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address - [Your files, documents, pictures, and videos:]: #your-files-documents-pictures-and-videos - [Yourself:]: #yourself - [iOS:]: #ios - [macOS Host OS:]: #macos-host-os - [macOS Virtual Machine:]: #macos-virtual-machine - [macOS:]: #macos-2 +# The Hitchhiker's Guide to Online Anonymity + +(Or "How I learned to start worrying and love ~~privacy~~ anonymity") + +Version v1.2.0, July 2024 by Anonymous Planet + +#### **IMPORTANT RECOMMENDATION FOR UKRAINIANS. ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ УКРАЇНЦІВ** + +Це послання до народу України. Ми настійно рекомендуємо вам використовувати Briar для спілкування. Ви можете знайти його тут: , Швидкий початок: + +-------------------------------------------------------------------------- + +This is a message for the people of Ukraine. We strongly recommend that you use Briar for communicating. You can find it here: +With this application, you can communicate even when there is no internet. +The manual is here: , quick-start guide here: + +-------------------------------------------------------------------------- + +**This guide is a work in progress**. It will probably never be "finished". + +**No affiliation with the** [Anonymous](https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) [[Wikiless]](https://wikiless.org/wiki/Anonymous_(hacker_group)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group)) **collective/movement.** + +**There might be some wrong or outdated information in this guide because no one is perfect.** + +**Your experience may vary. Remember to check regularly for an updated version of this guide.** + +This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). + +- For mirrors see [Appendix A6: Mirrors] + +- For help in comparing versions see [Appendix A7: Comparing versions] + +Feel free to submit issues **(please do report anything wrong)** using GitHub Issues at: + +Feel free to come to discuss ideas at: + +- Rules for our chatrooms: + +- Matrix/Element Room: ```#anonymity:matrix.org``` + +- Matrix Space regrouping several rooms with similar interests: ```#privacy-security-anonymity:matrix.org``` . + +Follow us on: + +- Twitter at + +- Mastodon at + +To contact me, see the updated information on the website or send an e-mail to + +**Please consider [donating][Donations:] if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.** + +There are several ways you could read this guide: + +- You want to understand the current state of online privacy and anonymity not necessarily get too technical about it: Just read the [Introduction][Introduction:], [Requirements][Pre-requisites and limitations:], [Understanding some basics of how some information can lead back to you and how to mitigate those][Understanding some basics of how some information can lead back to you and how to mitigate some:] and [A final editorial note][A small final editorial note:] sections. + +- You want to do the above but also learn how to remove some online information about you: Just read the above and add the [Removing some traces of your identities on search engines and various platforms.][Removing some traces of your identities on search engines and various platforms:] + +- You want to do the above and create online anonymous identities online safely and securely: Read the whole guide. + +Precautions while reading this guide and accessing the various links: + +- **Documents/Files** have a **[Archive.org]** link next to them for accessing content through Archive.org for increased privacy and in case the content goes missing. Some links are not yet archived or outdated on archive.org in which case we encourage you to ask for a new save if possible. + +- **YouTube Videos** have a **[Invidious]** link next to them for accessing content through an Invidious Instance (in this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious) for more information. + +- **Twitter** links have a **[Nitter]** link next to them for accessing content through a Nitter Instance (in this case nitter.net) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter) for more information. + +- **Wikipedia** links have a **[Wikiless]** link next to them for accessing content through a Wikiless Instance (in this case Wikiless.org) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless) for more information. + +- **Medium** links have **[Scribe.rip]** link next to them for accessing content through a Scribe.rip Instance for increased privacy. Again, it is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://scribe.rip/) for more information. + +- If you are reading this in PDF or ODT format, you will notice plenty of \`\`\` in place of double quotes (""). These \`\`\` are there to ease conversion into Markdown/HTML format for online viewing of code blocks on the website. + +If you do not want the hassle and use one of the browsers below, you could also just install the following extension on your browser: [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/): + +- Firefox: + +- Chromium-based browsers (Chrome, Brave, Edge): + +**If you are having trouble accessing any of the many academic articles referenced in this guide due to paywalls, feel free to use Sci-Hub (** [[Wikiless]](https://wikiless.org/wiki/Sci-Hub) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sci-Hub)**) or LibGen (** [[Wikiless]](https://wikiless.org/wiki/Library_Genesis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Library_Genesis)**) for finding and reading them. Because Science should be free. All of it. If you are faced with a paywall accessing some resources, consider using .** + +Finally note that this guide does mention and even recommends various commercial services (such as VPNs, CDNs, e-mail providers, hosting providers...) **but is not endorsed or sponsored by any of them in any way. There are no referral links and no commercial ties with any of these providers. This project is 100% non-profit and only relying on donations.** + +# Contents: + +- [Pre-requisites and limitations:] + - [Pre-requisites:] + - [Limitations:] +- [Introduction:] +- [Understanding some basics of how some information can lead back to you and how to mitigate some:] + - [Your Network:] + - [Your IP address:] + - [Your DNS and IP requests:] + - [Your RFID enabled devices:] + - [The Wi-Fi and Bluetooth devices around you:] + - [Malicious/Rogue Wi-Fi Access Points:] + - [Your Anonymized Tor/VPN traffic:] + - [Some Devices can be tracked even when offline:] + - [Your Hardware Identifiers:] + - [Your IMEI and IMSI (and by extension, your phone number):] + - [Your Wi-Fi or Ethernet MAC address:] + - [Your Bluetooth MAC address:] + - [Your CPU:] + - [Your Operating Systems and Apps telemetry services:] + - [Your Smart devices in general:] + - [Yourself:] + - [Your Metadata including your Geo-Location:] + - [Your Digital Fingerprint, Footprint, and Online Behavior:] + - [Your Clues about your Real Life and OSINT:] + - [Your Face, Voice, Biometrics, and Pictures:] + - [Gait Recognition and Other Long-Range Biometrics] + - [Phishing and Social Engineering:] + - [Malware, exploits, and viruses:] + - [Malware in your files/documents/e-mails:] + - [Malware and Exploits in your apps and services:] + - [Malicious USB devices:] + - [Malware and backdoors in your Hardware Firmware and Operating System:] + - [Your files, documents, pictures, and videos:] + - [Properties and Metadata:] + - [Watermarking:] + - [Pixelized or Blurred Information:] + - [Your Cryptocurrencies transactions:] + - [Your Cloud backups/sync services:] + - [Microarchitectural Side-channel Deanonymization Attacks:] + - [Local Data Leaks and Forensics:] + - [Bad Cryptography:] + - [No logging but logging anyway policies:] + - [Some Advanced targeted techniques:] + - [Some bonus resources:] + - [Notes:] +- [General Preparations:] + - [Picking your route:] + - [Timing limitations:] + - [Budget/Material limitations:] + - [Skills:] + - [Adversarial considerations:] + - [Steps for all routes:] + - [Getting used to using better passwords:] + - [Getting an anonymous Phone number:] + - [Get a USB key:] + - [Find some safe places with decent public Wi-Fi:] + - [The Tor Browser route:] + - [Windows, Linux, and macOS:] + - [Android:] + - [iOS:] + - [Important Warning:] + - [The Tails route:] + - [Tor Browser settings on Tails:] + - [Persistent Plausible Deniability using Whonix within Tails:] + - [Steps for all other routes:] + - [Get a dedicated laptop for your sensitive activities:] + - [Some laptop recommendations:] + - [Bios/UEFI/Firmware Settings of your laptop:] + - [Physically Tamper protect your laptop:] + - [The Whonix route:] + - [Picking your Host OS (the OS installed on your laptop):] + - [Linux Host OS:] + - [macOS Host OS:] + - [Windows Host OS:] + - [Virtualbox on your Host OS:] + - [Pick your connectivity method:] + - [Getting an anonymous VPN/Proxy:] + - [Whonix:] + - [Tor over VPN:] + - [Whonix Virtual Machines:] + - [Pick your guest workstation Virtual Machine:] + - [Linux Virtual Machine (Whonix or Linux):] + - [Windows 10/11 Virtual Machine:] + - [Android Virtual Machine:] + - [macOS Virtual Machine:] + - [KeepassXC:] + - [VPN client installation (cash/Monero paid):] + - [(Optional) VM kill switch:] + - [Final step:] + - [The Qubes Route:] + - [Pick your connectivity method:][1] + - [Getting an anonymous VPN/Proxy:][2] + - [Note about Plausible Deniability:] + - [Installation:] + - [Lid Closure Behavior:] + - [Anti Evil Maid (AEM):] + - [Connect to a Public Wi-Fi:] + - [Updating Qubes OS:] + - [Updating Whonix from version 15 to version 16:] + - [Hardening Qubes OS:] + - [Setup the VPN ProxyVM:] + - [Setup a safe Browser within Qubes OS (optional but recommended):] + - [Setup an Android VM:] + - [KeePassXC:][3] +- [Quick note: Correlation vs Attribution:] +- [Creating your anonymous online identities:] + - [Understanding the methods used to prevent anonymity and verify identity:] + - [Captchas:] + - [Phone verification:] + - [E-Mail verification:] + - [User details checking:] + - [Proof of ID verification:] + - [IP Filters:] + - [Browser and Device Fingerprinting:] + - [Human interaction:] + - [User Moderation:] + - [Behavioral Analysis:] + - [Financial transactions:] + - [Sign-in with some platform:] + - [Live Face recognition and biometrics (again):] + - [Manual reviews:] + - [Getting Online:] + - [Creating new identities:] + - [Checking if your Tor Exit Node is terrible:] + - [The Real-Name System:] + - [About paid services:] + - [Overview:] + - [How to share files privately and/or chat anonymously:] + - [How to share files publicly but anonymously:] + - [Redacting Documents/Pictures/Videos/Audio safely:] + - [Communicating sensitive information to various known organizations:] + - [Maintenance tasks:] +- [Backing up your work securely:] + - [Offline Backups:] + - [Selected Files Backups:] + - [Full Disk/System Backups:] + - [Online Backups:] + - [Files:] + - [Information:] + - [Synchronizing your files between devices Online:] +- [Covering your tracks:] + - [Understanding HDD vs SSD:] + - [Wear-Leveling.] + - [Trim Operations:] + - [Garbage Collection:] + - [Conclusion:] + - [How to securely wipe your whole Laptop/Drives if you want to erase everything:] + - [Linux (all versions including Qubes OS):] + - [Windows:] + - [macOS:] + - [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] + - [Windows:][4] + - [Linux (non-Qubes OS):] + - [Linux (Qubes OS):] + - [macOS:][5] + - [Some additional measures against forensics:] + - [Removing Metadata from Files/Documents/Pictures:] + - [Tails:] + - [Whonix:][6] + - [macOS:][7] + - [Linux (Qubes OS):][8] + - [Linux (non-Qubes):] + - [Windows:][9] + - [Removing some traces of your identities on search engines and various platforms:] + - [Google:] + - [Bing:] + - [DuckDuckGo:] + - [Yandex:] + - [Qwant:] + - [Yahoo Search:] + - [Baidu:] + - [Wikipedia:] + - [Archive.today:] + - [Internet Archive:] + - [Others:] +- [Some low-tech old-school tricks:] + - [Hidden communications in plain sight:] + - [How to spot if someone has been searching your stuff:] +- [Some last OPSEC thoughts:] +- [**If you think you got burned:**] + - [If you have some time:] + - [If you have no time:] +- [A small final editorial note:] +- [Donations:] +- [Helping others staying anonymous:] +- [Acknowledgments:] +- [Appendix A: Windows Installation] + - [Installation:][10] + - [Privacy Settings:] +- [Appendix B: Windows Additional Privacy Settings] +- [Appendix C: Windows Installation Media Creation] +- [Appendix D: Using System Rescue to securely wipe an SSD drive] +- [Appendix E: Clonezilla] +- [Appendix F: Diskpart] +- [Appendix G: Safe Browser on the Host OS] + - [If you can use Tor:] + - [If you cannot use Tor:] +- [Appendix H: Windows Cleaning Tools] +- [Appendix I: Using ShredOS to securely wipe an HDD drive:] + - [Windows:][11] + - [Linux:] +- [Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] + - [Tools that provide a boot disk for wiping from boot:] + - [Tools that provide only support from running OS (for external drives).] +- [Appendix K: Considerations for using external SSD drives] + - [Windows:][12] + - [Trim Support:] + - [ATA/NVMe Operations (Secure Erase/Sanitize):] + - [Linux:][13] + - [Trim Support:][14] + - [ATA/NVMe Operations (Secure Erase/Sanitize):][15] + - [macOS:][16] + - [Trim Support:][17] + - [ATA/NVMe Operations (Secure Erase/Sanitize):][18] +- [Appendix L: Creating a mat2-web guest VM for removing metadata from files] +- [Appendix M: BIOS/UEFI options to wipe disks in various Brands] +- [Appendix N: Warning about smartphones and smart devices] +- [Appendix O: Getting an anonymous VPN/Proxy] + - [Cash/Monero-Paid VPN:] + - [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] + - [VPN VPS:] + - [Socks Proxy VPS:] +- [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] +- [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:] +- [Appendix R: Installing a VPN on your VM or Host OS] +- [Appendix S: Check your network for surveillance/censorship using OONI] +- [Appendix T: Checking files for malware] + - [Integrity (if available):] + - [Authenticity (if available):] + - [Security (checking for actual malware):] + - [Anti-Virus Software:] + - [Manual Reviews:][19] +- [Appendix U: How to bypass (some) local restrictions on supervised computers] + - [Portable Apps:] + - [Bootable Live Systems:] + - [Precautions:] +- [Appendix V: What browser to use in your Guest VM/Disposable VM] + - [Brave:] + - [Ungoogled-Chromium:] + - [Edge:] + - [Safari:] + - [Firefox:] + - [Tor Browser:] +- [Appendix V1: Hardening your Browsers:] + - [Brave:][20] + - [Ungoogled-Chromium:][21] + - [Edge:][22] + - [Safari:][23] + - [Firefox:][24] + - [Normal settings:] + - [Advanced settings:] + - [Addons to install/consider:] + - [Bonus resources:] +- [Appendix W: Virtualization] + - [Nested virtualization risks] +- [Appendix X: Using Tor bridges in hostile environments] +- [Appendix Y: Installing and using desktop Tor Browser] + - [Installation:][25] + - [Usage and Precautions:] +- [Appendix Z: Online anonymous payments using cryptocurrencies] + - [Using Bitcoin anonymously option:] + - [Using Monero anonymously option:] + - [Warning about special tumbling, mixing, coinjoining privacy wallets and services] + - [When converting from BTC to Monero:] +- [Appendix A1: Recommended VPS hosting providers] +- [Appendix A2: Guidelines for passwords and passphrases] +- [Appendix A3: Search Engines] +- [Appendix A4: Counteracting Forensic Linguistics] + - [Introduction:][26] + - [What does an adversary look for when examining your writing?] + - [Examples:] + - [How to counteract the efforts of your adversary:] + - [What different linguistic choices could say about you:] + - [Emoticons:] + - [Structural features:] + - [Spelling slang and symbols:] + - [Techniques to prevent writeprinting:] + - [Spelling and grammar checking:] + - [Translation technique:] + - [Search and replace:] + - [Final advice:] + - [Bonus links:] +- [Appendix A5: Additional browser precautions with JavaScript enabled] +- [Appendix A6: Mirrors] +- [Appendix A7: Comparing versions] +- [Appendix A8: Crypto Swapping Services without Registration and KYC] + - [General Crypto Swapping:] + - [BTC to Monero only:] +- [Appendix A9: Installing a Zcash wallet:] + - [Debian 11 VM:] + - [Ubuntu 20.04/21.04/21.10 VM:] + - [Windows 10/11 VM:] + - [Whonix Workstation 16 VM:] +- [Appendix B1: Checklist of things to verify before sharing information:] +- [Appendix B2: Monero Disclaimer] +- [Appendix B3: Threat modeling resources] +- [Appendix B4: Important notes about evil-maid and tampering] +- [Appendix B5: Types of CPU attacks:] +- [Appendix B6: Warning for using Orbot on Android] +- [Appendix B7: Caution about Session messenger] +- [References:] + +# Pre-requisites and limitations: + +## Pre-requisites: + +- Understanding of the English language (in this case American English). + +- Be a permanent resident in Germany where the courts have upheld the legality of not using real names on online platforms (§13 VI of the German Telemedia Act of 2007[^1]'[^2]). **Alternatively, be a resident of any other country where you can confirm and verify the legality of this guide yourself.** + +- This guide will assume you already have access to some (Windows/Linux/macOS) laptop computer - ideally not a work/shared device - and a basic understanding of how computers work. + +- Have patience, as this process could take several weeks to complete if you want to go through all the content. + +- Have some free time on your hands to dedicate to this process (depending on which route you pick). + +- Be prepared to read a lot of references (do read them), guides (do not skip them), and tutorials thoroughly (do not skip them either). + +- Don't be evil (for real this time)[^3]. + +- Understand that there is no common path that will be both quick and easy. + +## Limitations: + +This guide is not intended for: + +- Creating bot accounts of any kind. + +- Creating impersonation accounts of existing people (such as identity theft). + +- Helping malicious actors conduct unethical, criminal, or illicit activities (such as trolling, stalking, disinformation, misinformation, harassment, bullying, or fraud). + +- Use by minors. + +# Introduction: + +**TLDR for the whole guide: "A strange game. The only winning move is not to play"** [^4]**.** + +Making a social media account with a pseudonym or artist/brand name is easy. And it is enough in most use cases to protect your identity as the next George Orwell. There are plenty of people using pseudonyms all over Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/... But the vast majority of those are anything but anonymous and can easily be traced to their real identity by your local police officers, random people within the OSINT[^5] (Open-Source Intelligence) community, and trolls[^6] on 4chan[^7]. + +This is a good thing as most criminals/trolls are not tech-savvy and will usually be identified with ease. But this is also a terrible thing as most political dissidents, human rights activists and whistleblowers can also be tracked rather easily. + +This guide aims to provide an introduction to various de-anonymization techniques, tracking techniques, ID verification techniques, and optional guidance to creating and maintaining **reasonably and truly** online anonymous identities including social media accounts safely. This includes mainstream platforms and not only the privacy-friendly ones. + +It is important to understand that the purpose of this guide is anonymity and not just privacy but much of the guidance you will find here will also help you improve your privacy and security even if you are not interested in anonymity. There is an important overlap in techniques and tools used for privacy, security, and anonymity but they differ at some point: + +- **Privacy is about people knowing who you are but not knowing what you are doing.** + +- **Anonymity is about people knowing what you are doing but not knowing who you are** [^8]**.** + +![image01](media/image01.png) + +(Illustration from[^9]) + +Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to find you? Probably not ... Mossad will be doing "Mossad things" [^10] and will probably find you no matter how hard you try to hide[^11]. + +You must consider your threat model[^12] before going further. + +![image02](media/image02.png) + +(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) + +Will this guide help you protect your privacy from OSINT researchers like Bellingcat[^13], Doxing[^14] trolls on 4chan[^15], and others that have no access to the NSA toolbox? More likely. Tho we would not be so sure about 4chan. + +Here is a basic simplified threat model for this guide: + +![image40](media/image40.png) + +(Note that the "magical amulets/submarine/fake your own death" jokes are quoted from the excellent article "This World of Ours" by James Mickens, 2014.[^10]) + +Disclaimer: Jokes aside (magical amulet...). Of course, there are also advanced ways to mitigate attacks against such advanced and skilled adversaries but those are just out of the scope of this guide. It is crucially important that you understand the limits of the threat model of this guide. And therefore, this guide will not double in size to help with those advanced mitigations as this is just too complex and will require an exceedingly high knowledge and skill level that is not expected from the targeted audience of this guide. + +The EFF provides a few security scenarios of what you should consider depending on your activity. While some of those tips might not be within the scope of this guide (more about Privacy than Anonymity), they are still worth reading as examples. See [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module-categories/security-scenarios). + +If you want to go deeper into threat modeling, see [Appendix B3: Threat modeling resources]. + +You might think this guide has no legitimate use but there are many[^16]'[^17]'[^18]'[^19]'[^20]'[^21]'[^22] such as: + +- Evading Online Censorship[^23] + +- Evading Online Oppression + +- Evading Online Stalking, Doxxing, and Harassment + +- Evading Online Unlawful Government Surveillance + +- Anonymous Online Whistle Blowing + +- Anonymous Online Activism + +- Anonymous Online Journalism + +- Anonymous Online Legal Practice + +- Anonymous Online Academic Activities (For instance accessing scientific research where such resources are blocked). See note below. + +- ... + +This guide is written with hope for those **good-intended individuals** who might not be knowledgeable enough to consider the big picture of online anonymity and privacy. + +**Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your local law before use (IANAL**[^24]**). "Trust but verify"**[^25] **all the information yourself (or even better, "Never Trust, always verify"**[^391]**). We strongly encourage you to inform yourself and do not hesitate to check any information in this guide with outside sources in case of doubt. Please do report any mistake you spot to us as we welcome criticism. Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as possible.** + +# Understanding some basics of how some information can lead back to you and how to mitigate some: + +There are many ways you can be tracked besides browser cookies and ads, your e-mail, and your phone number. And if you think only the Mossad or the NSA/FSB can find you, you would be wrong. + +First, you could also consider these more general resources on privacy and security to learn more basics: + +- The New Oil\*: [[Archive.org]](https://web.archive.org/web/https://thenewoil.org/) + +- Techlore videos\*: [[Invidious]](https://yewtu.be/c/Techlore) + +- Privacy Guides: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/) + +- Privacy Tools\*: [[Archive.org]](https://web.archive.org/web/https://privacytools.io/) + +*Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.* + +If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project ( [[Archive.org]](https://web.archive.org/web/https://github.com/techlore-official/go-incognito)) as an introduction before going further: [[Invidious]](https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO). This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all. + +**Now, here is a non-exhaustive list of some of the many ways you could be tracked and de-anonymized:** + +## Your Network: + +### Your IP address: + +**Disclaimer: this whole paragraph is about your public-facing Internet IP and not your local network IP.** + +Your IP address[^26] is the most known and obvious way you can be tracked. That IP is the IP you are using at the source. This is where you connect to the internet. That IP is usually provided by your ISP (Internet Service Provider) (xDSL, Mobile, Cable, Fiber, Cafe, Bar, Friend, Neighbor). Most countries have data retention regulations[^27] that mandate keeping logs of who is using what IP at a certain time/date for up to several years or indefinitely. Your ISP can tell a third party that you were using a specific IP at a specific date and time, years after the fact. If that IP (the original one) leaks at any point for any reason, it can be used to track down you directly. In many countries, you will not be able to have internet access without providing some form of identification to the provider (address, ID, real name, e-mail ...). + +Needless to say, that most platforms (such as social networks) will also keep (sometimes indefinitely) the IP addresses you used to sign-up and sign into their services. + +Here are some online resources you can use to find some information about your current **public IP** right now: + +- Find your IP: + + - + + - (Bonus, check your IP for DNS leaks) + +- Find your IP location or the location of any IP: + + - + +- Find if an IP is "suspicious" (in blacklists) or has downloaded "things" on some public resources: + + - + + - + + - (Take this with a grain of salt, it might not show anything interesting and has limited data sources. This is more for fun than anything serious.) + +- Registration information of an IP (most likely your ISP or the ISP of your connection who most likely know who is using that IP at any time): + + - + +- Check for open-services or open devices on an IP (especially if there are leaky Smart Devices on it): + + - (replace the IP by your IP or any other, or change in the search box, this example IP is a Tor Exit node) + +- Various tools to check your IP such as block-lists checkers and more: + + - + + - + +- Would you like to know if you are connected through Tor? + + - + +For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it through a combination of various means: + +- Using a public Wi-Fi service (free). + +- Using the Tor Anonymity Network[^28] (free). + +- Using VPN[^29] services anonymously (anonymously paid with cash or Monero). + +Do note that, unfortunately, these solutions are not perfect, and you will experience performance issues[^30]. + +All those will be explained later in this guide. + +### Your DNS and IP requests: + +DNS stands for "Domain Name System"[^31] and is a service used by your browser (and other apps) to find the IP addresses of a service. It is a huge "contact list" (phone book for older people) that works like asking it a name and it returns the number to call. Except it returns an IP instead. + +Every time your browser wants to access a certain service such as Google through www.google.com. Your Browser (Chrome or Firefox) will query a DNS service to find the IP addresses of the Google web servers. + +Here is a video explaining DNS visually if you are already lost: [[Invidious]](https://yewtu.be/watch?v=vrxwXXytEuI) + +Usually, the DNS service is provided by your ISP and automatically configured by the network you are connecting to. This DNS service could also be subject to data retention regulations or will just keep logs for other reasons (data collection for advertising purposes for instance). Therefore, this ISP will be capable of telling everything you did online just by looking at those logs which can, in turn, be provided to an adversary. Conveniently this is also the easiest way for many adversaries to apply censoring or parental control by using DNS blocking[^32]. The provided DNS servers will give you a different address (than their real one) for some websites (like redirecting thepiratebay.org to some government website). Such blocking is widely applied worldwide for certain sites[^33]. + +Using a private DNS service or your own DNS service would mitigate these issues, but the other problem is that most of those DNS requests are by default still sent in clear text (unencrypted) over the network. Even if you browse PornHub in an incognito Window, using HTTPS and using a private DNS service, chances are exceedingly high that your browser will send a clear text unencrypted DNS request to some DNS servers asking basically "So what's the IP address of www.pornhub.com?". + +Because it is not encrypted, your ISP and/or any other adversary could still intercept (using a Man-in-the-middle attack[^97]) your request will know and possibly log what your IP was looking for. The same ISP can also tamper with the DNS responses even if you are using a private DNS. Rendering the use of a private DNS service useless. + +As a bonus, many devices and apps will use hardcoded DNS servers bypassing any system setting you could set. This is for example the case with most (70%) Smart TVs and a large part (46%) of Game Consoles[^34]. For these devices, you will have to force them[^35] to stop using their hardcoded DNS service which could make them stop working properly. + +A solution to this is to use encrypted DNS using DoH (DNS over HTTPS[^36]), DoT (DNS over TLS[^37]) with a private DNS server (this can be self-hosted locally with a solution like pi-hole[^38], remotely hosted with a solution like nextdns.io or using the solutions provided by your VPN provider or the Tor network). This should prevent your ISP or some go-between from snooping on your requests ... except it might not. + +Small in-between Disclaimer: **This guide does not necessarily endorse or recommend Cloudflare services even if it is mentioned several times in this section for technical understanding.** + +Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/) ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself. + +![](media/image04.png) + +In addition to limited browser support, only web Services and CDNs[^43] behind Cloudflare CDN support ECH/eSNI at this stage[^44]. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as: + +- Amazon (including AWS, Twitch...) + +- Microsoft (including Azure, OneDrive, Outlook, Office 365...) + +- Google (including Gmail, Google Cloud...) + +- Apple (including iCloud, iMessage...) + +- Reddit + +- YouTube + +- Facebook + +- Instagram + +- Twitter + +- GitHub + +- ... + +Some countries like Russia[^45] and China[^46] might (unverified despite the articles) block ECH/eSNI handshakes at the network level to allow snooping and prevent bypassing censorship. Meaning you will not be able to establish an HTTPS connection with a service if you do not allow them to see what it was. + +The issues do not end here. Part of the HTTPS TLS validation is called OCSP[^47] and this protocol used by Firefox-based browsers will leak metadata in the form of the serial number of the certificate of the website you are visiting. An adversary can then easily find which website you are visiting by matching the certificate number[^48]. This issue can be mitigated by using OCSP stapling[^49]. Unfortunately, this is enabled but not enforced by default in Firefox/Tor Browser. But the website you are visiting must also be supporting it and not all do. Chromium-based browsers on the other hand use a different system called CRLSets[^50]'[^51] which is arguably better. + +Here is a list of how various browsers behave with OCSP: [[Archive.org]](https://web.archive.org/web/https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/) + +Here is an illustration of the issue you could encounter on Firefox-based browsers: + +![](media/image05.png) + +Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies[^52] have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). + +One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/welcome-hidden-resolver/), [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/oblivious-dns/)). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). + +**Note that Oblivious DNS addresses an adversary that eavesdrops on one of the connections listed here but not all. It does not address a global passive adversary (GPA) who can eavesdrop on many or all of these connections**: +- traffic between the client resolver and the recursive resolver +- the recursive resolver and the ODNS resolver +- the ODNS resolver and an authoritative server. + +Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/dohot). This guide will not help you with this one at this stage, but it might be coming soon. + +Here is an illustration showing the current state of DNS and HTTPS privacy based on our current knowledge. + +![](media/image06.png) + +As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome. + +But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: [[Archive.org]](https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/). This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are visiting anyway. + +Therefore, to mitigate all these issues (as much as possible and as best as we can), this guide will later recommend two solutions: Using Tor and a virtualized (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) multi-layered solution of VPN over Tor solution (DNS over VPN over Tor or DNS over TOR). Other options will also be explained (Tor over VPN, VPN only, No Tor/VPN) but are less recommended. + +### Your RFID enabled devices: + +RFID stands for Radio-frequency identification[^55], it is the technology used for instance for contactless payments and various identification systems. Of course, your smartphone is among those devices and has RFID contactless payment capabilities through NFC[^56]. As with everything else, such capabilities can be used for tracking by various actors. + +But unfortunately, this is not limited to your smartphone, and you also probably carry some amount of RFID enabled device with you all the time such as: + +- Your contactless-enabled credit/debit cards + +- Your store loyalty cards + +- Your transportation payment cards + +- Your work-related access cards + +- Your car keys + +- Your national ID or driver license + +- Your passport + +- The price/anti-theft tags on object/clothing + +- ... + +While all these cannot be used to de-anonymize you from a remote online adversary, they can be used to narrow down a search if your approximate location at a certain time is known. For instance, you cannot rule out that some stores will effectively scan (and log) all RFID chips passing through the door. They might be looking for their loyalty cards but are also logging others along the way. Such RFID tags could be traced to your identity and allow for de-anonymization. + +More information over at Wikipedia: [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) and [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) + +The only way to mitigate this problem is to have no RFID tags on you or to shield them again using a type of Faraday cage. You could also use specialized wallets/pouches that specifically block RFID communications. Many of those are now made by well-known brands such as Samsonite[^57]. You should just not carry such RFID devices while conducting sensitive activities. + +See [Appendix N: Warning about smartphones and smart devices] + +### The Wi-Fi and Bluetooth devices around you: + +Geolocation is not only done by using mobile antennas triangulation. It is also done using the Wi-Fi and Bluetooth devices around you. Operating systems makers like Google (Android[^58]) and Apple (IOS[^59]) maintain a convenient database of most Wi-Fi access points, Bluetooth devices, and their location. When your Android smartphone or iPhone is on (and not in Plane mode), it will scan actively (unless you specifically disable this feature in the settings) Wi-Fi access points, and Bluetooth devices around you and will be able to geolocate you with more precision than when using a GPS. + +This active and continuous probing can then be sent back to Google/Apple/Microsoft as part of their Telemetry. The issue is that this probing is unique and can be used to uniquely identify a user and track such user. Shops, for example, can use this technique to fingerprint customers including when they return, where they go in the shop and how long they stay at a particular place. There are several papers[^60]'[^61] and articles[^62] describing this issue in depth. + +This allows them to provide accurate locations even when GPS is off, but it also allows them to keep a convenient record of all Wi-Fi Bluetooth devices all over the world. Which can then be accessed by them or third parties for tracking. + +Note: If you have an Android smartphone, Google probably knows where it is no matter what you do. You cannot really trust the settings. The whole operating system is built by a company that wants your data. Remember that if it is free then you are the product. + +But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to track your movements accurately just based on radio interferences. What this means is that it is possible to track your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat conspiracy theory claim but here are the references[^63] with demonstrations showing this tech in action: [[Archive.org]](https://web.archive.org/web/http://rfpose.csail.mit.edu/) and the video here: [[Invidious]](https://yewtu.be/watch?v=HgDdaMy8KNE) + +Other researchers have found a way to count the people in a defined space using only Wi-Fi, see [[Archive.org]](https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you) + +You could therefore imagine many use cases for such technologies like recording who enters specific buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby tracking them from outside. Even if they have no smartphone on them. + +![](media/image07.png) + +Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage. + +Here is another video of the same kind of tech in action: [[Invidious]](https://yewtu.be/watch?v=FDZ39h-kCS8) + +See [Appendix N: Warning about smartphones and smart devices] + +There is not much you can do about these. Besides being non-identifiable in the first place. + +### Malicious/Rogue Wi-Fi Access Points: + +These have been used at least since 2008 using an attack called "Jasager"[^64] and can be done by anyone using self-built tools or using commercially available devices such as Wi-Fi Pineapple[^65]. + +Here are some videos explaining more about the topic: + +- HOPE 2020, + +- YouTube, Hak5, Wi-Fi Pineapple Mark VII [[Invidious]](https://yewtu.be/watch?v=7v3JR4Wlw4Q) + +These devices can fit in a small bag and can take over the Wi-Fi environment of any place within their range. For instance, a Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients to disconnect from their current Wi-Fi (using de-authentication, disassociation attacks[^66]) while spoofing the normal Wi-Fi networks at the same location. They will continue to perform this attack until your computer, or you decide to try to connect to the rogue AP. + +These devices can then mimic a captive portal[^67] with the exact same layout as the Wi-Fi you are trying to access (for instance an Airport Wi-Fi registration portal). Or they could just give you unrestricted access internet that they will themselves get from the same place. + +Once you are connected through the Rogue AP, this AP will be able to execute various man-in-the-middle attacks to perform analysis on your traffic. These could be malicious redirections or simple traffic sniffing. These can then easily identify any client that would for instance try to connect to a VPN server or the Tor Network. + +This can be useful when you know someone you want to de-anonymize is in a crowded place, but you do not know who. This would allow such an adversary to possibly fingerprint any website you visit despite the use of HTTPS, DoT, DoH, ODoH, VPN, or Tor using traffic analysis as pointed above in the DNS section. + +These can also be used to carefully craft and serve you advanced phishing webpages that would harvest your credentials or try to make you install a malicious certificate allowing them to see your encrypted traffic. + +How to mitigate those? If you do connect to a public wi-fi access point, use Tor, or use a VPN and then Tor (Tor over VPN) or even (VPN over Tor) to obfuscate your traffic from the rogue AP while still using it. + +### Your Anonymized Tor/VPN traffic: + +Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize encrypted Tor traffic over the years[^68]. Most of those techniques are Correlation attacks that will correlate your network traffic in one way or another to logs or datasets. Here are some examples: + +- **Correlation Fingerprinting Attack:** As illustrated (simplified) below, this attack will fingerprint your encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without decrypting it. Some of those methods can do so with a 96% success rate **in a closed-world setting**. **The efficacy of those methods in a real open-world setting** **has not been demonstrated yet and would probably require tremendous resources computing power making it very unlikely that such techniques would be used by a local adversary in the near future.** Such techniques could however hypothetically be used by an advanced and probably global adversary with access to your source network to determine some of your activity. Examples of those attacks are described in several research papers[^69]'[^70]'[^71] as well as their limitations[^72]. The Tor Project itself published an article about these attacks with some mitigations: [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations). + +![](media/image08.png) + +- **Correlation Timing Attacks:** As illustrated (simplified) below, an adversary that has access to network connection logs (IP or DNS for instance, remember that most VPN servers and most Tor nodes are known and publicly listed) at the source and the destination could correlate the timings to de-anonymize you without requiring any access to the Tor or VPN network in between. A real use case of this technique was done by the FBI in 2013 to de-anonymize[^73] a bomb threat hoax at Harvard University. + +![](media/image09.png) + +- **Correlation Counting Attacks:** As illustrated (simplified) below, an adversary that has no access to detailed connection logs (cannot see that you used Tor or Netflix) but has access to data counting logs could see that you have downloaded 600MB on a specific time/date that matches the 600MB upload at the destination. This correlation can then be used to de-anonymize you over time. + +![](media/image10.png) + +There are ways to mitigate these such as: + +- Do not use Tor/VPNs to access services that are on the same network (ISP) as the destination service. For example, do not connect to Tor from your University Network to access a University Service anonymously. Instead, use a different source point (such as a public Wi-Fi) that cannot be correlated easily by an adversary. + +- Do not use Tor/VPN from an obviously heavily monitored network (such as a corporate/governmental network) but instead try to find an unmonitored network such as a public Wi-Fi or a residential Wi-Fi. + +- Consider the use of multiple layers (such as what will be recommended in this guide later: VPN over Tor) so that an adversary might be able to see that someone connected to the service through Tor but will not be able to see that it was you because you were connected to a VPN and not the Tor Network. + +Be aware again that this might not be enough against a motivated global adversary[^74] with wide access to global mass surveillance. Such an adversary might have access to logs no matter where you are and could use those to de-anonymize you. Usually, these attacks are part of what is called a Sybil Attack[^75]. **These adversaries are out of the scope of this guide.** + +Be also aware that all the other methods described in this guide such as Behavioral analysis can also be used to deanonymize Tor users indirectly (see further [Your Digital Fingerprint, Footprint, and Online Behavior][Your Digital Fingerprint, Footprint, and Online Behavior:]). + +I also strongly recommend reading this very good, complete, and thorough (and more detailed) guide on most known Attack Vectors on Tor: [[Archive.org]](https://web.archive.org/web/https://github.com/Attacks-on-Tor/Attacks-on-Tor) as well as this recent research publication [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research) + +As well as this great series of blog posts: [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html) + +Recently, one of these attacks was attempted on the Tor Network with more information here: [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/) + +Lastly, do remember that using Tor can already be considered suspicious activity[^76], and its use could be considered malicious by some[^77]. + +This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi-fi's for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated adversaries and are out of scope from this guide. It is also recommended that you learn about practical correlation attacks, as performed by intelligence agencies: [[Archive.org]](https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) + +**Disclaimer: it should also be noted that Tor is not designed to protect against a global adversary. For more information see [[Archive.org]](https://web.archive.org/web/https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf) and specifically, "Part 3. Design goals and assumptions.".** + + +### Some Devices can be tracked even when offline: + +You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used. Most people would think that's overkill. Well, unfortunately, no, this is now becoming true at least for some devices: + +- iPhones and iPads (IOS 13 and above)[^78]'[^79] + +- Samsung Phones (Android 10 and above)[^80] + +- MacBooks (macOS 10.15 and above)[^81] + +Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth Low-Energy[^82]. They do not have access to the devices directly (which are not connected to the internet) but instead use BLE to find them through other nearby devices[^83]. They are using peer-to-peer short-range Bluetooth communication to broadcast their status through nearby online devices. + +They could now find such devices and keep the location in some database that could then be used by third parties or themselves for various purposes (including analytics, advertising, or evidence/intelligence gathering). + +See [Appendix N: Warning about smartphones and smart devices] + +TLDR: Do not take such devices with you when conducting sensitive activities. + +## Your Hardware Identifiers: + +### Your IMEI and IMSI (and by extension, your phone number): + +The IMEI (International Mobile Equipment Identity[^84]) and the IMSI (International Mobile Subscriber Identity[^85]) are unique numbers created by cell phone manufacturers and cell phone operators. + +The IMEI is tied directly to the phone you are using. This number is known and tracked by the cell phone operators and known by the manufacturers. Every time your phone connects to the mobile network, it will register the IMEI on the network along with the IMSI (if a SIM card is inserted but that is not even needed). It is also used by many applications (Banking apps abusing the phone permission on Android for instance[^86]) and smartphone Operating Systems (Android/IOS) for identification of the device[^87]. It is possible but difficult (and not illegal in many jurisdictions[^88]) to change the IMEI on a phone but it is probably easier and cheaper to just find and buy some old (working) Burner phone for a few Euros (this guide is for Germany remember) at a flea market or some random small shop. + +The IMSI is tied directly to the mobile subscription or pre-paid plan you are using and is tied to your phone number by your mobile provider. The IMSI is hardcoded directly on the SIM card and cannot be changed. Remember that every time your phone connects to the mobile network, it will also register the IMSI on the network along with the IMEI. Like the IMEI, the IMSI is also being used by some applications and smartphone Operating systems for identification and is being tracked. Some countries in the EU for instance maintain a database of IMEI/IMSI associations for easy querying by Law Enforcement. + +Today, giving away your (real) phone number is the same or better than giving away your Social Security number/Passport ID/National ID. + +The IMEI and IMSI can be traced back to you in at least six ways: + +- The mobile operator subscriber logs will usually store the IMEI along with the IMSI and their subscriber information database. If you use a prepaid anonymous SIM (anonymous IMSI but with a known IMEI), they could see this cell belongs to you if you used that cell phone before with a different SIM card (different anonymous IMSI but same known IMEI). + +- The mobile operator antenna logs will conveniently keep a log of which IMEI. IMSI also keep some connection data. They know and log for instance that a phone with this IMEI/IMSI combination connected to a set of mobile antennas and how powerful the signal to each of those antennas were, allowing easy triangulation/geolocation of the signal. They also know which other phones (your real one for instance) connected at the same time to the same antennas with the same signal. This makes it possible to know precisely that this "burner phone" was always connected at the same place/time than this other "known phone" which shows up every time the burner phone is being used. This information can/is used by various third parties to geolocate/track you quite precisely[^89]'[^90]. + +- The manufacturer of the Phone can trace back the sale of the phone using the IMEI if that phone was bought in a non-anonymous way. Indeed, they will have logs of each phone sale (including serial number and IMEI), to which shop/person to whom it was sold. And if you are using a phone that you bought online (or from someone that knows you). It can be traced to you using that information. Even if they do not find you on CCTV[^91] and you bought the phone using cash, they can still find what other phone (your real one in your pocket) was there (in that shop) at that time/date by using the antenna logs. + +- The IMSI alone can be used to find you as well because most countries now require customers to provide an ID when buying a SIM card (subscription or pre-paid). The IMSI is then tied to the identity of the buyer of the card. In the countries where the SIM can still be bought with cash (like the UK), they still know where (which shop) it was bought and when. This information can then be used to retrieve information from the shop itself (such as CCTV footage as for the IMEI case). Or again the antenna logs can also be used to figure out which other phone was there at the moment of the sale. + +- The smartphone OS makers (Google/Apple for Android/IOs) also keep logs of IMEI/IMSI identifications tied to Google/Apple accounts and which user has been using them. They too can trace back the history of the phone and to which accounts it was tied in the past[^92]. + +- Government agencies around the world interested in your phone number can and do use[^93] special devices called "IMSI catchers"[^94] like the Stingray[^95] or more recently the Nyxcell[^96]. These devices can impersonate (to spoof) a cell phone Antenna and force a specific IMSI (your phone) to connect to it to access the cell network. Once they do, they will be able to use various MITM[^97] (Man-In-The-Middle Attacks) that will allow them to: + + - Tap your phone (voice calls and SMS). + + - Sniff and examine your data traffic. + + - Impersonate your phone number without controlling your phone. + + - ... + +Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]](https://yewtu.be/watch?v=siCk4pGGcqA) + + **For these reasons, it is crucial to get a dedicated anonymous phone number and/or an anonymous burner phone with a cash-bought pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible to get an anonymous pre-paid but preferably dedicated number from free and paid online services accepting anonymous cryptocurrencies like Monero. Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:].** + +While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. + +See [Appendix N: Warning about smartphones and smart devices] + +### Your Wi-Fi or Ethernet MAC address: + +The MAC address[^99] is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, ...) and it is possible again for them to track where and when the computer with the MAC address in question was sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (or a CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the Mobile Provider antenna logs at that time (IMEI/IMSI). + +Operating Systems makers (Google/Microsoft/Apple) will also keep logs of devices and their MAC addresses in their logs for device identification (Find my device type services for example). Apple can tell that the MacBook with this specific MAC address was tied to a specific Apple Account before. Maybe yours before you decided to use the MacBook for sensitive activities. Maybe to a different user who sold it to you but remembers your e-mail/number from when the sale happened. + +Your home router/Wi-Fi access point keeps logs of devices that are registered on the Wi-Fi, and these can be accessed too to find out who has been using your Wi-Fi. Sometimes this can be done remotely (and silently) by the ISP depending on if that router/Wi-Fi access point is being "managed" remotely by the ISP (which is often the case when they provide the router to their customers). + +Some commercial devices will keep a record of MAC addresses roaming around for various purposes such as road congestion[^100]. + +**So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to randomize MAC addresses (Android, IOS, Linux, and Windows 10/11)** with the notable exception of macOS which does not support this feature even in its latest Big Sur version. + +See [Appendix N: Warning about smartphones and smart devices] + +### Your Bluetooth MAC address: + +Your Bluetooth MAC is like the earlier MAC address except it is for Bluetooth. Again, it can be used to track you as manufacturers and operating system makers keep logs of such information. It could be tied to a sale place/time/date or accounts and then could be used to track you with such information, the shop billing information, the CCTV, or the mobile antenna logs in correlation. + +Operating systems have protections in place to randomize those addresses but are still subject to vulnerabilities[^101]. + +For this reason, and unless you really need those, you should just disable Bluetooth completely in the BIOS/UEFI settings if possible or in the Operating System otherwise. + +On Windows 10, you will need to disable and enable the Bluetooth device in the device manager itself to force randomization of the address for next use and prevent tracking. + +In general, this should not be too much of a concern compared to MAC Addresses. BT Addresses are randomized quite often. + +See [Appendix N: Warning about smartphones and smart devices] + +## Your CPU: + +All modern CPUs[^102] are now integrating hidden management platforms such as the now infamous Intel Management Engine[^103] and the AMD Platform Security Processor[^104]. + +Those management platforms are small operating systems running directly on your CPU as long as they have power. These systems have full access to your computer's network and could be accessed by an adversary to de-anonymize you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine [[Invidious]](https://yewtu.be/watch?v=mYsTBPqbya8). + +These have already been affected by several security vulnerabilities in the past[^105] that allowed malware to gain control of target systems. These are also accused by many privacy actors including the EFF and Libreboot of being a backdoor into any system[^106]. + +There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP. + +Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s). In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. + +If you are feeling a bit more adventurous, you could install your own BIOS using Coreboot [^108] or Libreboot (a distribution of Coreboot) if your laptop supports it. Coreboot allows users to add their own microcode or other firmware blobs in order for the machine to function, but this is based upon user choice, and as of Dec 2022, Libreboot has adopted a similar pragmatic approach in order to support newer devices in the Coreboot tree. (Thanks, kind Anon who corrected previous information in this paragraph.) + +Check yourself: + +- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]](https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker) which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: [[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent) and here [[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf) + +- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]](https://web.archive.org/web/https://www.grc.com/inspectre.htm) + +Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) + +Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (warning: these can severely impact the performance of your VMs). + +This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. + +We will mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. + +**In addition, we recommend the use of AMD CPUs instead of Intel CPUs.** + +- CPU vulnerabilities found in the past few years: + + - [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Æpic](https://aepicleak.com/), [SGAxe](https://en.wikipedia.org/wiki/Software_Guard_Extensions#SGAxe), [LVI](https://en.wikipedia.org/wiki/Software_Guard_Extensions#LVI), [Plundervolt](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Plundervolt), [MicroScope replay attack](https://en.wikipedia.org/wiki/Software_Guard_Extensions#MicroScope_replay_attack), [Enclave](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Enclave_attack), [Prime+Probe](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Prime+Probe_attack), [Crosstalk](https://www.vusec.net/projects/crosstalk/), [Hertzbleed](https://en.wikipedia.org/wiki/Hertzbleed), [Squip attack](https://www.securityweek.com/amd-processors-expose-sensitive-data-new-squip-attack/), [Zenbleed](https://lock.cmpxchg8b.com/zenbleed.html) + +## Your Operating Systems and Apps telemetry services: + +Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect telemetry information by default even if you never opt-in or opted-out[^112] from the start. Some like Windows will not even allow disabling telemetry completely without some technical tweaks. This information collection can be extensive and include a staggering number of details (metadata and data) on your devices and their usage. + +Here are good overviews of what is being collected by those five popular OSes in their last versions: + +- Android/Google: + + - Just have a read at their privacy policy [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy) + + - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) + +- IOS/Apple: + + - More information at [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/privacy/en-ww/) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202100) + + - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) + + - Apple does claim[^109] that they anonymize this data using differential privacy[^110] but you will have to trust them on that. + +- Windows/Microsoft: + + - Full list of required diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004) + + - Full list of optional diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data) + +- macOS: + + - More details on [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac) + +- Ubuntu: + + - Ubuntu despite being a Linux distribution also collects Telemetry Data nowadays. This data however is quite limited compared to the others. More details on [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/desktop/statistics) + +Not only are Operating Systems gathering telemetry services but so are Apps themselves like Browsers, Mail Clients, and Social Networking Apps installed on your system. + +It is important to understand that this telemetry data can be tied to your device and help de-anonymizing you and later can be used against you by an adversary that would get access to this data. + +This does not mean for example that Apple devices are terrible choices for good Privacy (tho this might be changing[^111]), but they are certainly not the best choices for (relative) Anonymity. They might protect you from third parties knowing what you are doing but not from themselves. In all likelihood, they certainly know who you are. + +Later in this guide, we will use all the means at our disposal to disable and block as much telemetry as possible to mitigate this attack vector in the Operating Systems supported in this guide. These will include Windows, macOS, and even Linux in some regard. + +See [Appendix N: Warning about smartphones and smart devices] + +## Your Smart devices in general: + +You got it; your smartphone is an advanced spying/tracking device that: + +- Records everything you say at any time ("Hey Siri", "Hey Google"). + +- Records your location everywhere you go. + +- Always records other devices around you (Bluetooth devices, Wi-Fi Access points). + +- Records your habits and health data (steps, screen time, exposure to diseases, connected devices data) + +- Records all your network locations. + +- Records all your pictures and videos (and most likely where they were taken). + +- Has most likely access to most of your known accounts including social media, messaging, and financial accounts. + +Data is being transmitted even if you opt-out[^112], processed, and stored indefinitely (most likely unencrypted[^113]) by various third parties[^114]. + +But that is not all, this section is not called "Smartphones" but "Smart devices" because it is not only your smartphone spying on you. It is also every other smart device you could have: + +- Your Smart Watch? (Apple Watch, Android Smartwatch ...) + +- Your Fitness Devices and Apps[^115]'[^116]? (Strava[^117]'[^118], Fitbit[^119], Garmin, Polar[^120], ...) + +- Your Smart Speaker? (Amazon Alexa[^121], Google Echo, Apple Homepod ...) + +- Your Smart Transportation? (Car? Scooter?) + +- Your Smart Tags? (Apple AirTag, Galaxy SmartTag, Tile...) + +- Your Car? (Yes, most modern cars have advanced logging/tracking features these days[^122]) + +- Any other Smart device? There are even convenient search engines dedicated to finding them online: + + - + + - + + - + +See [Appendix N: Warning about smartphones and smart devices] + +Conclusion: Do not bring your smart devices with you when conducting sensitive activities. + +## Yourself: + +### Your Metadata including your Geo-Location: + +Your metadata is all the information about your activities without the actual content of those activities. For instance, it is like knowing you had a call from an oncologist before then calling your family and friends successively. You do not know what was said during the conversation, but you can guess what it was just from the metadata[^123]. + +This metadata will also often include your location that is being harvested by Smartphones, Operating Systems (Android[^124]/IOS), Browsers, Apps, Websites. Odds are several companies are knowing exactly where you are at any time[^125] because of your smartphone[^126]. + +This location data has been used in many judicial cases[^127] already as part of "geofencing warrants" [^128] that allow law enforcement to ask companies (such as Google/Apple) a list of all devices present at a certain location at a certain time. In addition, this location data is even sold by private companies to the military who can then use it conveniently[^129]. These warrants are becoming widely used by law enforcement[^130]'[^131]'[^132]. + +If you want to experience yourself what a "geofencing warrant" would look like, here is an example: . + +Now let us say you are using a VPN to hide your IP. The social media platform knows you were active on that account on November 4th from 8 am to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot trace back that VPN IP to your IP. Your ISP however knows (or at least can know) you were connected to that same VPN provider on November 4th from 7:30 am to 2 pm but does not know what you were doing with it. + +The question is: Is there someone somewhere that would have both pieces of information available[^133] for correlation in a convenient database? + +Have you heard of Edward Snowden[^134]? Now is the time to google him and read his book[^135]. Also read about XKEYSCORE[^136]'[^137], MUSCULAR[^138], SORM[^139], Tempora[^140] , and PRISM[^141]. + +See "We kill people based on Metadata"[^142] or this famous tweet from the IDF [[Archive.org]](https://web.archive.org/web/https://twitter.com/idf/status/1125066395010699264) [[Nitter]](https://nitter.net/idf/status/1125066395010699264). + +See [Appendix N: Warning about smartphones and smart devices] + +### Your Digital Fingerprint, Footprint, and Online Behavior: + +This is the part where you should watch the documentary "The Social Dilemma"[^143] on Netflix as they cover this topic much better than anyone else. + +This includes is the way you write (stylometry) [^144]'[^145], the way you behave[^146]'[^147]. The way you click. The way you browse. The fonts you use on your browser[^148]. Fingerprinting is being used to guess who someone is by the way that user is behaving. You might be using specific pedantic words or making specific spelling mistakes that could give you away using a simple Google search for similar features because you typed comparably on some Reddit post 5 years ago using a not so anonymous Reddit account[^149]. The words you type in a search engine alone can be used against you as the authorities now have warrants to find users who used specific keywords in search engines[^150]. + +Social Media platforms such as Facebook/Google can go a step further and can register your behavior in the browser itself. For instance, they can register everything you type even if you do not send it / save it. Think of when you draft an e-mail in Gmail. It is saved automatically as you type. They can register your clicks and cursor movements as well. + +All they need to achieve this in most cases is Javascript enabled in your browser (which is the case in most Browsers including Tor Browser by default). Even with Javascript disabled, there are still ways to fingerprint you[^151]. + +While these methods are usually used for marketing purposes and advertising, they can also be a useful tool for fingerprinting users. This is because your behavior is unique or unique enough that over time, you could be de-anonymized. + +Here are some examples: + +- Specialized companies are selling to, for example, law enforcement agencies products for analyzing social network activities such as [[Archive.org]](https://web.archive.org/web/https://mediasonar.com/) + +- For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say accidentally hitting an "l" instead of a "k" on three out of every seven transactions) and mouse movements establish that person's unique pattern of behavior[^152]. Some commercial services such as TypingDNA ( [[Archive.org]](https://web.archive.org/web/https://www.typingdna.com/)) even offer such analysis as a replacement for two-factor authentications. + +- This technology is also widely used in CAPTCHAS[^371] services to verify that you are "human" and can be used to fingerprint a user. + +- See [Appendix A4: Counteracting Forensic Linguistics]. + +Analysis algorithms could then be used to match these patterns with other users and match you to a different known user. It is unclear whether such data is already used or not by Governments and Law Enforcement agencies, but it might be in the future. And while this is mostly used for advertising/marketing/captchas purposes now. It could and probably will be used for investigations in the short or mid-term future to deanonymize users. + +Here is a fun example you try yourself to see some of those things in action: (no archive links for this one sorry). You will see it becoming interesting over time (this requires Javascript enabled). + +Here is also a recent example just showing what Google Chrome collects on you: + +Here are some other resources on the topic if you cannot see this documentary: + +- 2017, Behavior Analysis in Social Networks, [[Archive.org]](https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1) + +- 2017, Social Networks and Positive and Negative Affect [[Archive.today]](https://archive.ph/iuowI) + +- 2015, Using Social Networks Data for Behavior and Sentiment Analysis [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis) + +- 2016, A Survey on User Behavior Analysis in Social Networks [[Archive.org]](https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks) + +- 2017, DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) + +- 2019, Influence and Behavior Analysis in Social Networks and Social Media [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2) + +So, how can you mitigate these? + +- This guide will provide some technical mitigations using Fingerprinting resistant tools but those might not be sufficient. + +- You should apply common sense and try to find your own patterns in your behavior and behave differently when using anonymous identities. This includes: + + - The way you type (speed, accuracy...). + + - The words you use (be careful with your usual expressions). + + - The type of response you use (if you are sarcastic by default, try to have a different approach with your identities). + + - The way you use your mouse and click (try to solve the Captchas differently than your usual way) + + - The habits you have when using some Apps or visiting some Websites (do not always use the same menus/buttons/links to reach your content). + + - ... + +You need to act and fully adopt a role as an actor would do for a performance. You need to become a different person, think, and act like that person. This is not a technical mitigation but a human one. You can only rely on yourself for that. + +Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information when using your anonymous identities. See [Appendix A4: Counteracting Forensic Linguistics]. + +### Your Clues about your Real Life and OSINT: + +These are clues you might give over time that could point to your real identity. You might be talking to someone or posting on some board/forum/Reddit. In those posts, you might over time leak some information about your real life. These might be memories, experiences, or clues you shared that could then allow a motivated adversary to build a profile to narrow their search. + +A real use and well-documented case of this was the arrest of the hacker Jeremy Hammond[^153] who shared over time several details about his past and was later discovered. + +There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: [[Archive.org]](https://web.archive.org/web/https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit) + +**We have an OSINT discussion room in our Matrix community. Feel free to join at ```#OSINT:matrix.org```.** + +You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example: + +- [[Archive.org]](https://web.archive.org/web/https://github.com/jivoi/awesome-osint) + +- + +- + +- + +As well as this interesting Playlist on YouTube: [[Invidious]](https://yewtu.be/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy) + +As well as those interesting podcasts: + + + +You should never share real individual experiences/details using your anonymous identities that could later lead to finding your real identity. You will see more details about this in the [Creating new identities][Creating new identities:] section. + +### Your Face, Voice, Biometrics, and Pictures: + +"Hell is other people", even if you evade every method listed above, you are not out of the woods yet thanks to the widespread use of advanced Face recognition by everyone. + +Companies like Facebook have used advanced face recognition for years[^155]'[^156] and have been using other means (Satellite imagery) to create maps of "people" around the world[^157]. This evolution has been going on for years to the point we can now say "we lost control of our faces"[^158]. + +If you are walking in a touristy place, you will most likely appear in someone's selfie within minutes without knowing it. That person could then go ahead and upload that selfie to various platforms (Twitter, Google Photos, Instagram, Facebook, Snapchat ...). Those platforms will then apply face recognition algorithms to those pictures under the pretext of allowing better/easier tagging or to better organize your photo library. In addition to this, the same picture will provide a precise timestamp and in most cases geolocation of where it was taken. Even if the person does not provide a timestamp and geolocation, it can still be guessed with other means[^159]'[^160]. + +Here are a few resources for even trying this yourself: + +- Bellingcat, Guide To Using Reverse Image Search For Investigations: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/) + +- Bellingcat, Using the New Russian Facial Recognition Site SearchFace [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/) + +- Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged Photograph from Skripal Suspect Chepiga [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/) + +- Bellingcat, Advanced Guide on Verifying Video Content [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/) + +- Bellingcat, Using the Sun and the Shadows for Geolocation [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/) + +- Bellingcat, Navalny Poison Squad Implicated in Murders of Three Russian Activists [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/) + +- Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman Passed to German Investigators [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/) + +- Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led Coalition Bombing of a Yemen Hospital [[Invidious]](https://yewtu.be/watch?v=cAVZaPiVArA) + +- Bellingcat, Digital Research Tutorial: Using Facial Recognition in Investigations [[Invidious]](https://yewtu.be/watch?v=awY87q2Mr0E) + +- Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt Venezuelan Officials in Europe [[Invidious]](https://yewtu.be/watch?v=bS6gYWM4kzY) + +### Gait Recognition and Other Long-Range Biometrics + +Even if you are not looking at the camera, they can still figure out who you are[^161], make out your emotions[^162], analyze your gait[^163]'[^164]'[^165], read your lips[^166], analyze the behavior of your eyes[^167], and probably guess your political affiliation[^168]'[^169]. + +Contrary to popular belief and pop culture, modern gait recognition systems aren't fooled by simply changing how you walk (ex. with something uncomfortable in your shoe), as they analyze the way your body's muscles move across your entire body, as you perform certain actions. The best way to fool modern gait recognition is to wear loose clothes that obscure the way your muscles move as you perform actions. + +Other things than can be used to identify you include your earlobes, which are actually more identifiable than fingerprints, or even the shape of your skull. As such, soft headcoverings such as balaclavas are not recommendable for obscuring your identity - they make you look incredibly suspicious, while also conforming to the shape of your skull. + +![](media/image11.png) + +(Illustration from [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf)) + +![](media/image12.png) + +(illustration from [[Archive.org]](https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15)) + +Those platforms (Google/Facebook) already know who you are for a few reasons: + +- Because you have or had a profile with them, and you identified yourself. + +- Even if you never made a profile on those platforms, you still have one without even knowing it[^170]'[^171]'[^172]'[^173]'[^174]. + +- Because other people have tagged you or identified you in their holidays/party pictures. + +- Because other people have put a picture of you in their contact list which they then shared with them. + +Here is also an insightful demo of Microsoft Azure you can try for yourself at where you can detect emotions and compare faces from different pictures. + +Governments already know who you are because they have your ID/Passport/Driving License pictures and often added biometrics (Fingerprints) in their database. Those same governments are integrating those technologies (often provided by private companies such as the Israeli Oosto[^175], Clearview AI[^176]'[^177], or NEC[^178]) in their CCTV networks to look for "persons of interest"[^179]. And some heavily surveilled states like China have implemented widespread use of Facial Recognition for various purposes[^180]'[^181] including possibly identifying ethnic minorities[^182]. A simple face recognition error by some algorithm can ruin your life[^183]'[^184]. + +Here are some resources detailing some techniques used by Law Enforcement today: + +- CCC video explaining current Law Enforcement surveillance capabilities: [[Archive.org]](https://web.archive.org/web/https://media.ccc.de/v/rc3-11406-spot_the_surveillance) + +- EFF SLS: [[Archive.org]](https://web.archive.org/web/https://www.eff.org/sls) + +Apple is making FaceID mainstream and pushing its use to log you into many services including the Banking systems. + +The same goes with fingerprint authentication being mainstreamed by many smartphone makers to authenticate yourself. A simple picture where your fingers appear can be used to de-anonymize you[^185]'[^186]'[^187]'[^188]. + +The same goes with your voice which can be analyzed for various purposes as shown in the recent Spotify patent[^189]. + +Even your iris can be used for identification in some places[^190]. + +We can safely imagine a near future where you will not be able to create accounts or sign in anywhere without providing unique biometrics (A suitable time to re-watch Gattaca[^191], Person of Interest[^192] , and Minority Report[^193]). And you can safely imagine how useful these large biometrics databases could be to some interested third parties. + +In addition, all this information can also be used against you (if you are already de-anonymized) using deepfake[^194] by crafting false information (Pictures, Videos, Voice Recordings[^195]...) and have already been used for such purposes[^196]'[^197]. There are even commercial services for this readily available such as [[Archive.org]](https://web.archive.org/web/https://www.respeecher.com/) and [[Archive.org]](https://web.archive.org/web/https://www.descript.com/overdub). + +See this demo: [[Invidious]](https://yewtu.be/watch?v=t5yw5cR79VA) + +At this time, there are a few steps[^198] you can use to mitigate (and only mitigate) face recognition when conducting sensitive activities where CCTV might be present: + +- Wear a facemask as they have been proven to defeat some face recognition technologies[^199] but not all[^200]. + +- Wear a baseball cap or hat to mitigate identification from high-angle CCTVs (filming from above) from recording your face. Remember this will not help against front-facing cameras. + +- Wear sunglasses in addition to the facemask and baseball cap to mitigate identification from your eye's features. + +- Consider wearing special sunglasses (expensive, unfortunately) called "Reflectacles" [[Archive.org]](https://web.archive.org/web/https://www.reflectacles.com/). There was a small study showing their efficiency against IBM and Amazon facial recognition[^201]. + +- All that might still be useless because of gait recognition mentioned earlier but there might be hope here if you have a 3D Printer: [[Archive.org]](https://web.archive.org/web/https://gitlab.com/FG-01/fg-01) + +(see [Gait Recognition and Other Long-Range Biometrics]) + +(Note that if you intend to use these where advanced facial recognition systems have been installed, these measures could also flag as you as suspicious by themselves and trigger a human check) + +### Phishing and Social Engineering: + +Phishing[^202] is a social engineering[^203] type of attack where an adversary could try to extract information from you by pretending or impersonating something/someone else. + +A typical case is an adversary using a man-in-the-middle[^97] attack or a fake e-mail/call to ask for your credential for a service. This could for example be through e-mail or through impersonating financial services. + +Such attacks can also be used to de-anonymize someone by tricking them into downloading malware or revealing personal information over time. The only defense against those is not to fall for them and common sense. + +These have been used countless times since the early days of the internet and the usual one is called the "419 scam" (see [[Wikiless]](https://wikiless.org/wiki/Advance-fee_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Advance-fee_scam)). + +Here is a good video if you want to learn a bit more about phishing types: Black Hat, Ichthyology: Phishing as a Science [[Invidious]](https://yewtu.be/watch?v=Z20XNp-luNA). + +## Malware, exploits, and viruses: + +### Malware in your files/documents/e-mails: + +Using steganography or other techniques, it is easy to embed malware into common file formats such as Office Documents, Pictures, Videos, PDF documents... + +These can be as simple as HTML tracking links or complex targeted malware. + +These could be simple pixel-sized images[^204] hidden in your e-mails that would call a remote server to try and get your IP address. + +These could be exploiting a vulnerability in an outdated format or an outdated reader[^205]. Such exploits could then be used to compromise your system. + +See these good videos for more explanations on the matter: + +- What is a File Format? [[Invidious]](https://yewtu.be/watch?v=VVdmmN0su6E) + +- Ange Albertini: Funky File Formats: [[Invidious]](https://yewtu.be/watch?v=hdCs6bPM4is) + +You should always use extreme caution. To mitigate these attacks, this guide will later recommend the use of virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) to mitigate leaking any information even in case of opening such a malicious file. + +If you want to learn how to try detecting such malware, see [Appendix T: Checking files for malware] + +### Malware and Exploits in your apps and services: + +So, you are using Tor Browser or Brave Browser over Tor. You could be using those over a VPN for added security. But you should keep in mind that there are exploits[^206] (hacks) that could be known by an adversary (but unknown to the App/Browser provider). Such exploits could be used to compromise your system and reveal details to de-anonymize you such as your IP address or other details. + +A real use case of this technique was the Freedom Hosting[^207] case in 2013 where the FBI inserted malware[^208] using a Firefox browser exploit on a Tor website. This exploit allowed them to reveal details of some users. More recently, there was the notable SolarWinds[^209] hack that breached several US government institutions by inserting malware into an official software update server. + +In some countries, Malware is just mandatory and/or distributed by the state itself. This is the case for instance in China with WeChat[^210] which can then be used in combination with other data for state surveillance[^211]. + +There are countless examples of malicious browser extensions, smartphone apps, and various apps that have been infiltrated with malware over the years. + +Here are some steps to mitigate this type of attack: + +- You should never have 100% trust in the apps you are using. + +- You should always check that you are using the updated version of such apps before use and ideally validate each download using their signature if available. + +- You should not use such apps directly from a hardware system but instead, use a Virtual Machine for compartmentalization. + +To reflect these recommendations, this guide will therefore later guide you in the use of Virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) so that even if your Browser/Apps get compromised by a skilled adversary, that adversary will find himself stuck in a sandbox[^212] without being able to access identifying information or compromise your system. + +### Malicious USB devices: + +There are readily available commercial and cheap "badUSB" [^213]devices that can take deploy malware, log your typing, geolocate you, listen to you or gain control of your laptop just by plugging them in. Here are some examples that you can already buy yourself: + +- Hak5, USB Rubber Ducky [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/usb-rubber-ducky-deluxe) + +- Hak5, O.MG Cable [[Invidious]](https://yewtu.be/watch?v=V5mBJHotZv0) + +- Keelog [[Archive.org]](https://web.archive.org/web/https://www.keelog.com/) + +- AliExpress [[Archive.org]](https://web.archive.org/web/https://www.aliexpress.com/i/4000710369016.html) + +Such devices can be implanted anywhere (charging cable, mouse, keyboard, USB key ...) by an adversary and can be used to track you or compromise your computer or smartphone. The most notable example of such attacks is probably Stuxnet[^214] in 2005. + +While you could inspect a USB key physically, scan it with various utilities, check the various components to see if they are genuine, you will most likely never be able to discover complex malware embedded in genuine parts of a genuine USB key by a skilled adversary without advanced forensics equipment[^215]. + +To mitigate this, you should never trust such devices and plug them into sensitive equipment. If you use a charging device, you should consider the use of a USB data blocking device that will only allow charging but not any data transfer. Such data blocking devices are now readily available in many online shops. You should also consider disabling USB ports completely within the BIOS of your computer unless you need them (if you can). + +### Malware and backdoors in your Hardware Firmware and Operating System: + +This might sound a bit familiar as this was already partially covered previously in the [Your CPU][Your CPU:] section. + +Malware and backdoors can be embedded directly into your hardware components. Sometimes those backdoors are implemented by the manufacturer itself such as the IME in the case of Intel CPUs. And in other cases, such backdoors can be implemented by a third party that places itself between orders of new hardware and customer delivery[^216]. + +Such malware and backdoors can also be deployed by an adversary using software exploits. Many of those are called rootkits[^217] within the tech world. Usually, these types of malware are harder to detect and mitigate as they are implemented at a lower level than the userspace[^218] and often in the firmware[^219] of hardware components itself. + +What is firmware? Firmware is a low-level operating system for devices. Each component in your computer probably has firmware including for instance your disk drives. The BIOS[^220]/UEFI[^221] system of your machine for instance is a type of firmware. + +These can allow remote management and are capable of enabling full control of a target system silently and stealthily. + +As mentioned previously, these are harder to detect by users but some limited steps that can be taken to mitigate some of those by protecting your device from tampering and use some measures (like re-flashing the bios for example). Unfortunately, if such malware or backdoor is implemented by the manufacturer itself, it becomes extremely difficult to detect and disable those. + +## Your files, documents, pictures, and videos: + +### Properties and Metadata: + +This can be obvious to many but not to all. Most files have metadata attached to them. Good examples are pictures that store EXIF[^222] information which can hold a lot of information such as GPS coordinates, which camera/phone model took it, and when it was taken precisely. While this information might not directly give out who you are, it could tell exactly where you were at a certain moment which could allow others to use various sources to find you (CCTV or other footage taken at the same place at the same time during a protest for instance). You must verify any file you would put on those platforms for any properties that might hold any information that might lead back to you. + +Here is an example of EXIF data that could be on a picture: + +![](media/image13.png) + +(Illustration from Wikipedia) + +This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance a very convenient tool to geo-locate YouTube videos: [[Archive.org]](https://web.archive.org/web/https://mattw.io/youtube-geofind/location) + +For this reason, you will always have to be incredibly careful when uploading files using your anonymous identities and check the metadata of those files. + +**Even if you publish a plain text file, you should always double or triple-check it for any information leakage before publishing. You will find some guidance about this in the [Some additional measures against forensics][Some additional measures against forensics:] section at the end of the guide.** + +### Watermarking: + +#### Pictures/Videos/Audio: + +Pictures/Videos often contain visible watermarks indicating who is the owner/creator but there are also invisible watermarks in various products aiming at identifying the viewer itself. + +So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are chances that those might contain invisible watermarking within them that would include information about you as a viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video[^223] or Audio[^224]) or with extensions[^225] for popular apps such as Adobe Premiere Pro. These can be inserted by various content management systems. + +For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/) + +Such watermarks can be inserted by various products[^226]'[^227]'[^228]'[^229] using Steganography[^230] and can resist compression[^231] and re-encoding[^232]'[^233]. + +These watermarks are not easily detectable and could allow identification of the source despite all efforts. + +In addition to watermarks, the camera used for filming (and therefore the device used for filming) a video can also be identified using various techniques such as lens identification[^234] which could lead to de-anonymization. + +Be extremely careful when publishing videos/pictures/audio files from known commercial platforms as they might contain such invisible watermarks in addition to details in the images themselves. There is no guaranteed 100% protection against those. You will have to use common sense. + +#### Printing Watermarking: + +Did you know your printer is most likely spying on you too? Even if it is not connected to any network? This is usually a known fact by many people in the IT community but few outside people. + +Yes ... Your printers can be used to de-anonymize you as well as explained by the EFF here [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/printers) + +With this (old but still relevant) video explaining how from the EFF as well: [[Invidious]](https://yewtu.be/watch?v=izMGMsIZK4U) + +Many printers will print an invisible watermark allowing for identification of the printer on every printed page. This is called Printer Steganography[^235]. There is no tangible way to mitigate this but to inform yourself on your printer and make sure it does not print any invisible watermark. This is important if you intend to print anonymously. + +Here is an (old but still relevant) list of printers and brands who do not print such tracking dots provided by the EFF [[Archive.org]](https://web.archive.org/web/https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots) + +Here are also some tips from the Whonix documentation ( [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Printing_and_Scanning)): + +**Do not ever print in Color, usually, watermarks are not present without color toners/cartridges**[^236]**.** + +### Pixelized or Blurred Information: + +Did you ever see a document with blurred text? Did you ever make fun of those movies/series where they "enhance" an image to recover seemingly impossible-to-read information? + +Well, there are techniques for recovering information from such documents, videos, and pictures. + +Here is for example an open-source project you could use yourself for recovering text from some blurred images yourself: [[Archive.org]](https://web.archive.org/web/https://github.com/beurtschipper/Depix) + +![image14](media/image14.png) + +This is of course an open-source project available for all to use. But you can imagine that such techniques have probably been used before by other adversaries. These could be used to reveal blurred information from published documents that could then be used to de-anonymize you. + +There are also tutorials for using such techniques using Photo Editing tools such as GIMP such as [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b) followed by [[Scribe.rip]](https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) + +![image15](media/image15.png) + +Finally, you will find plenty of deblurring resources here: [[Archive.org]](https://web.archive.org/web/https://github.com/subeeshvasu/Awesome-Deblurring) + +Some online services could even help you do this automatically to some extent like MyHeritage.com enhance tool: + + [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/photo-enhancer) + +Here is the result of the above image: + +![image16](media/image16.png) + +Of course, this tool is more like "guessing" than really deblurring at this point, but it could be enough to find you using various reverse image searching services. + +There are also techniques to deblur/depixelate parts in videos: see [[Archive.org]](https://web.archive.org/web/https://positive.security/blog/video-depixelation) + +For this reason, it is always extremely important that you correctly redact and curate any document you might want to publish. Blurring is not enough, and you should always completely blacken/remove any sensitive data to avoid any attempt at recovering data from any adversary. Do not pixelized, do not blur, just put a hard black rectangle to redact information. + +## Your Cryptocurrencies transactions: + +Contrary to widespread belief, Crypto transactions (such as Bitcoin and Ethereum) are not anonymous[^237]. Most cryptocurrencies can be tracked accurately through various methods[^238]'[^239]. + +Remember what they say on their page: [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/you-need-to-know) and [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/protect-your-privacy): "Bitcoin is not anonymous" + +The main issue is not setting up a random Crypto wallet to receive some currency behind a VPN/Tor address (at this point, the wallet is anonymous). The issue is mainly when you want to convert Fiat money (Euros, Dollars ...) to Crypto and then when you want to cash in your Crypto. You will have few realistic options but to transfer those to an exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges have known wallet addresses and will keep detailed logs (due to KYC[^240] financial regulations) and can then trace back those crypto transactions to you using the financial system[^241]. + +There are some cryptocurrencies with privacy/anonymity in mind like Monero but even those have some and warnings to consider[^242]'[^243]. + +Use of "private" mixers, tumblers[^244] (centralized services that specialize in "anonymizing" cryptocurrencies by "mixing them") and coinjoiners are risky as you don't know what's happening on them[^245] and can be trivially de-mixed[^246]. Their centrally-controlled nature could also put you in trouble as they are more susceptible to money-laundering laws[^247]. + + +This does not mean you cannot use Bitcoin anonymously at all. You can actually use Bitcoin anonymously as long as you do not convert it to actual currency, use a Bitcoin wallet from a safe anonymous network, and do not reuse addresses or consolidate outputs that were used when spending at different merchants. Meaning you should avoid KYC/AML regulations by various exchanges, avoid using the Bitcoin network from any known IP address, and use a wallet that provides privacy-preserving tools. See [Appendix Z: Online anonymous payments using cryptocurrencies][Appendix Z: Online anonymous payments using cryptocurrencies]. + +**Overall, the best option for using Crypto with reasonable anonymity and privacy is still Monero and you should ideally not use any other for sensitive transactions unless you are aware of the limitations and risks involved. Please do read** [Appendix B2: Monero Disclaimer]**.** + +**TLDR: Use Monero!** + +## Your Cloud backups/sync services: + +All companies are advertising their use of end-to-end encryption (E2EE). This is true for almost every messaging app and website (HTTPS). Apple and Google are advertising their use of encryption on their Android devices and their iPhones. + +But what about your backups? Those automated iCloud/Google Drive backups you have? + +Well, you should know that most of those backups are not fully end-to-end encrypted and will hold some of your information readily available for a third party. You will see their claims that data is encrypted at rest and safe from anyone ... Except they usually do keep a key to access some of the data themselves. These keys are used for them indexing your content, recover your account, collecting various analytics. + +There are specialized commercial forensics solutions available (Magnet Axiom[^248], Cellebrite Cloud[^249]) that will help an adversary analyze your cloud data with ease. + +Notable Examples: + +- Apple iCloud: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202303) : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". + +- Google Drive and WhatsApp: [[Archive.org]](https://web.archive.org/web/https://faq.whatsapp.com/android/chats/about-google-drive-backups/): "**Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive**. ". Do however note that Facebook/Whatsapp have announced the rollout of encrypted backups on October 14^th^ 2021 ( [[Archive.org]](https://web.archive.org/web/https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/)) which should solve this issue. + +- Dropbox: [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/privacy) "To provide these and other features, **Dropbox accesses, stores, and scans Your Stuff**. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with". + +- Microsoft OneDrive: [[Archive.org]](https://web.archive.org/web/https://privacy.microsoft.com/en-us/privacystatement): Productivity and communications products, "When you use OneDrive, we collect data about your usage of the service, as well as the content you store, to provide, improve, and protect the services. **Examples include indexing the contents of your OneDrive documents so that you can search for them later and using location information to enable you to search for photos based on where the photo was taken**". + +You should not trust cloud providers with your (not previously and locally encrypted) sensitive data and you should be wary of their privacy claims. In most cases, they can access your data and provide it to a third party if they want to[^250]. + +The only way to mitigate this is to encrypt your data on your side and then only upload it to such services **or just not use them at all.** + +## Microarchitectural Side-channel Deanonymization Attacks: + +There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC. + +The attack, published at [[Archive.org]](https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/), can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation. + +One loosely documented attack might take the following approach to fingerprinting: Alice is browsing the web using Firefox. The website she has just visited is using an invisible `iframe` that creates long strings, e.g., sentences or hashes, to produce some non-user-viewable string. These strings are setting a certain font type, Arial. Whether the browser renders this is non-essential, it only matters if the font changes. The `iframe` in this case serves no purpose but to identify whether a user has installed a certain font on their machine. If Alice is using a font that this frame has tried to render, then it is reported back to the website and to the person in control of the website. + +The font renders a box with a specific height and width around itself, so that means a specific height and width of the text contained within. The `iframe` keeps doing this for each installed font to create a list of installed fonts for Alice. Because of stylistic differences between each font family, the same string and the same font size will add up to a different height and a different width than Arial. It is used as a fallback font to display text that won't display otherwise, in the case of a user not having that font on their machine and thus non-viewable from their browser. + +If a font requested by an `iframe` is not available, Arial will be used to show that text to the user. Every time the font measurement (identified by the dimensions of the box produced) changed, it means the font is present on Alice's browser and her machine. By doing this for hundreds of fonts, websites can use this information to track users using their installed fonts across websites. Imagine a website then selling this “anonymized” information as a dataset to advertisement companies to serve you ads based on the websites you visit, because they know every font you have installed on your machine and can now track your identity across the internet. This attack is demonstrated here: [Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask)](https://www.youtube.com/watch?v=5Y1Y96jC5AA) by Dr. Nick Nikiforakis, PhD in Computer Science from KU Leuven. He explains how his team of researchers identified which sites were using such techniques on Alexa's top 10,000 websites. Primarily, they found that of those, 145 were fingerprinting browsers. They were fingerprinted 100% of the time — whether they were using the Do Not Track header, a popular Privacy & Security setting in many browsers, did not matter. + +Attacks such as invisible iframes and media elements can be avoided by blocking all scripts globally by using something like uBlock Origin or by using NoScript . This is highly encouraged, not only to those wishing to be anonymous, but also to general web users. + +## Tor Browser: + +**Note: This attack is now prevented by default by an update of [NoScript](https://noscript.net/) (11.4.8 and above) on all security levels in Tor Browser.** + +## All others: + +Installing the [NoScript](https://noscript.net/) extension will prevent the attack **by default only in private Windows** using their new "TabGuard feature". But can be enabled in the NoScript options to work on all Windows. See: + +- Release tweet: [[Archive.org]](https://web.archive.org/web/https://twitter.com/ma1/status/1557751019945299969) +- User explanation: [[Archive.org]](https://web.archive.org/web/https://noscript.net/usage/#crosstab-identity-leak-protection) +- Tor Project Forum Post: [[Archive.org]](https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2) +- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): +- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): + +### Alternative to NoScript for all other browsers: + +The researches who disclosed the issue also made an extension available below. Again, **nothing is required in Tor Browser**. This path is not our preferred path but is still available if you do not want to use NoScript. + +- Leakuidator+ extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): +- Leakuidator+ extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): + +Separating identities via separate browsers or even with VMs is not enough to avoid this attack. However, another solution is to make sure that when you start working with an anonymous identity, you entirely close all activities linked to other identities. The vulnerability only works if you're actively logged into a non-anonymous identity. The issue with this is that it can hinder effective workflow, as multitasking across multiple identities becomes impossible. + +## Local Data Leaks and Forensics: + +Most of you have probably seen enough Crime dramas on Netflix or TV to know what forensics are. These are technicians (usually working for law enforcement) that will perform various analysis of evidence. This of course could include your smartphone or laptop. + +While these might be done by an adversary when you already got "burned", these might also be done randomly during a routine control or a border check. These unrelated checks might reveal secret information to adversaries that had no prior knowledge of such activities. + +Forensics techniques are now very advanced and can reveal a staggering amount of information from your devices even if they are encrypted[^253]. These techniques are widely used by law enforcement all over the world and should be considered. + +Here are some recent resources you should read about your smartphone: + +- UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile Phones [[Archive.org]](https://web.archive.org/web/https://www.upturn.org/reports/2020/mass-extraction/) + +- New-York Times, The Police Can Probably Break Into Your Phone [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html) + +- Vice, Cops Around the Country Can Now Unlock iPhones, Records Show [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police) + +I also highly recommend that you read some documents from a forensics examiner perspective such as: + +- EnCase Forensic User Guide, [[Archive.org]](https://web.archive.org/web/http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External%20Files/EnCase%20Forensic%20v8.07%20User%20Guide.pdf) + +- FTK Forensic Toolkit, [[Archive.org]](https://web.archive.org/web/https://accessdata.com/products-services/forensic-toolkit-ftk) + +- SANS Digital Forensics and Incident Response Videos, + +And finally, here is this very instructive detailed paper on the current state of IOS/Android security from the John Hopkins University: https://securephones.io/main.html[^254]. + +When it comes to your laptop, the forensics techniques are many and widespread. Many of those issues can be mitigated by using full disk encryption, virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]), and compartmentalization. This guide will later detail such threats and techniques to mitigate them. + +## Bad Cryptography: + +There is a frequent adage among the infosec community: "Don't roll your own crypto!". + +And there are reasons[^255]'[^256]'[^257]'[^258] for that: + +We would not want people discouraged from studying and innovating in the crypto field because of that adage. So instead, we would recommend people to be cautious with "Roll your own crypto" because it is not necessarily good crypto: + +- Good cryptography is not easy and usually takes years of research to develop and fine-tune. + +- Good cryptography is transparent and not proprietary/closed source so it can be reviewed by peers. + +- Good cryptography is developed carefully, slowly, and rarely alone. + +- Good cryptography is usually presented and discussed in conferences and published in various journals. + +- Good cryptography is extensively peer-reviewed before it is released for use in the wild. + +- Using and implementing existing good cryptography correctly is already a challenge. + +Yet, this is not stopping some from doing it anyway and publishing various production Apps/Services using their self-made cryptography or proprietary closed-source methods: + +- You should apply caution when using Apps/Services using closed-source or proprietary encryption methods. All the good crypto standards are public and peer-reviewed and there should be no issue disclosing the one you use. + +- You should be wary of Apps/Services using a "modified" or proprietary cryptographic method[^259]. + +- By default, you should not trust any "Roll your own crypto" until it was audited, peer-reviewed, vetted, and accepted by the cryptography community[^260]'[^261]. + +- There is no such thing as "military-grade crypto"[^262]'[^263]'[^264]. + +Cryptography is a complex topic and bad cryptography could easily lead to your de-anonymization. + +In the context of this guide,we recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods. + +So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using "bad crypto" or "good crypto". Once you get the technical details, you could check this page for seeing what it is worth: [[Archive.org]](https://web.archive.org/web/https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html) + +Here are some examples: + +- Hashes: + + - Prefer: SHA-3 or BLAKE2[^265] + + - Still relatively ok to use: SHA-2 (such as the widely used SHA-256 or SHA-512) + + - Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6 (rarely used) + +- File/Disk Encryption: + + - Prefer: + + - Hardware Accelerated[^266]: AES (Rijndael) 256 Bits with HMAC-SHA-2 or HMAC-SHA-3 (This is what Veracrypt, Bitlocker, Filevault 2, KeepassXC, and LUKS use by default). Prefer SHA-3. + + - Non-Hardware Accelerated: Same as accelerated above or if available consider: + + - ChaCha20[^267] or XChaCha20 (You can use ChaCha20 with Kryptor , unfortunately, it is not available with Veracrypt). + + - Serpent[^268] + + - TwoFish[^269] + + - Avoid: Pretty much anything else + +- Password Storage: + + - Prefer: Argon2, scrypt + - If these aren't options, use bcrypt, or if not possible at least PBKDF2 (only as a last resort) + - Be skeptical of Argon2d, as it's vulnerable to some forms of side-channels. Prefer Argon2i or Argon2id + + - Avoid: SHA-3, SHA-2, SHA-1, MD5 + + +- Browser Security (HTTPS): + + - Prefer: TLS 1.3 (ideally TLS 1.3 with ECH/eSNI support) or at least TLS 1.2 (widely used) + + - Avoid: Anything Else (TLS =<1.1, SSL =<3) + +- Signing messages/files with PGP/GPG: + + - Prefer ECDSA (ed25519)+ECDH (ec25519) or RSA 4096 Bits* + + - **Consider a more modern**[^270] **alternative to PGP/GPG: Minisign ** [[Archive.org]](https://web.archive.org/web/https://jedisct1.github.io/minisign/) + + - Avoid: RSA 2048 bits + +- SSH keys: + + - ED25519 (preferred) or RSA 4096 Bits* + + - Avoid: RSA 2048 bits + +* **Warning: RSA and ED25519 are unfortunately not seen as "Quantum Resistant"**[^271] **and while they have not been broken yet, they probably will be broken someday into the future. It is just a matter of when rather than if RSA will ever be broken. So, these are preferred in those contexts due to the lack of a better possibility.** + +Here are some real cases of issues bad cryptography: + +- Telegram: [[Archive.org]](https://web.archive.org/web/https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/) + +- Telegram: [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) + +- Cryptocat: + +- Some other examples can be found here: [[Archive.org]](https://web.archive.org/web/https://www.cryptofails.com/) + +Later this guide will not recommend "bad cryptography" and that should hopefully be enough to protect you? + +## No logging but logging anyway policies: + +Many people have the idea that privacy-oriented services such as VPN or E-Mail providers are safe due to their no-logging policies or their encryption schemes. Unfortunately, many of those same people forget that all those providers are legal commercial entities subject to the laws of the countries in which they operate. + +Any of those providers can be forced to silently (without your knowing (using for example a court order with a gag order[^272] or a national security letter[^273]) log your activity to de-anonymize you. There have been several recent examples of those: + +- 2021, Proton, Proton logged IP address of French activist after an order by Swiss authorities (source link unavailable). + +- 2021, WindScribe, Servers were not encrypted as they should have been allowing MITM attacks by authorities[^275]. + +- 2021, DoubleVPN servers, logs, and account info seized by law enforcement[^276]. + +- 2021, The Germany-based mail provider Tutanota was forced to monitor specific accounts for 3 months[^277]. + +- 2020, The Germany-based mail provider Tutanota was forced to implement a backdoor to intercept and save copies of the unencrypted e-mails of one user[^278] (they did not decrypt the stored e-mail). + +- 2017, PureVPN was forced to disclose information of one user to the FBI[^279]. + +- 2014, an EarthVPN user was arrested based on logs provider to the Dutch Police[^280]. + +- 2013, Secure E-Mail provider Lavabit shuts down after fighting a secret gag order[^281]. + +- 2011, HideMyAss user was de-anonymized, and logs were provided to the FBI[^282]. + +Some providers have implemented the use of a Warrant Canary[^283] that would allow their users to find out if they have been compromised by such orders, but this has not been tested yet as far as we know. + +Finally, it is now well known that some companies might be sponsored front ends for some state adversaries (see the Crypto AG story[^284] and Omnisec story[^285]). + +For these reasons, you mustn't trust such providers for your privacy despite all their claims. In most cases, you will be the last person to know if any of your accounts were targeted by such orders and you might never know at all. + +To mitigate this, in cases where you want to use a VPN, we will recommend the use of a cash/Monero-paid VPN provider over Tor to prevent the VPN service from knowing any identifiable information about you. + +If the VPN provider knows nothing about you, it should mitigate any issue due to them not logging but logging anyway. + +## Some Advanced targeted techniques: + +![image17](media/image17.png) + +(Illustration: an excellent movie we highly recommend: Das Leben der Anderen[^286]) + +Many advanced techniques can be used by skilled adversaries[^287] to bypass your security measures provided they already know where your devices are. Many of those techniques are detailed here [[Archive.org]](https://web.archive.org/web/https://cyber.bgu.ac.il/advanced-cyber/airgap) (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel) but also in this report [[Archive.org]](https://web.archive.org/web/https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf) (ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and include: + +- Attacks requiring malware implants: + + - Exfiltration of Data through a Malware infected Router: [[Invidious]](https://yewtu.be/watch?v=mSNt4h7EDKo) + + - Exfiltration of Data through observation of Light variation in a Backlit keyboard with a compromised camera: [[Invidious]](https://yewtu.be/watch?v=1kBGDHVr7x0) + + - Exfiltration of Data through a compromised Security Camera (that could first use the previous attack) [[Invidious]](https://yewtu.be/watch?v=om5fNqKjj2M) + + - Communication from outsider to compromised Security Cameras through IR light signals: [[Invidious]](https://yewtu.be/watch?v=auoYKSzdOj4) + + - Exfiltration of data from a compromised air-gapped computer through acoustic analysis of the FAN noises with a smartphone [[Invidious]](https://yewtu.be/watch?v=v2_sZIfZkDQ) + + - Exfiltration of data from a malware-infected air-gapped computer through HD LEDs with a Drone [[Invidious]](https://yewtu.be/watch?v=4vIu8ld68fc) + + - Exfiltration of data from a USB malware on an air-gapped computer through electromagnetic interferences [[Invidious]](https://yewtu.be/watch?v=E28V1t-k8Hk) + + - Exfiltration of data from a malware-infected HDD drive through covert acoustic noise [[Invidious]](https://yewtu.be/watch?v=H7lQXmSLiP8) + + - Exfiltration of data through GSM frequencies from a compromised (with malware) air-gapped computer [[Invidious]](https://yewtu.be/watch?v=RChj7Mg3rC4) + + - Exfiltration of data through electromagnetic emissions from a compromised Display device [[Invidious]](https://yewtu.be/watch?v=2OzTWiGl1rM&t=20s) + + - Exfiltration of data through magnetic waves from a compromised air-gapped computer to a Smartphone stored inside a Faraday bag [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) + + - Communication between two compromised air-gapped computers using ultrasonic soundwaves [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) + + - Exfiltration of Bitcoin Wallet from a compromised air-gapped computer to a smartphone [[Invidious]](https://yewtu.be/watch?v=2WtiHZNeveY) + + - Exfiltration of Data from a compromised air-gapped computer using display brightness [[Invidious]](https://yewtu.be/watch?v=ZrkZUO2g4DE) + + - Exfiltration of Data from a compromised air-gapped computer through vibrations [[Invidious]](https://yewtu.be/watch?v=XGD343nq1dg) + + - Exfiltration of Data from a compromised air-gapped computer by turning RAM into a Wi-Fi emitter [[Invidious]](https://yewtu.be/watch?v=vhNnc0ln63c) + + - Exfiltration of Data from a compromised air-gapped computer through power lines [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1804.04014.pdf) + +- **Attacks not requiring malware:** + + - Observing a blank wall in a room from a distance to figure how many people are in a room and what they are doing[^288]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/http://wallcamera.csail.mit.edu/) + + - Observing a reflective bag of snacks in a room from a distance to reconstruct the entire room[^289]. Publication with photographic examples: [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.04642.pdf) + + - Measuring floor vibrations to identify individuals and determine their health condition and mood[^290]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html) + + - Observing a light bulb from a distance to listen to the sound in the room[^291] **without any malware**: Demonstration: [[Invidious]](https://yewtu.be/watch?v=t32QvpfOHqw). It should be noted that this type of attack is not new at all and there have been articles about such techniques as far back as 2013[^292] and that you can even buy devices to perform this yourself such as here: [[Archive.org]](https://web.archive.org/web/http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html) + +Here is also a good video from the same authors to explain those topics: Black Hat, The Air-Gap Jumpers [[Invidious]](https://yewtu.be/watch?v=YKRtFgunyj4) + +**Realistically, this guide will be of little help against such adversaries as such malware could be implanted on the devices by a manufacturer, anyone in the middle**[^293]**, or by anyone with physical access to the air-gapped computer but there are still some ways to mitigate such techniques:** + +- Do not conduct sensitive activity while connected to an untrusted/unsecured power line to prevent power line leaks. + +- Do not use your devices in front of a camera that could be compromised. + +- Use your devices in a soundproofed room to prevent sound leaks. + +- Use your devices in a Faraday cage to prevent electromagnetic leaks. + +- Do not talk about sensitive information where lightbulbs could be seen from outside. + +- Buy your devices from different/unpredictable/offline places (shops) where the probability of them being infected with such malware is lower. + +- Do not let anyone access your air-gapped computers except trusted people. + +## Some bonus resources: + +- Have a look at the Whonix Documentation concerning Data Collection techniques here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Data_Collection_Techniques) + +- You might also enjoy looking at this service [[Archive.org]](https://web.archive.org/web/https://tosdr.org/) (Terms of Services, Didn't Read) that will give you a good overview of the various ToS of many services. + +- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/privacy) for some more resources. + +- Have a look at [[Wikiless]](https://wikiless.org/wiki/List_of_government_mass_surveillance_projects) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects) to have an overview of all known mass-surveillance projects, current, and past. + +- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.gwern.net/Death-Note-Anonymity) (even if you don't know about Death Note). + +- Consider finding and reading Michael Bazzell's book "Open-Source Intelligence Techniques" (eighth edition as of this writing to find out more about recent OSINT techniques) + +- Finally, check [[Archive.org]](https://web.archive.org/web/https://www.freehaven.net/anonbib/date.html) for the latest academic papers related to Online Anonymity. + +## Notes: + +If you still do not think such information can be used by various actors to track you, you can see some statistics for yourself for some platforms and keep in mind those are only accounting for the lawful data requests and will not count things like PRISM, MUSCULAR, SORM or XKEYSCORE explained earlier: + +- Google Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparencyreport.google.com/user-data/overview) + +- Facebook Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparency.facebook.com/) + +- Apple Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/) + +- Cloudflare Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/transparency/) + +- Snapchat Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.snap.com/en-US/privacy/transparency) + +- Telegram Transparency Report [[Archive.org]](https://web.archive.org/web/https://t.me/transparency) (requires telegram installed) + +- Microsoft Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report) + +- Amazon Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF) + +- Dropbox Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/transparency) + +- Discord Transparency Report [[Archive.org]](https://web.archive.org/web/20220812051950/https://discord.com/blog/discord-transparency-report-q1-2022) + +- GitHub Transparency Report [[Archive.org]](https://web.archive.org/web/https://github.blog/2021-02-25-2020-transparency-report/) + +- TikTok Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054600/https://www.tiktok.com/transparency/en/information-requests-2021-2/) + +- Reddit Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054736/https://www.redditinc.com/policies/transparency-report-2021) + +- Twitter Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054839/https://transparency.twitter.com/) + +# General Preparations: + +Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context,we only have one to recommend: + +Zero-Trust Security[^391] ("Never trust, always verify"). + +Here are some various resources about what Zero-Trust Security is: + +- DEFCON, Zero Trust a Vision for Securing Cloud, [[Invidious]](https://yewtu.be/watch?v=euSsqXO53GY) + +- From the NSA themselves, Embracing a Zero Trust Security Model, [[Archive.org]](https://web.archive.org/web/https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF) + +## Picking your route: + +First, here is a small basic UML diagram showing your available options according to your skills/budget/time/resources. + +![image18](media/image18.png) + +### Timing limitations: + +- You have no time at all: + + - **Go for the Tor Browser route.** + +- You have extremely limited time to learn and need a fast-working solution: + + - **Your best option is to go for the Tails route (excluding the persistent plausible deniability section).** + +- You have time and more importantly motivation to learn: + + - **Go with any route.** + +### Budget/Material limitations: + +- You have no budget and even accessing a laptop is complicated or you only have your smartphone: + + - **Go for the Tor Browser route.** + +- You only have one laptop available and cannot afford anything else. You use this laptop for either work, family, or your personal stuff (or both): + + - **Your best option is to go for the Tails route.** + +- You can afford a spare dedicated unsupervised/unmonitored laptop for your sensitive activities: + + - But it is old, slow, and has bad specs (less than 6GB of RAM, less than 250GB disk space, old/slow CPU): + + - **You should go for the Tails route.** + + - It is not that old, and it has decent specs (at least 8GB of RAM, 250GB of disk space or more, decent CPU): + + - **You could go for Tails, Whonix routes.** + + - It is new and it has great specs (more than 16GB or ideally 32GB of RAM, >250GB of disk space, recent fast CPU): + + - **You could go for any route, but we would recommend Qubes OS if your threat model allows it. Please see the requirements.[^363]** + + - If it is an ARM-based M1/M2 Mac: + + - **Not possible currently for these reasons:** + + - Virtualization of Intel x86 images on ARM (M1/M2) hosts is still limited to commercial software (e.g., Parallels, Fusion) which are mostly not supported by Whonix, yet. They are very buggy and for advanced people only. Please seek this information yourself. + + - [Virtualbox is now available natively for ARM64 architecture](https://osxdaily.com/2022/10/22/you-can-now-run-virtualbox-on-apple-silicon-m1-m2/) in a package as of October 2022. Download the ["Developer preview for macOS/Arm64 (M1/M2) hosts"](https://www.virtualbox.org/wiki/Downloads). + + - Whonix does not support macOS easily. "You need to build Whonix using the build script to get it running on Apple Silicon." [See the forum thread](https://www.whonix.org/wiki/MacOS#M1). + + - Tails is not supported on ARM64 architecture yet. [See this thread](https://gitlab.tails.boum.org/tails/blueprints/-/wikis/ARM_platforms/) for more information (keep in mind this page hasn't been updated recently). + + - Qubes OS is not supported on ARM64 architecture yet, but there is work being done to make it available on aarch64, which may be delayed for the unforseeable future.. + +**The general advice in this guide regarding virtualization software is that it's costly. That said, you should probably get a dedicated laptop, capable of running virtualization software, preferably a 64-bit architecture, to be used for more sensitive activities and testing.** + +### Skills: + +- Do you have no IT skills at all the content of this guide look like an alien language to you? Consider: + + - **The Tor Browser route (simplest of all)** + + - **The Tails route (excluding the persistent plausible deniability section).** + +- You have some IT skills and mostly understand this guide so far, consider: + + - **The Tails route (with the optional persistent plausible deniability section).** + + - **The Whonix route.** + +- You have moderate to high IT skills, and you are already familiar with some of the content of this guide, consider: + + - **Any route (Qubes OS is preferred if you can afford it).** + +- You are an l33T hacker, "there is no spoon", "the cake is a lie", you have been using "doas" for years, and "all your base is belong to us", and you have strong opinions on systemd. + + - **This guide is not meant for you and will not help you with your HardenedBSD on your hardened Libreboot laptop ;-)** + +### Adversarial considerations: + +Now that you know what is possible, you should also consider threats and adversaries before picking the right route. + +#### Threats: + +- If your main concern is a forensic examination of your devices, you should consider the Tor Browser route or the Tails route. + +- If your main concerns are remote adversaries that might uncover your online identity on various platforms, you should consider the Tails, Whonix, or Qubes OS routes (listed in order of difficulty). + +- If you want system-wide plausible deniability[^311]'[^294] despite the risks[^295]'[^314], consider the Tails route, including the persistent plausible deniability section (see [Persistent Plausible Deniability using Whonix within Tails][Persistent Plausible Deniability using Whonix within Tails:]).** + +- If you are in a hostile environment where Tor/VPN usage alone is impossible/dangerous/suspicious, consider the Tails route (without actually using Tor), or more advanced routes like Whonix or Qubes OS. + +#### Adversaries: + +- Low skills: + + - Low resources: + + - Any motivation: Any Route + + - Medium resources: + + - Low to Medium motivation: Any Route + + - High motivation: Tails, Whonix, Qubes OS Routes + + - High resources: + + - Low motivation: Any route + + - Medium to High motivation: Tails, Whonix, Qubes OS Routes + +- Intermediate skills: + + - Low resources: + + - Low motivation: Any Route + + - Medium to High motivation: Tails, Whonix, Qubes OS Routes + + - Medium resources: + + - Low motivation: Any Route + + - Medium to High motivation: Tails, Whonix, Qubes OS Routes + + - High resources: + + - Low to High motivation: Tails, Whonix, Qubes OS Routes + +- Highly skilled: + + - Low resources: + + - Low motivation: Any Route + + - Medium to High motivation: Tails, Whonix, Qubes OS Routes + + - Medium resources: + + - Low to High motivation: Tails, Whonix, Qubes OS Routes + + - High resources: + + - Low to High motivations: Tails, Whonix, Qubes OS Routes **(but likely out of scope from this guide as this is probably a global adversary)** + +In all cases, you should read these two pages from the Whonix documentation that will give you in-depth insight into your choices: + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Dev/Threat_Model) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_with_Others) + +You might be asking yourself: "How do I know if I'm in a hostile online environment where activities are actively monitored and blocked?" + +- First read more about it at the EFF here: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship) + +- Check some data yourself here on the Tor Project OONI[^296] (Open Observatory of Network Interference) website: + +- Have a look at and see if they have data about your country. + +- Specific to China, look at and [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/sec21-hoang.pdf) + +- Test for yourself using OONI (this can be risky in a hostile environment). + +## Steps for all routes: + +### Getting used to using better passwords: + +See [Appendix A2: Guidelines for passwords and passphrases]. + +### Getting an anonymous Phone number: + +**Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just want anonymous browsing or if the platforms you will use allow registration without a phone number.** + +#### Physical Burner Phone and prepaid SIM card: + +##### Get a burner phone: + +This is rather easy. Leave your smartphone on and at home. Have some cash and go to some random flea market or small shop (ideally one without CCTV inside or outside and while avoiding being photographed/filmed) and just buy the cheapest phone you can find with cash and without providing any personal information. It only needs to be in working order. + +*A note regarding your current phone:* The point of leaving your smartphone on is to create avoid leaking the fact that you're not using the device. If a smartphone is turned off, this creates a metadata trail that can be used to correlate the time your smartphone was turned off with the activation of your burner. If possible, leave your phone doing something (for example, watching YouTube on auto-play) to obscure the metadata trail further. This will not make it impossible to correlate your inactivity, but may make it more difficult if your phone's usage patterns can look convincing while you buy your burner. + +We would recommend getting an old "dumbphone" with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi. + +**Site Note: Be careful of some sellers as shown here ** [[Archive.org]](https://web.archive.org/web/https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/) + +It will also be crucial not to power on that burner phone ever (not even without the SIM card) in any geographical location that could lead to you (at your home/work for instance) and never at the same location as your other known smartphone (because that one has an IMEI/IMSI that will easily lead to you). This might seem like a big burden, but it is not as these phones are only being used during the setup/sign-up process and for verification from time to time. + +See [Appendix N: Warning about smartphones and smart devices] + +You should test that the phone is in working order before going to the next step. But we will repeat ourselves and state that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) and that you test the phone at a random location that cannot be tracked back to you (and again, do not do that in front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either. + +When you are certain the phone is in working order, disable Bluetooth then power it off (remove the battery if you can) and go back home and resume your normal activities. Go to the next step. + +##### Getting an anonymous pre-paid SIM card: + +This is the hardest part of the whole guide. It is a SPOF (Single Point of Failure). The places where you can still buy prepaid SIM cards without ID registration are getting increasingly limited due to various KYC type regulations[^297]. + +So here is a list of places where you can still get them now: [[Archive.org]](https://web.archive.org/web/https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country) + +You should be able to find a place that is "not too far" and just go there physically to buy some pre-paid cards and top-up vouchers with cash. Do verify that no law was passed before going that would make registration mandatory (in case the above wiki was not updated). Try to avoid CCTV and cameras and do not forget to buy a Top-Up voucher with the SIM card (if it is not a package) as most pre-paid cards will require a top-up before use. + +See [Appendix N: Warning about smartphones and smart devices] + +Double-check that the mobile operators selling the pre-paid SIM cards will accept the SIM activation and top-up without any ID registration of any kind before going there. Ideally, they should accept SIM activation and top-up from the country you live in. + +We would recommend GiffGaff in the UK as they are "affordable", do not require identification for activation and top-up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM card will therefore grant you three numbers to use for your needs. + +Power off the phone after activation/top-up and before going home. Do not ever power it on again unless you are not at a place that can be used to reveal your identity and ideally leave your real phone on but at home before going to the safe place with only your burner phone. + +#### Online Phone Number: + +**DISCLAIMER: Do not attempt this until you are done setting up a secure environment according to one of the selected routes. This step will require online access and should only be done from an anonymous network. Do not do this from any known/unsecured environment. Skip this until you have finished one of the routes.** + +There are many commercial services offering numbers to receive SMS messages online but most of those have no anonymity/privacy and can be of no help as most Social Media platforms place a limit on how many times a phone number can be used for registration. + +There are some forums and subreddits (like r/phoneverification/) where users will offer the service of receiving such SMS messages for you for a small fee (using PayPal or some crypto payment). Unfortunately, these are full of scammers and very risky in terms of anonymity. **You should not use those under any circumstance.** + +To this date, we do not know any reputable service that would offer this service and accept cash payments (by post for instance) like some VPN providers. But a few services are providing online phone numbers and do accept Monero which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that you could consider: + +- **Recommended**: Providers which accept Monero (XMR) and don't require verification: + + - (Iceland based) [[Tor Mirror]](http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion) [[Archive.org]](https://web.archive.org/web/https://crypton.sh/) + + - (Ukraine based) [[Archive.org]](https://web.archive.org/web/https://virtualsim.net/) + + - (Many countries) [[Archive.org]](https://web.archive.org/web/20230718123605/https://silent.link/) (my favorite) + +- Do require e-mail verification, but accept Monero: + + - (US California based) [[Archive.org]](https://web.archive.org/web/https://mobilesms.io/) + + - (Germany based) [[Archive.org]](https://web.archive.org/web/https://www.sms77.io/) + + - (Russia based) [[Archive.org]](https://web.archive.org/web/https://onlinesim.ru/) + +There are some other possibilities listed here [[Archive.org]](https://web.archive.org/web/https://cryptwerk.com/companies/sms/xmr/). **Use at your own risk.** + +Now, what if you have no money? Well, in that case, you will have to try your luck with free services and hope for the best. Here are some examples, **use at your own risk**: + +- + +- + +- + +**Disclaimer: We cannot vouch for any of these providers. We recommend doing it yourself physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that requires any kind of identification using your real identity. Please do read [Appendix B2: Monero Disclaimer].** + +It is more convenient, cheaper, and less risky to just get a pre-paid SIM card from one of the physical places that still sell them for cash without ID. + +### Get a USB key: + +**Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms, but you will want anonymous browsing; or if the platforms which you will use allow registration without a phone number.** + +Get at least one or two decent size generic USB keys (at least 16GB but we would recommend 32GB). + +Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) + +Some might be very efficient[^298] but many are gimmicky gadgets that offer no real protection[^299]. + +### Find some safe places with decent public Wi-Fi: + +You need to find safe places where you will be able to do your sensitive activities using some publicly accessible Wi-Fi (without any account/ID registration, avoid CCTVs). + +This can be anywhere that will not be tied to you directly (your home/work) and where you can use the Wi-Fi for a while without being bothered. But also, a place where you can do this without being "noticed" by anyone. + +If you think Starbucks is a clever idea, you may reconsider: + +- They probably have CCTVs in all their shops and keep those recordings for an unknown amount of time. + +- You will need to buy a coffee to get the Wi-Fi access code in most. If you pay for this coffee with an electronic method, they will be able to tie your Wi-Fi access with your identity. + +Situational awareness is key, and you should be constantly aware of your surroundings and avoid touristy places like it was plagued by Ebola. You want to avoid appearing on any picture/video of anyone while someone is taking a selfie, making a TikTok video, or posting some travel pictures on their Instagram. If you do, remember chances are high that those pictures will end up online (publicly or privately) with full metadata attached to them (time/date/geolocation) and your face. Remember these can and will be indexed by Facebook/Google/Yandex/Apple and probably all three letters' agencies. + +While this will not be available yet to your local police officers, it could be in the near future. + +You will ideally need a set of 3-5 separate places such as this to avoid using the same place twice. Several trips will be needed over the weeks for the various steps in this guide. + +You could also consider connecting to these places from a safe distance for added security. See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance.][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:] + +## The Tor Browser route: + +This part of the guide will help you in setting up the simplest and easiest way to browse the web anonymously. It is not necessarily the best method and there are more advanced methods below with (much) better security and (much) better mitigations against various adversaries. Yet, this is a straightforward way of accessing resources anonymously and quickly with no budget, no time, no skills, and limited usage. + +So, what is Tor Browser? Tor Browser ( [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/)) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. + +This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]](https://yewtu.be/watch?v=JWII85UlzKw). After that, you should probably head over to their page to read their quick overview here: [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/overview.html.en). Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. + +Here are several ways to set it up for all main OSes. + +**Warning:** You should avoid installing extensions in Tor Browser, as they can be used to fingerprint and identify you. + +### Windows, Linux, and macOS: + +Please see [Appendix Y: Installing and using desktop Tor Browser]. + +### Android: + +**Note on Tor Browser for Android: The development of Tor Browser for Android is behind desktop Tor Browser Bundle (TBB). Some features are not available yet. E.g., the desktop version of Tor now enables automatic bridges using Moat:** + +"**Connection Assist** works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent). It manages to do so without needing to connect to the Tor Network first by utilizing [moat](https://support.torproject.org/glossary/moat/) – the same domain-fronting tool that Tor Browser uses to request a bridge from torproject.org." + +- Head over to: + + - Play Store: + + - F-Droid Store: It's not yet there but you can add it manually following the instructions at [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-7/) + +- Install + +- Launch Tor Browser + +- After launching, click the upper right **Settings** icon + +- Select **Settings** > **Privacy and security** > **Tor network** + +- Select **Config Bridge**. + +- Read [Appendix X: Using Tor bridges in hostile environments]. + +- **If needed (after reading the appendix above)**, activate the option and select the type of bridge you want: + + - Obfs4 + + - Meek-Azure + + - Snowflake + +- **If your internet isn't censored**, consider running one of the bridge types to help the network! + + - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. + + - Medium: Snowflake - More about Snowflakes here. + + - Hard: Meek - This is the documentation. It's not as simple. + +Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked. + +*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) + +- You are almost done + +As with the desktop version, you need to know there are safety levels in Tor Browser. On Android, you can access these by following these steps: + +- Click the menu (bottom right) + +- Click **Settings**. + +- Head over to the **Privacy and security** section. + +- Click **Security Settings**. + +You will find details about each level here: [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) but here is a summary: + +- Standard (the default): + + - All features are enabled (including JavaScript) + +- Safer: + + - JavaScript is disabled on non-HTTPS websites + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +- Safest: + + - Javascript is disabled everywhere + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites and/or if you are extra paranoid. + +If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. + +However, the Safer level should be used with some extra precautions while using some websites: see [Appendix A5: Additional browser precautions with JavaScript enabled]. + +Now, you are really done, and you can now surf the web anonymously from your Android device. + +**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android]. + +### iOS: + +**Disclaimer: Onion Browser, following a 2018 release on iOS, has had IP leaks via WebRTC. It is still the only officially endorsed browser for the Tor network for iOS. Users should exercise caution when using the browser and check for any DNS leaks.** + +While the official Tor Browser is not yet available for iOS, there is an alternative called Onion Browser endorsed by the Tor Project[^300]. + +- Head over to + +- Install + +- Disable Wi-Fi and Mobile Data + +- Launch Onion Browser + +- After Launching, click the upper right Settings icon (Disabling Wi-Fi and Mobile Data previously were to prevent Onion Browser from connecting automatically and to allow access to these options). + +- Select "Bridge Configuration" and read [Appendix X: Using Tor bridges in hostile environments] + +- **If needed (after reading the appendix above)**, activate the option and select the type of bridge you want: + + - Obfs4 + + - Snowflake + + - (Meek-Azure is unfortunately not available on Onion Browser for iOS (See [commit 21bc18428](https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810) for more information.) + +- **If your internet isn't censored**, consider running one of the bridge types to help the network! + + - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. + + - Medium: Snowflake - More about Snowflakes here. + + - Hard: Meek - This is the documentation. It's not as simple. + +Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS. + +- You are almost done + +As with the desktop version, you need to know there are safety levels in Onion Browser. On iOS, you can access these by following these steps: + +- Click the shield icon (upper left) + +- You will have three levels to pick from + + - 1. Gold: Ideal if you are suspicious, paranoid, or accessing what you think are dangerous resources. + + - JavaScript is disabled + + - WebSockets, Geolocation, and XHR are disabled + + - No Video or Audio + + - Links cannot open Apps + + - WebRTC is blocked + + - Mixed HTTP/HTTPS is blocked + + - Ads and Pop-Ups are blocked + + - 2. Silver: + + - JavaScript partially allowed + + - WebSockets, Geolocation, and XHR are disabled + + - No Video or Audio + + - Links cannot open Apps + + - WebRTC is blocked + + - Mixed HTTP/HTTPS is blocked + + - Ads and Pop-Ups are blocked + + - 3. Bronze (not recommended): + + - JavaScript allowed + + - Audio and Video allowed + + - Links cannot open Apps + + - WebRTC is not blocked + + - Mixed HTTP/HTTPS is not blocked + + - Ads and Pop-Ups are blocked + +We would recommend the "Silver" level for most cases. The Gold level should only be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Gold mode will also most likely break many websites that rely actively on JavaScript. + +As JavaScript is enabled in the Silver mode, please see [Appendix A5: Additional browser precautions with JavaScript enabled]. + +Now, you are really done, and you can now surf the web anonymously from your iOS device. + +### Important Warning: + +**This route is the easiest but is not designed to resist highly skilled adversaries. It is however usable on any device regardless of the configuration. This route is also vulnerable to correlation attacks (See [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]) and is blind to anything that might be on your device (this could be any malware, exploit, virus, remote administration software, parental controls...). Yet, if your threat model is quite low, it is probably sufficient for most people.** + +If you have time and want to learn, we recommend going for other routes instead as they offer far better security and mitigate far more risks while lowering your attack surface considerably. + +## The Tails route: + +This part of the guide will help you in setting up Tails if one of the following is true: + +- You cannot afford a dedicated laptop + +- Your dedicated laptop is just too old and too slow + +- You have very low IT skills + +- You decide to go with Tails anyway + +Tails[^301] stands for **The Amnesic Incognito Live System**. It is a bootable Live Operating System running from a USB key that is designed for leaving no traces and forcing all connections through the Tor network. + +You insert the Tails USB key into your laptop, boot from it and you have a full operating system running with privacy and anonymity in mind. As soon as you shut down the computer, everything will be gone unless you saved it somewhere. + +Tails is an amazingly straightforward way to get going in no time with what you have and without much learning. It has extensive documentation and tutorials. + +**WARNING: Tails is not always up to date with their bundled software. And not always up to date with the Tor Browser updates either. You should always make sure you are using the latest version of Tails and you should use extreme caution when using bundled apps within Tails that might be vulnerable to exploits and reveal your location**[^302]**.** + +It does however have some drawbacks: + +- Tails uses Tor and therefore you will be using Tor to access any resource on the internet. This alone will make you suspicious to most platforms where you want to create anonymous accounts (this will be explained in more detail later). + +- Your ISP (whether it is yours or some public Wi-Fi) will also see that you are using Tor, and this could make you suspicious in itself. + +- Tails does not include (natively) some of the software you might want to use later which will complicate things quite a bit if you want to run some specific things (Android Emulators for instance). + +- Tails uses Tor Browser which while it is very secure will be detected as well by most platforms and will hinder you in creating anonymous identities on many platforms. + +- Tails will not protect you more from the 5$ wrench[^11]. + +- Tor in itself might not be enough to protect you from an adversary with enough resources as explained earlier. + +**Important Note: If your laptop is monitored/supervised and some local restrictions are in place, please read** [Appendix U: How to bypass (some) local restrictions on supervised computers]**.** + +You should also read Tails Documentation, Warnings, and limitations, before going further [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/about/warnings/index.en.html) + +Taking all this into account and the fact that their documentation is great, we will just redirect you towards their well-made and well-maintained tutorial: + + [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/index.en.html), pick your flavor and proceed. + +If you're having an issue accessing Tor due to censorship or other issues, you can try using Tor Bridges by following this Tails tutorial: [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/anonymous_internet/tor/index.en.html) and find more information about these on Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) + +**If you think using Tor alone is dangerous/suspicious, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]** + +### Tor Browser settings on Tails: + +When using Tor Browser, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. + +- Standard (the default): + + - All features are enabled (including JavaScript) + +- Safer: + + - JavaScript is disabled on non-HTTPS websites + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +- Safest: + + - Javascript is disabled everywhere + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript. + +If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. + +Lastly, while using Tor Browser on Tails on the "Safer" level, please consider [Appendix A5: Additional browser precautions with JavaScript enabled] + +When you are done and have a working Tails on your laptop, go to the [Creating your anonymous online identities][Creating your anonymous online identities:] step much further in this guide or if you want persistence and plausible deniability, continue with the next section. + +### Persistent Plausible Deniability using Whonix within Tails: + +Consider checking the [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM) project for Tails. + +This project is a clever idea of a one-click self-contained VM solution that you could store on an encrypted disk using plausible deniability[^311] (see [The Whonix route:] first chapters and also for some explanations about Plausible deniability, as well as the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section at the end of this guide for more understanding). + +This would allow the creation of a hybrid system mixing Tails with the Virtualization options of the Whonix route in this guide. + +![image19](media/image19.png) + +**Note: See** [Pick your connectivity method][Pick your connectivity method:] **in the Whonix Route for more explanations about Stream Isolation** + +In short: + +- You could run non-persistent Tails from one USB key (following their recommendations) + +- You could store persistent VMs within a secondary container that could be encrypted normally or using the Veracrypt plausible deniability feature (these could be Whonix VMs for instance or any other). + +- You do benefit from the added Tor Stream Isolation feature (see [Tor over VPN] for more info about stream isolation). + +In that case, as the project outlines it, there should be no traces of any of your activities on your computer and the sensitive work could be done from VMs stored into a Hidden container that should not be easily discoverable by a soft adversary. + +**This option is particularly interesting for "traveling light" and to mitigate forensics attacks while keeping persistence on your work.** You only need 2 USB keys (one with Tails and one with a Veracrypt container containing persistent Whonix). The first USB key will appear to contain just Tails and the second USB will appear to contain just random garbage but will have a decoy volume which you can show for plausible deniability. + +You might also wonder if this will result in a "Tor over Tor" setup, but it will not. The Whonix VMs will be accessing the network directly through clearnet and not through Tails Onion Routing. + +In the future, this could also be supported by the Whonix project themselves as explained here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Host) but it is not yet recommended as of now for end-users. + +Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) + +**Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means.** + +**See ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) + +CAUTION: Please see [**Appendix K: Considerations for using external SSD drives**][Appendix K: Considerations for using external SSD drives] and [**Understanding HDD vs SSD**][Understanding HDD vs SSD:] sections if you consider storing such hidden VMs on an external SSD drive: + +- **Do not use hidden volumes on SSD drives as this is not supported/recommended by Veracrypt**[^303]**.** + +- **Use instead file containers instead of encrypted volumes.** + +- **Make sure you do know how to clean data from an external SSD drive properly.** + +Here is my guide on how to achieve this: + +#### First Run: + +- Download the latest HiddenVM release from [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM/releases) + +- Download the latest Whonix XFCE release from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) + +- Prepare a USB Key/Drive with Veracrypt + + - Create a Hidden Volume on the USB/Key Drive (We would recommend at least 16GB for the hidden volume) + + - In the Outer Volume, place some decoy files + + - In the Hidden Volume, place the HiddenVM appimage file + + - In the Hidden Volume, place the Whonix XFCE ova file + +- Boot into Tails + +- Setup the Keyboard layout as you want. + +- Select Additional Settings and set an administrator (root) password (needed for installing HiddenVM) + +- Start Tails + +- Connect to a safe wi-fi (this is a required step for the rest to work) + +- Go into Utilities and Unlock your Veracrypt (hidden) Volume (do not forget to check the hidden volume checkbox) + +- Launch the HiddenVM appimage + +- When prompted to select a folder, select the Root of the Hidden volume (where the Whonix OVA and HiddenVM app image files are). + +- Let it do its thing (This will install Virtualbox within Tails with one click) + +- When it is done, it should automatically start Virtualbox Manager. + +- Import the Whonix OVA files (see [Whonix Virtual Machines:]) + +Note, if during the import you are having issues such as "NS_ERROR_INVALID_ARG (0x80070057)", this is probably because there is not enough disk space on your Hidden volume for Whonix. Whonix themselves recommend 32GB of free space but that's probably not necessary and 10GB should be enough for a start. You can try working around this error by renaming the Whonix *.OVA file to *.TAR and decompressing it within Tails. When you are done with decompression, delete the OVA file and import the other files with the Import wizard. This time it might work. + +#### Subsequent Runs: + +- Boot into Tails + +- Connect to Wi-Fi + +- Unlock your Hidden Volume + +- Launch the HiddenVM App + +- This should automatically open VirtualBox manager and show your earlier VMs from the first run + +## Steps for all other routes: + +### Get a dedicated laptop for your sensitive activities: + +Ideally, you should get a dedicated laptop that will not be tied to you in any effortless way (ideally paid with cash anonymously and using the same precautions as previously mentioned for the phone and the SIM card). It is recommended but not mandatory. This guide will help you harden your laptop as much as possible to prevent data leaks through various means. There will be several lines of defense standing between your online identities and yourself which should prevent most adversaries from de-anonymizing you - besides state/global actors. It will take considerable resources. + +This laptop should ideally be a clean, freshly installed laptop (running Windows, Linux, or macOS); which is clean of your normal day-to-day activities; and which is offline (never connected to your home network). In the case of a Windows laptop, and if you used it before such a clean install, it should also not be activated. Simply reinstall without a product key in the case that it came pre-activated. Specifically, in the case of MacBooks, it should never have been tied to your identity before in any means. So, buy secondhand with cash from an unknown stranger who does not know your identity. + +This is to mitigate some future issues in case of online leaks (including telemetry from your OS or Apps) that could compromise any unique identifiers of the laptop while using it (MAC Address, Bluetooth Address, and Product key ...). But also, to avoid being tracked back if you need to dispose of the laptop. + +If you used this laptop before for different purposes (like your day-to-day activities), all its hardware identifiers are probably known and registered by Microsoft or Apple. If later any of those identifiers is compromised (by malware, telemetry, exploits, human errors ...) they could lead back to you. + +The laptop should have at least 250GB of Disk Space **at least 6GB (ideally 8GB or 16GB)** of RAM and should be able to run a couple of Virtual Machines at the same time. It should have a working battery that lasts a few hours. You should aim for something with large storage (1TB+) if possible because we will need as much as possible. + +This laptop could have an HDD (7200rpm) or an SSD/NVMe drive. Both possibilities have their benefits and issues that will be detailed later. + +All future online steps performed with this laptop should ideally be done from a safe network such as Public Wi-Fi in a safe place (see [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]). But several steps will have to be taken offline first. + +### Some laptop recommendations: + +We would strongly recommend getting a "business grade" laptop (meaning not consumer/gaming-grade laptop) if you can. For instance, some ThinkPad from Lenovo (my personal favorite). + +This is because those business laptops usually offer better and more customizable security features (especially in the BIOS/UEFI settings) with longer support than most consumer laptops (Asus, MSI, Gigabyte, Acer...). The interesting features to look for are: + +- Better custom Secure Boot **settings (where you can selectively manage all the keys and not just use the Standard ones)** + +- HDD/SSD passwords in addition to just BIOS/UEFI passwords. + +- AMD laptops could be more interesting as some provide the ability to disable AMD PSP (the AMD equivalent of Intel IME) from the BIOS/UEFI settings by default. And, because AFAIK, AMD PSP was audited and contrary to IME was not found to have any "evil" functionalities[^304]. However, if you are going for the Qubes OS Route consider Intel CPUs as Qubes OS does not support AMD with their anti-evil-maid system[^305]. + +- Secure Wipe tools from the BIOS (especially useful for SSD/NVMe drives, see [Appendix M: BIOS/UEFI options to wipe disks in various Brands]). + +- Better control over the disabling/enabling of select peripherals (USB ports, Wi-Fis, Bluetooth, Camera, Microphone ...). + +- Better security features with Virtualization. + +- Native anti-tampering protections. + +- Longer support with BIOS/UEFI updates (and subsequent BIOS/UEFI security updates). + +- Some are supported by Libreboot + +### Bios/UEFI/Firmware Settings of your laptop: + +#### PC: + +These settings can be accessed through the boot menu of your laptop. Here is a good tutorial from HP explaining all the ways to access the BIOS on various computers: [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs) + +Usually how to access it is by pressing a specific key (F1, F2, or Del) at boot (before your OS). + +Once you are in there, you will need to apply a few recommended settings: + +- Disable Bluetooth completely if you can. + +- Disable Biometrics (fingerprint scanners) if you have any if you can. However, you could add a biometric additional check for booting only (pre-boot) but not for accessing the BIOS/UEFI settings. + +- Disable the Webcam and Microphone if you can. + +- Enable BIOS/UEFI password and use a long passphrase instead of a password (if you can) and make sure this password is required for: + + - Accessing the BIOS/UEFI settings themselves + + - Changing the Boot order + + - Startup/Power-on of the device + +- Enable HDD/SSD password if the feature is available. This feature will add another password on the HDD/SSD itself (not in the BIOS/UEFI firmware) that will prevent this HDD/SSD from being used in a different computer without the password. Note that this feature is also specific to some manufacturers and could require specific software to unlock this disk from a completely different computer. + +- Prevent accessing the boot options (the boot order) without providing the BIOS/UEFI password if you can. + +- Disable USB/HDMI or any other port (Ethernet, Firewire, SD card ...) if you can. + +- Disable Intel ME if you can (odds are very high you can't). + +- Disable AMD PSP if you can (AMD's equivalent to IME, see [Your CPU][Your CPU:]) + +- Disable Secure Boot if you intend to use Qubes OS as they do not support it out of the box[^306]. Keep it on if you intend to use Linux/Windows. + +- Check if your laptop BIOS has a secure erase option for your HDD/SSD that could be convenient in case of need. + +Only enable those on a "need to use" basis and disable them again after use. This can help mitigate some attacks in case your laptop is seized while locked but still on OR if you had to shut it down rather quickly and someone took possession of it (this topic will be explained later in this guide). + +##### About Secure boot: + +So, what is Secure Boot[^307]? In short, it is a UEFI security feature designed to prevent your computer from booting an operating system from which the bootloader was not signed by specific keys stored in the UEFI firmware of your laptop. + +When the operating system (or the Bootloader[^308]) supports it, you can store the keys of your bootloader in your UEFI firmware, and this will prevent booting up any unauthorized Operating System (such as a live OS USB or anything similar). + +Secure Boot settings are protected by the password you set up to access the BIOS/UEFI settings. If you have that password, you can disable Secure Boot and allow unsigned OSes to boot on your system. This can help mitigate some Evil-Maid attacks (explained later in this guide). + +In most cases, Secure Boot is disabled by default or is enabled but in "setup" mode which will allow any system to boot. For Secure Boot to work, your Operating System will have to support it and then sign its bootloader and push those signing keys to your UEFI firmware. After that, you will have to go to your BIOS/UEFI settings and save those pushed keys from your OS and change the Secure Boot from setup to user mode (or custom mode in some cases). + +After doing that step, only the Operating Systems from which your UEFI firmware can verify the integrity of the bootloader will be able to boot. + +Most laptops will have some default keys already stored in the secure boot settings. Usually, those are from the manufacturer itself or some companies such as Microsoft. So, this means that by default, it will always be possible to boot some USB disks even with secure boot. These include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, OpenSUSE, Tails, Clonezilla, and many others. Secure Boot is however not supported at all by Qubes OS at this point. + +In some laptops, you can manage those keys and remove the ones you do not want with a "custom mode" to only authorize your bootloader that you could sign yourself if you want to. + +So, what is Secure Boot protecting you from? It will protect your laptop from booting unsigned bootloaders (by the OS provider) with for instance injected malware. + +What is Secure Boot **not** protecting you from? + +- Secure Boot is not encrypting your disk and an adversary can still just remove the disk from your laptop and extract data from it using a different machine. Secure Boot is therefore useless without full disk encryption. + +- Secure Boot is not protecting you from a signed bootloader that would be compromised and signed by the manufacturer itself (Microsoft for example in the case of Windows). Most mainstream Linux distributions are signed these days and will boot with Secure Boot enabled. + +- Secure Boot can have flaws and exploits like any other system. If you are running an old laptop that does not benefit from new BIOS/UEFI updates, these can be left unfixed. + +Additionally, several attacks could be possible against Secure Boot as explained (in-depth) in these technical videos: + +- Defcon 22, [[Invidious]](https://yewtu.be/watch?v=QDSlWa9xQuA) + +- BlackHat 2016, [[Invidious]](https://yewtu.be/watch?v=0fZdL3ufVOI) + +**So, it can be useful as an added measure against some adversaries but not all. Secure Boot in itself is not encrypting your hard drive. It is an added layer but that is it.** + +**I still recommend you keep it on if you can.** + +#### Mac: + +Take a moment to set a firmware password according to the tutorial here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-au/HT204455) + +You should also enable firmware password reset protection (available from Catalina) according to the documentation here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) + +This feature will mitigate the possibility for some adversaries to use hardware hacks to disable/bypass your firmware password. Note that this will also prevent Apple themselves from accessing the firmware in case of repair. + +### Physically Tamper protect your laptop: + +At some point, you will inevitably leave this laptop alone somewhere. You will not sleep with it and take it everywhere every single day. You should make it as hard as possible for anyone to tamper with it without you noticing it. This is mostly useful against some limited adversaries that will not use a 5$ wrench against you[^11]. + +It is important to know that it is trivially easy for some specialists to install a key logger in your laptop, or to just make a clone copy of your hard drive that could later allow them to detect the presence of encrypted data in it using forensic techniques (more on that later). + +Here is a good cheap method to make your laptop tamper-proof using Nail Polish (with glitter) [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/how-tamper-protect-laptop/) [^309] (with pictures). + +While this is a good cheap method, it could also raise suspicions as it is quite "noticeable" and might just reveal that you "have something to hide". So, there are more subtle ways of achieving the same result. You could also for instance make a close-up macro photography of the back screws of your laptop or just use a small amount of candle wax within one of the screws that could just look like usual dirt. You could then check for tampering by comparing the photographs of the screws with new ones. Their orientation might have changed a bit if your adversary was not careful enough (Tightening them exactly the same way they were before). Or the wax within the bottom of a screw head might have been damaged compared to before. + +![image20](media/image20.png) + +![image21](media/image21.png) + +The same techniques can be used with USB ports where you could just put a tiny amount of candle wax within the plug that would be damaged by inserting a USB key in it. + +In riskier environments, check your laptop for tampering before using it regularly. + +## The Whonix route: + +### Picking your Host OS (the OS installed on your laptop): + +This route will make extensive use of Virtual Machines[^310], they will require a host OS to run the Virtualization software. You have three recommended choices in this part of the guide: + +- Your Linux distribution of choice (excluding Qubes OS) + +- Windows 10/11 (preferably Home edition due to the absence of Bitlocker) + +- macOS (Catalina or higher up to Monterey) + +In addition, chances are high that your Mac is or has been tied to an Apple account (at the time of purchase or after signing-in) and therefore its unique hardware identifiers could lead back to you in case of hardware identifiers leak. + +Linux is also not necessarily the best choice for anonymity depending on your threat model. This is because using Windows will allow us to **conveniently** use Plausible Deniability[^311] (aka Deniable Encryption[^312]) easily at the OS level. Windows is also unfortunately at the same time a privacy nightmare[^313] but is the only easy to set up option for using OS-wide plausible deniability. Windows telemetry and telemetry blocking are also widely documented which should mitigate many issues. + +**So, what is Plausible Deniability?** You can cooperate with an adversary requesting access to your device/data without revealing your true secret. All this using Deniable Encryption[^314]. + +A soft lawful adversary could ask for your encrypted laptop password. At first, you could refuse to give out any password (using your "right to remain silent", "right not to incriminate yourself") but some countries are implementing laws[^315]'[^316] to exempt this from such rights (because terrorists and "think of the children"). In that case, you might have to reveal the password or face jail time in contempt of court. This is where plausible deniability will come into play. + +You could then reveal a password, but that password will only give access to "plausible data" (a decoy OS). The forensics will be well aware that it is possible for you to have hidden data but should not be able to prove this **(if you do this right)**. You will have cooperated, and the investigators will have access to something but not what you actually want to hide. Since the burden of proof should lie on their side, they will have no options but to believe you unless they have proof that you have hidden data. + +This feature can be used at the OS level (a plausible OS and a hidden OS) or at the files level where you will have an encrypted file container (similar to a zip file) where different files will be shown depending on the encryption password you use. + +This also means you could set up your own advanced "plausible deniability" setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see [Some additional measures against forensics][Some additional measures against forensics:] section later). There is a project for achieving this within Tails ( [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM)) which would make your Host OS non-persistent and use plausible deniability within Tails. + +In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10/11 Home (and not Pro). This is because Windows 10/11 Pro natively offers a full-disk encryption system (Bitlocker[^317]) where Windows 10/11 Home offers no full-disk encryption at all. You will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10/11 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10/11 Pro would be suspicious. + +**Note about Linux:** So, what about Linux and plausible deniability? Yes, it is possible to achieve plausible deniability with Linux too. More information within the Linux Host OS section later. + +Unfortunately, encryption is not magic and there are some risks involved: + +#### Threats with encryption: + +##### **The 5$ Wrench:** + +Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) + +Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. **Avoid, if possible, the use of plausible deniability-capable software (such as Veracrypt) if your threat model includes hard adversaries. So, Windows users should in that case install Windows Pro as a Host OS and use Bitlocker instead.** + +See [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) + +##### Evil-Maid Attack: + +Evil Maid Attacks[^318] are conducted when someone tampers with your laptop while you are away. To install to clone your hard drive, install malware or a key logger. If they can clone your hard drive, they can compare one image of your hard drive at the time they took it while you were away with the hard drive when they seize it from you. If you used the laptop again in between, forensics examiners might be able to prove the existence of the hidden data by looking at the variations between the two images in what should be an empty/unused space. This could lead to compelling evidence of the existence of hidden data. If they install a key logger or malware within your laptop (software or hardware), they will be able to simply get the password from you for later use when they seize it. Such attacks can be done at your home, your hotel, a border crossing, or anywhere you leave your devices unattended. + +You can mitigate this attack by doing the following (as recommended earlier): + +- Have basic tamper protection (as explained previously) to prevent physical access to the internals of the laptop without your knowing. This will prevent them from cloning your disks and installing a physical key logger without your knowledge. + +- Disable all the USB ports (as explained previously) within a password-protected BIOS/UEFI. Again, they will not be able to turn them on (without physically accessing the motherboard to reset the BIOS) to boot a USB device that could clone your hard drive or install a software-based malware that could act as a key logger. + +- Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized boot of an unauthorized device. + +- Some OSes and Encryption software have the [Anti Evil Maid (AEM)][Anti Evil Maid (AEM):] protection that can be enabled. This is the case with Windows/Veracrypt and QubeOS (only on Intel CPUs). + +##### Cold-Boot Attack: + +Cold Boot attacks[^319] are trickier than the Evil Maid Attack but can be part of an Evil Maid attack as it requires an adversary to come into possession of your laptop while you are actively using your device or shortly afterward. + +The idea is rather simple, as shown in this video[^320], an adversary could theoretically quickly boot your device on a special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the USB ports are disabled or if they feel like they need more time, they could open it and "cool down" the memory using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. You will later apply a few principles to mitigate these. + +In the case of Plausible Deniability, there have been some forensics studies[^321] about technically proving the presence of the hidden data with a simple forensic examination (without a Cold Boot/Evil Maid Attack) but these have been contested by other studies[^322] and by the maintainer of Veracrypt[^323] so we would not worry too much about those yet. + +The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added ones: + +- If your OS or Encryption software allows it, you should consider encrypting the keys within RAM too (this is possible with Windows/Veracrypt and will be explained later). Again see [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) + +- Do enable the option to Wipe keys from memory if a device is inserted in Veracrypt. + +- You should limit the use of Sleep stand-by and instead use Shutdown or Hibernate to prevent the encryption keys from staying in RAM when your computer goes to sleep. This is because sleep will maintain power in your memory for resuming your activity faster. Only hibernation and shutdown will actually clear the key from the memory[^324]. + +See also [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense) and [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks) + +Here are also some interesting tools to consider for Linux users to defend against these: + +- [[Archive.org]](https://web.archive.org/web/https://github.com/0xPoly/Centry) (unfortunately unmaintained it seems) + +- [[Archive.org]](https://web.archive.org/web/https://github.com/hephaest0s/usbkill) (unfortunately unmaintained as well it seems) + +- [[Archive.org]](https://web.archive.org/web/https://github.com/Lvl4Sword/Killer) + +- [[Archive.org]](https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks) + +- (Qubes OS, Intel CPU only) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) + +##### About Sleep, Hibernation, and Shutdown: + +If you want better security, you should shut down your laptop completely every time you leave it unattended or close the lid. This should clean and/or release the RAM and provide mitigations against cold boot attacks. However, this can be a bit inconvenient as you will have to reboot completely and type in a ton of passwords into various apps. Restart various VMs and other apps. So instead, you could also use hibernation (not supported on Qubes OS). Since the whole disk is encrypted, hibernation in itself should not pose a large security risk but will still shut down your laptop and clear the memory while allowing you to conveniently resume your work afterward. **What you should never do is using the standard sleep feature which will keep your computer on, and the memory powered. This is an attack vector against evil-maid and cold-boot attacks discussed earlier. This is because your powered-on memory holds the encryption keys to your disk (encrypted or not) and could then be accessed by a skilled adversary.** + +This guide will provide guidance later on how to enable hibernation on various host OSes (except Qubes OS) if you do not want to shut down every time. + +##### Local Data Leaks (traces) and forensics examination: + +As mentioned briefly earlier, these are data leaks and traces from your operating system and apps when you perform any activity on your computer. These mostly apply to encrypted file containers (with or without plausible deniability) than OS-wide encryption. Such leaks are less "important" if your whole OS is encrypted (if you are not compelled to reveal the password). + +Let us say for example you have a Veracrypt encrypted USB key with plausible deniability enabled. Depending on the password you use when mounting the USB key, it will open a decoy folder or the sensitive folder. Within those folders, you will have decoy documents/data within the decoy folder and sensitive documents/data within the sensitive folder. + +In all cases, you will (most likely) open these folders with Windows Explorer, macOS Finder, or any other utility and do whatever you planned to do. Maybe you will edit a document within the sensitive folder. Maybe you will search for a document within the folder. Maybe you will delete one or watch a sensitive video using VLC. + +Well, all those Apps and your Operating System might keep logs and traces of that usage. This might include the full path of the folder/files/drives, the time those were accessed, temporary caches of those files, the "recent" lists in each app, the file indexing system that could index the drive, and even thumbnails that could be generated + +Here are some examples of such leaks: + +###### Windows: + +- Windows ShellBags that are stored within the Windows Registry silently storing various histories of accessed volumes/files/folders[^325]. + +- Windows Indexing keeping traces of the files present in your user folder by default[^326]. + +- Recent lists (aka Jump Lists) in Windows and various apps keeping traces of recently accessed documents[^327]. + +- Many more traces in various logs, please see this convenient interesting poster for more insight: [[Archive.org]](https://web.archive.org/web/https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download) + +###### macOS: + +- Gatekeeper[^328] and XProtect keeping track of your download history in a local database and file attributes. + +- Spotlight Indexing + +- Recent lists in various apps keeping traces of recently accessed documents. + +- Temporary folders keeping various traces of App usage and Document usage. + +- macOS Logs + +- ... + +###### Linux: + +- Tracker Indexing + +- Bash History + +- USB logs + +- Recent lists in various apps keeping traces of recently accessed documents. + +- Linux Logs + +- ... + +Forensics could' use all those leaks (see [Local Data Leaks and Forensics][Local Data Leaks and Forensics:]) to prove the existence of hidden data and defeat your attempts at using plausible deniability and to find out about your various sensitive activities. + +It will be therefore important to apply various steps to prevent forensics from doing this by preventing and cleaning these leaks/traces and more importantly by using whole disk encryption, virtualization, and compartmentalization. + +Forensics cannot extract local data leaks from an OS they cannot access. And you will be able to clean most of those traces by wiping the drive or by securely erasing your virtual machines (which is not as easy as you think on SSD drives). + +Some cleaning techniques will nevertheless be covered in the "Cover your Tracks" part of this guide at the very end. + +##### Online Data Leaks: + +Whether you are using simple encryption or plausible deniability encryption. Even if you covered your tracks on the computer itself. There is still a risk of online data leaks that could reveal the presence of hidden data. + +**Telemetry is your enemy**. As explained earlier in this guide, the telemetry of Operating Systems but also from Apps can send staggering amounts of private information online. + +In the case of Windows, this data could for instance be used to prove the existence of a hidden OS / Volume on a computer and would be readily available at Microsoft. Therefore, it is critically important that you disable and block telemetry with all the means at your disposal. No matter what OS you are using. + +#### Conclusion: + +You should never conduct sensitive activities from a non-encrypted system. And even if it is encrypted, you should never conduct sensitive activities from the Host OS itself. Instead, you should use a VM to be able to efficiently isolate and compartmentalize your activities and prevent local data leaks. + +If you have little to no knowledge of Linux or if you want to use OS-wide plausible deniability, we recommend going for Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks. + +If you have no interest in OS-wide plausible deniability and want to learn to use Linux, we will strongly recommend going for Linux or the Qubes OS route if your hardware allows it. + +**In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should ideally not be used for any of your day-to-day activities.** + +Consider also reading **** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Full_Disk_Encryption) + +### Linux Host OS: + +As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at least we do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. + +I also recommend that you do the initial installation completely offline to avoid any data leak. + +You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are not necessarily better at security than other systems such as macOS and Windows. See this reference to understand why [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/linux.html). + +#### Full disk encryption: + +There are two routes here with Ubuntu or Debian based distros: + +- Using LUKS: + + - Without plausible deniability: + + - (Recommended and easy) Encrypt as part of the installation process: [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/tutorials/install-ubuntu-desktop) + + - This process requires the full erasure of your entire drive (clean install). + + - Just check the "Encrypt the new Ubuntu installation for security" + + - (Tedious but possible) Encrypt after installation: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/ManualFullSystemEncryption) + + - With plausible deniability: See the next section [The Detached Headers Way] + +- Using Veracrypt: + + - With or without plausible deniability: See the next section [The Veracrypt Way] + +For other distros, you will have to document yourself, but it will likely be similar. Encryption during install is just much easier in the context of this guide. + +#### Note about plausible deniability on Linux: + +There are several ways to achieve plausible deniability on Linux[^329] and it is possible to achieve. Here are some more details about some of the ways we would recommend. All these options require some higher level of skills at using Linux. + +##### The Detached Headers Way: + +While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using detached LUKS headers. For now, we will redirect you toward this page for more information: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header) + +##### The Veracrypt Way: + +It is technically possible to not only use Veracrypt but also to achieve plausible deniability on a Linux Host OS by using Veracrypt for system full-disk encryption (instead of LUKS). This is not supported by Veracrypt (System encryption is only supported on Windows) and requires some tinkering with various commands. This is not recommended at all for unskilled users and should only be used at your own risk. + +The steps to achieve this are not yet integrated into this guide but can be found here: (this is a .onion address and requires Tor Browser). + +#### Reject/Disable any telemetry: + +- During the install, just make sure you do not allow any data collection if prompted. + +- If you are not sure, just make sure you did not enable any telemetry and follow this tutorial if needed [[Archive.org]](https://web.archive.org/web/https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/) + +- Any other distro: you will need to document yourself and find out how to disable telemetry. + +#### Disable anything unnecessary: + +- Disable Bluetooth if enabled by following this guide [[Archive.org]](https://web.archive.org/web/https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/) or issuing the following command: + + - ```sudo systemctl disable bluetooth.service --force``` + +- Disable Indexing if enabled by default (Ubuntu >19.04) by following this guide [[Archive.org]](https://web.archive.org/web/https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html) or issuing the following commands: + + - ```sudo systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service``` + + - You can safely ignore any error if it says some service does not exist + + - ```sudo tracker reset -hard``` + +##### Hibernation: + +As explained previously, you should not use the sleep features but shut down or hibernate your laptop to mitigate some evil-maid and cold-boot attacks. Unfortunately, this feature is disabled by default on many Linux distros including Ubuntu. It is possible to enable it, but it might not work as expected. Follow this information at your own risk. If you do not want to do this, you should never use the sleep function and power off instead (and set the lid closing behavior to power off instead of sleep). + +Follow one of these tutorials to enable Hibernate: + +- [[Archive.org]](https://web.archive.org/web/https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/) + +- [[Archive.org]](https://web.archive.org/web/http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/) + +- [[Archive.org]](https://web.archive.org/web/20211011215449/https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/) + +After Hibernate is enabled, change the behavior so that your laptop will hibernate when you close the lid by following this tutorial for Ubuntu 20.04 [[Archive.org]](https://web.archive.org/web/http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/) and this tutorial for Ubuntu 18.04 [[Archive.org]](https://web.archive.org/web/https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/). There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for 20.04 should probably work too. + +Unfortunately, this will not clean the key from memory directly when hibernating. To avoid this at the cost of some performance, you might consider encrypting the swap file by following this tutorial: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) + +These settings should mitigate cold boot attacks if you can hibernate fast enough. + +#### Enable MAC address randomization: + +- For Ubuntu, follow these steps [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses). + +- Consider this tutorial which should still work: [[Archive.org]](https://web.archive.org/web/https://josh.works/shell-script-basics-change-mac-address) + +#### Hardening Linux: + +As a light introduction for new Linux users, consider [[Invidious]](https://yewtu.be/watch?v=Sa0KqbpLye4) + +For more in-depth and advanced options, refer to: + +- This excellent guide: [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/guides/linux-hardening.html) + +- This excellent wiki resource: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Security) + +- These excellent scripts are based on the guide and wiki above: [[Archive.org]](https://web.archive.org/web/https://codeberg.org/SalamanderSecurity/PARSEC) + +- These tools that can help you harden your Linux Kernel: + + - Lynis: + + - Kconfig-hardened-check: + +- Consider installing Safing Portmaster from [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/) **(Warning: there might be issues with some VPN clients. See: ** [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/status/vpn-compatibility) + +- Consider the use of KickSecure when using Debian: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Kicksecure) + +- This interesting article: [[Archive.org]](https://web.archive.org/web/http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html) + +#### Setting up a safe Browser: + +See [Appendix G: Safe Browser on the Host OS] + +### macOS Host OS: + +**Note: Mac M1/M2 chips are now supported natively, or, if you wish to use commercial tools like VMWare Fusion or Parallels Desktop, but those are not covered in this guide. Seek this information yourself.** + +As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at least we do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. + +We also recommend that you do the initial installation completely offline to avoid any data leak. + +**Do not ever sign in with your Apple account using that Mac.** + +#### During the install: + +- Stay Offline + +- Disable all data sharing requests when prompted including location services + +- Do not sign in with Apple + +- Do not enable Siri + +#### Hardening macOS: + +As a light introduction for new macOS users, consider [[Invidious]](https://yewtu.be/watch?v=lFx5icuE6Io) + +Now to go more in-depth in securing and hardening your macOS, we recommend reading this guide which covers many of the issues: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + + +Here are the basic steps you should take after your offline installation: + +##### Enable Firmware password with "disable-reset-capability" option: + +First, you should set up a firmware password following this guide from Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204455) + +Unfortunately, some attacks are still possible and an adversary could disable this password so you should also follow this guide to prevent disabling the firmware password from anyone including Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) + +##### Enable Hibernation instead of sleep: + +Again, this is to prevent some cold-boot and evil-maid attacks by powering down your RAM and cleaning the encryption key when you close the lid. You should always either hibernate or shut down. On macOS, the hibernate feature even has a special option to specifically clear the encryption key from memory when hibernating (while you might have to wait for the memory to decay on other Operating Systems). Once again there are no easy options to do this within the settings so instead, we will have to do this by running a few commands to enable hibernation: + +- Open a Terminal + +- Run: ```sudo pmset -a destroyfvkeyonstandby 1``` + + - This command will instruct macOS to destroy the Filevault key on Standby (sleep) + +- Run: ```sudo pmset -a hibernatemode 25``` + + - This command will instruct macOS to power off the memory during sleep instead of doing a hybrid hibernate that keeps the memory powered on. It will result in slower wakes but will increase battery life. + +Now when you close the lid of your MacBook, it should hibernate instead of sleep and mitigate attempts at performing cold-boot attacks. + +In addition, you should also set up an automatic sleep (Settings > Energy) so that your MacBook will hibernate automatically if left unattended. + +##### Disable unnecessary services: + +Disable some unnecessary settings within the settings: + +- Disable Bluetooth + +- Disable the Camera and Microphone + +- Disable Location Services + +- Disable Airdrop + +- Disable Indexing + +##### Prevent Apple OCSP calls: + +These are the infamous "unblockable telemetry" calls from macOS Big Sur disclosed here: [[Archive.org]](https://web.archive.org/web/https://sneak.berlin/20201112/your-computer-isnt-yours/) + +You could block OCSP reporting by issuing the following command in Terminal: + +- ``` sudo sh -c 'echo "127.0.0.1 ocsp.apple.com" >> /etc/hosts'``` + +But you should document yourself on the actual issue before acting. This page is a good place to start: [[Archive.org]](https://web.archive.org/web/https://blog.jacopo.io/en/post/apple-ocsp/) + +Up to you really. We would block it because we do not want any telemetry at all from my OS to the mothership without my specific consent. None. + +##### Enable Full Disk encryption (Filevault): + +You should enable full disk encryption on your Mac using Filevault according to this part of the guide: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + +**Be careful when enabling. Do not store the recovery key at Apple if prompted (should not be an issue since you should be offline at this stage). You do not want a third party to have your recovery key.** + +##### MAC Address Randomization: + +Unfortunately, macOS does not offer a native convenient way of randomizing your MAC Address and so you will have to do this manually. This will be reset at each reboot, and you will have to re-do it each time to ensure you do not use your actual MAC Address when connecting to various Wi-Fis + +You can do this by issuing the following commands in terminal (without the parentheses): + +- (Turn the Wi-Fi off) ```networksetup -setairportpower en0 off``` + +- (Change the MAC Address) ```sudo ifconfig en0 ether 88:63:11:11:11:11``` + +- (Turn the Wi-Fi back on) ```networksetup -setairportpower en0 on``` + +#### Setting up a safe Browser: + +See [Appendix G: Safe Browser on the Host OS] + +### Windows Host OS: + +As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at leastWedo not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. + +I also recommend that you do the initial installation completely offline to avoid any data leak. + +#### Installation: + +You should follow [Appendix A: Windows Installation] + +As a light introduction, consider watching [[Invidious]](https://yewtu.be/watch?v=vNRics7tlqw) + +#### Enable MAC address randomization: + +You should randomize your MAC address as explained earlier in this guide: + +Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware addresses + +Alternatively, you could use this free piece of software: [[Archive.org]](https://web.archive.org/web/https://technitium.com/tmac/) + +#### Setting up a safe Browser: + +See [Appendix G: Safe Browser on the Host OS] + +#### Enable some additional privacy settings on your Host OS: + +See [Appendix B: Windows Additional Privacy Settings] + +##### Windows Host OS encryption: + +###### If you intend to use system-wide plausible deniability: + +Veracrypt[^330] is the software we will recommend for full-disk encryption, file encryption, and plausible deniability. It is a fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for: + +- Full Disk simple encryption (your hard drive is encrypted with one passphrase). + +- Full Disk encryption with plausible deniability (this means that depending on the passphrase entered at boot, you will either boot a decoy OS or a hidden OS). + +- File container simple encryption (it is a large file that you will be able to mount within Veracrypt as if it were an external drive to store encrypted files within). + +- File container with plausible deniability (it is the same large file but depending on the passphrase you use when mounting it, you will either mount a "hidden volume" or the "decoy volume"). + +It is to my knowledge the only (convenient and usable by anyone) free, open-source, and openly audited[^331] encryption software that also provides plausible deniability for widespread use and it works with Windows Home Edition. + +Go ahead and download and install Veracrypt from: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Downloads.html) + +After installation, please take a moment to review the following options that will help mitigate some attacks: + +- Encrypt the memory with a Veracrypt option[^332] (settings > performance/driver options > encrypt RAM) at a cost of 5-15% performance. This setting will also disable hibernation (which does not actively clear the key when hibernating) and instead encrypt the memory altogether to mitigate some cold-boot attacks. More details about this feature here: [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) + +- Enable the Veracrypt option to wipe the keys from memory if a new device is inserted (system > settings > security > clear keys from memory if a new device is inserted). This could help in case your system is seized while still on (but locked). + +- Enable the Veracrypt option to mount volumes as removable volumes (Settings > Preferences > Mount volume as removable media). This will prevent Windows from writing some logs about your mounts in the Event logs[^333] and prevent some local data leaks. + +- Be careful and have a good situational awareness if you sense something weird. Shut your laptop down as fast as possible. + +If you do not want to use encrypted memory (because performance might be an issue), you should at least enable hibernation instead of sleep. This will not clear the keys from memory (you are still vulnerable to cold boot attacks) but at least should mitigate them if your memory has enough time to decay. + +More details later in [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]. + +###### If you do not intend to use system-wide plausible deniability: + +For this case, we will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is that BitLocker does not offer a plausible deniability possibility contrary to Veracrypt. A hard adversary has then no incentive in pursuing his "enhanced" interrogation if you reveal the passphrase. + +Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward. + +Basically, you can follow the instructions here: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) + +But here are the steps: + +- Click the Windows Menu + +- Type "Bitlocker" + +- Click "Manage Bitlocker" + +- Click "Turn on Bitlocker" on your System Drive + +- Follow the instructions + + - **Do not save your recovery key to a Microsoft Account if prompted.** + + - **Only save the recovery key to an external encrypted drive. To bypass this, print the recovery key using the Microsoft Print to PDF printer and save the key within the Documents folder. Delete that file later.** + + - **Encrypt Entire Drive (do not encrypt the used disk space only).** + + - **Use "New Encryption Mode"** + + - **Run the BitLocker Check** + + - **Reboot** + +- Encryption should now be started in the background (you can check by clicking the Bitlocker icon on the lower right side of the taskbar). + +Unfortunately, this is not enough. With this setup, your Bitlocker key can just be stored as-is in the TPM chip of your computer. This is rather problematic as the key can be extracted in some cases with ease[^334]'[^335]'[^336]'[^337]. + +To mitigate this, you will have to enable a few more options as per the recommendations of Microsoft[^338]: + +- Click the Windows icon + +- Type Run + +- Type "gpedit.msc" (this is the group policy editor) + +- Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker > Operating System Drives + + - Double Click the "Require Additional Authentication at Startup" + + - Click the "Configure TPM Startup PIN" and set it to "Require Startup PIN with TPM" + + - Double Click the "Allow enhanced PINs for startup" + + - Click the "Enable" (this will allow us to set a password rather than a PIN) + +- Close the Group Policy Editor + +- Click the Windows icon + +- Type Command to display the "Command Prompt" + +- Right Click on it and click "Run as Administrator" + +- Run ```manage-bde -protectors -delete c:``` (this will delete current protection: the recovery key you will not need) + +- Run ```manage-bde -protectors -add c: -TPMAndPIN``` (this will prompt you for a pre-boot password) + + - Enter a password or passphrase of your choice (a good one) + +- Run ```manage-bde -status``` + + - You should now see at your C: drive below "Key Protectors" the option "TPM and PIN" + +- You are done + +Now when you reboot your computer, you should ideally be prompted for: + +- A BIOS/UEFI boot password + +- An SSD/HDD unlock password (if the feature is available on your BIOS) + +- A Bitlocker Pre-Boot Pin Screen where you need to enter the password/passphrase you just set-up + +- And finally, the Windows Logon Screen where you can enter the credentials you set-up earlier + +##### Enable Hibernation (optional): + +Again, as explained earlier. You should never use the sleep/stand-by feature to mitigate some cold-boot and evil-maid attacks. Instead, you should Shut down or hibernate. You should therefore switch your laptop from sleeping to hibernating when closing the lid or when your laptop goes to sleep. + +(**Note that you cannot enable hibernation if you previously enabled RAM encryption within Veracrypt)** + +The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the other hand will leave the memory powered on (including your decryption key) and could leave your laptop vulnerable to cold-boot attacks. + +By default, Windows 10/11 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation) + +- Open an administrator command prompt (right-click on Command Prompt and "Run as Administrator") + +- Run: powercfg.exe /hibernate on + +- Now run the additional command: ```**powercfg /h /type full**``` + + - **This command will make sure your hibernate mode is full and will fully clean the memory (not securely tho).** + +After that you should go into your power settings: + +- Open the Control Panel + +- Open System & Security + +- Open Power Options + +- Open "Choose what the power button does" + +- Change everything from sleep to hibernate or shutdown + +- Go back to the Power Options + +- Select Change Plan Settings + +- Select Advanced Power Settings + +- Change all the Sleep Values for each Power Plan to 0 (Never) + +- Make sure Hybrid Sleep is Off for each Power Plan + +- Enable Hibernate After the time you would like + +- Disable all the Wake timers + +#### Deciding which sub-route you will take: + +Now you will have to pick your next step between two options: + +- Route A: Simple encryption of your current OS + + - Pros: + + - Does not require you to wipe your laptop + + - No issue with local data leaks + + - Works fine with an SSD drive + + - Works with any OS + + - Simple + + - Cons: + + - You could be compelled by an adversary to reveal your password and all your secrets and will have no plausible deniability. + + - The danger of Online data leaks + +- Route B: Simple encryption of your current OS with later use of plausible deniability on files themselves: + + - Pros: + + - Does not require you to wipe your laptop + + - Works fine with an SSD drive + + - Works with any OS + + - Plausible deniability is possible with "soft" adversaries + + - Cons: + + - The danger of Online Data leaks + + - The danger of Local Data leaks (that will lead to more work to clean up those leaks) + +- Route C: Plausible Deniability Encryption of your Operating system (you will have a "hidden OS" and a "decoy OS" running on the laptop): + + - Pros: + + - No issues with local Data leaks + + - Plausible deniability is possible with "soft" adversaries + + - Cons: + + - Requires Windows (this feature is not "easily" supported on Linux). + + - The danger of online Data leaks + + - Requires full wipe of your laptop + + - No use with an SSD drive due to the requirement of disabling Trim[^339] Operations[^340]. This will severely degrade the performance/health of your SSD drive over time. + +**As you can see, Route C only offers two privacy advantages over the others, and it will only be of use against a soft lawful adversary. Remember ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)**.** + +Deciding which route you will take is up to you. Route A is a minimum. + +**Always be sure to check for new versions of Veracrypt frequently to ensure you benefit from the latest patches. Especially check this before applying large Windows updates that might break the Veracrypt bootloader and send you into a boot loop.** + +**NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM PASSWORD IN QWERTY (display the password as a test). This can cause issues if your boot input is using your laptop's keyboard (AZERTY for example) as you will have set up your password in QWERTY and will input it at boot time in AZERTY. So, make sure you check when doing the test boot what keyboard layout your BIOS is using. You could fail to log in just because of the QWERTY/AZERTY mix-up. If your BIOS boots using AZERTY, you will need to type the password in QWERTY within Veracrypt.** + +##### Route A and B: Simple Encryption using Veracrypt (Windows tutorial) + +**Skip this step if you used BitLocker instead earlier.** + +You do not have to have an HDD for this method, and you do not need to disable Trim on this route. Trim leaks will only be of use to forensics in detecting the presence of a Hidden Volume but will not be of much use otherwise. + +This route is rather straightforward and will just encrypt your current Operating System in place without losing any data. Be sure to read all the texts Veracrypt is showing you, so you have a full understanding of what is going on. Here are the steps: + +- Launch VeraCrypt + +- Go into Settings: + + - Settings > Performance/driver options > Encrypt RAM + + - System > Settings > Security > Clear keys from memory if a new device is inserted + + - System > Settings > Windows > Enable Secure Desktop + +- Select System + +- Select Encrypt System Partition/Drive + +- Select Normal (Simple) + +- Select Single-Boot + +- Select AES as encryption Algorithm (click the test button if you want to compare the speeds) + +- Select SHA-512 as hash Algorithm (because why not) + +- Enter a strong passphrase (longer the better, remember [Appendix A2: Guidelines for passwords and passphrases]) + +- Collect some entropy by randomly moving your cursor around until the bar is full + +- Click Next as the Generated Keys screen + +- To rescue disk[^341] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. + +- Wipe mode: + + - If you have no sensitive data yet on this laptop, select None + + - If you have sensitive data on an SSD, Trim alone should take care of it[^342] but we would recommend one pass (random data) just to be sure. + + - If you have sensitive data on an HDD, there is no Trim, and we Swould recommend at least 1-pass. + +- Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test must pass for encryption to go forward. + +- After your computer rebooted and the test is passed. You will be prompted by Veracrypt to start the encryption process. + +- Start the encryption and wait for it to complete. + +- You are done, skip Route B and go to the next steps. + +There will be another section on creating encrypted file containers with Plausible Deniability on Windows. + +##### Route B: Plausible Deniability Encryption with a Hidden OS (Windows only) + +**This is only supported on Windows.** + +**This is only recommended on an HDD drive. This is not recommended on an SSD drive.** + +**Your Hidden OS should not be activated (with an MS product key). Therefore, this route will recommend and guide you through a full clean installation that will wipe everything on your laptop.** + +Read the Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) (Process of Creation of Hidden Operating System part) and [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html) (Security Requirements and Precautions Pertaining to Hidden Volumes). + +This is how your system will look after this process is done: + +![image22](media/image22.png) + +(Illustration from Veracrypt Documentation, [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html)) + +As you can see this process requires you to have two partitions on your hard drive from the start. + +This process will do the following: + +- Encrypt your second partition (the outer volume) that will look like an empty unformatted disk from the decoy OS. + +- Prompt you with the opportunity to copy some decoy content within the outer volume. + + - This is where you will copy your decoy Anime/Porn collection from some external hard drive to the outer volume. + +- Create a hidden volume within the outer volume of that second partition. This is where the hidden OS will reside. + +- Clone your currently running Windows 10/11 installation onto the hidden volume. + +- Wipe your currently running Windows 10/11. + +- This means that your current Windows 10/11 will become the hidden Windows 10/11 and that you will need to reinstall a fresh decoy Windows 10/11 OS. + +**Mandatory if you have an SSD drive and you still want to do this against the recommendation: Disable SSD Trim in Windows**[^343] **(again this is NOT recommended at all as** **disabling Trim in itself is highly suspicious**). **Also** **as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks**[^344] **that could allow forensics to defeat your plausible deniability**[^345][^346]**. The only way around this at the moment is to have a laptop with a classic HDD drive instead.** + +###### Step 1: Create a Windows 10/11 install USB key + +See [Appendix C: Windows Installation Media Creation][306] and go with the USB key route. + +###### Step 2: Boot the USB key and start the Windows 10/11 install process (Hidden OS) + +- Insert the USB key into your laptop + +- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home. + +###### Step 3: Privacy Settings (Hidden OS) + +See [Appendix B: Windows Additional Privacy Settings] + +###### Step 4: Veracrypt installation and encryption process start (Hidden OS) + +Remember to read [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) + +Do not connect this OS to your known Wi-Fi. You should download the Veracrypt installer from a different computer and copy the installer here using a USB key. Here are the steps: + +- Install Veracrypt + +- Start Veracrypt + +- Go into Settings: + + - Settings > Performance/driver options > Encrypt RAM (**note that this option is not compatible with Hibernation your laptop and means you will have to shut down completely)** + + - System > Settings > Security > Clear keys from memory if a new device is inserted + + - System > Settings > Windows > Enable Secure Desktop + +- Go into System and select Create Hidden Operating System + +- Read all the prompts thoroughly + +- Select Single-Boot if prompted + +- Create the Outer Volume using AES and SHA-512. + +- Use all the space available on the second partition for the Outer Volume + +- Use a strong passphrase (remember [Appendix A2: Guidelines for passwords and passphrases]) + +- Select yes to Large Files + +- Create some Entropy by moving the mouse around until the bar is full and select NTFS (do not select exFAT as you want this outer volume to look "normal" and NTFS is normal). + +- Format the Outer Volume + +- Open Outer Volume: + + - At this stage, you should copy decoy data onto the outer volume. So, you should have some sensitive but not so sensitive files/folders to copy there. In case you need to reveal a password to this Volume**.** This is a good place for your Anime/Mp3/Movies/Porn collection. + + - We recommend you do not fill the outer volume too much or too little (about 40%). Remember you must leave enough space for the Hidden OS (which will be the same size as the first partition you created during installation). + +- Use a strong passphrase for the Hidden Volume (obviously a different one than the one for the Outer Volume). + +- Now you will create the Hidden Volume, select AES and SHA-512 + +- Fill the entropy bar until the end with random mouse movements + +- Format the hidden Volume + +- Proceed with the Cloning + +- Veracrypt will now restart and Clone the Windows where you started this process into the Hidden Volume. This Windows will become your Hidden OS. + +- When the cloning is complete, Veracrypt will restart within the Hidden System + +- Veracrypt will inform you that the Hidden System is now installed and then prompt you to wipe the Original OS (the one you installed previously with the USB key). + +- Use 1-Pass Wipe and proceed. + +- Now your Hidden OS will be installed, proceed to the next step + +###### Step 5: Reboot and boot the USB key and start the Windows 10/11 install process again (Decoy OS) + +Now that the Hidden OS is fully installed, you will need to install a Decoy OS: + +- Insert the USB key into your laptop + +- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home again (do not install a different version and stick with Home). + +###### Step 6: Privacy settings (Decoy OS) + +See [Appendix B: Windows Additional Privacy Settings] + +###### Step 7: Veracrypt installation and encryption process start (Decoy OS) + +Now you will encrypt the Decoy OS: + +- Install Veracrypt + +- Launch VeraCrypt + +- Select System + +- Select Encrypt System Partition/Drive + +- Select Normal (Simple) + +- Select Single-Boot + +- Select AES as encryption Algorithm (click the test button if you want to compare the speeds) + +- Select SHA-512 as hash Algorithm (because why not) + +- Enter a short weak password (yes this is serious, do it, it will be explained later). + +- Collect some entropy by randomly moving your cursor around until the bar is full + +- Click Next as the Generated Keys screen + +- To rescue disk[^347] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. + +- Wipe mode: Select 1-Pass just to be safe + +- Pre-Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test must pass for encryption to go forward. + +- After your computer rebooted and the test is passed. You will be prompted by Veracrypt to start the encryption process. + +- Start the encryption and wait for it to complete. + +- Your Decoy OS is now ready for use. + +###### Step 8: Test your setup (Boot in Both) + +Time to test your setup: + +- Reboot and input your Hidden OS passphrase, you should boot within the Hidden OS. + +- Reboot and input your Decoy OS passphrase, you should boot within the Decoy OS. + +- Launch Veracrypt on the Decoy OS and mount the second partition using the Outer Volume Passphrase (mount it as read-only, by going into Mount Options and Selecting Read-Only) and it should mount the second partition as a read-only displaying your decoy data (your Anime/Porn collection). You are mounting it as read-only now because if you were to write data on it, you could override content from your Hidden OS. + +###### Step 9: Changing the decoy data on your Outer Volume safely + +Before going to the next step, you should learn the way to mount your Outer Volume safely for writing content on it. This is also explained in this official Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) + +**You should do this from a safe, trusted space.** + +Basically, you are going to mount your Outer Volume while also providing the Hidden Volume passphrase within the Mount Options to protect the Hidden Volume from being overwritten: + +- Open Veracrypt + +- Select your Second Partition + +- Click Mount + +- Click Mount Options + +- Check the "Protect the Hidden volume..." Option + +- Enter the Hidden OS passphrase + +- Click OK + +- Enter your Outer Volume passphrase + +- Click OK + +- You should now be able to open and write to your Outer Volume to change the content (copy/move/delete/edit...) + +This operation will not actually mount the Hidden Volume and should prevent the creation of any forensic evidence that could lead to the discovery of the Hidden OS. However, while you are performing this operation, both passwords will be stored in your RAM. You could still be vulnerable to a Cold-Boot Attack. To mitigate this, be sure to have the option to encrypt your RAM as instructed before. + +###### Step 10: Leave some forensics evidence of your Outer Volume (with the decoy Data) within your Decoy OS + +We must make the Decoy OS as plausible as possible. We also want your adversary to underestimate your intelligence. + +It is important to voluntarily leave some forensic evidence of your Decoy Content within your Decoy OS. This evidence will let forensic examiners see that you mounted your Outer Volume frequently to access its content. + +Here are useful tips to leave some forensics evidence: + +- Play the content from the Outer Volume from your Decoy OS (using VLC for instance). Be sure to keep a history of those. + +- Edit documents and work on them. + +- Enable file indexing again on the Decoy OS and include the mounted Outer Volume. + +- Unmount it and mount it frequently to watch some content or move files around. + +- Copy some content from your Outer Volume to your Decoy OS and then delete it unsafely. Just put it in the Recycle Bin, which only someone who is naive would do, thinking it were deleted. + +- Have a Torrent Client installed on the Decoy OS; use it from time to time to download some similar stuff that you will leave on the Decoy OS. + +- You could have a VPN client installed on the Decoy OS with a known VPN of yours (non-cash paid). + +Do not put anything suspicious on the Decoy OS such as: + +- This guide + +- Any links to this guide + +- Any suspicious anonymity software such as Tor Browser + +- Any Veracrypt volumes + +- Any documents on anonymity or security + +The intention is to make your adversary believe you are not as smart as they thought, to deter them from searching deeper. + +###### Notes: + +**Remember that you will need valid excuses for this plausible deniability scenario to work:** + +- **You are using Veracrypt because you are using Windows 10/11 Home, which do not feature Bitlocker, but you still wanted reasonable Privacy.** + +- **You have two partitions because you wanted to separate the system from the data for easy organization, and because some geeky friend told you this was better for performance.** + +- **You have used a weak password for easy convenient booting of the system and a strong, long passphrase on the Outer Volume. You were too lazy to type a strong passphrase at each boot.** + +- **You encrypted the second partition with a different password than the system because you do not want anyone in your group/domain to see your stuff. You did not want that data available to anyone.** + +Take some time to read again the "Possible Explanations for Existence of Two Veracrypt Partitions on Single Drive" of the Veracrypt documentation here [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) + +**Be careful:** + +- **You should never mount the Hidden Volume from the Decoy OS (NEVER EVER). If you did this, it would create forensic evidence of the Hidden Volume within the Decoy OS which could jeopardize your attempt at plausible deniability**. If you did this anyway (intentionally or by mistake) from the Decoy OS, there are ways to erase forensic evidence that will be explained later at the end of this guide, so this mistake alone isn't a huge deal if you follow the steps in [Some additional measures against forensics][Some additional measures against forensics:]. + +- **Never use the Decoy OS from the same network (public Wi-Fi) as the Hidden OS.** + +- **When you do mount the Outer Volume from the Decoy OS, do not write any data within the Outer Volume. This could override what looks like empty space, but is in fact your Hidden OS. You should always mount it as read-only.** + +- **If you want to change the decoy content of the Outer Volume, you should use a Live OS USB Key that will run Veracrypt.** + +- **Note that you will not use the Hidden OS to perform sensitive activities, this will be done later from a VM within the Hidden OS. The Hidden OS is only meant to protect you from soft lawful adversaries that could gain access to your laptop and compel you to reveal your password.** + +- **Be careful of any tampering with your laptop. Evil-Maid Attacks can reveal your Hidden OS.** + +### Virtualbox on your Host OS: + +Remember [Appendix W: Virtualization]. + +This step and the following steps should be done from within the Host OS. This can either be your Host OS with simple encryption (Windows/Linux/macOS) or your Hidden OS with plausible deniability (Windows only). + +In this route, you will make extensive use of the free Oracle Virtualbox[^348] software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience). + +So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of security. Some of the reported issues[^349] have not been completely fixed to date[^350]. If you are using Linux, and you possess a bit more technical skill, you should consider using KVM instead by following the guide available at Whonix here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F) + +Some steps should be taken in all cases: + +**All your sensitive activities will be done from within a guest Virtual Machine running Windows 10/11 Pro (not Home this time), Linux, or macOS.** + +This has a few advantages that will help you remain anonymous: + +- It should prevent the guest VM OS (Windows/Linux/macOS), apps, and any telemetry within the VMs from accessing your hardware directly. Even if your VM is compromised by malware, the malware should not be able to access the Host OS and compromise your actual machine. + +- It will allow us to force all the network traffic from your VM to run through another Gateway VM that will direct all the traffic over the Tor Network. This is a network "kill switch". Your VM will lose its network connectivity completely and go offline if the target network VM loses its connection to the Tor Network. + +- The VM itself, which only has internet connectivity through a Tor Network Gateway, will connect to your cash-paid VPN service through Tor. + +- DNS Leaks will be impossible because the VM is on an isolated network that must go through Tor no matter what. + +### Pick your connectivity method: + +There are seven possibilities within this route: + +- **Recommended and preferred:** + + - **Use Tor alone (User > Tor > Internet)** + + - **Use VPN over Tor (User > Tor > VPN > Internet) in specific cases** + + - **Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) in specific cases** + +- Possible if required by context: + + - Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) + + - Use Tor over VPN (User > VPN > Tor > Internet) + +- Not recommended and risky: + + - Use VPN alone (User > VPN > Internet) + + - Use VPN over VPN (User > VPN > VPN > Internet) + +- **Not recommended and highly risky (but possible)** + + - No VPN and no Tor (User > Internet) + +![image23](media/image23.png) + +#### Tor only: + +This is the preferred and most recommended solution. + +![image24](media/image24.png) + +With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases. + +There is one main drawback tho: **Some services block/ban Tor Exit nodes outright and will not allow account creations from those.** + +To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section. + +#### VPN/Proxy over Tor: + +This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). + +This solution can be achieved in two ways: + +- Paid VPN over Tor (easiest) + +- Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas but requiring more skills with Linux) + +As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN/Proxy account connecting to their services from a Tor Exit node. + +![image25](media/image25.png) + +If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity. + +If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. + +**This solution however has one main drawback to consider: Interference with Tor Stream Isolation**[^351]. + +Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is: + +![image26](media/image26.png) + +(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) + +VPN/Proxy over Tor falls on the right-side[^352] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: + +- When your destination service does not allow Tor Exit nodes. + +- When you do not mind using a shared Tor circuit for various services. For instance, when using various authenticated services. + +**You should however consider not using this method when your aim is just to browse random various unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks easier over time for an adversary between each of your sessions (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). If your goal however is to use the same identity at each session on the same authenticated services, the value of Stream isolation is lessened as you can be correlated through other means.** + +You should also know that Stream Isolation is not necessarily configured by default on Whonix Workstation. It is only pre-configured for some applications (including Tor Browser). + +Also, note that Stream Isolation does not necessarily change all the nodes in your Tor circuit. It can sometimes only change one or two. In many cases, Stream Isolation (for instance within the Tor Browser) will only change the relay (middle) node and the exit node while keeping the same guard (entry) node. + +More information at: + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) + +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) + +#### Tor over VPN: + +You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, we would not necessarily recommend it: + +- Disadvantages: + + - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if required. We do not trust them. We prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. + + - This would result in you connecting to various services using the IP of a Tor Exit Node which is banned/flagged in many places. It does not help in terms of convenience. + +- Advantages: + + - **The main advantage is that if you are in a hostile environment where Tor access is impossible/dangerous/suspicious, but VPN is okay.** + + - This method also does not break Tor Stream isolation. + + - This also hides your Tor activities from your main ISP. + +Note, if you are having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges. See [Appendix X: Using Tor bridges in hostile environments]. + +It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). + +This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. + +Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route. + +Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity. + +#### VPN only: + +This route will not be explained nor recommended. + +**If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.** + +Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the second one will still know you were using that other first VPN service. This will only slightly delay your de-anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de-anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. + +For more info, please see the following references: + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) + +- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) + +- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) + +- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) + +**In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** + +#### No VPN/Tor: + +If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high. + +Just do not, it is not worth it and too risky. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes. + +Do not forget to check back on [Adversaries (threats)] and [Appendix S: Check your network for surveillance/censorship using OONI]. + +If you have absolutely no other option and still want to do something, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] **(at your own risk) and consider [The Tails route][The Tor Browser route:] instead.** + +#### Conclusion: + +| Connection Type | Anonymity | Ease of Access to online resources | Tor Stream isolation | Safer where Tor is suspicious/dangerous | Speed | Cost | Recommended | +|------------------------------------|-----------|------------------------------------|----------------------|-----------------------------------------|------------|---------------------------|--------------------------------------------------| +| Tor Alone | **Good** | **Medium** | **Possible** | **No** | **Medium** | **Free** | **Yes** | +| Tor over VPN | **Good+** | **Medium** | **Possible** | **Yes** | **Medium** | **Around 50€/y** | **If needed (Tor inaccessible)** | +| Tor over VPN over Tor | **Best** | **Medium** | **Possible** | **Yes** | **Poor** | **Around 50€/y** | **Yes** | +| VPN over Tor | **Good-** | **Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | +| Self-Hosted VPS VPN/Proxy over Tor | **Good-** | **Very Good** | **No** | **Yes** | **Medium** | **Around 50€/y** | **If needed (convenience)** | +| VPN/Proxy over Tor over VPN | **Good-** | **Good** | **No** | **Yes** | **Poor** | **Around 100€/y** | **If needed (convenience and Tor inaccessible)** | +| VPN/Proxy Alone | **Bad** | **Good** | **N/A** | **Yes** | **Good** | **Around 50€/y** | **No.** | +| No Tor and VPN | **Bad** | **Unknown** | **N/A** | **No** | **Good** | **Around 100€ (Antenna)** | **No.** | + +Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor is still the best solution for anonymity and must be somewhere for anonymity. + +- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. + + - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). + +- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** + +- If cost is an issue, we recommend the Tor Only option if possible. + +- If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +For more information, you can also see the discussions here that could help decide yourself: + +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) + +- Tails Documentation: + + - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) + + - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) + +- Whonix Documentation (in this order): + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) + +- Some papers on the matter: + + - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) + +### Getting an anonymous VPN/Proxy: + +**Skip this step if you want to use Tor only.** + +See [Appendix O: Getting an anonymous VPN/Proxy] + +### Whonix: + +**Skip this step if you cannot use Tor.** + +This route will use Virtualization and Whonix[^353] as part of the anonymization process. Whonix is a Linux distribution composed of two Virtual Machines: + +- The Whonix Workstation (this is a VM where you can conduct sensitive activities) + +- The Whonix Gateway (this VM will establish a connection to the Tor network and route all the network traffic from the Workstation through the Tor network). + +This guide will therefore propose two flavors of this route: + +- The Whonix only route where all traffic is routed through the Tor Network (Tor Only or Tor over VPN). + +![image27](media/image27.png) + +- A Whonix hybrid route where all traffic is routed through a cash (preferred)/Monero paid VPN over the Tor Network (VPN over Tor or VPN over Tor over VPN). + +![image28](media/image28.png) + +You will be able to decide which flavor to use based on my recommendations. We recommend the second one as explained before. + +Whonix is well maintained and has extensive and incredibly detailed documentation. + +#### A note on Virtualbox Snapshots: + +Later, you will create and run several Virtual Machines within Virtualbox for your sensitive activities. Virtualbox provides a feature called "Snapshots"[^354] that allow for saving the state of a VM at any point in time. If for any reason later you want to go back to that state, you can restore that snapshot at any moment. + +**I strongly recommend that you do make use of this feature by creating a snapshot after the initial installation/update of each VM. This snapshot should be done before its use for any sensitive/anonymous activity.** + +This will allow you to turn your VMs into a kind of disposable "Live Operating Systems" (like Tails discussed earlier). Meaning that you will be able to erase all the traces of your activities within a VM by restoring a Snapshot to an earlier state. Of course, this will not be "as good" as Tails (where everything is stored in memory) as there might be traces of this activity left on your hard disk. Forensics studies have shown the ability to recover data from a reverted VM[^355]. Fortunately, there will be ways to remove those traces after the deletion or reverting to an earlier snapshot. Such techniques will be discussed in the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide. + +#### Download Virtualbox and Whonix utilities: + +You should download a few things within the host OS: + +- The latest version of the Virtualbox installer according to your Host OS [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/wiki/Downloads) + +- (Skip this if you cannot use Tor natively or through a VPN) The latest Whonix OVA file from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Download) according to your preference (Linux/Windows, with a Desktop interface XFCE for simplicity or only with the text-client for advanced users) + +This will conclude the preparations and you should now be ready to start setting up the final environment that will protect your anonymity online. + +#### Virtualbox Hardening recommendations: + +For ideal security, you should follow the recommendations provided here for each Virtualbox Virtual Machine [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Virtualization_Platform_Security) : + +- Disable Audio. + +- Do not enable Shared Folders. + +- Do not enable 2D acceleration. This one is done running the following command ```VBoxManage modifyvm "vm-id" --accelerate2dvideo on|off``` + +- Do not enable 3D acceleration. + +- Do not enable the Serial Port. + +- Remove the Floppy drive. + +- Remove the CD/DVD drive. + +- Do not enable the Remote Display server. + +- Enable PAE/NX (NX is a security feature). + +- Disable Advanced Configuration and Power Interface (ACPI). This one is done running the following command ```VBoxManage modifyvm "vm-id" --acpi on|off``` + +- Do not attach USB devices. + +- Disable the USB controller which is enabled by default. Set the Pointing Device to "PS/2 Mouse" or changes will revert. + +Finally, also follow this recommendation to desync the clock you are your VM compared to your host OS [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Network_Time_Synchronization) + +This offset should be within a 60000-millisecond range and should be different for each VM and here are some examples (which can be later applied to any VM): + +- ```VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset -35017``` + +- ```VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset +27931``` + +- ```VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset -35017``` + +- ```VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931``` + +Also, consider applying these mitigations from VirtualBox to mitigate Spectre[^356]/Meltdown[^357] vulnerabilities by running this command from the VirtualBox Program Directory. All of these are described here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (be aware these can impact severely the performance of your VMs but should be done for best security). + +Finally, consider the security advice from Virtualbox themselves here [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/manual/ch13.html) + +### Tor over VPN: + +**Skip this step if you do not intend to use Tor over VPN and only intend to use Tor or cannot.** + +If you intend to use Tor over VPN for any reason. You first must configure a VPN service on your host OS. + +Remember that in this case, we recommend having two VPN accounts. Both paid with cash/Monero (see [Appendix O: Getting an anonymous VPN/Proxy]). One will be used in the Host OS for the first VPN connection. The other could be used in the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN). + +If you intend to only use Tor over VPN, you only need one VPN account. + +See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] for instructions. + +### Whonix Virtual Machines: + +**Skip this step if you cannot use Tor.** + +- Start Virtualbox on your Host OS. + +- Import Whonix file Into Virtualbox following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) + +- Start the Whonix VMs + +Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should consider connecting using Bridges as explained in this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges). + +- Update the Whonix VMs by following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Operating_System_Software_and_Updates) + +- Shutdown the Whonix VMs + +- Take a snapshot of the updated Whonix VMs within Virtualbox (select a VM and click the Take Snapshot button). More on that later. + +- Go to the next step + +**Important Note: You should also read these very good recommendations over there ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) **as most of those principles will also apply to this guide. You should also read their general documentation here ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **which will also provide tons of advice like this guide.** + +### Pick your guest workstation Virtual Machine: + +Using Whonix/Linux will require more skills on your side as these are Linux distributions. You will also encounter more difficulties if you intend to use specific software that might be harder to use on Whonix/Linux. Setting up a VPN over Tor on Whonix will also be more complicated than on Windows as well. + +#### If you can use Tor: + +You can decide if you prefer to conduct your sensitive activities from the Whonix Workstation provided in the earlier section **(highly recommended)** or from a Custom VM that will use the Whonix Gateway like the Whonix Workstation (less secure but might be required depending on what you intend to do). + +#### If you cannot use Tor: + +If you cannot use Tor, you can use a Custom VM of your choice that will ideally use an anonymous VPN, if possible, to then connect to the Tor network. Or you could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +### Linux Virtual Machine (Whonix or Linux): + +#### Whonix Workstation **(recommended and preferred)**: + +**Skip this step if you cannot use Tor.** + +Just use the provided Whonix Workstation VM. **It is the safest and most secure way to go on this route.** + +**It is also the only VM that will provide Stream Isolation pre-configured for most apps by default**[^358]**.** + +If you want additional software on the Workstation (such as another Browser), follow their guide here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) + +Consider running Whonix in Live Mode if for extra malware protection, See [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) + +Do not forget to apply the VM hardening recommendations here: [Virtualbox Hardening recommendations]. + +Consider using AppArmor on your Whonix Workstations by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) + +#### Linux (any distro): + +**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) + +##### If you can use Tor (natively or over a VPN): + +Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. + +Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. + +Consider hardening the VM as recommended in [Hardening Linux]. + +##### If you cannot use Tor: + +Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. You could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +##### Choose a browser within the VM: + +This time, we will recommend Brave browser. + +See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] + +See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. + +### Windows 10/11 Virtual Machine: + +**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) + +#### Windows 10 and 11 ISO download: + +Go with the Official Windows 10/11 Pro VM and harden it yourself: see [Appendix C: Windows Installation Media Creation][306] and go with the ISO route. + +#### If you can use Tor (natively or over a VPN): + +Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. + +##### Install: + +- Shut down the Whonix Gateway VM (this will prevent Windows from sending out telemetry and allow you to create a local account). + +- Open Virtualbox + +- Select Machine > New > Select Windows 10 or Windows 11 64bit + +- Allocate a minimum amount of 2GB for Windows 10 and 4GB for Windows 11 + +- Create a Virtual Disk using the VDI format and select Dynamically Allocated + +- Keep the disk size at 50GB for Windows 10 and 80GB for Windows 11 (this is a maximum; it should not reach that much) + +- Make sure PAE/NX is enabled in System > Processor + +- Select the VM and click Settings, Go into the Network Tab + +- Select "Internal Network" in the "Attached to" Field and select Whonix. + +- Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 + +- Click on "Choose a disk file" and select the Windows ISO you previously downloaded + +- Click ok and start the VM + +- Virtualbox will prompt you to either push a button to boot the ISO or ask you what to boot, select the ISO or click. + +- Follow the steps in [Appendix A: Windows Installation] + +- Start the Whonix Gateway VM + +##### Network Settings: + +- Back to your Windows + +- Windows 10: Go back into Settings then Network & Internet. Windows 11: Go into settings, click the upper left menu and pick "Network and Internet" + +- Windows 10: Click Properties (Below Ethernet). Windows 11: Click Ethernet + +- Windows 10: Edit IP settings. Windows 11: Edit IP assignment. + +- Windows 10: Enable IPv4 and set the following, Windows 11: Switch from DHCP to Manual and set the following: + + - IP address ```10.152.152.50``` (increase this IP by one for any other VM) + + - Subnet prefix length ```18``` (```255.255.192.0```) + + - Gateway ```10.152.152.10``` (this is the Whonix Gateway) + + - (Windows 10) DNS ```10.152.152.10``` (this is again the Whonix Gateway) + + - (Windows 11) exit the IP assignment and select DNS server assignment and set it to ```10.152.152.10``` (this is again the Whonix Gateway) + + - Save + +- Windows might prompt you if you want to be "discoverable" on this network. Click NO. Always stay on a "public network" if prompted. + +**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** + +#### If you cannot use Tor: + +See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +##### Install: + +- Open Virtualbox + +- Select Machine > New > Select Windows 10 or 11 64bit + +- Allocate a minimum amount of 4GB of RAM for 11 , 2GB of RAM for 10. + +- Create a Virtual Disk using the VDI format and select Dynamically Allocated + +- In the System/Processor tab, make sure PAE/NX is enabled. + +- Keep the disk size at 80GB for 11, 50GB for 10 (this is a maximum; it should not reach that much) + +- Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 + +- Click on "Choose a disk file" and select the Windows ISO you previously downloaded + +- Click ok and start the VM + +- Virtualbox will prompt you to either push a button to boot the ISO or ask you what to boot, select the ISO or click. + +- Follow the steps in [Appendix A: Windows Installation] + +##### Network Settings: + +- Windows will prompt you if you want to be discoverable on this network. Click NO. + +**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** + +#### Choose a browser within the VM: + +This time, we will recommend Brave browser. + +See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] + +See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. + +#### Additional Privacy settings in Windows 10/11: + +See [Appendix B: Windows Additional Privacy Settings] + +### Android Virtual Machine: + +Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network connectivity. But this can also be set up as VPN over Tor over VPN + +#### If you can use Tor (natively or over a VPN): + +Later in the VM settings during creation, go into Network and select Internal Network, Whonix. + +Then on Android itself: + +- Select Wi-Fi + +- Select VirtWifi to connect + +- Go into the advanced Wi-Fi properties + +- Switch from DHCP to Static + + - IP address ```10.152.152.50``` (increase this IP by one for any other VM) + + - Subnet prefix length ```18``` (```255.255.192.0```) + + - Gateway ```10.152.152.10``` (this is the Whonix Gateway) + + - DNS ```10.152.152.10``` (this is again the Whonix Gateway) + +#### If you cannot use Tor: + +Just use the tutorials as is and see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +#### Installation: + +Two possibilities: AnBox or Android-x86 + +Personally, We would recommend AnBox over Android-x86 but it requires Linux + +##### AnBox: + +Basically follow the tutorial here for installing AnBox on the Whonix Workstation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) for running Android Applications within an AnBox VM. + +Or follow the instructions here to install on any other VM **(Linux Only)** + +##### Android-x86: + +Basically, follow the tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html) + +- Download the ISO file of your choice + +- Create a New VM. + +- Select Linux and Linux 2.6 / 3.x / 4.x 64 Bit. + +- In System: + + - Allocate at least 2048MB (2GB) memory + + - Uncheck the Floppy drive + + - In the Processor Tab, select at least 1 or more CPUs + + - Enable PAE/NX + +- In Display Settings, Change the adapter to VBoxVGA + +- In Audio Settings, Change to Intel HD Audio + +- Start the VM + +- Select Advanced if you want persistence, Live if you want a disposable Boot (and skip the next steps). + +- Select Auto Install on Selected Hard Disk + +- Select Run Android + +- Set up as you wish (disable all prompts for data collections). **I recommend using the TaskBar Home.** + +- Go into Settings, Android-x86 Options, and disable all collections. + +- Connect to VirtWifi Wi-Fi Network **(see the above section if you are behind Whonix and want to use Tor)** + +You are now done and can now install any Android app. + +### macOS Virtual Machine: + +Yes, you can actually run macOS within Virtualbox (on Windows/Linux/macOS host systems) if you want to use macOS. You can run any version of macOS you want. + +#### If you can use Tor (natively or over a VPN): + +During the following tutorials, before starting the macOS VM, make sure you do put the macOS VMs on the Whonix Network. + +- Select the VM and click Settings, Go into the Network Tab + +- Select "Internal Network" in the "Attached to" Field and select Whonix + +Afterward, and during the install, you will need to input an IP address manually to connect through the Whonix Gateway. + +Use these settings when prompted in the macOS installation process: + +- IP address ```10.152.152.50``` (increase this IP by one for any other VM) + +- Subnet prefix length ```18``` (```255.255.192.0```) + +- Gateway ```10.152.152.10``` (this is the Whonix Gateway) + +- DNS ```10.152.152.10``` (this is again the Whonix Gateway) + +#### If you cannot use Tor: + +Just use the tutorials as is and see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +#### Installation: + +- Windows Host OS: + + - Virtualbox Catalina Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/) + + - Virtualbox Big Sur Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/) + + - Virtualbox Monterey Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-monterey-on-virtualbox/) + +- macOS Host OS: + + - Just use the same tutorials as above but execute the various commands in the terminal. It should work without issue. + +- Linux Host OS: + + - Just use the same tutorials as above but execute the various commands in the terminal. It should work without issue. + +There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage...) without a genuine ID. You can set such IDs using this script: [[Archive.org]](https://web.archive.org/web/https://github.com/myspaghetti/macos-virtualbox) but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal). + +Note: We also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configurationWeused which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead: + +- ```VBoxManage modifyvm "macOSCatalina" ---cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff``` + +- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBookPro15,1" ``` + +- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-551B86E5744E2388"``` + +- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"``` + +- ```VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1``` + +- ```VBoxManage modifyvm "macOSCatalina" --cpu-profile "Intel Core i7-6700K"``` + +- ```VBoxManage setextradata "macOSCatalina" VBoxInternal2/EfiGraphicsResolution 1920x1080``` + +#### Hardening macOS: + +Refer to [Hardening macOS]. + +#### Choose a browser within the VM: + +This time, we will recommend Brave browser. + +See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] + +See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. + +### KeepassXC: + +You will need something to store your data (logins/passwords, identities, and TOTP[^359] information). + +For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^360] authentication with the authenticator feature. + +Remember this should ideally be installed on your Guest VM and not on your Host OS. You should never do any sensitive activities from your Host OS. + +Here are the tutorials: + +- Tails: KeePassXC is integrated by default + +- Whonix: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Keepassxc) + +- Linux: + + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) + + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) + +- Windows: + + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) + + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) + +- macOS: + + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) + + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) + +Test that KeePassXC is working before going to the next step. + +### VPN client installation (cash/Monero paid): + +**If you decided to not use a cash-paid VPN and just want to use Tor, skip this step.** + +**If you cannot use a VPN at all in a hostile environment, skip this step.** + +Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] to install a VPN client on your client VM. + +This should conclude the Route and you should now be ready. + +#### About VPN Client Data Mining/Leaks: + +You might be asking yourself if those VPN clients are trustworthy not to leak any information about your local environment to the VPN provider when using them in the "VPN over Tor" context. + +This is a valid concern but should be taken with a grain of salt. + +Remember that all VPN activities are happening from a sandboxed VM on an internal network behind a Network Gateway (the Whonix Gateway). It does not matter much if the VPN client leaves some identifiers on your guest VM. The guest VM is still sandboxed and walled-off from the Host OS. The attack surface is small especially when using the reputable and recommended VPN providers within the guides (iVPN, Mullvad, Proton VPN, and maybe Safing.io). + +At best, the VPN client would know your local IP (internal IP) and some randomized identifiers but should not be able to get anything from the Host OS. And in theory, the VPN client should not send any telemetry back to the VPN provider. If your VPN client does this or asks this, you should consider changing the provider. + +### (Optional) VM kill switch: + +This step will allow you to configure your Host OS so that only the Whonix Gateway VM will have access to the internet. This will therefore prevent any "leak" from your Host OS while letting the Whonix Gateway establish the tor connectivity. The other VMs (Whonix Workstation or any other VM you installed behind it will not be affected) + +There are three ways to do this: + +- The Lazy Way (not really recommended): not supported by Whonix and might have some security implications as you will expose the Whonix Gateway VM to the Public Wi-Fi network. We would recommend against this unless you are in a hurry or very lazy. + + - **This method will not work with Wi-Fi captive portals requiring any registration to connect.** + +- The Better Way (see further down): still not supported by Whonix but it will not expose the Whonix Gateway VM to the Public Wi-Fi network. This should keep things in check in terms of security. + +- The Best Way: Using an external USB Wi-Fi dongle and just disabling Wi-Fi on the Host OS/Computer. + +#### The Lazy Way (**not supported by Whonix** but it will work if you are in a hurry, see further for the better way): + + +**This way is not supported by the Whonix project**[^361] but I will go ahead and give this option anyway. This is helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs. + +**Note that this option as-is will only work on Wi-Fis without a captive portal (where you must enter some information to unlock access).** + +The illustration below shows the result of this step: + +![image29](media/image29.png) + +##### Configuration of the Whonix Gateway VM: + +For this to work, we will need to change some configurations on the Whonix Gateway VM. we will need to add a DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will still have to have internet access allowed for now. + +So here is how: + +- Be sure to have your Host OS connected to a safe Wi-Fi. + +- Through VirtualBox, start the Whonix Gateway VM + +- Start a Terminal on the VM + +- Install a DHCP client on the Whonix Gateway VM using the following command: + + - ```sudo apt install dhcpcd5``` + +- Now edit the Whonix Gateway VM network configuration using the following command: + + - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` + +- Within the file change the following lines: + + - ```# auto eth0``` to ```auto eth0``` + + - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` + + - ```iface eth0 inet static``` to ```# iface eth0 inet static``` + + - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` + + - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` + + - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` + +- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu + +- Go into the VirtualBox Application and select the Whonix Gateway VM + +- Click Settings + +- Click the Network Tab + +- For Adapter 1, change the "Attached To" value from "NAT" to "Bridged Adapter" + +- As "Name", select your Wi-Fi network Adapter + +- Click OK and you are done with the VM configuration part + +##### Configuration of the Host OS: + +Now you must block internet access from your Host OS while still allowing the VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi association to get an IP address. + +###### Windows Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open an administrative command prompt (right-click on Command Prompt and Run as Administrator) + +- Run the following command: ```route delete 0.0.0.0``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +###### Linux Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open a Terminal + +- Run the following command: ```sudo ip route del default``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +###### macOS Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open a Terminal + +- Run the following command: ```sudo route delete default``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the Whonix Gateway VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +#### The Better Way (recommended): + +This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive Portal where you need to enter some information to access the internet. + +Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. + +This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge. + +For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. + +Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. + +Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. + +This is how it will look at the end: + +![image30](media/image30.png) + +##### Installing XUbuntu VM: + +XUbuntu was picked due the performance of XFCE. + +Make sure you are connected to a safe Wi-Fi for this operation. + +First, you will need to download the latest XUbuntu Stable release ISO from + +When you are done with the download, it is time to create a new VM: + +- Start VirtualBox Manager + +- Create a new VM and name it as you want, for example, "XUbuntu Bridge" + +- Select type "Linux" + +- Select Version "Ubuntu (64-bit)" + +- Leave other options to default and click Create + +- On the next screen, leave the default options and click Create + +- Select the newly create VM and click Settings + +- Select Network + +- For Adapter 1, Switch to Bridged Mode and pick your Wi-Fi adapter in the Name + +- Select Adapter 2 and enable it + +- Attach it to "Internal Network" and name it "XUbuntu Bridge" + +- Select Storage + +- Select the Empty CD drive + +- On the right side, click the CD icon and select "Choose a disk file" + +- Select the ISO of XUbuntu you previously downloaded and Click Ok + +- Start the VM + +- Select Start XUbuntu + +- Select Install XUbuntu + +- Pick your Keyboard Layout and click Continue + +- Select Minimal Installation and Download Updates while installing XUbuntu + +- Select Erase Disk and install XUbuntu and click Install Now + +- Select the Time Zone of your choice and click Continue + +- Pick some random names unrelated to you (my favorite username is "NoSuchAccount") + +- Pick a password and require a password to login + +- Click Continue and wait for the install to finish and Restart + +- When you are done rebooting, log-in + +- Click the upper right connection icon (it looks like two rotating spheres) + +- Click Edit Connections + +- Select Wired Connection 2 (Adapter 2 previously configured in VirtualBox settings) + +- Select the IPv4 Tab + +- Change the Method to "Shared to other computers" and click Save + +- You are now done setting up the XUbuntu Bridge VM + +##### Configuring the Whonix Gateway VM: + +By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you configured earlier: + +- Through VirtualBox, start the Whonix Gateway VM + +- Start a Terminal on the VM + +- Install a DHCP client on the Whonix Gateway VM using the following command: + + - ```sudo apt install dhcpcd5``` + +- Now edit the Whonix Gateway VM network configuration using the following command: + + - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` + +- Within the file change the following lines: + + - ```# auto eth0``` to ```auto eth0``` + + - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` + + - ```iface eth0 inet static``` to ```# iface eth0 inet static``` + + - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` + + - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` + + - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` + +- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu + +- Go into the VirtualBox Application and select the Whonix Gateway VM + +- Click Settings + +- Click the Network Tab + +- For Adapter 1, change the "Attached To" value from "NAT" to "Internal Network" + +- As "Name", select the internal network "XUbuntu Bridge" you created earlier and click OK + +- Reboot the Whonix Gateway VM + +- From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should be) + +- You are done configuring the Whonix Gateway VM + +##### Configuration of the Host OS: + +Now you must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will then use your Wi-fi association to get an IP address. + +If necessary, from the XUbuntu Bridge VM, you will be able to launch a Browser to enter information into any captive/registration portal on the Wi-Fi network. + +Only the XUbuntu Bridge VM should be able to access the internet. The Host OS will be limited to local traffic only. + +###### Windows Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open an administrative command prompt (right-click on Command Prompt and Run as Administrator) + +- Run the following command: ```route delete 0.0.0.0``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. + +- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +###### Linux Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open a Terminal + +- Run the following command: ```sudo ip route del default``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. + +- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +###### macOS Host OS: + +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: + +- First, connect to the safe Wi-Fi of your choice + +- Open a Terminal + +- Run the following command: ```sudo route delete default``` (this deletes the Gateway from your IP configuration) + +- You are done, your Host OS will now be unable to access the internet while still connected to the Wi-Fi + + - Note that this will reset at each disconnect/reconnection to a network, and you will have to delete the route again. This is not permanent. + +- You can now start the XUbuntu Bridge VM which should now obtain an IP automatically from the Wi-Fi network and should provide Network to the other VMs behind (Whonix Workstation or other). + +- If necessary, you can use the XUbuntu Bridge VM Browser to fill in any information on any captive/registration portal to access the Wi-Fi. + +- After that, you can start the Whonix Gateway VM which should obtain the Internet Connection from the XUbuntu Bridge VM. + +- And finally, after that, you can start the Whonix Workstation VM (or any other VM you configured to work behind the Whonix Gateway VM) and it should be connected to the internet through Tor. + +#### The best way: + +This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive Portal where you need to enter some information to access the internet. Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. This option is the best because the network will be completely disabled on the Host OS from booting up. + +This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi network. **This option requires a working USB Wi-Fi Dongle that will be passed through to a bridge VM.** + +For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. + +Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. + +Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu. + +This is how it will look at the end: + +![image31](media/image31.png) + +##### Configuration of the Host OS: + +- Disable Networking on your Host OS completely (Turn off the on-board Wi-Fi completely) + +- Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public Wi-Fi. This should be easy and automatically installed by any recent OS (Windows 10/11, macOS, Linux). + +##### Configuring the Whonix Gateway VM: + +By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you will configure later, on a Bridge VM: + +- Through VirtualBox, start the Whonix Gateway VM + +- Start a Terminal on the VM + +- Install a DHCP client on the Whonix Gateway VM using the following command: + + - ```sudo apt install dhcpcd5``` + +- Now edit the Whonix Gateway VM network configuration using the following command: + + - ```sudo nano /etc/network/interfaces.d/30_non-qubes-whonix``` + +- Within the file change the following lines: + + - ```# auto eth0``` to ```auto eth0``` + + - ```# iface eth0 inet dhcp``` to ```iface eth0 inet dhcp``` + + - ```iface eth0 inet static``` to ```# iface eth0 inet static``` + + - ``` address 10.0.2.15``` to ```# address 10.0.2.15``` + + - ``` netmask 255.255.255.0``` to ```# netmask 255.255.255.0``` + + - ``` gateway 10.0.2.2``` to ```# gateway 10.0.2.2``` + +- Save (using Ctrl+X and confirm with Y) and power off the VM from the top left menu + +##### Installing XUbuntu VM: + +Make sure you are connected to a safe Wi-Fi for this operation. + +First, you will need to download the latest XUbuntu Stable release ISO from + +When you are done with the download, it is time to create a new VM: + +- Disconnect your host OS from the Wi-Fi you previously connected to with the dongle and forget the network. + +- Start VirtualBox Manager + +- Create a new VM and name it as you want, for example, "XUbuntu Bridge" + +- Select type "Linux" + +- Select Version "Ubuntu (64-bit)" + +- Leave other options to default and click Create + +- On the next screen, leave the default options and click Create + +- Select the newly create VM and click Settings + +- Select Network + +- For Adapter 1, Attach it to "Internal Network" and name it "XUbuntu Bridge" + +- Select Storage + +- Select the Empty CD drive + +- On the right side, click the CD icon and select "Choose a disk file" + +- Select the ISO of XUbuntu you previously downloaded and Click Ok + +- Select the USB Tab + +- On the right side, click the USB icon with a + sign (the second from the top) + +- Select the Wi-Fi Adapter Dongle from the list and make sure it is checked (leave the USB options to default) + +- Start the VM + +- Select Start XUbuntu + +- Select Install XUbuntu + +- Pick your Keyboard Layout and click Continue + +- Select Minimal Installation and do not check the Download Updates during the install option + +- Select Erase Disk and install XUbuntu and click Install Now + +- Select the Time Zone of your choice and click Continue + +- Pick some random names unrelated to you (my favorite username is "NoSuchAccount") + +- Pick a password and require a password to login + +- Click Continue and wait for the install to finish and Restart + +- When you are done rebooting, log-in + +- Click the upper right connection icon (it looks like two rotating spheres) + +- Click Edit Connections + +- Select Wired Connection 1 (normally there should only be one) + +- Select the IPv4 Tab + +- Change the Method to "Shared to other computers" and click Save + +- Again, click the upper right connection icon + +- Connect to the safe Wi-Fi of your choice and if necessary, input the necessary information into a Captive Portal. + +- You are now done setting up the XUbuntu Bridge VM + +At this stage, your Host OS should have no network at all and your XUbuntu VM should have a fully working Wi-Fi connection and this Wi-Fi connection will be shared to the Internal Network "XUbuntu Bridge". + +##### Additional configuration of the Whonix Gateway VM: + +Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM you just made on the earlier step: + +- Go into the VirtualBox Application and select the Whonix Gateway VM + +- Click Settings + +- Click the Network Tab + +- For Adapter 1, change the "Attached To" value from "NAT" to "Internal Network" + +- As "Name", select the internal network "XUbuntu Bridge" you created earlier and click OK + +- Reboot the Whonix Gateway VM + +- From the upper left menu, select System, Tor Control Panel, and check that you are connected (you should be) + +- You are done configuring the Whonix Gateway VM + +At this stage, your Whonix Gateway VM should be getting internet access from the XUbuntu Bridge VM which in turn is getting internet access from the Wi-Fi Dongle and sharing it. Your Host OS should have no network connectivity at all. + +All the VMs behind the Whonix Gateway should now work fine without additional configuration. + +### Final step: + +**Take a post-install VirtualBox snapshot of your VMs.** + +You are done and can now skip the rest to go to the [Getting Online][Getting Online:] part. + +## The Qubes Route: + +**Note that the guide has been updated to Qubes OS 4.1** + +As they say on their website, Qubes OS is a reasonably secure, free, open-source, and security-oriented operating system for single-user desktop computing. Qubes OS leverages and extensively uses Xen-based virtualization to allow for the creation and management of isolated compartments called Qubes. + +Qubes OS is not a Linux distribution[^362] but a Xen distribution. It is different from Linux distributions because it will make extensive use of Virtualization and Compartmentalization so that any app will run in a different VM (Qube). As a bonus, Qubes OS integrates Whonix by default and allows for increased privacy and anonymity. It is highly recommended that you document yourself over Qubes OS principles before going this route. Here are some recommended resources: + +- Qubes OS Introduction, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/intro/) + +- Qubes OS Video Tours, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/video-tours/) + +- Qubes OS Getting Started, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/getting-started/) + +- YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation [[Invidious]](https://yewtu.be/watch?v=8cU4hQg6GvU) + +- YouTube, We used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]](https://yewtu.be/watch?v=sbN5Bz3v-uA) + +- YouTube, Qubes OS: How it works, and a demo of this VM-centric OS [[Invidious]](https://yewtu.be/watch?v=YPAvoFsvSbg) + +This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org. + +Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements [[Archive.org]](https://yewtu.be/watch?v=sbN5Bz3v-uA), the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. + +The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require and allocate a certain amount of memory that will not be available for other apps. If you are running native Windows apps within Qubes OS Qubes, the ram overhead will be significant. + +You should also check their hardware compatibility here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/hcl/) before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself. + +I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide [plausible deniability](https://en.wikipedia.org/wiki/Plausible_deniability) [[Wikiless]](https://wikiless.org/wiki/Plausible_deniability), unlike the Whonix route. + +### Pick your connectivity method: + +There are seven possibilities within this route: + +- **Recommended and preferred:** + + - **Use Tor alone (User > Tor > Internet)** + + - **Use VPN over Tor (User > Tor > VPN > Internet) in specific cases** + + - **Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor > Self-Hosted VPN/Proxy > Internet) in specific cases** + +- Possible if required by context: + + - Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) + + - Use Tor over VPN (User > VPN > Tor > Internet) + +- Not recommended and risky: + + - Use VPN alone (User > VPN > Internet) + + - Use VPN over VPN (User > VPN > VPN > Internet) + +- **Not recommended and highly risky (but possible)** + + - No VPN and no Tor (User > Internet) + +![image23](media/image23.png) + +#### Tor only: + +This is the preferred and most recommended solution. + +![image32](media/image32.png) + +With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases. + +There is one main drawback tho: **Some services block/ban Tor Exit nodes outright and will not allow account creations from those.** + +To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section. + +#### VPN/Proxy over Tor: + +This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). + +This solution can be achieved in two ways: + +- Paid VPN over Tor (easiest) + +- Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in avoiding online obstacles such as captchas but requiring more skills with Linux) + +As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN account connecting to their services from a Tor Exit node. + +![image33](media/image33.png) + +If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity. + +If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi. + +**This solution however has one main drawback to consider: Interference with Tor Stream Isolation**[^364]. + +Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is: + +![image26](media/image26.png) + +(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) + +VPN/Proxy over Tor falls on the right-side[^365] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: + +- When your destination service does not allow Tor Exit nodes. + +- When you do not mind using a shared Tor circuit for various services. For instance for using various authenticated services. + +**You should however consider not using this method when your aim is just to browse random various unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks easier for an adversary between each of your sessions (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]).** + +More information at: + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) + +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) + +#### Tor over VPN: + +You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? + +- Disadvantages + + - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if needed. We do not trust them. Prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. + + - This would result in you connecting to various services using the IP of a Tor Exit Node which is banned/flagged in many places. It does not help in terms of convenience. + +- Advantages: + + - **The main advantage is that if you are in a hostile environment where Tor access is impossible/dangerous/suspicious, but VPN is okay.** + + - This method also does not break Tor Stream isolation. + +Note, if you're having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). + +It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). + +This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. + +Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route. + +Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity. + +#### VPN only: + +This route will not be explained nor recommended. + +**If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.** + +Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the second one will still know you were using that other first VPN service. This will only slightly delay your de-anonymization. Yes, it is an added layer ... but it is a persistent centralized added layer, and you can be de-anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests. + +For more info, please see the following references: + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) + +- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) + +- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) + +- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) + +**In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** + +#### No VPN/Tor: + +If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high. + +Just do not, it is not worth it and too risky. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes. + +Do not forget to check back on [Adversaries (threats)] and [Appendix S: Check your network for surveillance/censorship using OONI]. + +If you have absolutely no other option and still want to do something, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] **(at your own risk).** + +#### Conclusion: + +| Connection Type | Anonymity | Ease of Access to online resources | Tor Stream isolation | Safer where Tor is suspicious/dangerous | Speed | Cost | Recommended | +|------------------------------------|-----------|------------------------------------|----------------------|-----------------------------------------|------------|---------------------------|--------------------------------------------------| +| Tor Alone | **Good** | **Medium** | **Possible** | **No** | **Medium** | **Free** | **Yes** | +| Tor over VPN | **Good+** | **Medium** | **Possible** | **Yes** | **Medium** | **Around 50€/y** | **If needed (Tor inaccessible)** | +| Tor over VPN over Tor | **Best** | **Medium** | **Possible** | **Yes** | **Poor** | **Around 50€/y** | **Yes** | +| VPN over Tor | **Good-** | **Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | +| Self-Hosted VPS VPN/Proxy over Tor | **Good-** | **Very Good** | **No** | **No** | **Medium** | **Around 50€/y** | **If needed (convenience)** | +| VPN/Proxy over Tor over VPN | **Good-** | **Good** | **No** | **Yes** | **Poor** | **Around 100€/y** | **If needed (convenience and Tor inaccessible)** | +| VPN/Proxy Alone | **Bad** | **Good** | **N/A** | **Yes** | **Good** | **Around 50€/y** | **No** | +| No Tor and VPN | **Bad** | **Unknown** | **N/A** | **No** | **Good** | **Around 100€ (Antenna)** | **No. At your own risk.** | + +Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor remains the best solution for anonymity and must be somewhere for anonymity. + +- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. + + - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). + +- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** + +- If cost is an issue, we recommend the Tor Only option if possible. + +- If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +For more information, you can also see the discussions here that could help decide yourself: + +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) + +- Tails Documentation: + + - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) + + - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) + +- Whonix Documentation (in this order): + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) + + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) + +- Some papers on the matter: + + - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) + +### Getting an anonymous VPN/Proxy: + +**Skip this step if you want to use Tor only or VPN is not an option.** + +See [Appendix O: Getting an anonymous VPN/Proxy] + +### Note about Plausible Deniability: + +Qubes OS uses LUKS for full disk encryption and it is technically possible to achieve a form of deniability by using detached LUKS headers. This is not yet integrated into this guide but you will find an evolving tutorial on how to achieve this here: and some more background information within the Linux Host OS section (see [Note about plausible deniability on Linux]). + +### Installation: + +You will follow the instructions from their own guide [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/installation-guide/): + +(Secure Boot is not supported as per their FAQ: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) so it should be disabled in the BIOS/UEFI settings.) + +- Download the latest Qubes OS 4.1.x installation ISO according to their hardware compatibility list. + +- Get and verify the Qubes OS Master Signing key: + +- Prepare a USB key with the Qubes OS ISO file + +- Install Qubes OS according to the installation guide: + + - **If you want to use Tor or VPN over Tor: Check the** "**Enabling system and template updates over the Tor anonymity network using Whonix" during the last step. This will force all Qubes OS updates to go through Tor. While this will significantly reduce your update speed, it will increase your anonymity from the start.** (If you are having issues connecting to Tor due to censorship or blocking, consider using Tor Bridges as recommended earlier. Just follow the tutorial provided here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)) + + - If you want to use Tor over VPN or cannot use any of those, leave it unchecked. + + - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/). Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though you know you are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. + +- If you are prevented from using Tor, there is no point in installing the Whonix VM templates. You can disable Whonix installation during the post-installation, initial setup wizard. + +To be sure your Qubes ISO hasn't been tampered with, you should get the Qubes master key fingerprint from multiple different sources. This guide can be used as one source. + +The Qubes master signing key fingerprint should match `427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494`. + +*Remember to read the guide to verifying signatures on the Qubes website: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/).* + +### Lid Closure Behavior: + +Unfortunately, Qubes OS does not support hibernation[^366] which is an issue regarding cold-boot attacks. To mitigate those, I highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features. + +### Anti Evil Maid (AEM): + +**Warning**, this step only works with Intel CPUs, a legacy BIOS, TPM 1.2. If you do not meet those requirements, skip this step. + +Anti Evil Maid is an implementation of a TPM-based static trusted boot with a primary goal to prevent Evil Maid attacks. Installing and using AEM requires attaching a USB drive directly to dom0. So the user must make a choice between protecting dom0 from a potentially malicious USB drive, and protecting the system from Evil Maid attacks. Note that AEM is only compatible with Intel CPUs and Legacy boot options. + +The preference for mitigating any evil maid attack is to maintain physical control of your device at all times. If that is not possible, then this might be relevant to your threat model. + +Before deciding to use this system, please read [Appendix B4: Important notes about evil-maid and tampering] + +See the following links for more details and installation instructions: + +- [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/anti-evil-maid/) + +- [[Archive.org]](https://web.archive.org/web/https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html) + +- [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) + +### Connect to a Public Wi-Fi: + +Remember this should be done from a safe place (see [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:] and [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]): + +- In the upper right corner, Left-click the network icon and note the Wi-Fi SSID you want to connect to + +- Now right-click the network icon and select Edit Connections + +- Add one using the + sign + +- Select Wi-Fi + +- Enter the SSID of the desired network you noted before (if needed) + +- Select Cloned Mac Address + +- Select Random to randomize your Mac Address + + - **Warning: This setting should work in most cases but can be unreliable on some network adapters. Please refer to this documentation if you want to be sure: ** [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md) + +- Save + +- Now again Left-click the connection account and connect to the desired Wi-Fi + +- If this is an Open Wi-Fi requiring registration: You will have to start a browser to register + + - After you are connected, Start a Disposable Fedora Firefox Browser + + - Go into the upper left Menu + + - Select Disposable, Fedora, Firefox + + - Open Firefox and register (anonymously) into the Wi-Fi + +### Upgrading Qubes OS from 4.0.x to 4.1.x (you should do it) + +Personally, we wouldn't do it in-place and do a fresh install. + +But if you really want to, it's technically possible by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/) + +### Updating Qubes OS: + +After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You must keep Qubes OS always updated before conducting any sensitive activities. Especially your Browser VMs. Normally, Qubes OS will warn you about updates in the upper right corner with a gear icon. As this might take a while in this case due to using Tor, you can force the process by doing the following: + +- Click the upper left Applications icon + +- Select Qubes Tools + +- Select Qubes Update + +- Check the "Enable updates for Qubes without known available updates" + +- Select all the Qubes + +- Click Next and wait for updates to complete + +- If you checked the Tor option during install, be patient as this might take a while over Tor + +### Upgrading Whonix from version 15 to version 16: + +Again, you should really do this ASAP. We would use a fresh install but it's technically possible to do it in-place, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16) + +Follow the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/Install). *If you're running Qubes 4.1.x, this is already done for you.* + +### Hardening Qubes OS: + +**Disclaimer: This section is under construction and will be worked on heavily in the next releases. This section is for more advanced users.** + +#### Application Sandboxing: + +While Qubes OS is already sandboxing everything by design, it is also useful to consider sandboxing apps themselves using AppArmor or SELinux. + +##### AppArmor: + +"AppArmor is a Mandatory Access Control framework. When enabled, AppArmor confines programs according to a set of rules that specify what files a given program can access. This initiative-taking approach helps protect the system against both known and unknown vulnerabilities" (Debian.org). + +Basically, AppArmor[^367] is an application sandboxing system. By default, it is not enabled but supported by Qubes OS. + +- About the Fedora VMs: + + - Fedora does not use AppArmor but rather SELinux so see the next section for that. + +- About the Debian VMs: + + - Head out and read [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) + +- About any other Linux VM: + + - Head out and read: + + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/AppArmor) + + - [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) + +- About the Whonix VMs, you should consider enabling and using AppArmor, especially on the Whonix VMs of Qubes OS: + + - First, you should head out and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) + + - Secondly, you should head out again and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) + +##### SELinux: + +SELinux[^368] is similar to AppArmor. The differences between SELinux and AppArmor are technical details into which we will not get. + +Here is a good explanation of what it is: [[Invidious]](https://yewtu.be/watch?v=_WOKRaM-HI4) + +In this guide and the context of Qubes OS, it is important to mention it as it is the recommended method by Fedora which is one of the default systems on Qubes OS. + +So, head out and read [[Archive.org]](https://web.archive.org/web/https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/) + +You could make use of SELinux on your Fedora Templates. But this is up to you. Again, this is for advanced users. + +### Setup the VPN ProxyVM: + +**Skip this step if you do not want to use a VPN and just use Tor only or if VPN is not an option either.** + +This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or Proton VPN for instance). + +This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md)). If you are familiar with this process, you can follow their tutorial. + +Alternatively, Mullvad also have a help article that guides you through setting up a Proxy VM [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/). + +#### Create the ProxyVM: + +- Click the Applications icon (upper left corner) + +- Click Create Qubes VM + +- Name and label as you wish: I suggest "VPNGatewayVM" + +- Select Type: Standalone Qube copied from a template + +- Select Template: Debian-11 (the default) + +- Select Networking: + + - Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) + + - Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN + +- Advanced: Check provides network + +- Check "Start Qube automatically on boot" + +- Create the VM + + - If you are going for VPN over Tor, you need to go into the settings of the ProxyVM you made and select "sys-vpn" for networking. + - An easier way to setup your ProxyVM is to simply run a VPN client on the ProxyVM. + - Usually when you connect to your VPN provider's website, it'll tell you whether your traffic is being properly routed through the VPN. + + - If you are going for Tor over VPN, the opposite should be done, the ProxyVM should have its networking set as "sys-tor" and the "sys-tor" VM should have "sys-vpn" for its networking. + - Test the VM connectivity to the internet by launching a Browser within the ProxyVM. Visit [[Archive.org]](https://web.archive.org/web/https://check.torproject.org/) (It should say you are connected to Tor) + +#### Download the VPN configuration from your cash/Monero paid VPN provider: + +##### If you can use Tor: + +**Using Tor Browser (be careful not to use any Clearnet Browser for this),** download the necessary OpenVPN configuration files for Linux from your VPN provider. + +This can be done by using the Qubes OS integrated Tor Browser by accessing the Applications icon (upper left corner) and selecting the Disposable Tor Browser application. + +##### If you cannot use Tor: + +Launch a browser from a DisposableVM and download the necessary OpenVPN configuration files for Linux from your VPN provider. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option.][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +When you are done downloading the configuration files within the Disposable Browser (usually a zip file), copy them to your ProxyVM VPN Gateway machine (using right-click on the file and send to another AppVM). + +#### Configure the ProxyVM: + +**Skip this step if you are not going to use a VPN** + +- Click the upper left corner + +- Select the VPN VM you just created + +- Open the Files of the VPN VM + +- Go into "Qubesincoming" > dispXXXX (This was your Disposable Browser VM) + +- Double Click your downloaded zip file containing your OpenVPN configuration files to unzip it + +- Now select the VPN VM again and start a terminal + +- Install OpenVPN with the following command ```sudo apt-get install openvpn``` + +- Copy all the OpenVPN configuration files provided by your VPN provider in /etc/openvpn/ + +- For all the OpenVPN configuration files (for each location): + + - Edit each file using ```sudo nano configfile``` (do not forget sudo to edit the file within /etc) + + - Change the protocol from "udp" to "tcp" (Tor does not support UDP) + + - Change the port to a supported (by your VPN provider) TCP port (like 80 or 443) + + - Save and exit each file + +- Edit the OpenVPN config file (/etc/default/openvpn) by typing ```sudo nano /etc/default/openvpn``` + + - Change ```#AUTOSTART="all"``` to ```AUTOSTART="all"``` (in other words, remove the "#") + + - Save and Exit + +- Edit the Qubes firewall rules file (/rw/config/qubes-firewall-user-script) by typing "sudo nano /rw/config/qubes-firewall-user-script" + + - Add the following lines (without the quotes and remarks in parentheses) + + - ```virtualif=10.137.0.17``` + +> (This is the IP of the ProxyVM, this is not dynamic, and you might need to change it at reboot) + +- ```vpndns1=10.8.0.1``` + +> (This is the first DNS server of your VPN provider; it should not change) + +- ```vpndns2=10.14.0.1``` + +> (This is the second DNS server of your VPN provider; it should not change) + +- ```iptables -F OUTPUT``` + +- ```iptables -I FORWARD -o eth0 -j DROP``` + +- ```iptables -I FORWARD -i eth0 -j DROP``` + +- ```ip6tables -I FORWARD -o eth0 -j DROP``` + +- ```ip6tables -I FORWARD -i eth0 -j DROP``` + +> (These will block outbound traffic when the VPN is down, it is a kill switch, more information here [[Archive.org]](https://web.archive.org/web/https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux) ) + +- ```iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT``` + +- ```iptables -A OUTPUT -d 10.14.0.1 -j ACCEPT``` + +> (These will allow DNS requests to your VPN provider DNS to resolve the name of the VPN servers in the OpenVPN configuration files) + +- ```iptables -F PR-QBS -t nat``` + +- ```iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns1``` + +- ```iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns1``` + +- ```iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns2``` + +- ```iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns2``` + +> (These will redirect all DNS requests from the ProxyVM to the VPN provider DNS servers) + +- Restart the ProxyVM by typing "sudo reboot" + +- Test the ProxyVM VPN connectivity by starting a Browser within it and going to your VPN provider test page. It should now say you are connected to a VPN: + + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/check/) + + - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/) (check the top banner) + + - Proton VPN: Follow their instructions here [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/vpn-ip-change/) + +#### VPN over Tor: + +##### Set up a disposable Browser Qube for VPN over Tor use: + +- Within the Applications Menu (upper left corner), Select the Disposable Fedora VM + +- Go into Qube Settings + +- Click Clone Qube and name it like "sys-VPNoverTor" for example + +- Again, within the Application Menu, Select the Clone you just created + +- Go into Qube Settings + +- Change the Networking to your ProxyVPN created earlier + +- Click OK + +- Start a Browser within the Whonix Workstation + +- Check that you have VPN connectivity, and it should work + +You should now have a Disposable Browser VM that works with your cash/Monero paid VPN over Tor. + +#### Tor Over VPN: + +Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead of sys-firewall: + +- Within the Applications Menu (upper left corner), Select the sys-whonix VM. + +- Go into Qube Settings + +- Change the Networking NetVM to your ProxyVPN created earlier instead of sys-firewall + +- Click OK + +- Create a Whonix Workstation Disposable VM (follow this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/DisposableVM)) + +- Launch a browser from the VM and Check that you have VPN connectivity, and it should work. + +Alternatively, you can also create any other type of disposable VM (but less secure than the Whonix one): + +- Within the Applications Menu (upper left corner), Select the Disposable Fedora VM + +- Go into Qube Settings + +- Click Clone Qube and name it like "sys-TorOverVPN" for example + +- Again, within the Application Menu, Select the Clone you just created + +- Go into Qube Settings + +- Change the Networking to your sys-whonix created earlier + +- Click OK + +- Start a Browser within the VM + +- Check that you have VPN connectivity, and it should work + +You should now have a Disposable Browser VM that works with Tor over a cash/Monero paid VPN. + +#### Any other combination? (VPN over Tor over VPN for instance) + +By now you should understand how easy it is to route traffic from one VM to the other with Qubes. + +You can create several ProxyVMs for VPN accesses and keep the Whonix one for Tor. You just need to change the NetVM settings of the various VMs to change the layout. + +You could have: + +- One VPN ProxyVM for the base Qubes OS connection + +- Use the sys-whonix VM (Whonix Gateway) getting its network from the first ProxyVM + +- A second VPN ProxyVM getting network from sys-whonix + +- Disposable VMs getting their NetVM from the second ProxyVM + +This would result in User > VPN > Tor > VPN > Internet (VPN over Tor over VPN). Experiment for yourself. Qubes OS is great for these things. + +### Setup a safe Browser within Qubes OS (optional but recommended): + +See: [Appendix V: What browser to use in your Guest VM/Disposable VM] + +#### Fedora Disposable VM: + +Within the Applications Menu (upper left), Select the Fedora-36 template: + +- Go into Qube Settings + +- Clone the VM and name it "fedora-36-brave" (this VM template will have Brave) + +- Again, go into the Applications Menu and select the clone you just created + +- Go into Qube Settings + +- Change its network to the ProxyVPN and Apply + +- Launch a terminal from the VM + +If you want to use Brave: apply the instructions from [[Archive.org]](https://web.archive.org/web/https://brave.com/linux/) and run the following commands: + +- ```sudo dnf install dnf-plugins-core``` + +- ```sudo dnf config-manager --add-repo +https://brave-browser-rpm-release.s3.brave.com/x86_64/``` + +- ```sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc``` + +- ```sudo dnf install brave-browser``` + +You should also consider hardening your browser, see [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] + +#### Whonix Disposable VM: + +Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) + +#### Additional browser precautions: + +- See: [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] + +- See: [Appendix A5: Additional browser precautions with JavaScript enabled] + +### Setup an Android VM: + +Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network connectivity. But this can also be set up as VPN over Tor over VPN. + +Since the Android-x86 does not work "well" with Qubes OS (my own experience). We will instead recommend using AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) + +#### If you can use Tor (natively or over a VPN): + +Later in the Qubes settings during creation: + +- Select Networking + +- Change to sys-whonix to put it behind the Whonix Gateway (over Tor). + +#### If you cannot use Tor: + +Just use the tutorials as is. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]. + +#### Installation: + +Basically, follow the tutorial here: + +- Click the Applications icon (upper left corner) + +- Click Create Qubes VM + +- Name and label as you wish: we suggest "Android" + +- Select Type: Standalone Qube copied from a template + +- Select Template: Debian-11 + +- Select Networking: + + - Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) + + - Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN + +- Start the Qube and open a Terminal + +Now you will have to follow the instructions from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox-modules): + +- Start by closing the AnBox Modules repository by running: + + - ```git clone https://github.com/anbox/anbox-modules.git``` + + - Go into the cloned directory + + - Run ```./INSTALL.sh``` (or follow the manual instructions on the tutorial) + +- Reboot the machine + +- Open a new terminal + +- Install Snap by running: + + - ```sudo apt install snapd``` + +Now you will follow their other tutorial from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox/blob/master/docs/install.md): + +- Install AnBox by running: + + - ```snap install --devmode --beta anbox``` + +- To update AnBox later, run: + + - ```snap refresh --beta --devmode anbox``` + +- Reboot the machine + +- Open a terminal again and start the emulator by running: + + - ```anbox.appmgr``` + +This should pop up an Android interface. Sometimes it will crash, and you might have to run it twice to make it work. + +If you want to install apps on this emulator: + +- Install ADB by running: + + - ```sudo apt install android-tools-adb``` + +- First start Anbox (run ```anbox.appmgr```) + +- Grab the APK of any app you want to install + +- Now install any APK by running: + + - ```adb install my-app.apk``` + +That's it, you should now have an Android Qube over Tor (or anything else) capable of running pretty much any App you can sideload with ADB. This is, for now, the easiest way to get Android emulation on Qubes OS. + +### KeePassXC: + +You will need somewhere to store your data (logins/passwords, identities, and TOTP[^369] information). + +For this purpose, KeePassXC is recommended because of its integrated TOTP feature. This is the ability to create entries for 2FA[^370] authentication with the authenticator feature. + +In the context of Qubes OS you should store your sensitive information within the vault Qube: + +- First, click the Applications icon (upper left) and select the vault Qube. + +- Click Qubes Settings + +- Select the Applications tab + +- From the list of available applications, add KeePassXC to the list of selected applications. + +You are done and can now skip the rest to go to the "[Creating your anonymous online identities][Creating new identities:]" part. + +### Tutorial for installing Windows based VMs on Qubes OS: + +See their tutorial here: [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools41.md) + +# Quick note: Correlation vs Attribution + +**Correlation** is a relationship between two or more variables or **[attributes](https://www.digitalshadows.com/blog-and-research/cyber-attacks-the-challenge-of-attribution-and-response/)**. How are attributions determined? During digital forensic and incident response (DFIR), analysts typically look for indicators of compromise (IoCs) following events that call them to act. These indicators usually consist of IP addresses, names, databases; all of which can prescribe a certain behavioral "tag" to an individual or group. This is called attribution. A principal in statistics is that "correlation does not infer causality". What this means is that, while you may leave certain traces on certain areas of a device or network, that only shows presence of action, i.e., not explicitly your presence. It doesn't show who you are, it only resolves that something occurred and *someone* has done *something*. + +Attribution is required to prove fault or guilt, and is the prime reason why people using the Tor network to access the dark web have been compromised: they left traces that were shown to be connected to their real identities. Your IP can be — but is usually not — a large enough indicator to attribute guilt. This is shown in the infamous NotPetya cyber attacks against the U.S., which were later also released upon Ukraine. Though the White House never *said* it was Russia's doing, they attributed the attack to Russia's [(GRU)](https://www.reuters.com/article/us-britain-russia-gru-factbox/what-is-russias-gru-military-intelligence-agency-idUSKCN1MF1VK) which is a direct office housing the Russian deniable warfare[^311] cyber divisions, uncommonly referred to as "spy makers" in the intelligence community (IC). + +_What is the point_, you may ask? Well, bluntly speaking, this a perfect example because NotPetya, which is now undoubtedly the work of Russian cyber operations against foreign countries and governments, has still never been formally attributed to Russia, only to a known group within Russia (colloquially dubbed [Cozy Bear](https://wikiless.org/wiki/Cozy_Bear)) which can not be confirmed nor denied given that it is highly compartmentalized within the structure of Russia's military. And it's also in part because of the efforts used to disguise itself as a common Ransomware, and because it routinely used the servers of hacked foreign assets not linked to Russia or to its internal networks. + +It's all to show you the lengths that state actors will go to. You may not be aware of it, but foreign governments use concealment techniques such as the ones discussed in the sections of this guide. They routinely use Tor, VPNs to conceal traffic; they use hacked devices and access to stolen equipment to perform cyber espionage every day and it makes attribution incredibly difficult, if not improbable, from a forensic examiner's point of view. The problem of correlation is trivial, and you can solve it by simply using IP hiding tools such as a VPN and the Tor network, but still be connected to your IRL name and IP through data leaks or other factors. You can not easily be attributed to your activities if you carefully follow and adopt the given techniques and skills discussed below. + +# Creating your anonymous online identities: + +## Understanding the methods used to prevent anonymity and verify identity: + +### Captchas: + +![image34](media/image34.png)![image35](media/image35.png) + +(Illustrations by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) + +Captcha[^371] stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" are Turing tests[^372] puzzles you need to complete before accessing a form/website. You will mostly encounter those provided by Google (reCAPTCHA service[^373]) and Cloudflare (hCaptcha[^374]). hCaptcha is used on 15% of the internet by their own metrics[^375]. + +They are designed to separate bots from humans but are also clearly used to deter anonymous and private users from accessing services. + +If you often use VPNs or Tor, you will quickly encounter many captchas everywhere[^376]. Quite often when using Tor, even if you succeed in solving all the puzzles (sometimes dozens in a row), you will still be denied after solving the puzzles. + +See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor) + +While most people think those puzzles are only about solving a little puzzle, it is important to understand that it is much more complex, and that modern Captchas uses advanced machine learning and risk analysis algorithms to check if you are human[^377]: + +- They check your browser, cookies, and browsing history using Browser fingerprinting[^378]. + +- They track your cursor movements (speed, accuracy) and use algorithms to decide if it is "human/organic". + +- They track your behavior before/during/after the tests to ensure you are "human"[^379]. + +It is also highly likely that those platforms could already reliably identify you based on the unique way you interact with those puzzles. This could work despite obfuscation of your IP address / Browser and clearing all cookies. + +Watch for example this DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) + +You will often experience several in a row (sometimes endlessly) and sometimes exceedingly difficult ones involving reading undecipherable characters or identifying various objects on endless pictures sets. You will also have more captchas if you use an ad-blocking system (uBlock for example) or if your account was flagged for any reason for using VPNs or Tor previously. + +You will also have (in my experience) more Captchas (Google's reCAPTCHA) if you do not use a Chromium-based browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser extension called Buster that could help you those [[Archive.org]](https://web.archive.org/web/https://github.com/dessant/buster). + +As for Cloudflare (hCaptcha), you could also use their Accessibility solution here ( [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/accessibility)) which would allow you to sign-up (with your anonymous identity created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution to mitigate hCaptcha would be to use their own solution called "Privacy Pass"[^380] [[Archive.org]](https://web.archive.org/web/https://privacypass.github.io/) in the form of a Browser extension you could install in your VM Browser. + +You should therefore deal with those carefully and force yourself to alter the way you are solving them (speed/movement/accuracy/...) to prevent "Captcha Fingerprinting". + +Fortunately, as far as we are aware, these are not yet officially/publicly used to de-anonymize users for third parties. + +To not have those issues, you should consider using a VPN over Tor. And the best option to avoid those is likely to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server. + +### Phone verification: + +Phone verification is advertised by most platforms to verify you are human. But do not be fooled, the main reason for phone verification is not only to check if you are human but also to be able to de-anonymize you if needed. + +Most platforms (including the privacy-oriented ones such as Signal/Telegram/Proton will require a phone number to register, and most countries now make it mandatory to submit a proof of ID to register[^381]. + +Fortunately, this guide explained earlier how to get a number for these cases: [Getting an anonymous Phone number][Getting an anonymous Phone number:]. + +### E-Mail verification: + +E-Mail verification is what used to be enough but is not anymore in most cases. What is important to know is that open e-mail providers (disposable e-mail providers for instance) are flagged as much as open proxies (like Tor). + +Most platforms will not allow you to register using an "anonymous" or disposable e-mail. As they will not allow you to register using an IP address from the Tor network. + +The key thing to this is that it is becoming increasingly difficult to sign-up for a free e-mail account anywhere without providing (you guessed it) ... a cell phone number. That same cell phone number can be used conveniently to track you down in most places. + +It is possible that those services (Proton for instance) might require you to provide an e-mail address for registration. In that case, we would recommend you create an e-mail address from these providers: + +- MailFence: + +- Disroot: + +- Autistici: + +- Envs.net: + +Keep in mind that those do not provide a zero-access design (a zero-access design is where only you can access your e-mail - not even the service's admins can read your messages). This means they can access your e-mail at rest in their database. + + +#### A note about Riseup: + +RiseUp's warrant canary has been renewed late, with their Twitter posting a cryptic message seeming to tell users not to trust them. +Due to the suspicious situation, this guide can no longer recommend them. + +*Also see: * + +For the [[Tor Mirror]](http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/) (It has come to my attention that the site now, unfortunately, requires an invitation from a current registered user) + +#### Protecting your anonymous online identities e-mails using Aliasing services: + +If you want to avoid communicating your anonymous e-mail addresses to various parties. We would strongly suggest considering using e-mail aliasing services such as: + +- (preferred first choice due to more options available to the free tier) + +- + +These services will allow creating random aliases for your anonymous e-mail (on Proton for example) and could increase your general privacy if you do not want to disclose that e-mail for any purpose. They are both recommended by Privacyguides.org and Privacytools.io. I'm recommending them as well. + +### User details checking: + +Obviously, Reddit does not do this (yet), but Facebook most likely does and will look for "suspicious" things in your details (which could include face recognition). + +Some examples: + +- IP address from a country different than your profile country. + +- Age in the profile not matching the picture age. + +- Ethnicity in the profile not matching the picture ethnicity. + +- Language not matching the country language. + +- Unknown in anyone else contacts (Meaning nobody else knows you). + +- Locking down privacy settings after signing up. + +- Name that does not match the correct ethnicity/language/country? + +### Proof of ID verification: + +The deal-breaker in most cases. As far as we know, only Facebook and LinkedIn (outside of financial services) have requested such verifications which involve sending pictures of some form of identification (passport, national ID card, driver's license ...). The only way to do this would involve creating fake official documents (forgery) using some decent Photoshop skills and this might be illegal in most places. + +Therefore, this is a line we are not going to help you cross within this guide. Some services are offering such services online, but we think they are *bad actors* and are overstepping their boundaries. + +In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated financial services may request proof of identification. So, the legality of asking for such documents is debatable and we beieve such platforms should not be allowed to require those. + +In few countries (like Germany), this practice is illegal and online platforms such as Facebook or LinkedIn are legally bound to allow you to use a pseudonym and remain anonymous. + +### IP Filters: + +As stated previously in this guide, many platforms will apply filters on the IPs of the users. Tor exit nodes are publicly listed, and VPN exit servers are "well known". There are many commercial and free services providing the ability to block those IPs with ease (hi Cloudflare). + +Many platforms' operators and administrators do not want traffic from these IPs as they often drive a lot of unlawful/malicious/unprofitable traffic to their platforms. These platforms usually argue using one of the following points: + +- "Think of the children!"; +- "Terrorism!"; +- "Russian troll propaganda!"; +- "Well, it's noise in the data we sell to advertisers!" (e.g., AdSense or Facebook Ads). + +"Yet we still pay traffic for them so let us just deny them all instead." + +Fortunately, those systems are not perfect, and you will (still) be able to get around those restrictions by switching identities (in the case of Tor) and trying to access the website each time until you find an Exit Node that is not yet blacklisted. + +Some platforms will allow you to log in with a Tor IP but not to sign up (See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). Those platforms will keep a convenient, permanent log of the IP which you used during sign-up - And some will keep such logs indefinitely, e.g., all the IPs which you have used to log in (hi Facebook). + +The tolerance is much higher with VPNs as they are not considered "open proxies", but that will not stop many platforms from making them hard to use by forcing increasingly difficult CAPTCHAs on most VPN users. + +For this reason, this guide does recommend the use of VPN over Tor (and not Tor over VPN) in certain use cases. **Remember that the best option to avoid those is to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS**. + +### Browser and Device Fingerprinting: + +Your Browser and Device Fingerprints[^382] are a set of properties/capabilities of your System/Browser. These are used on most websites for invisible user tracking but also to adapt the website user experience depending on their browser. For instance, websites will be able to provide a "mobile experience" if you are using a mobile browser or propose a specific language/geographic version depending on your fingerprint. Most of those techniques work with recent Browsers like Chromium-based[^251] browsers (such as Chrome/Edge) or Firefox[^252] unless taking specific measures. Browser and Device[^382] Fingerprinting are usually integrated into the Captcha services but also in other various services. + +Many platforms (like Google[^383]) will check your browser for various capabilities and settings and block browsers they do not like. This is one of the reasons we recommend using Chromium-based browsers such as Brave Browser over Tor Browser within this VM. + +It should also be noted that while some browsers and extensions will offer some fingerprint resistance, this resistance in itself can also be used to fingerprint you as explained here [[Archive.org]](https://web.archive.org/web/https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/) + +This guide will mitigate these issues by randomizing or hiding many of those fingerprinting identifiers by: + +- Using Virtualization (See [Appendix W: Virtualization]); + +- Using specific recommendations (See [Appendix A5: Additional browser precautions with JavaScript enabled]; + +- Using hardening [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:]); + +- and by using fingerprint-resistant browsers (like Brave or Tor Browser). + +Here are some of the things they check within recent browsers: + +- User-Agent: This is your Browser name and Version. + +- HTTP_ACCEPT Headers: This is the type of content your Browser can handle. + +- Time Zone and Time Zone Offset: Your time zone. + +- Screen Size and Color Depth: The resolution of your screen. + +- System Fonts: The typing fonts installed on your system. + +- Cookies support: If your browser supports cookies or not. + +- Hash of Canvas fingerprint and Hash of WebGL fingerprint: These are generated unique IDs based on your graphic rendering capabilities. + +- WebGL Vendor & Renderer: Name of your Video card + +- Do-Not-Track enabled or not: Well, yes, they can use your DNT information to track you + +- Language: The language of your Browser + +- Platform: The Operating System you are using + +- Touch Support: If your system supports touch (such as a phone/tablet or touchscreen-enabled laptop) + +- Ad Blocking use: If your browser block ads + +- AudioContext fingerprint: Like the Canvas and WebGL fingerprints these will fingerprint your audio capabilities. + +- CPU: What kind of CPU you are using and how many of them + +- Memory: How much memory you have in your System + +- Browser Permissions: Is your browser allowing some things like geolocation or microphone/webcam access. + +Most of the time, those fingerprints will, unfortunately, be unique or nearly unique to your browser/system. This means that even If you log out from a website and then log back in using a different username, your fingerprint might remain the same if you did not take precautionary measures. An adversary could then use such fingerprints to track you across multiple services even if you have no account on any of them and are using adblocking. These fingerprints could in turn be used to de-anonymize you if you keep the same fingerprint between services. + +Here are services you can use to check your browser fingerprints: + +- (Probably the best overall) + +- + +- + +- + +- + +- (Chromium based browsers only) + +Chances are you will find your browser fingerprint unique no matter what you do. + +### Human interaction: + +Some platforms will add this as a bonus step and require you to have an actual human interaction with a customer care representative. Usually by e-mail but sometimes by chat/phone. They will want to verify that you exist by asking you to reply to an e-mail/chat/phone call. + +It is annoying but quite easy to deal with in our case. We are not making bots. This guide is for humans making human accounts. + +### User Moderation: + +Many platforms will delegate and rely on their users to moderate the others and their content. These are the "report" features that you will find on most platforms. + +Getting reported thousands of times does not matter when you are Donald Trump or Kim Kardashian but if you as a sole "friendless" anonymous user gets reported even once, you might get suspended/flagged/banned instantly. + +### Behavioral Analysis: + +See [Your Digital Fingerprint, Footprint, and Online Behavior][Your Digital Fingerprint, Footprint, and Online Behavior:]. + +### Financial transactions: + +Simple and efficient, some platforms will require you to perform a financial transaction to verify your account sometimes under the pretext of verifying your age. This could be a credit card verification or an exceedingly small amount bank wire. Some will accept a donation in a main cryptocurrency like Bitcoin or Ethereum. + +While this might seem innocent, this is obviously an ID verification and de-anonymization method. This is just indirectly relying on third-party financial KYC[^240] regulations. + +This is for instance now the case on YouTube for some European Users[^384] but also used by services like Amazon that requires a valid payment method for creating an account. + +![image36](media/image36.png) + +### Sign-in with some platform: + +"Why do this user-verification ourselves when we can just ask others to deal with it?" + +You will notice this, and you probably already encountered this. Some apps/platforms will ask/require you to sign in with a well-known and well-used reputable platform instead of their own system (Sign-in with Google/Facebook/Apple/Twitter). + +This option is often presented as the "default one", hiding away the "Sign-in with e-mail and password" with clever Dark Patterns[^385] and unfortunately sometimes needed. + +This method will delegate the verification process on those platforms instead of assuming that you will not be able to create an anonymous Google/Facebook/Apple/Twitter account with ease. + +Fortunately, it is still possible to this day to create those. + +### Live Face recognition and biometrics (again): + +This is a common method used on some Crypto trading platforms and some dating Apps. + +Some platforms/apps will require you to take a live picture of yourself either doing something (a wink, holding an arm up ...) or showing a custom piece of information (a handwritten text, a passport, or ID) within the picture. Sometimes the platform/app will require several pictures to increase their certainty. + +![image37](media/image37.png) + +This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you with other means anyway) and some dating apps like Tinder[^386]. Unfortunately, this method is now also sometimes being used on Facebook[^387] and Instagram as part of their verification methods (tho we did not face it yet so far). + +![image38](media/image38.png) + +In some cases, these verifications must be done from your Smartphone and with an "in-app" camera to prevent you from sending a previously saved (edited) image. + +Recently even platforms such as PornHub decided to implement similar measures in the future[^388]. + +This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use "deep fake" technology software such as the open-source FaceSwap [[Archive.org]](https://web.archive.org/web/https://github.com/deepfakes/faceswap) to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo). + +Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]](https://web.archive.org/web/https://github.com/iperov/DeepFaceLive). + +### Manual reviews: + +These can be triggered by any of the above and just means someone (usually specialized employees) will review your profile manually and decide whether it is real or not based on their subjective opinion. + +Some countries have even developed hotlines where you can report any subversive content[^389]. + +Pros: Usually that verdict is "final", and you will probably avoid further issues if you are good. + +Cons: Usually that verdict is "final", and you will probably be banned without any appeal possibility if you are not good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when trying to appeal that specific identity (this happens on Instagram for instance where if your account gets "suspended" obviously by some manual review, trying to complete the appeal form will just throw an error and tell you to try again later (We have been trying this same appeal for that identity for the past 6 months at least). + +## Getting Online: + +Now that you have a basic understanding of all the ways you can be de-anonymized, tracked, and verified. Let us get started at evading these while staying anonymous. Remember: + +- You cannot trust ISPs + +- You cannot trust VPS providers + +- You cannot trust public Wi-Fi providers + +- You cannot trust Mobile Network providers + +- You cannot trust VPN providers + +- You cannot trust any Online Platform + +- You cannot trust Tor + +- You cannot trust your Operating System + +- You cannot trust your Laptop + +- You cannot trust your Smartphone (especially Android) + +- You cannot trust your Smart devices + +- Above all, you cannot trust people + +So what? Well instead of not trusting anyone or anything, we would advise to **"Trust but verify"**[^390] (or "Never trust, always verify" if you are more hardcore about it and want to apply Zero-Trust Security[^391]) instead. + +**Do not start this process unless:** + +- **You consulted your local law for compliance and the legality of your actions.** + +- **You are aware of your threat model.** + +- **You are in a safe place with public Wi-Fi without your smartphone or any other smart device on you. And preferably in a place without CCTV filming you (remember to [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]** **and [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:])** + +- **You are fully done and preparing one of the routes.** + +- **Again, it is crucially important to understand that you will be unable to create most accounts without a valid phone number. Therefore, most of your anonymity on mainstream platforms depends on the anonymity of your online phone number and/or the burner phone with its pre-paid SIM card (if you use one). If your phone number is not anonymous or your burner phone can be traced back to you then you can be de-anonymized. If you cannot get this anonymous phone number and/or a physical SIM with a Burner phone, then you will have to restrict yourself to platforms not asking for phone number verification.** + +**Remember to see [Appendix N: Warning about smartphones and smart devices]** + +### Creating new identities: + +This is the fun part where you will now create your identities from thin air. These identities do not exist but should be plausible and look "organic". They should ideally have a story, a "legend" (yes this is the real term for this[^392]). + +What is a legend? Well, it is a full back-story for your character: + +- Age + +- Sex + +- Gender + +- Ethnicity + +- Place of Birth and date of Birth + +- Place of residence + +- Country of origin + +- Visited Countries (for travels for instance) + +- Interests and hobbies + +- Education History + +- Work experience + +- Health information + +- Religion if any + +- Goals + +- Family history + +- Family composition if any (Children? Spouse? Husband?) + +- Relationship Status if any (Married? Single?) + +- Spoken Languages + +- Personality traits (Introvert, Extrovert ...) + +- ... + +All these should be crafted carefully for every single identity, and you should be incredibly careful to stick to the details of each legend when using those identities. Nothing can leak that could lead to your real persona. Nothing could leak that could compromise the consistency of your legend. Everything should always be consistent. + +Tools that can help with this: + +- + +- + +- (**Generated pictures using this tool have a watermark that you might need to remove using image editing software such as Gimp**) + - **Warning:** This tool requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics. + +Now is also the moment where you could finally consider getting an online phone number as explained in the [Online Phone Number (less recommended)] section. + +We will help you bit by listing a few tips we learned while researching over the years **(disclaimer: this is based on my individual experiences alone)**: + +- "Some animals are more equal than others". + + - Ethnicity is important and you will have fewer issues and attract less attention to verification algorithms if your identity is Caucasian/East-Asian than if it is Arabic/Black (yes, we tested this extensively and it is definitely an issue). + + - Age is important and you will have fewer issues if you are young (18-22) than if you are middle-aged or older. Platforms seem to be more lenient in not imposing restrictions on new younger audiences. + + - Sex/Gender is important, and you will have fewer issues if you are a female than if you are a male. + + - Country of origin is important, and you will have fewer issues if your identity is Norwegian than if it is Ukrainian, Nigerian, or Mexican. + + - Country of residence is important, and you will have fewer issues if your identity has its residence in Oslo or Paris than if you decide to live in Kyiv or Cairo. + + - Language is important and you will have fewer issues if you speak English or the language of your Identity than if you use a non-related language. Do not make a Norwegian-born Arabic 20-year-old female that speaks Ukrainian or Arabic. + +- Identities that are "EU residents" with an "EU IP" (VPN/Tor Exit IP) will benefit from GDPR protections on many platforms. Others will not. GDPR is your friend in most cases, and you should take this into account. + +- Similarly, origin IP geolocation (your IP/location when you go to "whatsmyipaddress.com") should match your identity location as much as possible (When using a VPN over Tor, you can pick this in the VPN client if you use the VPN over Tor approach or just create a new identity in Tor Browser or Brave Tor Tab until you get an appropriate Exit node, or configure Tor to restrict your Exit Nodes). Consider excluding any exit IP that is not located in Western Europe/US/Canada/Japan/South Korea/Australia/New Zealand as you will have fewer issues. Ideally, you should get a European Union IP to get additional GDPR protection and if possible, a German exit IP due to their legal stance on using anonymous accounts on online platforms. + +- Brave Browser (Chromium-based) with a Private Tor Tab has a better acceptance level than Tor Browser (Firefox based). You will experience fewer issues with captchas and online platforms[^383] if you use Brave than if you use Tor Browser (feel free to try this yourself). + +- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to or * and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]](https://web.archive.org/web/https://github.com/NVlabs/stylegan2). Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet. + +***Warning:** https://generated.photos/face-generator requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics. + +- **Bonus**, you could also make it more real by using this service (with an anonymous identity) [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/deep-nostalgia) to make a picture more lifelike. Here is an example: + +- Original: + +![image39](media/image39.png) + +- Result (see Online because PDFs do not work well with embedded media): + +![after-gif](media/after.gif) + +Slight issue tho: **MyHeritrage.com bans Tor Exit nodes so you might have again to consider VPN over Tor for this.** + +You could also achieve the same result without using MyHeritage and by doing it yourself using for example [[Archive.org]](https://web.archive.org/web/https://github.com/AliaksandrSiarohin/first-order-model) but this will require more manual operations (**and requires an NVIDIA GPU**). Other commercial products will soon be available such as: [[Archive.org]](https://web.archive.org/web/https://www.d-id.com/talkingheads/) with examples here: [[Invidious]](https://yewtu.be/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos). + +Note: If you make several pictures of the same identity using some of the tools mentioned above, be sure to compare the similarities using the Microsoft Azure Face Verification tool at . + +- Create in advance and store in KeePassXC each identity details that should include some crafted details as mentioned earlier. + +- Do not pick an occupation at a well-known private corporation/company as they have people in their HR departments monitoring activities in platforms such as LinkedIn and will report your profile as being fake if it does not match their database. Instead, pick an occupation as a freelancer or at a large public institution where you will face less scrutiny due to their decentralized nature. + +- Keep track (write down) of the background stories of your Identities. You should always use the same dates and answers everywhere. Everything should always match up. Even the stories you tell about your imaginary life should always match. If you say you work as an intern at the Department of Health one day and later on another platform, say you work as an intern at the Department of Transportation, people might question your identity. Be consistent. + +- Use a different phone number for each identity. Online platforms do keep track of phone number usage and if one identity/number gets flagged for violating Community Guidelines or Terms of Services, it might also get the other identities using the same number flagged/banned as well. + +- Adapt your language/writing to the identity to not raise suspicions and lower your chances of being fingerprinted by online platforms. Be especially careful with using pedantic words and figures of speech/quotes that could allow some people to guess your writing is very similar to that person with this Twitter handle or this Reddit user. See [Appendix A4: Counteracting Forensic Linguistics]. + +- **Always use TOTP 2FA (not SMS to prevent Sim Swapping attacks**[^395] **and to keep your identity working when your pre-paid card expires) using KeePassXC when available to secure your logins to various platforms.** + +- Remember [Appendix A2: Guidelines for passwords and passphrases]. + +Here is also a good guide on this specific topic: [[Archive.org]](https://web.archive.org/web/https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual) + +Note: If you are having trouble finding an exit node in the country of your choice you can force using specific countries for Exit Nodes (and therefore exit countries) on Tor by editing the torrc file on the Whonix Gateway or even the Tor Browser: + +- Whonix/Tails: Create/Edit a file ```/usr/local/etc/torrc.d/50_user.conf```[^396]. + +- On Tor Browser: Edit the torrc file located at ```Browser/TorBrowser/Data/Tor```[^397]. + +Once you are in the file, you can do the following: + +- Specify the Exit Nodes by adding those two lines (which will require an Exit Node in China/Russia/Ukraine: + + - ```ExitNodes {CH},{RU},{UA}``` + + - ```StrictNodes 1``` + +- Exclude specific Exit Nodes by adding this line (which will exclude all Exit Nodes from France/Germany/USA/UK): + + - ```ExcludeNodes {FR},{DE},{US},{UK}``` + +Always use uppercase letters for any setting. + +**Please note that this is restricting Onion Routing could limit your Anonymity if you are too restrictive. You can see a visualized list of available Exit Nodes here: ** [[Archive.org]](https://web.archive.org/web/https://www.bigdatacloud.com/insights/tor-exit-nodes) + +Here is the list of possibilities (this is a general list and many of those countries might not have Exit nodes at all): + +### Checking if your Tor Exit Node is terrible: + +**Skip this if you are using a VPN/Proxy over Tor (tho you can also do the same checks with a VPN exit node if you want).** + +Not all Tor Exit nodes are equal. This is mostly due to what type of "exit policy" their operator applies to them. Some Tor Exit nodes are seen are more or less "clean" and will only show up in the Tor Exit nodes lists. Some other Tor Exit nodes are seen as "dirty" and will show up in dozens of various blacklists. So how do you know if you are on a clean one or a bad one? It is not that simple. + +#### This process is very easy: + +This works whether you're using Tor Browser on a Host OS, in a VM, with Whonix or Qubes OS. + +- Go on the target website you want to sign up for in a tab + +- Click the Tor Circuit icon to the left of the "lock" icon in the upper left corner to view your route through the Tor network. + +- Look at the third IP (Exit IP) you are using in that tab for that website. (You can't copy the IP address, but you can type it into the browser address bar if needed.) + +- Open a new tab and go to MX Toolbox. + +- Put the Exit IP from the first tab in the search box. You will likely see "We notice you are on a blacklist." + +- Check the amount of blacklists the Tor Exit node is in. Ideally, it should only be in two. If it is in other lists, such as Spamhaus ZEN, you might run into issues: + + - DAN TOR + + - DAN TOREXIT + +If the Exit Node is "clean" (in few lists), proceed to go back to the first tab and open the site you want to use to sign up. + +### The Real-Name System: + +Unfortunately, not using your real identity is against the Terms of Services ("TOS") of many services, especially those owned by Microsoft and Facebook. But don't despair, as explained in the [Requirements][Pre-requisites and limitations:], it's still legal in Germany where the courts have upheld the legality of not using real names on online platforms (§13 VI of the German Telemedia Act of 2007[^1]'[^2]). **Fortunately, ToS cannot override laws** **(yet)**. + +This does not mean that it is illegal in other places but that it might be a breach of their TOS if you do not have the law on your side. **Remember this guide only endorses this for German users residing in Germany.** + +On my side, we strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]](https://wikiless.org/wiki/Facebook_real-name_policy_controversy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) + +Here are some more references about the German case for reference: + +- [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html) + +- [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules) + +- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) + +- [[Archive.org]](https://web.archive.org/web/https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf) + +- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) + +- [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI) + +Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and we are not lawyers. **Do this at your own risk.** + +Other countries where this was ruled illegal: + +- South Korea (see [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system)) + +- If you know any other, please let me know with references in the GitHub issues. + +Some platforms are bypassing this requirement altogether by requiring a valid payment method instead (see [Financial transactions:]). While this does not directly require a real name through their ToS, this has the same results as they usually only accept mainstream (not Monero/Cash) payment methods (such as Visa/MasterCard/Maestro or PayPal) which do require a real-name legally as part of their KYC[^240] regulations. The result is the same and even better than a simple real-name policy you could ignore in some countries such as Germany. + +### About paid services: + +If you intend to use paid services, privilege those accepting cash payments or Monero payments which you can do directly and safely while keeping your anonymity. + +If the service you intend to buy does not accept those but accepts Bitcoin (BTC), consider the following appendix: [Appendix Z: Paying anonymously online with BTC (or any other cryptocurrency)][Appendix Z: Online anonymous payments using cryptocurrencies]. + +### Overview: + +This section will show you an overview of the current various requirements on some platforms: + +- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org) **for better privacy instead of the usual mainstream ones.** + +- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **as well instead of the usual mainstream ones such as E-mail providers: ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/E-Mail#Anonymity_Friendly_Email_Provider_List) + +**The following overview does not mention the privacy practices of those platforms but only their requirements for registering an account. If you want to use privacy-aware tools and platforms, head on to ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/)**.** + +Legend: + +- "Unclear": Unclear due to lack of information or confusing information. + +- "Maybe": It did happen in a minority of my tests. + +- "Likely": It did happen in most of my tests. + +- "Yes" or "No": This either happened or never happened systematically in all my tests. + +- "Easy": The overall experience was straightforward with little to no obstacles. + +- "Medium": The overall experience has some obstacles, but it is still doable without too much hassle. + +- "Hard": The overall experience is a painful struggle with many obstacles. + +- "N/A": Not Applicable because it was not possible to test within the context of this guide + +- "Indirectly": This means they do require something but indirectly through a third-party system (Financial KYC for example). + + +++++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ServiceAgainst ToSRequires PhoneRequires E-MailVPN Sign-upTor Sign-upCaptchas

ID or

+

Financial Checks

Facial ChecksManual ChecksOverall difficulty
AmazonNoNoYesYesYesNoYes*NoUnclearN/A
AppleYes*YesYesYesYesNoNoNoNoMedium
BinanceYes*NoYesYesNoYesNoNoNoMedium
BriarNoNoNoYesYesNoNoNoNoEasy
DiscordNoNoYesYesYesYesNoNoNoMedium
ElementNoNoNoYesYesYesNoNoNoEasy
FacebookYes*YesYesMaybeMaybeYesMaybeMaybeMaybeHard
GitHubNoNoYesYesYesYesNoNoNoEasy
GitLabNoNoYesYesYesYesNoNoNoEasy
GoogleNoLikelyLikelyYesYesYesMaybeNoMaybeMedium
HackerNewsNoNoNoYesYesYesNoNoNoEasy
InstagramUnclearLikelyYesYesYesYesNoMaybeMaybeMedium
JamiNoNoNoYesNoNoNoNoNoEasy
iVPNNoNoNoYesYesNoNoNoNoEasy
KrakenYes*NoYesYesNoNoNoNoNoMedium
LinkedInYes*YesYesYesYesYesMaybeMaybeMaybeHard
MailFenceNoNoYesYesMaybeYesNoNoNoMedium
MediumNoNoYesYesYesNoNoNoNoEasy
MicrosoftYes*MaybeMaybeYesYesYesNoNoNoMedium
MullvadNoNoNoYesYesNoNoNoNoEasy
NjallaNoNoNoYesYesNoNoNoNoEasy
OnionShareNoNoNoYesYesNoNoNoNoEasy
OnlyFansNoNoYesYesYesYesYes (for full functionalities)NoNoHard (for full functionalities)
Proton MailNoMaybeLikelyYesYesYesNoNoNoMedium
Proton VPNNoNoYesYesYesNoNoNoNoMedium
RedditNoNoNoYesYesNoNoNoNoEasy
SlashdotYes*NoNoYesYesYesNoNoNoMedium
TelegramNoYesNoYesYesNoNoNoNoEasy
TutanotaNoNoNoMaybeNoYesNoNoNoHard
TwitchNoNoYesYesYesYesNoNoNoEasy
TwitterNoYesYesYesYesYesNoNoMaybeMedium
WhatsAppYes*YesNoYesYesNoNoNoNoMedium
4chanNoNoNoNoNoYesNoNoNoHard
+ +* **See [The Real-Name System][Checking if your Tor Exit Node is terrible:] for essential information. See below for details.** + +##### Below you'll find a list of "problematic services". If they're not below, it means there are no issues at all with anything (like Briar for example) + +#### Amazon: + +- Is this against their ToS? No, but yes [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280) + +"1. Amazon Services, Amazon Software + +A. Use of Amazon Services on a Product. To use certain Amazon Services on a Product, you must have your own Amazon.com account, be logged in to your account on the Product, **and have a valid payment method associated with your account.** " + +While it does not technically require a real name. It does require a valid payment method. Unfortunately, it will not accept "cash" or "Monero" as a payment method. So instead, they are relying on financial KYC (where a real-name policy is pretty much enforced everywhere). + +- Will they require a phone number? Yes, but see below + +- Can you create accounts through Tor? Yes, but see below + +Because of this valid payment method requirement, we could not test this. While this is seemingly not against their ToS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method anonymously which AFAIK is pretty much impossible or extremely difficult. + +So, AFAIK, it is not possible to create an anonymous Amazon account. + +#### Apple: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html) + +"IV. Your Use of the Service + +A. Your Account + +In order to use the Service, you must enter your Apple ID and password to authenticate your Account**. You agree to provide accurate and complete information when you register with, and as you use, the Service ("Service Registration Data"), and you agree to update your Service Registration Data to keep it accurate and complete".** + +- Will they require a phone number? Yes + +- Can you create accounts through Tor? Yes + +Note that this account will not allow you to set up an Apple mail account. For that, you will need an Apple device. + +#### Binance: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.binance.com/en/terms) + +- Will they require a phone number? No, they do require an e-mail + +- Can you create accounts through Tor? No + +#### Discord: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://discord.com/terms) + +- Will they require a phone number? No, but they do require an e-mail + +- Can you create accounts through Tor? We had no issues with that so far using the Desktop Client + +You might encounter more issues using the Web Client (Captchas). Especially with Tor Browser. + +I suggest using the Discord Client app on a VM through Tor or ideally through VPN/Proxy over Tor to mitigate such issues. + +#### Element: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://element.io/terms-of-service) + +- Will they require a phone number? No, they do not even require an e-mail + +- Can you create accounts through Tor? Yes + +Expect some Captchas during account creation on some homeservers. + +#### Facebook: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.facebook.com/terms.php) + +"1. Who can use Facebook + +When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must: + +- Use the same name that you use in everyday life. + +- Provide accurate information about yourself. + +- Will they require a phone number? Yes, and probably more later + +- Can you create accounts through Tor? Yes, but it is very difficult and their onion address[^398] will not help. In most cases, you'll just have a random error at sign-up and your account suspended after sign-in." + +But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). + +Facebook is one of the most aggressive platforms with identity verification and is pushing hard their "real name policy". It is why this guide is only advised to German residents. + +Over our tests tho we were able to pinpoint a few tips: + +- It will be easier if you have an Instagram account first. + +- Signing up through Tor is almost impossible (even using their .onion address which is a joke) and will only succeed if you are " very lucky" (I assume if you are using an exit node that is not yet known by Facebook verification systems). In most cases, it will not allow registration at all and will just fail with "An error has occurred during registration". + +- Signing up through VPNs is more likely to succeed but might still result in the same error. So, you must be ready for a lot of trial and error here. + +- Signing up through a Self-Hosted VPN/Proxy is your best bet but make sure your profile/identity matches the IP geolocation. + +- My earlier entry in the guide about the Orwellian quote from Animal Farm is in full effect on Facebook. You will experience huge variation in acceptance depending on age/sex/ethnicity/nationality/... This is where you will have far fewer issues if you are making an account of a Young European Caucasian Female. You will almost certainly fail if you try making a Middle-Aged Male where my other accounts are still unsuspended/unbanned to this day. + +- Logging-in (after you sign-up) however works fine with VPN and Tor but might still trigger an account suspension for violating Community Guidelines or Terms of Services (despite you not using the account at all for anything else than signing-up/logging-in). Ideally, you should log-in back with the same IP from a self-hosted VPN/Proxy. + +I also suspect strongly based on my test that the following points have an impact on your likelihood of being suspended over time: + +- Not having friends + +- Not having interests and an "organic activity" + +- Not being in the contacts of any other user + +- Not being on other platforms (such as Instagram/WhatsApp) + +- Restricting your profile privacy settings too soon after signing-up + +If your account gets suspended, you will need to appeal the decision through a quite simple form that will require you to submit a "proof of ID". However, that proof of ID verification system is more lenient than LinkedIn and will allow you to send various documents which require far less Photoshop skills. + +It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If that is the case, we are afraid it is a dead-end for now unless you use a deepfake face swapping technique. + +If you do file an appeal, you will have to wait for Facebook to review it (I do not know whether this is automatic or human) and you will have to wait and hope for them to unsuspend your account. + +#### GitHub: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service) + +- Will they require a phone number? Nope, all good + +- Can you create accounts through Tor? Yes, but expect some captchas + +GitHub is straightforward and requires no phone number. + +Be sure to go into Settings > E-Mail and make your e-mail private as well as block any push that would reveal your e-mail. + +#### GitLab: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/) + +- Will they require a phone number? Nope, all good + +- Can you create accounts through Tor? Yes, but expect captchas + +GitLab is straightforward and requires no phone number. + +#### Google: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://policies.google.com/terms) + +- Will they require a phone number? Yes, they will. There is no escape here. + +- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required + +Proton is good ... but to appear less suspicious, it is simply better to also have a mainstream Google Mail account. + +As Proton, Google will also most likely require a phone number during sign-up as part of their verification process. However contrary to Proton, Google will store that phone number during the sign-up process and will also limit the number of accounts that can be created during the sign-up[^399]'[^400]. + +From my experience during my research, this count is limited to three accounts/phone numbers. If you are unlucky with your number (if it was previously used by another mobile user), it might be less. + +You should therefore use again your online phone number OR your burner phone and pre-paid SIM card to create the account. Do not forget to use the identity details you made up earlier (birthdate). When the account is created, please do take some time to do the following: + +- **(Trick)** Log into Google Mail on desktop and go into the Gmail Quick Settings > See all Setting > Forwarding and POP/IMAP > Add a forwarding address > Verify (using Proton) > Go back to Gmail and set the forwarding to forward and delete Google copy > Save. This step will allow you to check your Google Mail using Proton instead and will allow you to avoid triggering Google Security checks by Logging in from various VPN/Tor exit IP addresses in the future while storing your sensitive e-mail at Proton instead. This trick will allow you to receive all the e-mails from your Gmail addresses on your Proton (or other) address without needing to login into your Google accounts (reducing risks of it being suspended, especially if you use Tor). + +- Enable 2FA within the Google account settings. First, you will have to enable 2FA using the phone number. Then you will see the option appear to enable 2FA using an Authenticator app. Use that option and set it up with a new KeePassXC TOTP entry. When it is done, remove the phone 2FA from the Google account. This will prevent someone from using that phone number in the future (when you do not have it anymore) to recover/gain access to that account. + +- Add Proton as a recovery e-mail address for the account. + +- Remove the phone number from the account details as a recovery option. + +- Upload a Google profile picture you made earlier during the identity creation step. + +- Review the Google Privacy settings to disable as much as you can: + + - Activity logging + + - YouTube + +- Log out and do not touch it unless needed (as mentioned, you will use Proton to check your Gmail). + +Keep in mind that there are different algorithms in place to check for weird activity. If you receive any mail (on Proton) prompting about a Google Security Warning. Click it and click the button to say, "Yes it was me". It helps. + +Do not use that account for "sign-up with Google" anywhere unless necessary. + +Be extremely careful if you decide to use the account for Google activities (such as Google Maps reviews or YouTube Comments) as those can easily trigger some checks (Negative reviews, Comments breaking Community Guidelines on YouTube). + +If your account gets suspended [^401] (this can happen on sign-up, after signing-up or after using it in some Google services), you can still get it unsuspended by submitting[^402] an appeal/verification (which will again require your Phone number and possibly an e-mail contact with Google support with the reason). **Suspension of the account does not disable the e-mail forwarding, but the suspended account will be deleted after a while.** + +After suspension, if your Google account is restored, you should be fine. + +If your account gets banned, you will have no appeal and the forwarding will be disabled. Your phone number will be flagged, and you will not be able to use it to sign-up on a different account. Be careful when using those to avoid losing them. They are precious. + +It is also possible that Google will require an ID check through indirect financial KYC or ID picture check if you try to access/publish mature content on their platform[^403]. + +#### Instagram: + +- Is this against their ToS? **Maybe?** We are not sure [[Archive.org]](https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp) + +"**You can't impersonate others or provide inaccurate information. You do not have to disclose your identity on Instagram, but you must provide us with accurate and up-to-date information (including registration information)**. **Also, you may not impersonate someone you are not, and you can't create an account for someone else unless you have their express permission".** + +This one is a bit of an Oxymoron don't you think? So, we are not sure whether it is allowed or not. + +- Will they require a phone number? Maybe but less likely over VPN and very likely over Tor + +- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required + +It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity (within the app or through an e-mail request). If that is the case, we are afraid it is a dead-end for now. + +It is no secret that Instagram is part of Facebook however it is more lenient than Facebook when it comes to user verification. It is quite unlikely you will get suspended or banned after signing up. But it could help. + +For instance, we noticed that you will face fewer issues creating a Facebook account if you already have a valid Instagram account. You should always create an Instagram account before trying Facebook. + +Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be able to enable Authenticator 2FA from the web for a reason we do not know. + +After sign-up, do the following: + +- Upload a picture of your generated identity if you want. + +- Go into your Settings + +- Make the account private (initially at least) + +- Do not show activity status + +- Do not allow sharing + +#### Jami: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://jami.net/privacy-policy/) + +- Will they require a phone number? No, they do not even require an e-mail + +- Can you create accounts through Tor? Nope it does not work for some technical reason + +#### Kraken: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.kraken.com/legal) + +- Will they require a phone number? No, they do require an e-mail + +- Can you create accounts through Tor? Yes + +#### LinkedIn: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement) + +"To use the Services, you agree that: (1) you must be the "*Minimum Age*" (described below) or older; (2) **you will only have one LinkedIn account, which must be in your real name**; and (3) you are not already restricted by LinkedIn from using the Services. **Creating an account with false information is a violation of our terms**, including accounts registered on behalf of others or persons under the age of sixteen. " + +But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). + +- Will they require a phone number? Yes, they will. + +- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required + +LinkedIn is far less aggressive than twitter but will nonetheless require a valid e-mail (preferably again your Gmail) and a phone number in most cases (tho not always). + +LinkedIn however is relying a lot on reports and user/customer moderation. You should not create a profile with an occupation inside a private corporation or a small startup company. The company employees are monitoring LinkedIn activity and receive notifications when new people join. They can then report your profile as fake, and your profile will then be suspended or banned pending appeal. + +LinkedIn will then require you to go through a verification process that will, unfortunately, require you to send an ID proof (identity card, passport, driver's license). This ID verification is processed by a company called Jumio[^404] that specializes in ID proofing. This is most likely a dead end as this would force you to develop some strong Photoshop skills. + +Instead, you are far less likely to be reported if you just stay vague (say you are a student/intern/freelance) or pretend you work for a large public institution that is too large for anyone to care or check. + +As with Twitter and Google, you should do the following after signing up: + +- Disable ads + +- Disable notifications + +- Disable lookup by phone/e-mail + +- Upload a picture of your identity + +#### MailFence: + +- Is this against their ToS? No + +- Will they require a phone number? No, but they require an e-mail + +- Can you create accounts through Tor? Maybe. From my tests, the signing-up verification e-mails are not sent when using Tor to sign-up. No issues however when using a VPN over Tor or a Proxy over Tor. + +#### Medium: + +- Is this against their ToS? No, unless it is about crypto [[Archive.org]](https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f) + +- Will they require a phone number? No, but they require an e-mail + +- Can you create accounts through Tor? No issues with that so far + +Signing-in does require an e-mail every time. + +#### Microsoft: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/) + +"i. Creating an Account. You can create a Microsoft account by signing up online. **You agree not to use any false, inaccurate, or misleading information when signing up for your Microsoft account".** + +But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requisites and limitations:]). + +- Will they require a phone number? Likely but not always. Depending on your luck with your Tor exit node, they may only require e-mail verification. If you use a VPN over Tor, they will likely only ask for an e-mail. + +- Can you create accounts through Tor? Yes, you can but expect captchas, at least e-mail verification, **and likely phone verification.** + +So yes, it is still possible to create an MS account without a phone number and using Tor or VPN, but you might have to cycle through a few exit nodes to achieve this. + +After signing up you should set up 2FA authentication within the security options and using KeePassXC TOTP. + +#### OnlyFans: + +- Is this against their ToS? No, it looks fine [[Archive.org]](https://web.archive.org/web/https://onlyfans.com/terms) + +- Will they require a phone number? No, they do require an e-mail + +- Can you create accounts through Tor? Yes, you can + +Unfortunately, you will be extremely limited with that account and to do anything you will need dot complete their verification process which requires a KYC type financial transaction check. So, not very useful. + +#### Proton: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://proton.me/legal/terms) + +- Will they require a phone number? Maybe. This depends on the IP you are coming from. If you come from Tor, it is likely. From a VPN, it is less likely. + +- Can you create accounts through Tor? Yes, but highly likely that a phone number will be required when only an e-mail or a captcha will be required over a VPN. They even have a ".onion" address at . + +You obviously need an e-mail for your online identity and disposable e-mails are pretty much banned everywhere. + +Proton is a free e-mail provider based in Switzerland that advocates security and privacy. + +They are recommended by Privacyguides.org[^405]. Their only apparent issue is that they do require (in most cases) a phone number or another e-mail address for registration (when you try to register from a VPN or Tor at least). + +They claim they do not store/link the phone/e-mail associated with the registration but only store a hash that is not linked to the account[^406]. If their claim is true and the hash is not linked to your account, and that you followed my guide about the phone number, you should be reasonably safe from tracking. + +This e-mail account can be used for creating a Google/Gmail account. + +#### Reddit: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.redditinc.com/policies) + +- Will they require a phone number? No, they will not. + +- Can you create accounts through Tor? Yes + +Reddit is simple. All you need to register is a valid username and a password. Normally they do not even require an e-mail (you can skip the e-mail when registering, leaving it blank). + +No issues whatsoever signing up over Tor or VPN besides the occasional Captchas. + +Consider reading this reddit post: [[Archive.org]](https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/) + +#### Slashdot: + +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/) + +"8. Registration; Use of Secure Areas and Passwords + +Some areas of the Sites may require you to register with us. When and if you register, you agree to (a) provide accurate, current, and complete information about yourself as prompted by our registration form (including your e-mail address) and (b) to maintain and update your information (including your e-mail address) to keep it accurate, current, and complete. You acknowledge that should any information provided by you be found to be untrue, inaccurate, not current, or incomplete, we reserve the right to terminate this Agreement with you and your current or future use of the Sites (or any portion thereof)". + +- Will they require a phone number? No + +- Can you create accounts through Tor? Yes + +#### Telegram: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://telegram.org/tos) + +- Will they require a phone number? Yes unfortunately + +- Can you create accounts through Tor? Yes, but sometimes you randomly get banned without any reason + +Telegram is quite straightforward, and you can download their portable Windows app to sign-up and log in. + +It will require a phone number (that can only be used once) and nothing else. + +In most cases, we had no issues whether it was over Tor or VPN, but we had a few cases where our telegram account was just banned for violating terms of services (not sure which one?). This again despite not using them for anything. + +They provide an appeal process through e-mail, but we had no success with getting any answer. + +Their appeal process is just sending an e-mail to [[Archive.org]](https://web.archive.org/web/mailto:recover@telegram.org) stating your phone number and issue and hope they answer. + +After signing up you should do the following: + +- Go into Edit profile + +- Set a Username + +- Go into Settings (Desktop App) + +- Set the Phone Number visibility to Nobody + +- Set Last Seen & Online to Nobody + +- Set Forwarded Messages to Nobody + +- Set Profile photos to Contacts + +- Set Calls to Contacts + +- Set Group & Channels to Contacts + +#### Tutanota: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://tutanota.com/terms/) + +- Will they require a phone number? No, but they do require an e-mail. + +- Can you create accounts through Tor? Not really, almost all Tor Exit nodes are banned AFAIK + +#### Twitter: + +- Is this against their ToS? No + +- Will they require a phone number? Extremely likely, possibly now a requirement in all cases. + +- Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required after a while. + +Twitter is extremely aggressive in preventing anonymity on its network. You should sign-up using e-mail and password (not phone) and not using "Sign-in with Google". Use your Gmail as the e-mail address. + +More than likely, your account will be suspended immediately during the sign-up process and will require you to complete a series of automated tests to unlock. This will include a series of captchas, confirmation of your e-mail and Twitter handle, or other information. In some cases, it will also require your phone number. + +In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter what. In that case, you will have to pick up and hear the verification code. We suspect this is another method of preventing automated systems and malicious users from selling text receiving services over the internet. + +Twitter will store all this information and link it to your account including your IP, e-mail, and phone number. You will not be able that phone number to create a different account. + +Once the account is restored, you should take some time to do the following: + +- Upload the identity profile picture. + +- Enable 2FA from the security settings using a new KeePassXC TOTP entry, save the security codes in KeePassXC as well. + +- Disable Photo tagging + +- Disable E-mail lookup + +- Disable Phone lookup + +- Disable all personalized advertising settings + +- Disable geolocation of tweets + +- **Caution:** Remove the phone number from the account (at your own risk, this often leads to suspension of the account) + +- Follow some people based + +- Log out and leave it be. + +After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for "suspicious activity" or "violating community guidelines" despite you not using it at all (not even a single tweet/follow/like/retweet or DM) but this time by another system. We call this the "Double-tap". + +This time you will need to submit an appeal using a form[^407], provide a good reason and wait for the appeal to be processed by Twitter. During that process, you may receive an e-mail (on Proton) asking you to reply to a customer service ticket to prove that you do have access to your e-mail and that it is you. This will be directed toward your Gmail address but will arrive on your Proton. + +Do not reply from Proton as this will raise suspicions, you must sign in to Gmail (unfortunately) and compose a new mail from there copy-pasting the E-Mail, Subject, and Content from Proton. As well as a reply confirming you have access to that e-mail. + +After a few days, your account should get unsuspended "for good". No issues after that but keep in mind they can still ban your account for any reason if you violate the community guidelines. The phone number and e-mail will then be flagged, and you will have no other option but to get a new identity with a new number to sign-up again. Do not use this account for trolling. + +#### Twitch: + +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.twitch.tv/p/en/legal/terms-of-service/) + +- Will they require a phone number? No, but they do require an e-mail. + +- Can you create accounts through Tor? Yes + +Note that you will not be able to enable 2FA on Twitch using only e-mail. This feature requires a phone number to enable. + +#### WhatsApp: + +- Is this against their ToS? **Yes** [[Archive.org]](https://web.archive.org/web/https://www.whatsapp.com/legal/updates/terms-of-service-eea) + +"**Registration**. You must register for our Services **using accurate information**, provide your current mobile phone number, and, if you change it, update your mobile phone number using our in-app change number feature. You agree to receive text messages and phone calls (from us or our third-party providers) with codes to register for our Services". + +- Will they require a phone number? Yes, they do. + +- Can you create accounts through Tor? No issues with that so far. + +#### 4chan: + +- Is this against their ToS? No + +- Will they require a phone number? No, they will not. + +- Can you post there with Tor or VPN? Not likely. + +4chan is 4chan ... This guide will not explain 4chan to you. They block Tor exit nodes and known VPN IP ranges. + +You are going to have to find a separate way to post there using at least seven proxies[^408] that are not known by 4chan blocking system (hint: Anonymous VPS using Monero is probably your best option). + +![image40](media/image40.png) + +#### Crypto Wallets: + +Use any crypto wallet app within the Windows Virtual Machine. But be careful not to transfer anything toward an Exchange or a known Wallet. Crypto is in most cases NOT anonymous and can be traced back to you when you buy/sell any (remember the [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:] section). + +**If you really want to use Crypto, use Monero which is the only one with reasonable privacy/anonymity.** + +Ideally, you should find a way to buy/sell crypto with cash from an unknown person. + +#### What about those mobile-only apps (WhatsApp/Signal)? + +There are only three ways of securely using those anonymously (that we would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, "tedious" to say the least. + +- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/). As for myself, we will recommend the use of: + + - Android-x86 on Virtualbox (see [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html)) that you can also set up easily. + + - AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) that you can also set up rather easily including on the Whonix Workstation, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) + +- **Not recommended:** Using a non-official app (such as Wassapp for WhatsApp) to connect from the Windows VM to the app. Use at your own risk as you could get banned for violating the terms of services by using a non-official App. + +- **Not recommended and most complicated:** Have a burner Smartphone that you will connect to the VM layered network through Tethering/Sharing of the connection through Wi-Fi. We will not detail this here, but it is an option. + +There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not even possible on IOS as far as we know). By reliable, we mean being sure that the smartphone will not leak anything such as geolocation or anything else from booting up to shutting down. + +#### Anything else: + +You should use the same logic and security for any other platform. + +It should work in most cases with most platforms. **The hardest platform to use with full anonymity is Facebook.** + +This will obviously not work with banks and most financial platforms (such as PayPal or Crypto Exchanges) requiring actual real official and existing identification. This guide will not help you there as this would be illegal in most places. + +### How to share files privately and/or chat anonymously: + +There are plenty of messaging apps everywhere. Some have excellent UI and UX and terrible Security/Privacy. Some have excellent Security/Privacy but terrible UI and UX. It is not easy to pick the ones that you should use for sensitive activities. So, this section will help you do that. + +Before going further, there are also some key basic concepts you should understand: + +#### End-to-end Encryption: + +End-to-end Encryption[^409] (aka e2ee) is a rather simple concept. It just means only you and your destination know each-others public encryption keys and no one in between that would be eavesdropping would be able to decrypt the communication. + +However, the term is often used differently depending on the provider: + +- Some providers will claim e2ee but forget to mention what is covered by their protocols. For instance, is metadata also protected within their e2ee protocol? Or is it just the content of the messages? + +- Some providers do provide e2ee but only as an opt-in option (disabled by default). + +- Some providers do offer e2ee with 1 to 1 messaging but not with group messaging. + +- Some providers will claim the use of e2ee, but their proprietary apps are closed source where no one can verify the claim and the strength of the encryption used. + +For these reasons, it is always important to check the claims of various apps. Open-Source apps should always be preferred to verify what kind of encryption they are using and if their claims are true. If not open source, such apps should have an openly available independent (made by a reputable third party) report confirming their claims. + +#### Roll your own crypto: + +See the [Bad Cryptography][Bad Cryptography:] section at the start of this guide. + +**Always be cautious of apps rolling their own crypto until it has been reviewed by many in the crypto community (or even better published and peer-reviewed academically)**. Again, this is harder to verify with closed-source proprietary apps. + +It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, auditing, testing... And since you are probably not a cryptanalyst (and we are not either), chances are high we are not competent to assess the cryptography of some apps. + +#### Forward Secrecy: + +Forward Secrecy[^410] (FS aka PFS for Perfect Forward Secrecy) is a property of the key agreement protocol of some of those messaging apps and is a companion feature of e2ee. This happens before you establish communication with the destination. The "Forward" refers to the future in time and means that every time you establish a new e2ee communication, a new set of keys will be generated for that specific session. The goal of forward secrecy is to maintain the secrecy of past communications (sessions) even if the current one is compromised. If an adversary manages to get hold of your current e2ee keys, that adversary will then be limited to the content of the single session and will not be able to easily decrypt past ones. + +This has some user experience drawbacks like for instance, a new device could not be able to conveniently access the remotely stored chat history without additional steps. + +**So, in short, Forward Secrecy protects past sessions against future compromises of keys or passwords.** + +More on this topic on this YouTube video: [[Invidious]](https://yewtu.be/watch?v=zSQtyW_ywZc) + +Some providers and apps claiming to offer e2ee do not offer FS/PFS sometimes for usability reasons (group messaging for instance is more complex with PFS). It is therefore important to prefer open-source apps providing forward secrecy to those that do not. + +#### Zero-Access Encryption at rest: + +Zero-Access Encryption[^411] at rest is used when you store data at some provider (let us say your chat history or chat backups) but this history or backup is encrypted on your side and cannot be read or decrypted by the provider hosting it. + +Zero-Access encryption is an added feature/companion to e2ee but is applied mainly to data at rest and not communications. + +Examples of this issue would be iMessage and WhatsApp, see the [Your Cloud backups/sync services][Your Cloud backups/sync services:] at the start of this guide. + +So again, it is best to prefer Apps/Providers that do offer Zero-Access Encryption at rest and cannot read/access any of your data/metadata even at rest and not only limited to communications. + +Such a feature would have prevented important hacks such as the Cambridge Analytica scandal[^412] if it were implemented. + +#### Metadata Protection: + +Remember the [Your Metadata including your Geo-Location][Your Metadata including your Geo-Location:] section. End-to-end Encryption is one thing, but it does not necessarily protect your metadata. + +For Instance, WhatsApp might not know what you are saying but they might know who you are talking to, how long and when you have been talking to someone, who else is in groups with you, and if you transferred data with them (such as large files). + +End-to-end Encryption does not in itself protect an eavesdropper from harvesting your metadata. + +This data can also be protected/obfuscated by some protocols to make metadata harvesting substantially harder for eavesdroppers. This is the case for instance with the Signal Protocol which does offer some added protection with features like: + +- The Sealed Sender option[^413]. + +- The Private Contact Discovery[^414]. + +- The Private Group System[^415]. + +Other Apps like Briar or OnionShare will protect metadata by using the Tor Network as a shield and storing everything locally on-device. Nothing is stored remotely, and all communications are either direct using proximity wi-fi/Bluetooth or remotely through the Tor network. + +Most apps however and especially closed-source proprietary commercial apps will collect and retain your metadata for various purposes. And such metadata alone is enough to figure out a lot of things about your communications. + +Again, it is important to prefer open-source apps with privacy in mind and various methods in place to protect not only the content of communications but all the associated metadata. + +#### Open-Source: + +Finally, Open-Source apps should always be preferred because they allow third parties to check actual capabilities and weaknesses vs claims of marketing departments. Open-Source does not mean the app should be free or non-commercial. It just means transparency. + +#### Comparison: + + ++++++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
App0e2ee1Roll Your Own Crypto

Perfect

+

Forward Secrecy

Zero-Access Encryption at-rest5Metadata Protection (obfuscation, encryption…)Open-SourceDefault Privacy SettingsNative Anonymous Sign-up (no e-mail or phone)Possible through TorPrivacy and Security Track Record ***De-centralizedAdditional notes

Berty

+

(avoid)

YesNoYesYesYesYes 13GoodYesYesGoodYes (peer to peer)Not sufficiently reviewed by this project, cannot recommend
Briar (preferred)YesNo 1YesYesYes (strong)YesGoodYesNatively3GoodYes (peer to peer)

Cwtch

+

(preferred)

YesNoYesYesYes (strong)YesGoodYesNativelyGoodYes (peer to peer)

Discord

+

(avoid)

NoClosed-source7NoNoNoNoBadE-Mail RequiredVirtualizationBadNo
Element / Matrix.org (preferred)Yes (opt-in)NoYesYesPoor2YesGoodYesVia Proxy3 or VirtualizationGoodPartial (federated servers)
Facebook Messenger (avoid)Partial (Only 1to1 / opt-in)Closed-source7YesNoNoNoBadE-Mail and Phone requiredVirtualizationBadNo
OnionShare (preferred)YesNoTBD8TBD8Yes (strong)YesGoodYesNativelyGoodYes (peer to peer)
Apple Messages (aka iMessage)YesClosed-source7NoPartialNoNoGoodApple device RequiredMaybe Virtualization using real Apple device IDBadNo
IRCYes (OTR plugins)NoNoNoNoYesBadYesVia Proxy3 or VirtualizationGoodNo

Jami

+

(preferred)

YesNo3YesYesPartialYesGoodYesVia Proxy3 or Virtualization9GoodPartialTor breaks some features
KakaoTalk (avoid)YesClosed-source7No4NoNoNoBadNo (but possible)VirtualizationBadNo
KeybaseYesNoPartial (exploding message)NoNoYesGoodE-Mail RequiredNo
Kik (avoid)NoClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
Line (avoid)Partial (opt-in)Closed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
Pidgin with OTR (avoid)Yes (OTR5)NoYesNoNoYesBadYesVia Proxy3 or VirtualizationBad6No
Tox (avoid)YesNoNoNoNoYesGoodYesVia Proxy3 or VirtualizationMedium7YesKnown cryptographic weaknesses14

Session

+

(Preferred only on iOS)

YesNoNoYesYesYesGoodYesVia Proxy3 or Virtualization10GoodYesLacks PFS, deniability
SignalYesNoYesYesYes (moderate)YesGoodPhone RequiredVirtualizationGoodNoRequires burner or anonymous VOIP number for anonymous usage
Skype (avoid)Partial (Only 1to1 / opt-in)Closed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
SnapChat (avoid)NoClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNoDeleted/expired messages are easily recoverable15,16
Teams (avoid)YesClosed-source7NoNoNoNoBadNo (but possible)VirtualizationBadNo
TelegramPartial (Only 1to1 / opt-in)Yes (MTProto8)Partial (secret chats only)YesNoPartial5Medium (e2ee off by default)Phone RequiredVia Proxy3 or VirtualizationMedium9No
Viber (avoid)Partial (Only 1to1)Closed-source7YesNoNoNoBadNo (but possible)VirtualizationBadNo
WeChat (avoid)NoClosed-source7NoNoNoNoBadNoVirtualizationBadNo
WhatsApp (avoid)YesClosed-source7YesNoNoNoBadPhone RequiredVirtualizationBadNo
Wickr MePartial (Only 1to1)NoYesNoYes (moderate)NoGoodYesVirtualizationGoodNo
Gajim (XMPP) (preferred)YesNoYesNoNoYesGoodYesVia Proxy3 or VirtualizationGoodPartial
Zoom (avoid10)Disputed11NoTBD8NoNoNoBadE-Mail RequiredVirtualizationBad12NoMalware risk17
MollyYesNoYesYesYes (moderate)YesGoodPhone RequiredVirtualizationGoodNoRequires phone number. Security hardened fork of Signal client. Security may be delayed for up to a week
+
+
+
    +
  1. Briar Documentation, Bramble Transport Protocol version 4 https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md [Archive.org]↩︎

  2. +
  3. Serpentsec, Matrix https://web.archive.org/web/https://serpentsec.1337.cx/matrix↩︎

  4. +
  5. Wikipedia, GnuTLS, https://en.wikipedia.org/wiki/GnuTLS [Wikiless] [Archive.org]↩︎

  6. +
  7. KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A Security and Privacy Audit of KakaoTalk’s End-to-End Encryption www.diva-portal.org/smash/get/diva2:1046438/FULLTEXT01.pdf [Archive.org]↩︎

  8. +
  9. Wikipedia, OTR https://en.wikipedia.org/wiki/Off-the-Record_Messaging [Wikiless] [Archive.org]↩︎

  10. +
  11. Pidgin Security Advisories, https://www.pidgin.im/about/security/advisories/ [Archive.org]↩︎

  12. +
  13. Whonix Forum, Tox Integration https://forums.whonix.org/t/tox-qtox-whonix-integration/1219 [Archive.org]↩︎

  14. +
  15. Telegram Documentation, MTProto Mobile Protocol https://core.telegram.org/mtproto [Archive.org]↩︎

  16. +
  17. Wikipedia, Telegram Security Breaches, https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches [Wikiless] [Archive.org]↩︎

  18. +
  19. TechCrunch, Maybe we shouldn’t use Zoom after all, https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ [Archive.org]↩︎

  20. +
  21. The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing https://theintercept.com/2020/03/31/zoom-meeting-encryption/ [Tor Mirror] [Archive.org]↩︎

  22. +
  23. Serpentsec, Secure Messaging: Choosing a chat app https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app↩︎

  24. +
  25. Berty, Development, https://berty.tech↩︎

  26. +
  27. Tox Handshake Vulnerable to KCI, https://github.com/TokTok/c-toxcore/issues/426↩︎

  28. +
  29. The Guardian, Deleted Snapchat photos recovered 'within days' by forensics company, https://www.theguardian.com/technology/2013/may/09/snapchat-photos-not-deleted↩︎

  30. +
  31. The Guardian, Snapchat's expired snaps are not deleted, just hidden, https://web.archive.org/web/20131115224243/https://www.theguardian.com/media-network/partner-zone-infosecurity/snapchat-photos-not-deleted-hidden↩︎

  32. +
  33. The Guardian, ‘Zoom is malware’: why experts worry about the video conferencing platform, https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing↩︎

  34. +
+
+ +**Legend:** + +1. The mention "preferred" or "avoid" refers to the use of those apps for sensitive communications. This is just my opinion, and you can make your own using the resources above and others. Remember "Trust but verify". + +2. e2ee refers to "end-to-end encryption" + +3. Additional steps might be needed for securing Tor Connectivity + +4. Their ability and willingness to fight for privacy and not cooperate with various adversaries + +5. Only the client apps are open-source, not the server-side apps + +6. This means the data is fully encrypted at rest (and not only during transit) and unreadable by any third party without a key you only know (including backups) + +7. Unverifiable because it is proprietary closed source. + +8. To Be Determined, unknown at the time of this writing + +9. Jami will require you to enable DHTProxy in their options to work and it will be limited to text only. + +10. Session also uses their own Onion Routing solution called LokiNet + +**Some apps like Threema and Wire were excluded from this comparison due to not being free and not accepting anonymous cash methods such as Cash/Monero.** + +#### Conclusion: + +**Remember: [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:].** + +We will recommend these options in that order (as also recommend by Privacyguides.org[^416]'[^417] except for Session and Cwtch): + +- macOS: + + - Native Tor Onion Routing Support (**preferred**): + + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** + + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** + + - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): + + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) + + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* + + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) + +- Windows: + + - Native Tor Onion Routing Support (**preferred**): + + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** + + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** + + - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): + + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) + + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* + + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) + +- Linux: + + - Native Tor Onion Routing Support (**preferred**): + + - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/))* + + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** + + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** + + - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): + + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) + + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* + + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) + +* Note that for Jami to work over Tor, you will have to enable the local DHTProxy option within Jami Settings. This will only work for text messages and not for calls/videos) + +** Note that these options (Briar, Cwtch, and OnionShare) do not support multi-devices yet. Your information is strictly stored on the device/OS where you are setting it up. Do not use those on a non-persistent OS unless you want ephemeral use. + +Any safe options for mobile devices? **Yes, but these are not endorsed/recommended except Briar on Android. Remember also that this guide discourages the use of smartphones for sensitive activities in general.** + +- Android: + + - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/)) + + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**) + +- iOS: + + - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]](https://web.archive.org/web/https://getsession.org/). Why is it not recommended these days within the privacy community? **See: [Appendix B7: Caution about Session messenger][Appendix B7: Caution about Session messenger] to find out why we are cautious about Session Messenger**. + +**Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).** + +WhileWedo not recommend most of the messaging platforms for the various reasons outlined above (phone number and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this guide (virtualization behind a Tor Gateway on a non-persistent OS). + +The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto choices but also because they allow convenient anonymous sign-up without going through the many hassles of having a phone number/e-mail verification method and are open source. Those should be privileged in most cases. + +You can also consult the following external resources for more comparisons (**we do not necessarily endorse their opinions**): + +- SecuChart, [[Archive.org]](https://web.archive.org/web/https://bkil.gitlab.io/secuchart/) [[Repository]](https://github.com/bkil/secuchart) (Maintained open-source project) +- Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) + - Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_instant_messaging_protocols) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols) +- Whonix Documentation, Instant Messenger Chat [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat) (Outdated, Unmaintained but contains insightful information) + +- **Outdated, or unmaintained, or abandoned resources scheduled for removal from our guide in next release:** + + - Secure Messaging Apps [[Archive.org]](https://web.archive.org/web/https://www.securemessagingapps.com/) + - Proton Blog, [[Archive.org]](https://web.archive.org/web/2022053117143/https://proton.me/blog/whatsapp-alternatives) + - SecureChart.org, [[Archive.org]](https://web.archive.org/web/https://securechatguide.org/featuresmatrix.html) + - Messenger-Matrix.de at [[Archive.org]](https://web.archive.org/web/https://www.messenger-matrix.de/messenger-matrix-en.html) + +**We do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, we strongly recommend against using Signal if possible. The same recommendation applies to popular forks of Signal such as Molly ([[Archive.org]](https://web.archive.org/web/https://molly.im))** + +### How to share files publicly but anonymously: + +**Warning: before sharing anything publicly, make sure your files are curated of any information that could compromise your identity. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:].** + +Consider the following platforms: + +- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) + +- Proton Drive (): Paid. Requires users to have "Proton Unlimited" or "Mail Plus". Proton Drive is E2EE and recommended by PrivacyGuides.org + - Like Proton and Proton VPN, it's not easy to sign up anonymously. When you try to register through Tor, they request verification either by phone number, or by providing a donation + +- Filen (): free tier limited to 10GB total + +Consider the use of IPFS[^421]: + +- Pinata (): Free tier limited to 1GB total + +### Redacting Documents/Pictures/Videos/Audio safely: + +You might want to self-publish some information safely and anonymously in the form of writing, pictures, videos, ... + +For all these purposes here are a few recommendations: + +- Ideally, you should not use proprietary software such as Adobe Photoshop, Microsoft Office... + +- Preferably, you should use open-source software instead such as LibreOffice, Gimp... + +While the commercial alternatives are feature-rich, they are also proprietary closed-source and often have various issues such as: + +- Sending telemetry information back to the company. + +- Adding unnecessary metadata and sometimes watermarks to your documents. + +- These apps are not free, and any leak of any metadata could be traced back to you since you had to buy these somewhere. + +It is possible to use commercial software for making sensitive documents, but you should be extra careful with all the options in the various Apps (commercial or free) to prevent any data leak from revealing information about you. + +Here is a comparative table of recommended/included software compiled from various sources (PrivacyGuides.org, Whonix, Tails, Prism-Break.org, and me). Keep in mind my recommendation considers the context of this guide with only sporadic online presence on a need basis. + + ++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TypeWhonixPrism-Break.orgPrivacyGuides.orgTailsThis guide
Offline Document EditingLibreOfficeN/ALibreOffice*LibreOffice

LibreOffice,

+

Notepad++

Online Document Editing (collaboration)N/ACryptpad.fr

Cryptpad.fr,

+

Etherpad.org,

+

Privatebin.net

N/A

Cryptpad.fr,

+

Etherpad.org,

+

Privatebin.net

Pictures EditingFlameshot (L)N/AN/AGIMPGIMP
Audio EditingAudacityN/AN/AAudacityAudacity
Video EditingFlowblade (L)N/AN/AN/A

Flowblade (L)

+

Olive (?)

+

OpenShot (?)

+

ShotCut (?)

Screen RecorderVokoscreenN/AN/AN/AVokoscreen
Media PlayerVLCN/AN/AVLCVLC
PDF ViewerRistretto (L)N/AN/AN/ABrowser
PDF RedactionPDF-Redact Tools (L)N/AN/APDF-Redact Tools (L)

LibreOffice,

+

PDF-Redact Tools (L)

+ +**Legend:** * Not recommended but mentioned. N/A = Not Included or absence of recommendation for that software type. (L)= Linux Only but can maybe be used on Windows/macOS through other means (HomeBrew, Virtualization, Cygwin). (?)= Not tested but open-source and could be considered. + +**In all cases, we strongly recommend only using such applications from within a VM or Tails to prevent as much leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:]).** + +### Communicating sensitive information to various known organizations: + +You might be interested in communicating information to some organization such as the press anonymously. + +If you must do so, you should take some steps because you cannot trust any organization to protect your anonymity[^422]. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:]. + +For this, we strongly recommend the use of SecureDrop[^423] ( [[Archive.org]](https://web.archive.org/web/https://securedrop.org/)) which is an open-source project from the Freedom of the Press Foundation. + +- Do take a moment to their read their "source guide" here: [[Archive.org]](https://web.archive.org/web/https://docs.securedrop.org/en/stable/source.html) + +- Ideally, you should use SecureDrop over Tor and you will find a curated list of those here [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites#securedrop) + +If not SecureDrop is not available, you could consider any other means of communication, but you should privilege those that are encrypted end to end. **Do not ever do this from your real identity but only from a secure environment using an anonymous identity.** + +Without SecureDrop you could consider: + +- Using e-mail with GPG encryption provided your recipient has published a GPG key somewhere. You can look this up here: + + - On their verified Social Media accounts (Twitter) if they provided it. + + - On (Tor address ) + + - On open PGP directories such as: **(be careful as those are public directories and anyone can upload any key for any e-mail address, you will have to cross-check the signature with other platforms to be sure it is theirs).** + + - + + - + + - + +- Using any other platform (even Twitter DMs) but again using GPG to encrypt the message for the recipient. + +What you should avoid: + +- Do not send physical materials using the post due to the risk of leaving DNA/Fingerprints or other traceable information (see [Cash-Paid VPN (preferred)][Cash/Monero-Paid VPN:]). + +- Do not use methods linked to a phone number (even a burner one) such as Signal/WhatsApp/Telegram. + +- Do not use any kind of voice/video communication. + +- Do not leak any clues about your real identity when exchanging messages. + +- Do not meet people in real life unless you have absolutely no other option (this is a last resort option). + +If you intend to break your anonymity to protect your safety: + +- Assess the risks very carefully first. + +- Inform yourself carefully on the legality/safety of your intent and the consequences for you and others. Think about it carefully. + +- Possibly reach out to a **trusted** lawyer before doing so. + +### Maintenance tasks: + +- You should sign-up carefully into your accounts from time to time to keep them alive. + +- Check your e-mail regularly for security checks and any other account notification. + +- Check regularly the eventual appearance of compromise of any of your identities using [[Archive.org]](https://web.archive.org/web/https://haveibeenpwned.com/) (obviously from a safe environment). + +# Backing up your work securely: + +**Do not ever upload encrypted file containers with plausible deniability (hidden containers within them) to most cloud services (iCloud, Google Drive, OneDrive, Dropbox) without safety precautions. This is because most cloud services keep backups/versioning of your files, and such backups/versioning of your encrypted containers can be used for differential analysis to prove the existence of a hidden container.** + +Instead, this guide will recommend other methods of backing up your stuff safely. + +## Offline Backups: + +These backups can be done on an external hard drive or a USB key. Here are the various possibilities. + +### Selected Files Backups: + +#### Requirements: + +For these back-ups, you will need a USB key or an external hard drive with enough storage capacity to store the files you want to back up. + +#### Veracrypt: + +For this purpose, we will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, security, and portability. + +#### Normal File containers: + +The process is fairly simple and all you will need is to follow Veracrypt tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html) + +In this container, you can then store sensitive data manually and or use any backup utility you want to backup files from the OS to that container. + +You can then store this container anywhere safely. + +#### Hidden File containers with plausible deniability: + +The process is also fairly simple and similar to the earlier tutorial except for this time you will use the Veracrypt wizard to create a Hidden Veracrypt Volume instead of a Standard Veracrypt Volume. + +You can create a Hidden volume within an existing Standard Volume or just use the wizard to create a new one. + +Let us say you want a container of 8GB, the Wizard will first create an "outer volume" where you will be able to store decoy information when prompted. Some decoy files (somewhat sensible, plausible but not what you want to hide) should be stored in the decoy volume. + +Then Veracrypt will ask you to create a smaller hidden container (for instance 2GB or 4GB) within the outer volume where you can store your actual hidden files. + +When you select the file for mounting in Veracrypt, depending on which password you provide, it will mount the Outer decoy volume or the Hidden volume. + +You can then mount your hidden volume and use it to store sensitive files normally. + +**Be careful when mounting the Outer decoy volume to update its content. You should protect the hidden volume from being overwritten when doing this as working in the decoy volume could overwrite data in the hidden volume.** + +To do this, when mounting the Decoy Volume, select Mount Options and Check the "Protect hidden volume" option and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt documentation: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) + +**Be extremely cautious with these file containers:** + +- **Do not store multiple versions of them or store them anywhere where some versioning is being done (by the file system or the storage system). These file containers should be identical everywhere you store them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one you are using. If you do not take this precaution, an adversary could compare two different versions of this container and prove the existence of hidden data. Follow carefully the recommendations here ** [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html)**. Remember the [Local Data Leaks and Forensics:] section.** + +- We strongly recommend storing such containers on external USB keys that you will only mount from your guest VMs and never from your Host OS. **After each modification to the files, you should clean the free space on the USB disk and make sure that any backup of such containers is absolutely identical on each key and your computer. See the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives][How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section of this guide for help on doing this.** + +- If you have time, **We will even recommend that you delete wipe the keys completely before making any modification on such containers on your computer (if you do not work from the USB key directly).** This is to prevent an adversary that would seize your assets before you could update the keys from having multiple versions of the containers that could lead to proving the existence of hidden data using forensics techniques. + +- **Do not ever store such containers on cloud storage platforms that have backups and where you have no direct control over permanent deletion. They might keep "old versions" of your files which can then also be used by forensics to prove the existence of hidden data.** + +- If you are mounting the hidden volume from your Host OS (**not recommended**), you should erase all traces of this hidden volume everywhere after use. There could be traces in various places (system logs, file systems journaling, recent documents in your applications, indexing, registry entries...). Refer to the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide to remove such artifacts. Especially on Windows. Instead, you should mount them on your Guest VMs. With Virtualbox for instance, you could take a snapshot of the VM before opening/working the hidden volume and then restore the snapshot before opening/working on it after use. This should erase the traces of its presence and mitigate the issue. Your Host OS might keep logs of the USB key being inserted but not of the hidden volume usage. Therefore, we do not recommend using these from your host OS. + +- Do not store these on external SSD drives if you are not sure you can use Trim on them (see the [Understanding HDD vs SSD][Understanding HDD vs SSD:] section). + +### Full Disk/System Backups: + +**TLDR version: Just use Clonezilla as it worked reliably and consistently with all my tests on all operating systems except for Macs where you should probably use native utilities (Time Machine/Disk utility instead) to avoid compatibility issues and since you are using Native macOS encryption. When using Windows, do not back up a partition containing a hidden OS in case you use Plausible Deniability** (as explained before, this backup could allow an adversary to prove the existence of the hidden OS by comparing the last backup to the current system where data will have changed and defeat plausible deniability, use file containers instead). + +You will have two options here: + +- (Not recommended) Doing your backup from the live operating system using a backup utility (commercial utilities such as EaseUS Todo Free, Macrium Reflect...) or native utilities like macOS Time Machine, QubesOS Backup, Ubuntu Déjà Dup, or Windows Backup...). + + - This backup can be done while the Operating System is running. + + - This backup will not be encrypted using the disk encryption but using the Backup utility encryption algorithm (which you will have to trust and cannot really control for most). Alternatively, you could encrypt the backup media yourself separately (for instance with Veracrypt). We are not aware of any free or non-free utility that natively supports Veracrypt. + + - Some utilities will allow for differential/incremental backups instead of full backups. + + - These backup utilities will not be able to restore your encrypted drive as-is as they do not support those encrypted file systems natively. And so, these will require more work to restore your system in an encrypted state (re-encryption after restoring). + +- (Recommended) Doing it offline from a boot drive (such as with the free open-source Clonezilla). + + - This backup can only be done while the Operating System is not running. + + - This backup will back up the encrypted disk as-is and therefore will be encrypted by default with the same mechanism (it is more like a fire and forget solution). The restore will also restore the encryption as-is and your system will immediately be ready to use after a restore. + + - This method will not allow incremental/differential back-ups (meaning you will have to re-do a full backup every time). + + - This method is the easiest to manage. + +We made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déjà Dup...) and personally we do not think it is worth it. Instead, we would recommend that you periodically back up your system with a simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour depending on the speed of your destination media. + +For backing up single files while you work, we recommend using file containers or encrypted media directly and manually as explained in the earlier section. + +#### Requirements: + +You will need a separate external drive with at least the same or more free space available than your source disk. If your laptop has a 250GB disk. You will need at least 250GB of free disk space for the full image backup. Sometimes this will be reduced significantly with compression by the backup utility but as a safety rule, you should have at least the same or more space on your backup drive. + +#### Some general warnings and considerations: + +- If you use Secure Boot, you will need a backup utility that supports Secure Boot which includes Clonezilla AMD64 versions. + +- Consider the use of exFAT as the file system for your backup drives as those will provide better compatibility between various OSes (macOS, Linux, and Windows) vs NTFS/HFS/ext4... + +#### Linux: + +##### Ubuntu (or any other distro of choice): + +We will recommend the use of the open-source Clonezilla utility for convenience and reliability but there are many other native Linux utilities and methods you could use for this purpose. + +So, you should follow the steps in [Appendix E: Clonezilla] + +##### QubesOS: + +Qubes OS recommends using their own utility for backups as documented here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/backup-restore/). But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. + +So, you should follow the steps in [Appendix E: Clonezilla] + +#### Windows: + +We will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial utilities that offer the same functionality, but we do not see any advantage in using any of them vs Clonezilla. + +Some warnings: + +- If you use Bitlocker for encryption with TPM[^424] enabled, you might need to save your Bitlocker Key (safely) somewhere as well as this might be needed to restore your drive if your HDD/SSD or other hardware parts changed. Another option would be to use Bitlocker without the use of TPM which would not require this option. But again, we do not recommend using Bitlocker at all. + +- You should always have a backup of your Veracrypt rescue disk at hand somewhere to be able to resolve some issues that might still appear after a restore. Remember this rescue disk does not contain your passphrase or any sensitive information. You can store it as is. + +- If you changed the HDD/SSD after a failure, Windows 10/11 may refuse to boot if your hard drive ID is changed. You should also save this ID before backing up as you might need to change the ID of the new drive as Windows 10/11 might require a matching ID before booting. See [Appendix F: Diskpart] + +- **In case you are using Plausible Deniability on Windows. DO NOT back up the hidden OS partition as this image could be used by Forensics to prove the existence of the hidden volume as explained earlier. It is okay to back up the Decoy OS partition without issues, but you should never back up the partition containing the Hidden OS.** + +Follow the steps in [Appendix E: Clonezilla] + +#### macOS: + +we would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh21241/mac) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0). + +So, plug in an external drive and it should prompt you to use it as a Time Machine backup. + +**You should however consider formatting this drive as exFAT so that it is also usable by other OSes conveniently (Windows/Linux) without added software using this guide: ** [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac) + +It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from the recovery options and you will be also able to use this disk for backing up other devices. + +It is possible to also use Clonezilla to clone your Mac Hard Drive, but it could bring hardware compatibility issues and probably will not add much in terms of security. So, for macOS, We are not specifically recommending Clonezilla. + +## Online Backups: + +### Files: + +This is a tricky one. The problem is that it depends on your threat model. + +- **TLDR: Do not store file containers with plausible deniability (Veracrypt) online.** If you use containers with plausible deniability, you should never store them on any platform where you do not have full control over the deletion process as the platform will most likely have backups of previous versions for some time. And again, these previous versions could allow forensics to prove the existence of hidden data and defeat plausible deniability. This includes platforms like DropBox, Google Drive, OneDrive, or others. The only acceptable online storage of those could be "cold storage" (meaning you will never change those files again and just keep them away untouched compared to any local version). + +- If you use normally encrypted backups without plausible deniability, you could store them pretty much anywhere if they are properly encrypted locally before uploading (for example with Veracrypt, using strong passphrases and encryption). **Do not ever trust the encryption of any online provider. Only trust your own local encryption (using Veracrypt for instance).** For these cases, you could store your backups pretty much anywhere in the accounts of your online identities (iCloud, Google Drive, DropBox...) if they are strongly encrypted locally before uploading. But you could also prefer privacy caring services such as Cryptpad.fr (1GB). + +Obviously do not ever do/access those backups from unsecured/unsafe devices but only from the secure environments, you picked before. + +#### Self-hosting: + +Self-hosting (using Nextcloud for instance) is also a possibility provided you do have an anonymous hosting + +**Please see [Appendix A1: Recommended VPS hosting providers].** + +Please also consider [Appendix B2: Monero Disclaimer]. + +#### Cloud-hosting: + +For smaller files, consider: + +- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) + +- Filen (): free tier limited to 10GB total + +We are currently not aware of any online storage/hosting platform accepting cash payments unlike providers mentioned before. + +If you do intend to store sensitive data on "mainstream platforms" (Dropbox, Google Drive, OneDrive...), **remember not to ever store plausible deniability containers on those and remember to encrypt and check (for metadata...) anything locally before uploading there**. Either with software like Veracrypt or with a software like Cryptomator (). Do not ever upload non-encrypted files on those platforms and repeating myself, only access them from a secure shielded VM. + +### Information: + +If you just want to save information (text), we will recommend the use of secure and private pastebins[^425]. Mostly we will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/productivity/#paste-services) ) : + +- + +- + +On these providers, you can just create a password-protected pad with the information you want to store. + +Just create a pad, protect it with a password and write your info in it. Remember the address of the pad. + +## Synchronizing your files between devices Online: + +To that, the answer is very simple and a clear consensus for everyone: [[Archive.org]](https://web.archive.org/web/https://syncthing.net/) + +Just use SyncThing, it is the safest and most secure way to synchronize between devices, it is free and open-source, and it can easily be used in a portable way without install from a container that needs syncing. + +# Covering your tracks: + +## Understanding HDD vs SSD: + +![image41](media/image41.png) + +If you intend to wipe your whole HDD laptop, the process is rather straightforward. The data is written at a precise location on a magnetic (hard) platter (why it is called a hard drive) and your OS knows precisely where it is on the platter, where to delete it, and where to overwrite it for secure deletion using simple processes (like just overwriting that location over and over until no traces are left). + +On the other hand, if you are using an SSD drive, the process is not as simple as the drive uses several internal mechanisms to extend its lifespan and performance. Three of those processes are of particular interest when it comes to us in this guide. SSD drives are divided themselves into two main categories: + +- ATA Drives (usually SATA and usually 2.5" format as the image above). + +- NVMe Drives (usually M.2 format as the illustration below). + +Here are examples of the most common formats: + +![image42](media/image42.png) + +All of these are sold as internal and external drives within enclosures. + +The methods and utilities to manage/wipe them will vary depending on the type of drive you are using. So, it is important you know which one you have inside your laptop. + +**On most recent laptops, chances are high that it will be one of the middle options (M.2 SATA or M.2 NVMe).** + +### Wear-Leveling. + +These drives use a technique called wear leveling[^426]. At a high level, wear leveling works as follows. The space on every disk is divided into blocks that are themselves divided into pages, like the chapters in a book are made of pages. When a file is written to disk, it is assigned to a certain set of pages and blocks. If you wanted to overwrite the file in an HDD, then all you would have to do is tell the disk to overwrite those blocks. But in SSDs and USB drives, erasing and re-writing the same block can wear it out. Each block can only be erased and rewritten a limited number of times before that block just will not work anymore (the same way if you keep writing and erasing with a pencil and paper, eventually the paper might rip and be useless). To counteract this, SSDs and USB drives will try to make sure that the number of times each block has been erased and rewritten is about the same so that the drive will last as long as possible (thus the term wear leveling). As a side effect, sometimes instead of erasing and writing the block, a file was originally stored on, the drive will instead leave that block alone, mark it as invalid, and just write the modified file to a different block. This is like leaving the chapter in the book unchanged, writing the modified file on a different page, and then just updating the book's table of contents to point to the new location. All of this occurs at a very low level in the electronics of the disk, so the operating system does not even realize it has happened. This means, however, that even if you try to overwrite a file, there is no guarantee the drive will actually overwrite it, and that's why secure deletion with SSDs is so much harder. + +Wear-leveling alone can therefore be a disadvantage for security and an advantage for adversaries such as forensics examiners. This feature makes classic "secure deletion" counter-productive and useless and is why this feature was removed on some Operating Systems like macOS (as from version 10.11 El Capitan) where you could enable it before on the Recycle Bin. + +Most of those old secure deletion utilities were written with HDD in mind and have no control over wear-leveling and are completely pointless when using an SSD. Avoid them on an SSD drive. + +### Trim Operations: + +So, what now? Well here comes the Trim[^427] operation. When you delete data on your SSD, your OS should support what is called a Trim operation command and **could (should)** issue this Trim command to the SSD drive periodically (daily, weekly, monthly...). This Trim command will then let know the SSD drive controller that there are pages within blocks containing data that are now free to be really deleted without deleting anything itself. + +Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide (macOS, Windows 10/11, Ubuntu, Qubes OS 4.1.x ...). + +If Trim operations are not done regularly (or at all), then the data is never deleted pro-actively and at some point, all the blocks and pages will be occupied by data. Your OS will not see this and will just see free space as you delete files, but your SSD controller will not (this is called Write Amplification[^428]). This will then force the SSD controller to erase those pages and blocks on the fly which will reduce the write performance. This is because while your OS/SSD can write data to any free page in any bock, erasure is only possible on entire blocks, therefore, forcing your SSD to perform many operations to write new data. Overwriting is just not possible. This will defeat the wear-leveling system and cause performance degradation of your SSD over time. Every time you delete a file on an SSD, your OS should issue a Trim command along with the deletion to let the SSD controller know the pages containing the file data are now free for deletion. + +**So, Trim itself does not delete any data but just marks it for deletion.** Data deleted without using Trim (if Trim has been disabled/blocked/delayed for instance) will still be deleted at some point by the SSD garbage collection or if you want to overwrite what the OS sees at free space. But it might stick around for a bit longer than if you use Trim. + +Here is an illustration from Wikipedia showing how it works on an SSD drive: + +![image43](media/image43.png) + +As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by a Trim operation when deleting a file). As explained on [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)); the erase operation can only be done on entire blocks (and not on single pages). + +In addition to marking files for deletion (on reputable SSD drives), Trim usually makes those unreadable using a method called "Deterministic Read After Trim" or "Deterministic Zeroes After Trim". This means that if an adversary tries to read data from a trimmed page/block and somehow manages to disable garbage collection, the controller will not return any meaningful data. + +**Trim is your ally and should always be enabled when using an SSD drive and should offer sufficient reasonable protection**. And this is also the reason you should not use Veracrypt Plausible deniability on a Trim enabled SSD as this feature is incompatible with Trim[^429]. + +### Garbage Collection: + +Garbage collection[^430] is an internal process running within your SSD drive that looks for data marked for erasure. This process is done by the SSD controller, and you have no control over it. If you go back to the illustration above, you will see that Garbage collection is the last step and will notice that some pages are marked for deletion in a specific block, then copy the valid pages (not marked for deletion) to a different free destination block and then will be able to erase the source block entirely. + +Garbage collection in itself does NOT require Trim to function, but it will be much faster and more efficient if Trim is performed. Garbage collection is one of the processes that will actually erase data from your SSD drive permanently. + +### Conclusion: + +So, the fact is that it is very unlikely[^431]'[^432] and difficult for a forensic examiner to be able to recover data from a Trimmed SSD but it is not completely impossible either[^433]'[^434]'[^435] if they are fast enough and have access to extensive equipment, skills, and motivation[^436]. + +Within the context of this guide which also uses full disk encryption. Deletion and Trim should be reasonably secure enough on any SSD drive and will be recommended as the standard method of deletion. + +## How to securely wipe your whole Laptop/Drives if you want to erase everything: + +![image44](media/image44.png) + +So, you want to be sure. To achieve 100% secure deletion on an SSD drive, you will need to use specific SSD techniques (If you are using an HDD drive, skip this part and go to your OS of choice): + +- Easy options for less experienced users: + + - If available, just use the Secure Erase option available from your BIOS/UEFI (ATA/NVME Secure Erase or Sanitize). + - It's worth noting that this relies on your drive's firmware. Some drive manufacturers have messed up the implementation, causing data to still be recoverable. + + - Just re-install a fresh operating system (delete/quick format the drive) and re-encrypt it. The full disk encryption process should erase all previous data from the disk. + + - Buy PartedMagic[^437] for 11$ and use it to erase any disk. + +- Technical options for more advanced users: + + - Overwrite the entire drive's contents + - HDDs: + - Overwrite the drive's contents using a tool like [srm](https://www.howtogeek.com/425232/how-to-securely-delete-files-on-linux/), [wipe](https://linux.die.net/man/1/wipe), [shred, etc.](https://recoverit.wondershare.com/harddrive-tips/format-and-wipe-linux-disk.html). Ideally you want to use the Gutmann method, which was created for most effective data erasure on all drives. This method also works on SSDs, although it is overkill. + - Simply overwriting the drive's contents is not always enough. Dedicated secure deletion tools are designed to perform multiple passes to more effectively wipe data. This is expecially important on older drives. we recommend using either `wipe` or `srm`. + - If using `wipe`, just use its default options (`wipe /dev/sdX`), as the defaults are tuned to most effectively wipe data on HDDs. + - If using `srm`, make sure to manually specify that it should perform a Gutmann wipe (`srm -G /dev/sdX`). + - SSDs: + - Overwrite the drive's contents. Tools like wipe or shred are often overkill, as they perform up to 35 passes. While they work, most SSDs require no more than a couple passes. + - Use `wipe` with only a couple passes: `wipe -qQ2 /dev/sdX`. + - `-qQ2` means 2 passes. Replace `2` with the desired number of passes. + - Use `srm` with a 3-pass overwrite: `srm -P /dev/sdX`. + - Use `dd`: `dd if=/dev/urandom of=/dev/sdX bs=8M status=progress conv=fsync`. This command will overwrite the drive with random data. To perform multiple passes (I recommend at least 2), simply run the command again until you're satisfied. + - The reason you run it twice is because SSDs have hidden ("overprovisioned") storage which can contain remnants of deleted data. Wiping twice forces the drive to wipe its overprovisioned storage. This is only guaranteed to work if each pass writes different data (which is why we wipe with random data on each pass). + - `bs=8M` writes 8MiB blocks at a time. This doesn't affect the quality of the data deletion, but adjusting it could affect how long it takes to wipe the drive. + + - ATA/NVMe Secure Erase: This method will remove the mapping table that keeps track of allocated data on the storage Blocks but does not destroy the actual data. + + - ATA/NVMe Sanitize Crypto Scramble (aka Instant Secure Erase, Crypto Erase), which applies to self-encrypting SSD drives: This method will change the encryption key of the self-encrypting SSD drive and render all the data stored in it unreadable. + + - ATA/NVMe Sanitize Block Erase: This method performs an actual block erase on every storage block and will destroy the data and change the encryption key if present. + + - ATA/NVMe Sanitize Overwrite **(terribly slow, could be dangerous and not recommended)**: This method performs a block erase and then overwrite every storage block (it is the same as Block Erase but will overwrite data in addition). This method is overkill and not necessary. + +- Physical Destruction: + - HDDs: + + 1. Open the drive (with a screwdriver, usually Torx T8) + + 2. Remove platters (with a screwdriver, usually Torx T6) + + 3. Rub the platters with a rare earth magnet + + 4. Break/Deform/Crush the platters + + 5. Burn the platters or cook them in an oven (**do not** skip this step) + + 6. Separate the debris + + 7. Throw away in separate places + + - SSDs: + - Ideally you should wipe the drive through other means first, as this method alone is not known to be secure against all attackers + + 1. Open the drive + + 2. Break/Crush the board and memory cells + + 3. Burn them + + 4. Separate the debris + + 5. Throw away in separate places + + - Bonus: See [[Invidious]](https://yewtu.be/watch?v=-bpX8YvNg6Y) + +For maximum overkill paranoia security, Sanitize Block Erase option should be preferred but Secure Erase is probably more than enough when considering your drive is already encrypted. Unfortunately, are no **free** easy (bootable with a graphical menu) all-in-one tools available and you will be left with either going with drive manufacturers provided tools, the free manual hdparm[^438] , and nvme-cli[^439] utilities or going with a commercial tool such as PartedMagic. + +This guide will therefore recommend the use of the free utilities hdparm and nvme-cli using a Live System Rescue system. + +If you can afford it, just buy Parted Magic for 11$ which provides an easy-to-use graphical tool for wiping SSD drives using the option of your choice[^440]'[^441]. + +**Note:** **Again, before proceeding, you should check your BIOS as some will offer a built-in tool to securely erase your drive (ATA/NVMe Secure Erase or ATA/NVMe Sanitize). If this is available, you should use that, and the following steps will not be necessary. Check this before going ahead to avoid the hassle, see [Appendix M: BIOS/UEFI options to wipe disks in various Brands]).** + +### Linux (all versions including Qubes OS): + +#### System/Internal SSD: + +- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option ("ATA/NVMe Secure Erase" or "ATA/NVMe Sanitize"). Do not use wipe with passes on an SSD drive. + +- Option B: See [Appendix D: Using System Rescue to securely wipe an SSD drive] + +- Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new encrypted data. **This method will be terribly slow compared to Option A and B as it will slowly overwrite your whole SSD. Also, note that this might not be the default behavior when using LUKS. You might have to check the option to also encrypt the empty space for this effectively wipe the drive.** + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### External SSD: + +First please see [Appendix K: Considerations for using external SSD drives] + +Trim should be sufficient in most cases and you could just use the blkdiscard command to force an entire device trim as explained here: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive) + +If your USB controller and USB SSD disk support Trim and ATA/NVMe secure erase, you could wipe them cautiously using hdparm using the same method as the System Disk above except you will not install Linux on it obviously. Keep in mind tho that this is not recommended (see Considerations above). + +If it does not support Trim and/or ATA secure erase, you could (not securely) wipe the drive normally (without passes like an HDD) and re-encrypt it completely using your utility of choice (LUKS or Veracrypt for instance). The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. + +Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or from the command line using secure-delete using this tutorial [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)). + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### Internal/System HDD: + +- Option A: Check if your BIOS/UEFI has a built-in option and use them and if it does, use the correct option (Wipe + Passes in the case of an HDD). + +- Option B: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] + +- Option C: Wipe your disk and re-install Linux with new full disk encryption to overwrite all sectors with new encrypted data. **This method will be terribly slow compared to Option A and B as it will slowly overwrite your whole HDD.** + +#### External/Secondary HDD and Thumb Drives: + +- Option A: Follow one of these tutorials: + + - [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) + + - [[Archive.org]](https://web.archive.org/web/https://linoxide.com/linux-command/commands-wipe-disk-linux/) + + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Securely_wipe_disk) + +I recommend using dd or shred for this purpose. + +- Option B: Install and use BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or follow this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) + +- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] + +### Windows: + +Unfortunately, you will not be able to wipe your Host OS using the Microsoft built-in tools within the settings. This is because your bootloader was modified with Veracrypt and will make the operation fail. In addition, this method would not be effective with an SSD drive. + +#### System/Internal SSD: + +- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option ("ATA/NVMe Secure Erase" or "ATA/NVMe Sanitize"). Do not use wipe with passes on an SSD drive. + +- Option B: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives.][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] + +- Option C: See [Appendix D: Using System Rescue to securely wipe an SSD drive] + +- Option D: Wipe your disk and re-install Windows before performing new full disk encryption (using Veracrypt or Bitlocker) to overwrite all sectors with new encrypted data. **This method will be slower compared to Option A and B as it will overwrite your whole SSD.** + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### External SSD: + +First please see [Appendix K: Considerations for using external SSD drives] + +Use the manufacturer-provided tools if possible. Those tools should provide support for safe secure erase or sanitize over USB and are available for most brands: See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives.][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] + +If you are not sure about the Trim support on your USB disk, (not securely) wipe it normally (simple quick format will do) and then encrypt the disk again using Veracrypt or Bitlocker. The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. + +Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit or PrivaZer free space erase options). See [Extra Tools Cleaning]. + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### Internal/System HDD: + +- Option A: Check if your BIOS/UEFI has a built-in option to do so and if it does, use the correct option (Wipe + Passes). + +- Option B: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] + +- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] + +#### External/Secondary HDD and Thumb Drives: + +- Option A: Check [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:] + +- Option B: Use external tools such as: + + - Eraser (open-source): [[Archive.org]](https://web.archive.org/web/https://eraser.heidi.ie/download/) + + - KillDisk Free: [[Archive.org]](https://web.archive.org/web/http://killdisk.com/killdisk-freeware.htm) + +- Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] + +### macOS: + +#### System/Internal SSD: + +Unfortunately, the macOS Recovery disk utility will not be able to perform a secure erase of your SSD drive as stated in Apple documentation [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac). + +In most cases, if your disk was encrypted with Filevault and you just perform a normal erase, it should be "enough" according to them. It is not according to me, so you have no option besides re-installing macOS again and re-encrypt it with Filevault again after re-installing. This should perform a "crypto erase" by overwriting your earlier install and encryption. This method will be quite slow, unfortunately. + +If you want to do a faster secure erase (or have no time to perform a re-install and re-encryption), you can try using the method described in [Appendix D: Using System Rescue to securely wipe an SSD drive][Appendix D: Using System Rescue to securely wipe an SSD drive] **(This will not work on M1 Macs)**. **Be careful tho as this will also erase your recovery partition which is needed to reinstall macOS.** + +#### External SSD: + +First please see [Appendix K: Considerations for using external SSD drives] + +If your USB controller and USB SSD disk support Trim and ATA secure erase, and if Trim is enabled on the disk by macOS, you can just wipe the whole disk normally and data should not be recoverable on recent disks. + +If you are not sure about Trim support or want more certainty, you can (not securely) wipe it using macOS disk utility before fully re-encrypting them again using these two tutorials from Apple: + +- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) + +- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac) or using Veracrypt full disk encryption. + +The full disk re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### External HDD and Thumb Drives: + +Follow this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) and use the secure erase option from Disk Utility which should work fine on HDD and Thumb drives. + +## How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives: + +The same principles from the earlier chapters apply to this one. The same issues arise too. + +With an HDD drive, you can securely delete files by just deleting them and then apply one or more "passes" to overwrite the data in question. This can be done with many utilities on all OSes. + +With an SSD drive, however, again everything becomes a bit complicated because you are never sure anything is really deleted due to wear leveling, reliance on the Trim operation, and garbage collection of the drive. An adversary that has the decryption key of your SSD (whether it is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your drive and then attempt a recovery using classic recovery utilities[^442] and could succeed if the data were not trimmed properly. But this is again highly unlikely. + +Since the Trim operation is not continuous on most recent hard drives but scheduled, simply forcing a Trim operation should be enough. But again, the only way to be 100% sure a file is securely deleted from your unlocked encrypted SSD is to again overwrite all the free space after deletion of the files in question or to decrypt/re-encrypt the drive. But this is overkill and not necessary. A simple disk-wide Trim should be sufficient. + +**Remember tho that no matter the deletion method you use for any file on any medium (HDD drive, SSD, USB Thumb drive). It will probably leave other traces (logs, indexing, shellbags ...) within your system and those traces will also need to be cleaned. Also, remember that your drives should be fully encrypted and so this is most likely an extra measure. More on that later in the [Some additional measures against forensics][Some additional measures against forensics:] section.** + +### Windows: + +**Remember you cannot use Trim at all if you are using Plausible Deniability on an SSD drive against all recommendations.** + +#### System/Internal SSD drive: + +At this stage, and just delete the file permanently (empty the recycle bin) and trim/garbage collection will do the rest. This should be sufficient. + +If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10/11), you could also force a disk-wide Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]). + +If data were deleted by some utility (for instance by Virtualbox when reverting a snapshot), you could also issue a disk-wide Trim to clean anything remaining using the same Optimize tool. + +Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again to force a Trim. You are done. That is probably enough in my opinion. + +![image45](media/image45.png) + +If you want more security and do not trust the Trim operation, then you will have no option but to either: + +- Decrypt and re-encrypt (using Veracrypt or Bitlocker) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. + +- Trim and then fill up the entire free space of the disk using a utility such as BleachBit or PrivaZer. + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### Internal/External HDD or a USB Thumb Drive: + +Please refer to [Appendix H: Windows Cleaning Tools] and pick a utility before going ahead. + +The process is quite simple depending on the tool you picked from the Appendix: + +- Right-click a file/folder: + + - PrivaZer: Delete without a trace + + - BleachBit: Shred with BleachBit (or see this tutorial from the EFF [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-windows)) + +In the case of USB thumb drives, consider wiping free space using one of the above utilities after file deletion or wiping them completely using Eraser / KillDisk as instructed previously. + +#### External SSD drive: + +First please see [Appendix K: Considerations for using external SSD drives] + +If Trim is supported and enabled by Windows for your external SSD drive. There should be no issue in securely deleting data normally just with normal delete commands. Additionally, you could also force a Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]): + +Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again to force a Trim. You are done. That is probably enough in my opinion. + +If Trim is not supported or you are not sure, you might have to ensure secure data deletion by: + +- Filling up all the free space after any deletion (using BleachBit or PrivaZer for instance). + +- Decrypt and Re-encrypt the disk with a different key after each deletion (using Veracrypt or Bitlocker). + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +### Linux (non-Qubes OS): + +#### System/Internal SSD drive: + +Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to Trim operations and garbage collection. + +If you do not want to wait for the periodic Trim (set to Weekly by default in Ubuntu), you could also force a disk-wide Trim by running ```fstrim --all``` from a terminal. This will issue an immediate trim and should ensure sufficient security. This utility is part of the ```util-linux``` package on Debian/Ubuntu and should be installed by default on Fedora. + +If you want more security and do not trust the Trim operation, then you will have no option but to either: + +- Decrypt and re-encrypt (using LUKS for instance following this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption)) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. + +- Trim using ```fstrim --all``` and then fill up the entire free space of the disk using a utility such as: + + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) + + - Install secure-delete package and use sfill on the root of the drive: + + - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) + + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: + + - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` + + - ```dd if=/dev/zero of=zero.file bs=1024``` + + - ```sync ; sleep 60 ; sync``` + + - ```rm zero.small.file``` + + - ```rm zero.file``` + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### Internal/External HDD drive or a Thumb Drive: + +- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) + +- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). + +#### External SSD drive: + +First please see [Appendix K: Considerations for using external SSD drives] + +If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue an ```fstrim --all``` from the terminal to trim the drive. This utility is part of the "util-linux" package on Debian/Ubuntu and should be installed by default on Fedora. + +If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility such as: + +- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. + +- Fill the free space using one of those methods: + + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) + + - Install secure-delete package and use sfill on the root of the drive: + + - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) + + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: + + - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` + + - ```dd if=/dev/zero of=zero.file bs=1024``` + + - ```sync ; sleep 60 ; sync``` + + - ```rm zero.small.file``` + + - ```rm zero.file``` + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +### Linux (Qubes OS): + +#### System/Internal SSD drive: + +As with other Linux distros, normal deletion and trim should be sufficient on most SSD drives. So just permanently delete the file (and empty any recycle bin) and it should be unrecoverable due to periodic Trim operations and garbage collection. + +Please follow this documentation to Trim within Qubes OS: [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md) + +As with other Linux Systems, if you want more security and do not trust the Trim operation then you will have no option but to either: + +- Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. We didn't find a reliable tutorial on how to do this safely on Qubes OS but it is possible this tutorial could work: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) (at your own risk, this has not been tested yet). + +- Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) and then trim using "fstrim --all" and then fill up the entire free space of the disk using a utility such as: + + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) + + - Install secure-delete package and use sfill on the root of the drive: + + - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) + + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: + + - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` + + - ```dd if=/dev/zero of=zero.file bs=1024``` + + - ```sync ; sleep 60 ; sync``` + + - ```rm zero.small.file``` + + - ```rm zero.file``` + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +#### Internal/External HDD drive or a Thumb Drive: + +Use the same method as Linux from a Qube connected to that specific USB device + +- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) + +- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). + +#### External SSD drive: + +First please see [Appendix K: Considerations for using external SSD drives] + +If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue a "fstrim --all" from the terminal to trim the drive. Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) to enable trim on a drive. + +If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility from a Qube connected to the USB device in question: + +- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. + +- Fill the free space using one of those methods: + + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) + + - Install secure-delete package and use sfill on the root of the drive: + + - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) + + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: + + - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` + + - ```dd if=/dev/zero of=zero.file bs=1024``` + +Repeat these steps on any other partition if there are separate partitions on the same SSD drive before deleting the files. + +- ```sync ; sleep 60 ; sync``` + +- ```rm zero.small.file``` + +- ```rm zero.file``` + +Repeat these steps on any other partition if there are separate partitions on the same SSD drive. + +**Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** + +### macOS: + +#### System/Internal SSD drive: + +Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to trim operations and garbage collection. + +- If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes data[^443] according to their documentation. + +"Does Apple File System support TRIM operations? + +Yes. TRIM operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are performed only after metadata changes are persisted to stable storage". + +- If your file system is HFS+, you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)) + +![image46](media/image46.png) + +#### System/Internal, External HDD drive or a Thumb Drive: + +Unfortunately, Apple has removed the secure erase options from the trash bin even for HDD drives[^444]. So, you are left with using other tools: + +- Permanent Eraser [[Archive.org]](https://web.archive.org/web/http://www.edenwaith.com/products/permanent%20eraser/) + +- From the terminal, you can use the "rm --P filename" command which should erase the file and overwrite it as explained in this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos). + +In the case of USB thumb drives, consider wiping them completely using Disk Utility as instructed previously. + +#### External SSD drive: + +First please see [Appendix K: Considerations for using external SSD drives] + +If Trim is supported and enabled by macOS for your external SSD drive. There should be no issue in securely deleting data. + +If Trim is not supported, you might have to ensure secure data deletion by: + +- Filling up all the free space after any deletion using the Linux Method above (dd). + +- Decrypt and Re-encrypt the disk with a different key after each deletion (using Disk Utility or Veracrypt). + +## Some additional measures against forensics: + +Note that the same SSD issue discussed in the earlier section will arise here. You can never really be 100% sure your SSD data is deleted when you ask it to do so unless you wipe the whole drive using specific methods above. + +We are not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. Without doing that, you will have to trust the SSD Trim operation **which in my opinion is enough**. **It is reasonable and again very unlikely that forensics will be able to restore your files after a Deletion with Trim.** + +In addition, most of these measures here should not be needed since your whole drive should be encrypted and therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these are just "bonus measures" for weak/unskilled adversaries. + +Consider also reading this documentation if you're going with Whonix [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) as well as their general hardening tutorial for all platforms here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) + +### Removing Metadata from Files/Documents/Pictures: + +#### Pictures and videos: + +On Windows, macOS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties. + +**ExifTool is natively available on Tails and Whonix Workstation.** + +##### ExifCleaner: + +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. + +##### ExifTool: + +It is actually simple, just install exiftool and run: + +- To display metadata: ```exiftool filename.jpg``` + +- To remove all metadata: ```exiftool -All= filename.jpg``` + +**Remember that ExifTool is natively available on Tails and Whonix Workstation.** + +##### Windows Native tool: + +Here is a tutorial to remove metadata from a Picture using OS provided tools: [[Archive.org]](https://web.archive.org/web/https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos) + +##### Cloaking/Obfuscating to prevent picture recognition: + +Consider the use of Fawkes [[Archive.org]](https://web.archive.org/web/https://sandlab.cs.uchicago.edu/fawkes/) ( [[Archive.org]](https://web.archive.org/web/https://github.com/Shawn-Shan/fawkes)) to cloak the images from picture recognition tech on various platforms. + +Or if you want online versions, consider: + +- [[Archive.org]](https://web.archive.org/web/https://lowkey.umiacs.umd.edu/) + +- [[Archive.org]](https://web.archive.org/web/https://adversarial.io/) + +#### PDF Documents: + +##### PDFParanoia (Linux/Windows/macOS/QubesOS): + +Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/kanzure/pdfparanoia) which will remove metadata and watermarks on any PDF. + +##### ExifCleaner (Linux/Windows/macOS/QubesOS): + +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. + +##### ExifTool (Linux/Windows/macOS/QubesOS): + +It is actually simple, just install exiftool and run: + +- To display metadata: ```exiftool filename.pdf``` + +- To remove all metadata: ```exiftool -All= filename.pdf``` + +#### MS Office Documents: + +First, here is a tutorial to remove metadata from Office documents: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f). Make sure however that you do use the latest version of Office with the latest security updates. + +Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties + +##### ExifCleaner: + +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. + +##### ExifTool: + +It is actually simple, just install exiftool and run: + +- To display metadata: ```exiftool filename.docx``` + +- To remove all metadata: ```exiftool -All= filename.docx``` + +#### LibreOffice Documents: + +- select Files in the upper menu + + - Select Properties + + - Uncheck "Apply User Data" + + - Uncheck "Save Preview image with the Document" + + - Click "Reset Properties" + + - Make sure there is nothing on the Description and Custom Properties tabs + +- Select Tools in the upper menu + + - Select Options + + - Select Security + + - Click "Security Options and Warning" + + - Check: + + - "When printing" + + - "When saving or sending" + + - "When creating PDF files" + + - "Remove personal information on saving" + +In addition, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing additional properties + +##### ExifCleaner: + +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. + +##### ExifTool: + +It is actually simple, jut install exiftool and run: + +- To display metadata: ```exiftool filename.odt``` + +- To remove all metadata: ```exiftool -All= filename.odt``` + +#### All-in-one Tool: + +Another option good tool to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]](https://web.archive.org/web/https://0xacab.org/jvoisin/mat2)) which you can use on Linux quite easily. I never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. + +So, we would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then use from your other VMs to analyze various files from a convenient web interface. For this see [Appendix L: Creating a mat2-web guest VM for removing metadata from files] + +![image47](media/image47.png) + +Mat2 is also pre-installed on the Whonix Workstation VM[^446] and available on Tails by default[^447]. + +### Tails: + +Tails is great for this; you have nothing to worry about even if you use an SSD drive. Shut it down and it is all gone as soon as the memory decays. + +### Whonix: + +Note that it's possible to run Whonix in Live mode leaving no traces when you shut down the VMs, consider reading their documentation here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Live_Mode) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning). + +### macOS: + +#### Guest OS: + +Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a Trim command on your Mac using Disk Utility by executing a first-aid on the Host OS again as explained at the end of the next section. + +#### Host OS: + +Most of the info from this section can also be found at this nice guide [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + +##### Quarantine Database (used by Gatekeeper and XProtect): + +macOS (up to and including Big Sur) keeps a Quarantine SQL Database of all the files you ever downloaded from a Browser. This database is located at ```~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2```. + +You can query it yourself by running the following command from terminal: ``` sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 "select * from LSQuarantineEvent" ``` + +This is a goldmine for forensics, and you should disable this: + +- Run the following command to clear the database completely: ```:>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2``` + +- Run the following command to lock the file and prevent further download history from being written there: ```sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2``` + +Lastly, you can also disable Gatekeeper altogether by issuing the following command in the terminal[^448]: + +- ```sudo spctl --master-disable``` + +Refer to this section of this guide for further information [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + +In addition to this convenient database, each saved file will also carry detailed file system HFS+/APFS attributes showing for instance when it was downloaded, with what, and from where. + +You can view these just by opening a terminal and typing ```mdls filename``` and ```xattr -l filename``` on any downloaded file from any browser. + +To remove such attributes, you will have to do it manually from the terminal: + +- Run ```xattr -d com.apple.metadata:kMDItemWhereFroms filename``` to remove the origin + + - You can also just use -dr to do it recursively on a whole folder/disk + +- Run ```xattr -d com.apple.quarantine filename``` to remove the quarantine reference + + - You can also just use -dr to do it recursively on a whole folder/disk + +- Verify by running ```xattr --l filename``` and there should be no output + +(Note that Apple has removed the convenient xattr --c option that would just remove all attributes at once so you will have to do this for each attribute on each file) + +**These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy (right?), and we are not aware of any convenient tool that will deal with those at the moment.** + +Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are set by the browsers. So, we tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the results as of the date of this guide: + +| **Browser** | **Quarantine DB Entry** | **Quarantine File Attribute** | **Origin File Attribute** | +|------------------------------|------------------------------|-------------------------------|---------------------------| +| **Safari (Normal)** | **Yes** | **Yes** | **Yes** | +| **Safari (Private Window)** | **No** | **No** | **No** | +| **Firefox (Normal)** | **Yes** | **Yes** | **Yes** | +| **Firefox (Private Window)** | **No** | **No** | **No** | +| **Chrome (Normal)** | **Yes** | **Yes** | **Yes** | +| **Chrome (Private Window)** | **Partial (timestamp only)** | **No** | **No** | +| **Brave (Normal)** | **Partial (timestamp only)** | **No** | **No** | +| **Brave (Private Window)** | **Partial (timestamp only)** | **No** | **No** | +| **Brave (Tor Window)** | **Partial (timestamp only)** | **No** | **No** | +| **Tor Browser** | **No** | **No** | **No** | + +As you can see for yourself the easiest mitigation is to just use Private Windows. These do not write those origin/quarantine attributes and do not store the entries in the QuarantineEventsV2 database. + +Clearing the QuarantineEventsV2 is easy as explained above. Removing the attributes takes some work. **Brave is the only tested browser that will not store those attributes by default in normal operations.** + +##### Various Artifacts: + +In addition, macOS keeps various logs of mounted devices, connected devices, known networks, analytics, documents revisions... + +See this section of this guide for guidance on where to find and how to delete such artifacts: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + +Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]](https://web.archive.org/web/https://www.titanium-software.fr/en/onyx.html). Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. + +##### Force a Trim operation after cleaning: + +- If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes data. + +- If your file system is HFS+ (or any other than APFS), you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)). + +![image46](media/image46.png) + +### Linux (Qubes OS): + +Please consider their guidelines [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md) + +If you are using Whonix on Qubes OS, please consider following some of their guides: + +- Whonix System Hardening guide [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) + +- Enabling App Armor on Qubes [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) + +- Also, consider the use of Linux Kernel Guard [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) + +### Linux (non-Qubes): + +#### Guest OS: + +Revert to an earlier snapshot of the Guest VM on Virtualbox (or any other VM software you are using) and perform a trim command on your laptop using ```fstrim --all```. This utility is part of the ```util-linux``` package on Debian/Ubuntu and should be installed by default on Fedora. Then switch to the next section. + +#### Host OS: + +Normally you should not have traces to clean within the Host OS since you are doing everything from a VM if you follow this guide. + +Nevertheless, you might want to clean some logs. Consider having a look this convenient (but unfortunately unmaintained) tool: [[Archive.org]](https://web.archive.org/web/https://github.com/sundowndev/covermyass) + +After cleaning up, make sure you have the fstrim utility installed (should be by default on Fedora) and part of the ```util-linux``` package on Debian/Ubuntu. Then just run ```fstrim --all``` on the Host OS. This should be sufficient on SSD drives as explained earlier. + +Consider the use of Linux Kernel Guard as an added measure [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) + +### Windows: + +#### Guest OS: + +Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a trim command on your Windows using the Optimize as explained at the end of the next section + +#### Host OS: + +Now that you had a bunch of activities with your VMs or Host OS, you should take a moment to cover your tracks. **Most of these steps should not be undertaken on the Decoy OS in case of the use of plausible deniability. This is because you want to keep decoy/plausible traces of sensible but not secret activities available for your adversary. If everything is clean, then you might raise suspicion.** + +##### Diagnostic Data and Telemetry: + +First, let us get rid of any diagnostic data that could still be there: + +- After each use of your Windows devices, go into Settings, Privacy, Diagnostic & Feedback, and Click Delete. + +Then let us re-randomize the MAC addresses of your Virtual Machines and the Bluetooth Address of your Host OS. + +- After each shutdown of your Windows VM, change its MAC address for next time by going into Virtualbox > Select the VM > Settings > Network > Advanced > Refresh the MAC address. + +- After each use of your Host OS Windows (your VM should not have Bluetooth at all), Go into the Device Manager, Select Bluetooth, Disable the Device and Re-Enable the device (this will force a randomization of the Bluetooth Address). + +##### Event logs: + +Windows Event logs will keep many various pieces of information that could contain traces of your activities such as the devices that were mounted (including Veracrypt NTFS volumes for instance[^333]), your network connections, app crash information, and various errors. It is always best to clean those up regularly. Do not do this on the Decoy OS. + +- Start, search for Event Viewer, and launch Event Viewer: + + - Go into Windows logs. + + - Select and clear all five logs using a right-click. + +##### Veracrypt History: + +By default, Veracrypt saves a history of recently mounted volumes and files. You should make sure Veracrypt never saves History. Again, do not do this on the Decoy OS if you are using plausible deniability for the OS. We need to keep the history of mounting the decoy Volume as part of the plausible deniability: + +- Launch Veracrypt + +- Make sure the "Never saves history" checkbox is checked (this should not be checked on the Decoy OS) + +Now you should clean the history within any app that you used including Browser history, Cookies, Saved Passwords, Sessions, and Form History. + +##### Browser History: + +- Brave (in case you did not enable cleaning on exit) + + - Go into Settings + + - Go into Shields + + - Go into Clear Browsing Data + + - Select Advanced + + - Select "All Time" + + - Check all the options + + - Clear Data + +- Tor Browser + + - Just close the Browser and everything is cleaned + +##### Wi-Fi History: + +Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you "forgot" those in the Wi-Fi settings. As far as we know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way: + +- Launch Regedit using this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11) + +- Within Regedit, enter this to the address bar: ```Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles``` + +- There you will see a bunch of folders to the right. Each of those folders is a "Key". Each of those keys will contain information about your current known Wi-Fi or past networks you used. You can explore them one by one and see the description on the right side. + +- Delete all those keys. + +##### Shellbags: + +As explained earlier, Shellbags are basically histories of accessed volumes/files on your computer. Remember that shellbags are exceptionally useful sources of information for forensics[^325] and you need to clean those. Especially if you mounted any "hidden volume" anywhere. Again, you should not do this on the Decoy OS: + +- Download Shellbag Analyzer & Cleaner from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php) + + - Launch it + + - Analyze + + - Click Clean and select: + + - Deleted Folders + + - Folders on Network / External devices + + - Search Results + + - Select advanced + + - Check all except the two backup options (do not backup) + + - Select SSD cleanup (if you have an SSD) + + - Select one pass (All zero) + + - Clean + +##### Extra Tools Cleaning: + +After cleaning those earlier traces, you should also use third-party utilities that can be used to clean various traces. These include the traces of the files/folders you deleted. + +Please refer to [Appendix H: Windows Cleaning Tools] before continuing. + +###### PrivaZer: + +Here are the steps for PrivaZer: + +- Download and install PrivaZer from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download.php) + + - Run PrivaZer after install + + - Do not use their Wizard + + - Select Advanced User + + - Select Scan in Depth and pick your Target + + - Select Everything you want to Scan and push Scan + + - Select What you want to be cleaned (skip the shell bag part since you used the other utility for that) + + - **You should just skip the free space cleaning part if using an SSD and instead just use the native Windows Optimize function (see below) which should be more than enough. We would only use this on an HDD drive.** + + - (If you did select Free Space cleaning) Select Clean Options and make sure your type of Storage is well detected (HDD vs SSD). + + - (If you did select Free Space cleaning) Within Clean Options **(Be careful with this option as it will erase all the free space on the selected partition, especially if you are running the decoy OS. Do not erase the free space or anything else on the second partition as you risk destroying your Hidden OS)** + + - If you have an SSD drive: + + - Secure Overwriting Tab: We would just pick Normal Deletion + Trim (Trim itself should be enough[^342]). Secure Deletion with Trim[^339] (1 pass) might be redundant and overkill here if you intend to overwrite the free space anyway. + + - Free Space Tab: Personally, and again "just to be sure", we would select Normal Cleanup which will fill the entire free space with Data. We do not really trust Smart Cleanup as it does not actually fill all the free space of the SSD with Data. But again, this is probably not needed and overkill in most cases. + + - If you have an HDD drive: + + - Secure Overwriting Tab: We would just pick Secure Deletion (1 pass). + + - Free Space: We would just pick Smart Cleanup as there is no reason to overwrite sectors without data on an HDD drive. + + - Select Clean and Pick your flavor: + + - Turbo Cleanup will only do normal deletion (on HDD/SSD) and will not clean free space. It is not secure on an HDD nor an SSD. + + - Quick Cleanup will do secure deletion (on HDD) and normal deletion + trim (on SSD) but will not clean free space. This is secure enough for SSD but not for HDD. + + - Normal Cleanup will do secure deletion (on HDD) and normal deletion + trim (on SSD) and will then clean the whole free space (Smart Cleanup on HDD and Full Cleanup on SSD) and should be secure. This option is the best for HDD but completely overkill for SSD. + + - Click Clean and wait for cleaning to finish. Could take a while and will fill your whole free space with data. + +###### BleachBit: + +Here are the steps for BleachBit: + +- Get and install the latest version from BleachBit here [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download) + +- Run BleachBit + +- Clean at least everything within those sections: + + - Deep Scan + + - Windows Defender + + - Windows Explorer (including Shellbags) + + - System + + - Select any other traces you want to remove from their list + + - Again, as with the earlier utility, we would not clean the free space on an SSD drive because we think the Windows native "optimize" utility is enough (see below) and that filling up the free space on a trim enabled SSD is just completely overkill and unnecessary. + + - Click Clean and wait. This will take a while and will fill your whole free space with data on both HDD and SSD drives. + +##### Force a Trim with Windows Optimize (for SSD drives): + +With this Native Windows 10/11 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them. + +Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation ( [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/20220804150134/https://en.wikipedia.org/wiki/Trim_(computing))). + +![image45](media/image45.png) + +## Removing some traces of your identities on search engines and various platforms: + +Chances are your actions (such as posts on various platforms, your profiles) will be indexed (and cached) by many search engines. + +Contrary to widespread belief, it is possible to have some but not all this information removed by following some steps. While this might not remove the information on the websites themselves, it will make it harder for people to find it using search engines: + +- First, you will have to delete your identities from the platform themselves if you can. Most will allow this but not all. For some, you might have to contact their support/moderators and for others, there will be readily available forms to do so. + +- If they do not allow the removal/deletion of profiles, there might be a possibility for you to rename your identity. Change the username if you can and all account information with bogus information including the e-mail. + +- If allowed, you can also sometimes edit past posts to remove the information within those. + +You can check some useful information about how to and get delete various accounts on these websites: + +- [[Archive.org]](https://web.archive.org/web/https://justdeleteme.xyz/) + +- [[Archive.org]](https://web.archive.org/web/https://justgetmydata.com/) + +When you are done with this part, you should now handle search engines and while you may not be able to have the information deleted, you can ask them to update/remove outdated information which could then remove some cached information. + +### Google: + +**Unfortunately, this will require you to have a Google account to request the update/removal (however this can be done with any Google account from anyone). There is no way around this except waiting.** + +Go to their "Remove outdated content from Google Search" page here: [[Archive.org]](https://web.archive.org/web/https://search.google.com/search-console/remove-outdated-content) and submit a request accordingly. + +If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. + +These requests might take several days to process. Be patient. + +### Bing: + +**Unfortunately, this will require you to have a Microsoft account to request the update/removal (however this can be done with any Microsoft account from any identity). There is no way around this except waiting.** + +Go to their "Content Removal" page here: [[Archive.org]](https://web.archive.org/web/https://www.bing.com/webmasters/tools/contentremoval) and submit a request accordingly. + +If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. + +This might take several days to process. Be patient. + +### DuckDuckGo: + +DuckDuckGo does not store a cached version of pages[^449] and will instead forward you to a Google/Bing cached version if available. + +In addition, DuckDuckGo source most of their searches from Bing (and not Google)[^450] and therefore removing the content from Bing should in time have it removed it from DuckDuckGo too. + +### Yandex: + +**Unfortunately, this will require you to have a Yandex account to request removals (however this can be done with any Yandex account from any identity). There is no way around this except waiting.** + +Once have your Yandex account, head to the Yandex Webmaster tools [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/) and then select Tools and Delete URL [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/tools/del-url/) + +There you could input the URL that does not exist anymore if you had them deleted. + +This will only work with pages that have been deleted and therefore will not work with removing the cache of existing records. For that unfortunately there is no tool available to force a cache update, but you can still try their feedback tool: + +Search for the page that was changed (where your profile was deleted/changed) and click the arrow next to the result. Select Complain. And submit a complaint about the page not matching the search result. Hopefully, this will force Yandex to re-crawl the page and re-index it after some time. This could take days or weeks. + +### Qwant: + +As far as we know, there is no readily available tool to force this, and you will have to wait for the results to get updated if there is any. If you know a way, please report this to us through the GitHub issues. + +### Yahoo Search: + +Yes, Yahoo Search still exists but as per their help page [[Archive.org]](https://web.archive.org/web/https://help.yahoo.com/kb/SLN4530.html), there is no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks. + +### Baidu: + +As far asWeknow, there is no readily available tool to force this unless you control the website (and do it through their webmaster tools). Therefore, you will have to wait for the results to get updated if there is any. If you know a way, please report this to me through the GitHub issues. + +### Wikipedia: + +As far asWeknow, there is no way to remove information from Wikipedia articles themselves but if you just want to remove traces of your username from it (as a user that contributed), you can do so by following these steps: [[Wikiless]](https://wikiless.org/wiki/Wikipedia:Courtesy_vanishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing) + +This will not remove any information about your online identities that could appear in other articles but only your own identity on Wikipedia as a user. + +### Archive.today: + +Some information can sometimes be removed on demand (sensitive information for example) as you can see many examples here: + +This is done through their "ask" page here: + +### Internet Archive: + +You can remove pages from internet archives but **only if you own the website in question** and contact them about it. Most likely you will not be able to remove archives from say "Reddit posts" or anything alike. But you could still ask and see what they answer. + +As per their help page + +"How can we exclude or remove my site's pages from the Wayback Machine? + +You can send an e-mail request for us to review to info@archive.org with the URL (web address) in the text of your message". + +### Others: + +Have a look at those websites: + +- + +- [[Archive.org]](https://web.archive.org/web/https://inteltechniques.com/workbook.html) + +# Some low-tech old-school tricks: + +## Hidden communications in plain sight: + +You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure operating systems ...) can make you suspicious just by using them. Using could be the equivalent of stating openly "I something to hide" to an observer which could then motivate some adversaries to investigate/survey you further. + +So, there are other ways you could exchange or send messages online to others in case of need without disclosing your identity or establishing direct communication with them. These have been in use by various organizations for decades and can be of help if you do not want to attract attention by using secure tech while still communicating some sensitive information without attracting attention. + +A commonly used technique that combines the idea of a Dead Drop[^451] and Secure Communication Obfuscation[^452] through Steganography[^453] and/or Kleptography[^454] and has many names such as Koalang[^455] or "Talking Around" or even "Social Steganography". This technique is very old and still widely used nowadays by teenagers to bypass parental control. It is hiding in plain sight. + +Here is one example if you want to let someone know something is wrong and they should go dark? That they should immediately wipe all their data, get rid of their burner phones and sensitive information? + +What if you want to let someone you trust (friends, family, lawyers, journalists ...) know that you are in trouble, and they should look out for you? + +All this without revealing the identity of the person you are sending the message to nor disclosing the content of that message to any third party and without raising suspicions and without using any of the secure methods mentioned above. + +Well, you could just use any online public platform for this (Instagram, Twitter, Reddit, any forum, YouTube ...) by using in-context (of the chosen platform/media) agreed upon (between you and your contact) coded messages that only your contact would understand. + +This could be a set of specific emojis or a specifically worded mundane comment. Or even just a like on a specific post from a known influencer you usually watch and like. While this would look completely normal to anyone, this could mean a lot to a knowledgeable reader who could then take appropriate agreed-upon actions. You could also hide the message using Steganography using for instance . + +You do not even have to go that far. A simple "Last seen" time on a specific account could be enough to trigger a message agreed upon. If your interlocutor sees that this account was online. It could mean there is an issue. + +## How to spot if someone has been searching your stuff: + +There are some old tricks that you can use to spot if people have been messing with your stuff while you were away. + +One trick for instance is quite simple and just requires a wire/cable. Simply lay objects on your desk/night table or in your drawers following a straight line. You can use a simple USB cable as a tool to align them. + +Make a line with your cable and place objects along the line. When you are back, just check those places and check if the objects are still placed along the line. This allows you not to remember precisely where your things were without taking pictures. + +Fortunately, modern technology has made this even simpler. If you suspect someone might be looking through your stuff while you are away, you can just take a picture of the area with your phone before leaving. When you are back, just compare the areas with your pictures and everything should be exactly where you left it. If anything moved, then someone was there. + +It will be extremely hard and time-consuming for an adversary to search through your stuff and then replace it exactly as you left it with complete precision. + +What if it is a printed document or book and you want to know if someone read it? Even simpler. Just carefully make a note within the document with a pencil. And then erase it with any pencil eraser as if you wanted to correct it. The trick is to carefully leave the eraser traces/residues on the area you erased/pencil written areas and close the document. You could also take a picture of the residues before closing the document. + +Most likely if someone went through your document to read it and re-placed it carefully, this residue will fall off or be moved significantly. It is a simple old-school trick that could tell you someone searched a document you had. + +# Some last OPSEC thoughts: + +Wait, what is OPSEC? Well, OPSEC means Operations Security[^456]. The basic definition is: "OPSEC is the process of protecting individual pieces of data that could be grouped together to give the bigger picture." + +The important step here, and probably the easiest one, is a lesson you can take from the movie Fight Club: the first rule is that you **do not** talk about Fight Club. This applies to many aspects of your online operational security or OPSEC. Taking your time to go through this guide will reward you with the tools and knowledge to embrace a fuller, more secure experience on the internet. Rest assured that this guide will reveal things to you that will frustrate your enemy. You will learn how to protect your operating systems and lockdown your critical information and ensure mission success. But the one thing you must adhere to is this rule of thumb - do not talk about operation details. The biggest adversarial threat to you is OSINT (discussed below and throughout the document). The enemy will gather information on you based on what they observe about you and your activities online and in real life. + +Adversaries take many forms. To some, they are actors of a foreign government, while to others they may be simply a rival company's employee looking to find disgruntled workers to target for further pressuring. To most, the general task of OPSEC is that this is your ship - you must not do anything or say anything to sink your own ship. Simply expressing your frustration with your boss or your work conditions or your equipment, might be enough to generate not only a behavior profile but also a vector of attack. A disgruntled employee, in this example, is what generally provides enough information to warrant pressuring of that employee for further information and possibly even extortion, blackmail, or worse. Failure to implement basic OPSEC can lead to failure at various points. It can lead to serious injury or even death if your threat model is a determined attacker, foreign actor, and so on. + +You must live by the simple rule that "loose lips sink ships" - but also that they are usually your lips which will do the sinking. OPSEC is often just applying common sense and being cautious about your activities including in the physical world: + +## Digital and Online OPSEC + +- **Remember to use passphrases or suits of words instead of short passwords and use a different one for each service. See [Appendix A2: Guidelines for passwords and passphrases].** + +- Make sure you are not keeping a copy of this guide anywhere unsafe after. The sole presence of this guide will most likely defeat all your plausible deniability possibilities. + +- OSINT "yourself" and your identities from time to time by looking for them yourself online using various search engines to monitor your online identities. You can even automate the process somewhat using various tools such as Google Alerts [[Archive.org]](https://web.archive.org/web/https://www.google.com/alerts). + +- Do not ever use biometrics alone to safeguard your secrets. Biometrics can be used without your consent. + +- Do check the signatures and hashes of software and documents you download before installing/viewing them. + +- Do not have the same behavior such as visiting the same links on the clearnet then visit the same with the your anoynous online identity. Watch this DEF CON 25 presentation if you didn't before: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo). + +- Encrypt everything but do not take it for granted. Remember the 5$ wrench. + +## Physical and IRL OPSEC + +- Remember the ["Physically Tamper protect your laptop"][Physically Tamper protect your laptop:] section. + +- See ["Appendix B4: Important notes about evil-maid and tampering"][Appendix B4: Important notes about evil-maid and tampering] + +- Remember the [How to spot if someone has been searching your stuff][How to spot if someone has been searching your stuff:] section. + + +- Consider the use of Haven [[Archive.org]](https://web.archive.org/web/https://guardianproject.github.io/haven/) on some old android phone to keep watch on your home/room while you are away. + +- Remember [Appendix N: Warning about smartphones and smart devices]. Do not forget your smart devices can compromise your anonymity. + +- Do not ever travel with those devices if you must pass strong border checks and where they could be illegal or raise suspicion. + +- Do not plug any equipment in that laptop unless you trust it. Use a USB data blocker for charging. + +- Remember the first rule of fight club and do not talk to anyone about your sensitive activities using your real identity. + +- Keep a normal life and do not be weird. If you spend all your online time using Tor to access the internet and have no social network accounts at all ... You are already suspicious and attracting unnecessary attention. + +- Keep plausible deniability as an option but remember it will not help against the 5$ wrench either. + +- Never ever leave your laptop unattended/on/unlocked anywhere when conducting sensitive activities. Remember the story of Ross Ulbricht and his arrest [[Wikiless]](https://wikiless.org/wiki/Ross_Ulbricht) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Ross_Ulbricht). + +- Check for tampering regularly (not only your devices but also your home/room). + +- If you can, do not talk to the police/authorities (at least if you are in the US) [[Invidious]](https://yewtu.be/watch?v=d-7o9xYp7eE) without a lawyer. Remain silent. + +- Know and always have at your disposal the details of a lawyer that could help you as a last resort in case things go wrong. + +- Keep your situation awareness high but not too high as to appear suspicious. + +- Consider using a physical security key (e.g., YubiCo YubiKey) for various protections against account compromise. **(Not covered in this version of the guide but is a work in progress for later versions.)** + +- Read the tips here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) + +- **Have common sense, do not be dumb, look and learn from others' mistakes, watch/read these:** + + - Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep Making [[Scribe.rip]](https://scribe.rip/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) [[Archive.org]](https://web.archive.org/web/https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) + + - 2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still Matters [[Invidious]](https://yewtu.be/watch?v=IqZZU9lFlF4) + + - 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack [[Invidious]](https://yewtu.be/watch?v=zXmZnU2GdVk) + + - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]](https://yewtu.be/watch?v=eQ2OZKitRwc) ([Slides](https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf) [[Archive.org]](https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf)) + + - 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev [[Invidious]](https://yewtu.be/watch?v=6Chp12sEnWk) + + - 2017, [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) + + - 2015, DEF CON 22, Zoz, Don't Fuck It Up! [[Invidious]](https://yewtu.be/watch?v=J1q4Ir2J8P8) + + - 2020, Bad Opsec, How Tor Users Got Caught, [[Invidious]](https://yewtu.be/watch?v=GR_U0G-QGA0) + + - 2022, Master of OpSec Masters: A View Through the Prism of Time, [[Archive.org]](https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q) + - 2022, How can you become a one-man-army OSINT specialist? [[Archive.org]](https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) + + +It is recommended that you learn about the common ways people mess up OPSEC [[Archive.org]](https://web.archive.org/web/20220717064253/https://dan-kir.github.io/2022/05/26/OPSEC-notes.html). Whatever you do, take OPSEC seriously, and [Don't Fuck It Up!](https://www.youtube.com/watch?v=J1q4Ir2J8P8) + +**FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER THAN TECHNICAL FAILURES.** + +# What to do if you detected tampering or searching ? + +- In the case of a laptop, they likely placed a key-logger, and possible network and gps capabilities. We recommend to open your laptop take the drive (which should be fully encrypted) and leave for a safe place and abandonning the laptop. Do not try to remove the "bug" as this could put you in physical danger. + +- If you detected searching of your room, home... Again we recommend leaving for a safe place while abandoning everything in the room that could also be "bugged". + +- Do your best to not let your adversary suspect or know you detected the search and/or the tampering. Be creative. Call a friend for example just to tell you're gonna go to the supermarket to buy food. + +# **If you think you got burned:** + +## If you have some time: + +- Don't Panic. + +- Delete everything you can from the internet related to that specific identity (accounts, comments ...). + +- Delete everything offline you have related to that identity including the backups. + +- (If using a physical SIM) Destroy the SIM card and trash it in a random trash can somewhere. + +- (If using a physical Burner Phone) Erase then destroy the Burner phone and trash it in a random trashcan somewhere. + +- Securely erase the laptop hard drive and then ideally proceed to physically destroy the HDD/SSD/Laptop and trash it somewhere. + +- Do the same with your backups. + +- Keep the details of your lawyer nearby or if needed, call them in advance to prepare your case if needed. + +- Return to your normal activities and hope for the best. + +## If you have no time: + +- Don't Panic. + +- Try to shut down/hibernate the laptop as soon as possible and hope for the best. If you are fast enough, your memory should decay or be cleaned, and your data should be mostly safe for the time being. + +- Contact a lawyer if possible and hope for the best and if you cannot contact one (yet), **try to remain silent (if your country allows it) until you have a lawyer to help you and if your law allows you to remain silent.** + +Keep in mind that many countries have specific laws to compel you to reveal your passwords that could override your "right to remain silent". See this Wikipedia article: [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) and this other visual resource with law references [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/). + +# A small final editorial note: + +After reading this whole guide, we hope you will have gained some additional beneficial insight about privacy and anonymity. It is clear now, in my humble opinion, that the world we live in has only a few safe harbors remaining where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references should, we hope, reveal to you how far down we are in the rabbit hole. + +You should also know that most of the digital information described in length in this guide can be forged or tampered with by a motivated adversary for any purpose. Even if you do manage to keep secrets from prying eyes, anyone can fabricate anything to fit their narrative: + +- IP logs, DNS logs, Geolocation logs, and Connection logs can be forged or tampered with by anyone using a simple text editor without leaving traces. + +- Files and their properties can be created, altered, and timestamped by anyone using simple utilities without leaving traces. + +- EXIF information of pictures and videos can be altered by anyone using simple utilities without leaving traces. + +- Digital Evidence (Pictures, Videos, Voice Recordings, E-Mails, Documents...) be crafted, placed, removed, or destroyed with ease without leaving traces. + +You should not hesitate to question this type of information from any source in this age of disinformation. + +**"A lie can travel halfway around the world while the truth is putting on its shoes"**[^457] + +Please keep thinking for yourself, use critical thinking, and keep an open mind. "Sapere Aude" (Dare to know!). + +**"In the end the Party would announce that two and two made five, and you would have to believe it" -- George Orwell, 1984, Book One, Chapter Seven.** + +Consider helping others (see [Helping others staying anonymous][Helping others staying anonymous:]) + +# Donations: + +**This project has no funding or sponsoring, and donations are more than welcome.** + +See: + +**(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of the repository if you do not know how to do that)**. + +# Helping others staying anonymous: + +If you want to give a hand to users facing censorship and oppression, please consider helping them by helping the Tor Network. You can do so in several ways: + +- The Easiest: + + - Using the Snowflake addon on your browser ( [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/)) + +- Slightly more work: + + - Running a Tor relay node ( [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/)) + + - See [Recommended VPS hosting providers] + + - Additional Tutorial: [[Archive.org]](https://web.archive.org/web/https://torrelay.ca/) + +If you want a bit more challenge, you can also run a Tor Exit node anonymously using the recommended VPS providers above. + +For this, see [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/tips-running-exit-node) + +This project for instance is running several Tor Exit nodes using donations to fund. You can see them here: + +# Acknowledgments: + +- **Very Special Thanks to Edward Snowden and who inspired me to write this guide (buy and read his book please ** [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography))**)** + +- **Huge thanks to the people who donated to this project anonymously** + +- **Special Thanks to LiJu09 for helping with the Light theme of the website (****)** + +- **Special Thanks to Simplelogin.io people for providing a free lifetime premium access to their service** + +- Thanks to GitHub for hosting this project and the many people who starred it + +- Thanks to Njal.la for providing a domain name and VPS hosting anonymously + +- Thanks to 1984.is for providing VPS hosting anonymously + +- Thanks to all the people who contributed and shared this guide with others + +- Thanks to the people at the Internet Archive and Archive.today projects + +- Thanks to the people at the Monero project + +- Thanks to the people at the Zcash project + +- Thanks to the people at the Wikipedia project + +- Thanks to the people at the Tails project + +- Thanks to the people at the HiddenVM project + +- Thanks to the people at the Whonix project + +- Thanks to the people at the Qubes OS project + +- Thanks to the people at the Veracrypt project + +- Thanks to the people at the Tor and OONI Projects + +- Thanks to the people at the Briar project + +- Thanks to the people at the OnionShare project + +- Thanks to the people at the Element/Matrix project + +- Thanks to the people at the Jami project + +- Thanks to the people at the KeePass and KeePassXC projects + +- Thanks to the people at the Fawkes project + +- Thanks to the people at the VirtualBox project + +- Thanks to the people at the ExifCleaner, Mat2, and ExifTool projects + +- Thanks to the people at the Go Incognito Project from Techlore + +- Thanks to Didier Stevens for his pdf-tools + +- Thanks to the people at the EFF + +- Thanks to the people at the SANS + +- Thanks to the people at the OWASP Project + +- Thanks to the people at the Privacyguides.org project + +- Thanks to the people at BlackHat, DEF CON, and CCC + +- Thanks to the people at Bellingcat and other OSINT/Forensics researchers **(and sorry for making their life more difficult with this guide)** + +- Thanks to the makers of the Social Dilemma documentary **(go watch it if you did not yet)** + +- Thanks to Michael Bazzell and his great OSINT books which we recommend you **buy** at + +- Thanks to Randall Munroe at XKCD for his great and insightful webcomics. + +- Thanks to the people at the various few commercial entities who do take privacy seriously + +- Thanks to the whole open-source community and especially the Linux community + +- Thanks to the many researchers, journalists, lawyers, and individuals referenced in this guide for their various research and projects + +- Thanks to the following individuals for their input and help: + + - NobodySpecial, + + - Mahanihaka + +# Appendix A: Windows Installation + +This is the Windows 10/11 installation process that should be valid for any Windows 10/11 install within this guide. + +### Windows 10 (See below for Windows 11) + +## Installation: + +DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). + +- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. + +- Click "Install Now" + +- Select "I don't have a product key" + +- Select the flavor you want: + + - Host OS: Use + + - You intend to use Plausible Deniability: Windows Home + + - You do not intend to use Plausible Deniability: Windows Pro + + - VM OS: Use Windows Pro or Windows Pro N + +- Select Custom + +- Storage: + + - If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, **select the whole disk** and proceed with the installation (skip the next step). + + - If this is part of a plausible deniability encryption set up on the Host OS: + + - If you are installing Windows for the first time (Hidden OS): + + - Delete the current partitions + + - Create the First partition with at least 50GB of disk space (about a third of the total disk space). + + - Create a second partition with the remaining two-thirds of the total disk space. + + - If you are installing Windows for the second time (Decoy OS): + + - Do not Delete the current partitions + + - Install Windows on the first partition you created during the first install. + + - Proceed with the install in the first partition + +- Start the install process + +- Select the Region "United States" + +- Skip the additional Keyboard Layout + +- Select "I don't have internet" + +- Select "Continue with limited setup" + +- Create a username of your choice. + +- Use a password of your choice. + +- Select all three security questions and answer whatever you want (not real data). + +- Do not use Online Speech Recognition + +- Do not let the app use your location + +- Do not enable "find my device" + +- Only send "required diagnostic data" + +- Do not improve Inking and Typing + +- Do not get any improved tailored experience. + +- Do not let apps use Advertising ID + +- Select "Now" at the Cortana prompt + +## Privacy Settings: + +- When the install is finished, get into Settings > Go on the top left menu icon and sekect Privacy and Security + + - When the install is finished, get into Settings > Privacy and do the following: + + - General: All Off + + - Speech: Off + + - Inking and Typing: Off + + - Diagnostic: Required level at off, options on OFF, **Delete your data**, frequency set to Never + + - Activity History: all Off and Clear the history + + - Location, all Off (change button) and clear it + + - Camera: Disable it (change button) + + - Microphone: Disable it (change button) + + - Voice Activation: All Off + + - Notification: Disable it (change button) + + - Account info: Disable it (change button) + + - Contact info: Disable it (change button) + + - Calendar access: Disable it (change button) + + - Phone calls: Disable it (change button) + + - Call History: Disable it (change button) + + - E-mail: Disable it (change button) + + - Tasks: Disable it (change button) + + - Messaging: Disable it (change button) + + - Radios: Disable it (change button) + + - Other devices: Set to Off + + - Background Apps: Disable it (change button) + + - App Diagnostics: Disable it (change button) + + - Automatic file download disabled + + - Documents: Disable it (change button) + + - Pictures: Disable it (change button) + + - Videos: Disable it (change button) and set to off + + - File system: Disable it (change button) + + - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. + + - Modify the list and remove all locations. + + - Go into Advanced and click Rebuild. + + - (Host OS only) Disable Bluetooth in the settings: + + - Go into Settings + + - Go into Devices + + - Select Bluetooth and turn it off + +- (Host OS Only) Tape the Webcam and Microphone anyway for extra paranoia. + +- (Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. + +### Windows 11 + +## Installation: + +DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). + +- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. For this task, you can also follow this excellent tutorial by Oracle [[Archive.org]](https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox) + +- Select your language, currency and keyboard layout + +- Click "Install Now" + +- (Only for VirtualBox VM Install) Push Shift and F10 at the same time + +- (Only for VirtualBox VM Install) Launch "regedit" in the command prompt + +- (Only for VirtualBox VM Install) When the Registry Editor opens, navigate to ```HKEY_LOCAL_MACHINE\SYSTEM\Setup```, right-click on the "Setup" key and select "New => Key". When prompted to name the key, enter "LabConfig" and press enter. + +- (Only for VirtualBox VM Install) Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" + +- Select "I don't have a product key" + +- Accept the agreement + +- Select the flavor you want: + + - Host OS: Use + + - You intend to use Plausible Deniability: Windows Home + + - You do not intend to use Plausible Deniability: Windows Pro + + - VM OS: Use Windows Pro or Windows Pro N + +- Select Custom Install + +- Storage: + + - If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, **select the whole disk** and proceed with the installation (skip the next step). + + - If this is part of a plausible deniability encryption set up on the Host OS: + + - If you are installing Windows for the first time (Hidden OS): + + - Delete the current partitions + + - Create the First partition with at least 50GB of disk space (about a third of the total disk space). + + - Create a second partition with the remaining two-thirds of the total disk space. + + - If you are installing Windows for the second time (Decoy OS): + + - Do not Delete the current partitions + + - Install Windows on the first partition you created during the first install. + + - Proceed with the install in the first partition + +- Start the install process + +- Select the Region "United States" + +- Select the Keyboard Layout and skip a second layout + +- Select "I don't have internet" + +- Select "Continue with limited setup" + +- Create a username of your choice. + +- Use a password of your choice. + +- Select all three security questions and answer whatever you want (not real data). + +- Ddisable Location + +- Disable find my device + +- Disable optional diagnostic data + +- Only send "required diagnostic data" + +- Do not improve Inking and Typing + +- Disable the tailored experience. + +- Disable the Advertising ID + +- Click Accept + +## Privacy Settings: + +- When the install is finished, get into Settings > Privacy and do the following: + + - General: All Off + + - Speech: Off + + - Inking and Typing: Off + + - Diagnostic: Required level at off, options on OFF, **Delete your data**, frequency set to Never + + - Activity History: all Off and Clear the history + + - Location, all Off (change button) and clear it + + - Camera: Disable it (change button) + + - Microphone: Disable it (change button) + + - Voice Activation: All Off + + - Notification: Disable it (change button) + + - Account info: Disable it (change button) + + - Contact info: Disable it (change button) + + - Calendar access: Disable it (change button) + + - Phone calls: Disable it (change button) + + - Call History: Disable it (change button) + + - E-mail: Disable it (change button) + + - Tasks: Disable it (change button) + + - Messaging: Disable it (change button) + + - Radios: Disable it (change button) + + - Other devices: Set to Off + + - Background Apps: Disable it (change button) + + - App Diagnostics: Disable it (change button) + + - Automatic file download disabled + + - Documents: Disable it (change button) + + - Music Library: Disable it (change button) + + - Pictures: Disable it (change button) + + - Videos: Disable it (change button) and set to off + + - File system: Disable it (change button) + + - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. + + - Modify the list and remove all locations. + + - Go into Advanced and click Rebuild. + + - (Host OS only) Disable Bluetooth in the settings: + + - Go into Settings + + - Go into Devices + + - Select Bluetooth and turn it off + +- (Host OS Only) Tape the Webcam and Microphone anyway for extra paranoia. + +- (Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. + +# Appendix B: Windows Additional Privacy Settings + +As written earlier in this guide and as noted by PrivacyGuides.org[^458], Windows 10/11 is a privacy nightmare. And disabling everything during and after the installation using the settings available to you is not enough. The amount of telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need to download and use a couple of utilities to (hopefully) force Windows 10/11 into not sending data back to Microsoft. + +Here are the steps in detail: + +- **DO NOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you are, you should be re-installing this Windows Machine without connecting to a network and use a local account instead.** + +- Do these steps from a different computer. Do not connect Windows 10/11 to the internet before those settings are applied. You can download and copy those to the USB key (for transfer onto a Windows 10/11 fresh installation) or if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable Host to Guest). + + +- (For more advanced users) Download and install W10Privacy from [[Archive.org]](https://web.archive.org/web/https://www.w10privacy.de/english-home/) + + - Open the app as Administrator (right-click > more > run as administrator) + - Check all the recommended (Green) settings and save. + - Optional but recommended (but could break things, use at your own risk), also check the orange/red settings, and save. + - Reboot + +- Download and run WindowsSpyBlocker from [[Archive.org]](https://web.archive.org/web/https://crazymax.dev/WindowsSpyBlocker/download/) + + - Type 1 and go into Telemetry + - Type 1 and go into Firewall + - Type 2 and add Spy Rules + - Reboot + +- Also, consider using ShutUp10++ from [[Archive.org]](https://web.archive.org/web/https://www.oo-software.com/en/shutup10) + + - Enable at least all the recommended settings + +- Finally, again for users with moderate skills, consider installing Safing Portmaster from [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster) **(Warning: there might be issues with some VPN clients. See: ** [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/) + +- Go back one last time to the settings to delete Diagnostic and Delete all Data. + +These measures added to the settings during installation should be hopefully sufficient to prevent Microsoft from snooping on your OS. + +**You will need to update and re-run those utilities frequently and after any Windows major update as they tend to silently re-enable telemetry using those updates.** + +**As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See ** [[Archive.org]](https://web.archive.org/web/https://github.com/beerisgood/windows10_hardening) (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) + +# Appendix C: Windows Installation Media Creation (Windows 10) or Download (Windows 11) + +## Windows 10 + +These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions: + + [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/software-download/windows10) + +- Download the tool and execute it from your Download folder. + +- Agree to the terms + +- Select the process to Create an installation Media. + +- Select Windows 10 64 Bits edition with the language of your choice. + +- Pick which process you want: + + - If installing on a physical computer: Select USB Flash Drive. + + - If installing on a Virtual Machine: Select ISO file and save it. + +- Proceed + +## Windows 11 + +- Go to https://www.microsoft.com/software-download/windows11 and download the ISO. + +# Appendix D: Using System Rescue to securely wipe an SSD drive + +These instructions are valid for all Operating Systems: + +- System Rescue: + + - Create a System Rescue USB disk following these instructions [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/) (download the ISO and write to a USB stick with Rufus). + + - Disable Secure Boot in your BIOS/UEFI settings and change the boot order to the USB disk (System Rescue bootloader is not signed and will not boot with secure boot enabled). + + - Follow the instructions to change the keyboard layout by typing "stkmap". + + - (optional) Run startx afterward to start a graphical environment. + +- SATA SSD: + + - (If you ran startx) Open a terminal + + - ATA Secure Erase: + + - Follow one of these tutorials + + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) + + - [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) + + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/wipe_drives_hdparm.html) + + - ATA Sanitize: + + - Follow this tutorial [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/ata_sanitize_hdparm.html) + +- NVMe SSD: + + - (If you ran startx) Open a terminal + + - Follow one of these tutorials: + + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) + + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-secure-erase.html) + + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-sanitize.html) + +# Appendix E: Clonezilla + +- Get Clonezilla by just following these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/liveusb.php) (I recommend the Alternative version AMD64 that should work with most recent laptops) + +- Boot from Clonezilla + +- Follow these steps to make a backup: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image) + + - **If you are backing up a disk with simple Encryption, encryption of the backup is not required since you are backing up an already encrypted disk, but you can still encrypt the backup anyway if you want additional security (and slower backup).** + + - **If you intend to back up a device with plausible deniability encryption, we strongly recommend against it as this backup image could be used to prove the existence of the hidden volume using forensics techniques as explained earlier. Do not make an image backup of the partition containing your hidden OS.** + +- You are done, if you need to restore, follow these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image) + +Each backup could take a while depending on the speed of your laptop and the speed of your external drive. In my experience, expect about 1 hour per backup depending on the drive size and the write speed of your backup media (my tests were done backing up 256GB SSDs on a USB 3.0 7200rpm HDD). + +# Appendix F: Diskpart + +Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, You will use Diskpart to show the Disk ID but also change it if necessary. + +This could be needed if you restore a backup on a new HDD/SSD that has an ID that differs from the one backed up and Windows could refuse to boot. + +Diskpart can be run from any Windows environment using a command prompt. This includes recovery disks created by utilities such as Macrium Reflect, any Windows Installation media, EaseUS Todo Free rescue disks. + +- **Displaying the disk ID** + + - Run Diskpart to enter the Diskpart utility + + - Issue the ```list disk``` command to list the disks + + - Issue the ```sel disk x``` (replace x with your system disk) to select your system disk + + - Issue the ```detail disk``` to show the details of this disk + + - Take note of the disk ID (this should be done BEFORE backing up your disks). + +- **Changing the disk ID** + + - This step should only be done if, after restoring a full disk backup to a new hard drive, Windows refuses to boot + + - Issue the same commands as above on the target new disk + + - Issue, in addition, the command ```uniqueid disk id=02345678``` (where you replace the id by the one you noted before) + +# Appendix G: Safe Browser on the Host OS + +## If you can use Tor: + +This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat)**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** + +This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive activities. + +Refer to [Appendix Y: Installing and using desktop Tor Browser]. + +If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges as explained here: [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/) + +**Use this browser for all the next steps within the host OS unless instructed otherwise.** + +## If you cannot use Tor: + +Because it is too dangerous/risky/suspicious. We would recommend as a last resort using Firefox, or Brave only using Private Windows for now. + +See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] before continuing. + +Only do this from a different safe public Wi-Fi every time (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) and using a long-range connection (See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]). + +Clean all the data from the browser after each use. + +**Use this method for all the next steps within the host OS unless instructed otherwise.** + +# Appendix H: Windows Cleaning Tools + +In this guide we will recommend two-third native tools and two third-party tools: + +- Native Tools: + + - Windows 10/11 Disk Cleanup Utility: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68) + +> This tool will clean up a bunch of things natively. It is not enough, and we instead recommend using the third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly itself and BleachBit will use its own mechanisms. + +- Windows 10/11 Optimize Utility (Defrag on HDD Drives): [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a) (yes the tutorial is for Windows 10 but should work on 11 too) + +> For security, this tool is particularly useful on SSD drives at this "Optimize" function will in fact force a Disk wide Trim operation to occur. This will most likely be more than enough to make sure any deleted data that was not trimmed before for any reason will be this time. Deleted data with Trim is very unlikely to be recovered as explained before in this guide. + +- Third-Party Tools: + + - The open-source utility BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/) + + - The closed-source utility PrivaZer [[Archive.org]](https://web.archive.org/web/https://privazer.com/) + +I prefer PrivaZer because it has more customization and smarter features, but we would understand if you do not trust them and prefer open-source software in which case we would recommend BleachBit which offers a bit less customization but similar functionalities. + +Both these tools can be used for cleaning many things such as: + +- The Windows USN journal which stores plenty of information. + +- The Windows System Resource Usage Monitor (SRUM)[^461]. + +- Various histories of various programs (such as the recent lists). + +- Various logs + +- The free (unallocated) space of your hard drive][^462]. + +- Secure deletion of files + +- Secure wiping of USB drives + +Both these utilities can delete files and can overwrite the free space after deletion to improve secure deletion even on SSD drives. Remember this can reduce the lifespan of your SSD drives a bit. + +# Appendix I: Using ShredOS to securely wipe an HDD drive: + +Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/))) for this but we will recommend the use of ShredOS. + +Feel free to go with DBAN instead if you want (using this tutorial: [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148)), the process is basically the same but will not work out of the box with UEFI laptops. + +If you want to go with System-Rescue, just head to their website and follow the instructions. + +## Windows: + +- Download ShredOS from [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) + +- Unzip the ISO file + +- Download Rufus from [[Archive.org]](https://web.archive.org/web/https://rufus.ie/) + +- Launch Rufus + +- Select the ShredOS IMG file + +- Write it to a USB key + +- When done, reboot and boot the USB key (you might have to go into your BIOS settings to change the boot order for this). + +- Follow the instructions on the screen + +## Linux: + +- Follow instructions on [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) + +- Reboot and boot the USB key + +- Follow the instructions on the screen + +# Appendix J: Manufacturer tools for Wiping HDD and SSD drives: + +**Always check your laptop BIOS/UEFI for native utilities first.** + +**Be sure to use the right wipe mode for the right disk. Wipe and Passes are for HDD drives. There are specific options for SSD drives (such as ATA Secure Erase or Sanitize).** + +Unfortunately, most of these tools are Windows only. + +## Tools that provide a boot disk for wiping from boot: + +- SanDisk DashBoard: [[Archive.org]](https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information) + +- Seagate SeaTools: [[Archive.org]](https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/) + +- Samsung Magican: [[Archive.org]](https://web.archive.org/web/https://www.samsung.com/semiconductor/minisite/ssd/download/tools/) + +- Kingston SSD Manager: [[Archive.org]](https://web.archive.org/web/https://www.kingston.com/unitedstates/en/support/technical/ssdmanager) + +- Lenovo: + + - Most likely native utility available within the BIOS/UEFI, please check + + - Drive Erase Utility: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad) + +- Crucial Storage Executive: [[Archive.org]](https://web.archive.org/web/https://www.crucial.com/support/storage-executive) + +- Western Digital Dashboard: [[Archive.org]](https://web.archive.org/web/https://support.wdc.com/downloads.aspx?p=279) + +- HP: Follow instructions on [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd) + +- Transcend SSD Scope: [[Archive.org]](https://web.archive.org/web/https://www.transcend-info.com/Support/Software-10/) + +- Dell: + + - Most likely native utility available within the BIOS/UEFI, please check [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt) + +## Tools that provide only support from running OS (for external drives). + +- Toshiba Storage Tools: [[Archive.org]](https://web.archive.org/web/https://www.toshiba-storage.com/downloads/) + +# Appendix K: Considerations for using external SSD drives + +**I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, we recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).** + +Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) + +Some might be very efficient[^464] but many are gimmicky gadgets. + +If you want to use an external SSD drive for sensitive storage: + +- Please consider the support for: + + - Trim operations and ATA/NVMe secure erase operations from your Laptop USB controller. + + - Trim operations and ATA/NVMe secure erase operations from your USB SSD disk itself. + +- Always use full disk encryption on those disks + +- **Use the manufacturer-provided tools to securely erase them if possible.** + +- Consider manually wiping data on them after use by doing a full decryption/encryption or filling them completely with random data. + +So how to check if your external USB SSD supports Trim and other ATA/NVMe operations from your Host OS? + +## Windows: + +### Trim Support: + +It is possible Windows will detect your external SSD properly and enable Trim by default. Check if Optimize Works using the Windows Native disk utility as explained in the internal SSD section of Windows. + +### ATA/NVMe Operations (Secure Erase/Sanitize): + +**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo [[Archive.org]](https://web.archive.org/web/https://element.io/) but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. + +If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section. + +## Linux: + +### Trim Support: + +Follow this good tutorial: [[Archive.org]](https://web.archive.org/web/https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux) + +### ATA/NVMe Operations (Secure Erase/Sanitize): + +**It is not "recommended". Please read the disclaimers here ** [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) **and here ** [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) + +But this seems to be based on anecdotal experiences. So, if you are sure your external SSD supports Trim (see vendor documentation). You could just **try at your own risk** to use nvme-cli or hdparm to issue secure erases. + +See also this tutorial [[Archive.org]](https://web.archive.org/web/https://code.mendhak.com/securely-wipe-ssd/) + +**Your mileage may vary. Use at your own risk.** + +## macOS: + +### Trim Support: + +According to Apple Documentation[^455], Trim is supported on APFS (asynchronously) and HFS+ (through period trim or first-aid). + +So, if it is supported (and enabled on your external SSD), you should be able to issue a Trim on a non-APFS drive using Disk Utility and First Aid which should issue a Trim. + +If your disk supports it but it is not enabled in macOS. You could try issuing a "sudo trimforce enable" command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789)) + +If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]](https://web.archive.org/web/https://cindori.org/trimenabler/) which claims support for external drives. + +### ATA/NVMe Operations (Secure Erase/Sanitize): + +We are not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options: + +- Use a bootable System Rescue USB Linux to do it + +- Just decrypt and re-encrypt the drive using Disk Utility or Veracrypt + +- Fill up the free space of the disk using the Linux method (dd) + +# Appendix L: Creating a mat2-web guest VM for removing metadata from files + +Download the latest Debian testing amd64 netinst ISO from [[Archive.org]](https://web.archive.org/web/https://www.debian.org/CD/netinst/) + +**(Get testing to get the latest mat2 release, stable is a few versions back)** + +This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway, Whonix will not easily allow communications between VMs on its network by default. You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later, or install it from a VM within a VM then move it to host OS for Host-Only usage like we show below: + +1. Create a new machine with any name like **Mat2**. +2. Select **Linux** for the Type. +3. Select **Debian (64-bit)** as the Version. +4. Leave the default options and click **Create**. +5. Select the VM and click **Settings**. +6. Select **System** and disable the **Floppy disk** on the Motherboard tab. +7. Select the Processor tab and **enable PAE/NX**. +8. Select **Audio** and **disable Audio**. +9. Select **USB** and **disable the USB controller**. +10. Select **Storage** and select the CD drive to mount the Debian Netinst ISO. +11. Select **Network** and **Attach to NAT**. +12. Launch the VM. +13. Select **Install** (not Graphical install). +14. Select **Language**, **Location**, and **Keyboard layout** as you wish. +15. Wait for the network to configure (automatic DHCP). This takes a few seconds. +16. Pick a name like **Mat2**. +17. Leave the **domain** empty. +18. Set a **root** password as you wish (preferably a good one). +19. Create a new **user** and **password** as you wish (preferably a good one). +20. Select the **Time Zone** of your choice. +21. Select **Guided - Use the entire disk**. +22. Select the only disk available (**/dev/sda** in our case). +23. Select **All files in one partition**. +24. Confirm and write changes to the disk. +25. Select **No** to scan any other CD or DVD. +26. Select any region and any mirror of your choice and leave **proxy** blank. +27. Select **No** to take part in any survey. +28. Select **only System Standard Utilities**. Uncheck everything else using **space**. +29. Select **Yes** to install GRUB bootloader. +30. Select **/dev/sda** and continue. +31. Complete the install and reboot. +32. Log in with your **user** or **root**. You should never use root directly as a best security practice but in this case, it is okay. +33. Update your install by running ```apt upgrade```. It should be upgraded since it is a net install, but we're double checking. +34. Install the necessary packages for mat2 by running ```apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```. +35. Go to the **/var/www** directory by running ```cd /var/www/```. +36. **Clone mat2-web** from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```. +37. **Create a directory for uploads** by running ```mkdir ./mat2-web/uploads/```. +38. **Give permissions to Apache2** to read the files by running ```chown -R www-data:www-data ./mat2-web```. +39. **Enable apache2 uwsgi proxy** by running ```/usr/sbin/a2enmod proxy_uwsgi```. +40. **Upgrade pip** by running ```python3 -m pip install pip --upgrade```. +41. **Install these Python modules** by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```. +42. **Move to the config directory** of mat2 by running ```cd /var/www/mat2-web/config/```. +43. **Copy the apache2 config file** to **/etc** by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```. +44. **Remove the default config file** by running ```rm /etc/apache2/sites-enabled/000-default.conf```. +45. **Edit the apache2 config file** provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```. +46. **Remove the first line** ```Listen 80``` by typing **Ctrl+K** to cut the line. +47. **Change the uwsgi path** from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and type **Ctrl+X** to exit, followed by **Y** then **Enter**. +48. **Copy the uwsgi config file** to **/etc** by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```. +49. **Edit the uwsgi config file** by typing ```nano /etc/uwsgi/apps-enabled/uwsgi.ini``` and change **uid** and **guid** to ```nobody``` and ```nogroup``` respectively. Save and exit with **Ctrl+X**, followed by **Y**, then **Enter**. +50. Run ```chown -R 777 /var/www/mat2-web``` to change ownership to **mat2-web**. +51. **Restart uwsgi** by running ```systemctl restart uwsgi```. There should be no errors. +52. **Restart apache2** by running ```systemctl restart apache2```. There should be no errors. +53. Now navigate to **Settings** > **Network** > **Attached to** and **select Host-only Adapter**. Click **OK** to save. +54. Reboot the VM via **Machine** > **Reset**. Confirm the reset. +55. Log into the VM as the **user** from **Step 19** and type ```ip a```. Note the IP address it was assigned under link/ether, the one that has **192.168.\*.\***. +56. From the VM Host OS, **open a Browser** and navigate to the IP of your Debian VM. It will be something like: **http://192.168.1.55**. +57. You should now see a Mat2-Web website running smoothly. +58. **Shutdown the Mat2 guest VM** by running ```shutdown -h now``` to halt the machine. +59. **Take a snapshot of the VM** within Virtualbox while the guest VM is shutdown. + +**Restart the Mat2 VM* and you are ready to use Mat2-web to remove metadata from most files!** + +After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files. This VM does not require any internet access unless you want to update it, in which case, you need to place it back on the **NAT network** and do the next steps. + +For updates of Debian, **start the VM** and run ```apt update``` followed by ```apt upgrade```. + +For updates of mat2-web, type ```cd /var/www/mat2-web``` and run ```git pull```. + +After updates, shutdown, change to the **Host-only Adapter**, take a new snapshot, remove the earlier one. + +You are done. + +Now you can just start this small Mat2 VM when needed. Browse to it from your Guest VM and use the interface to remove any metadata from most files. After each use of this VM, you should revert to the Snapshot to erase all traces. + +**Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.** + +# Appendix M: BIOS/UEFI options to wipe disks in various Brands + +Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS for various brands: + +- Lenovo ThinkPads: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/be/en/solutions/migr-68369) + +- HP (all): [[Archive.org]](https://web.archive.org/web/https://support.hp.com/gb-en/document/c06204100) + +- Dell (all): [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe) + +- Acer (Travelmate only): [[Archive.org]](https://web.archive.org/web/https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks) + +- Asus: no option AFAIK except maybe for some ROG models. + +- Gigabyte: no option AFAIK + +- Honor: no option AFAIK + +- Huawei: no option AFAIK + +# Appendix N: Warning about smartphones and smart devices + +When conducting sensitive activities, remember that: + +- **You should not bring your real smartphone or smart devices with you (even turned off).** Correlation attacks are possible on the Cell Networks to find which phone "turned off" before your burner phone "turned on". While this might not work the first time, after a few times, the net will tighten, and you will get compromised. It is better to leave your main smartphone at home online (see this article (Russian, use Google Translate link): [[Google Translate]](https://translate.google.com/translate?hl=&sl=ru&tl=en&u=https%3A%2F%2Fbiboroda.livejournal.com%2F4894724.html&anno=2) [[Archive.org]](https://web.archive.org/web/https://biboroda.livejournal.com/4894724.html)**)** + +- **Again, do not take them with you unless it is absolutely necessary.** **If you really must,** you could consider powering it off and removing the battery or, if not possible, the use of a faraday cage[^466] bag to store your devices. There are many such faraday "signal blocking" bags available for sale and some of these have been studied[^467] for their effectiveness. If you cannot afford such bags, you can probably achieve a "decent result" with one or several sheets of aluminum foil (as shown in the previously linked study). + + - Warning: consider that sensor data itself can also be reliably used to track you[^468]'[^469]. + + - Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. + + - **This could also include your car which could for example have a cell network device (including at least an IMEI) and a functionality to call emergency services** + +Additionally, if using a smartphone as a burner, know that they send a lot of diagnostics by default. Enough to potentially identify you based on your device usage patterns (a technique known as biometric profiling). You should avoid using your burner unless absolutely necessary, to minimize the information that can be collected and used to identify you. + +**Lastly, you should also consider this useful sheet from the NSA about Smartphone security: .** + +**Note: Please do not consider commercial gimmicky all-in devices for anonymity. The only way to achieve proper OPSEC is by doing it yourself. See those examples to see why it is not a clever idea:** + +- **AN0M: ** [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history) + +- **Encrochat: ** [[Wikiless]](https://wikiless.org/wiki/EncroChat) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/EncroChat) + +- **Sky ECC: ** [[Wikiless]](https://wikiless.org/wiki/Sky_ECC) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC) + +**You should never rely on an external commercial service to ensure your first line of anonymity. But you will see that paid services can still be used later from an already anonymous identity if bought anonymously while observing good operational security.** + +# Appendix O: Getting an anonymous VPN/Proxy + +If you follow our advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (for example Monero). You will later be able to use this VPN to connect to various services anonymously but **never directly from your IP**. This VPN can never be used in any other non-anonymous context without jeopardzing your anonymity. + +There are, two viable options: + +## Cash/Monero-Paid VPN: + +There are three VPN companies recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/vpn/)) that accept cash payments: Mullvad, iVPN, and Proton VPN. + +Here are their logging policies: + +- Mullvad: [[Archive.org]](https://web.archive.org/web/20230804185207/https://mullvad.net/en/help/no-logging-data-policy/) + + - Audit by Radically Open Security, August 2023 [[Archive.org]](https://web.archive.org/web/20230809102621/https://mullvad.net/en/blog/2023/8/9/infrastructure-audit-completed-by-radically-open-security/) + +- iVPN: [[Archive.org]](https://web.archive.org/web/20230803174609/https://www.ivpn.net/privacy) + + - Audit by Cure53, March 2023 [[Archive.org]](https://web.archive.org/web/20230703163859/https://www.ivpn.net/blog/ivpn-infrastructure-audit-concluded/) + +- ProtonVPN: [[Archive.org]](https://web.archive.org/web/20230731142926/https://protonvpn.com/support/no-logs-vpn/) + + - Audits by SEC Consult, [[Archive.org]](https://web.archive.org/web/20230805163006/https://protonvpn.com/blog/open-source/) + +In addition, we will also mention a newcomer to watch: Safing SPN [[Archive.org]](https://web.archive.org/web/https://safing.io/spn/)) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN". This possibility is "provisional" and at your own risk. Note that Safing SPN is not available on macOS at the moment, nor is it free, but we think was worth mentioning. + +We are not affiliated with any brands as pointed out in our [Constitution](/constitution.html). Personally, for now, we would recommend Mullvad due to personal experience. + +**We would not recommend Proton VPN as much because they do require an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also has a tendency to require phone number verification for users who register over Tor.** + +How does this work? + +- Access the VPN website with a Safe Browser (see [Appendix G: Safe Browser][Appendix G: Safe Browser on the Host OS]) + +- Go to iVPN, Mullvad, or Safing website and create a new Account ID (on the login page). + +- This page will give you an account ID, a token ID (for payment reference), and the details of where to send the money by post. + +- Send the required cash amount for the subscription you want in a sealed postal envelope to their offices, including a paper with the Token ID without a return address, or pay with Monero if available. If they do not accept Monero but do accept BTC, consider [Appendix Z: Paying anonymously online with BTC][Appendix Y: Installing and using desktop Tor Browser] + +- Wait for them to receive the payment and enable your account (this can take a while). + +- Open Tor Browser. + +- Check your account status and proceed when your account is active. + +For extra-security consider: + +- Wearing gloves while manipulating anything to avoid leaving fingerprints[^470] and touch DNA[^471]. + - A less-obvious alternative could be to put super glue on your fingertips, to avoid making it obvious you're wearing gloves. However, this can prevent effective use of touchscreens, as well as failing to as effectively prevent you from touch DNA. Also, if spotted, it can be quite suspicious to be caught with super glue on your fingers. + +- Do not use any material/currency that was manipulated by someone that can be related to you in any way. + +- Do not use the currency you just got from an ATM that could record dispensed bills serial numbers. + +- Be careful if you print anything that it is not watermarked by your printer (See [Printing Watermarking]). + +- Do not lick the envelope or the stamps[^472] if you use them to avoid leaving DNA traces. + +- Make sure there are no obvious DNA traces in or on the materials (like hairs). + +- Consider doing the whole operation outdoor to reduce the risks of residual DNA traces from your environment or you contaminating the materials. + - The more people frequent a space, the lower the risk, as your DNA will be obscured by the DNA of other people as they pass through + +- Security cameras can be a risk. Try to cover your face. Also, gait recognition may be a concern. See [Gait Recognition and Other Long-Range Biometrics] + +**Do not in any circumstance use this new VPN account unless instructed or connect to that new VPN account using your known connections. This VPN will only be used later in a secure way as we do not trust VPN providers' "no-logging policies". This VPN provider should ideally never know your real origin IP (your home/work one for instance).** + +## Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux): + +The other alternative is setting up your own VPN/Proxy using a VPS (Virtual Private Server) on a hosting platform that accepts Monero (recommended). + +**This will offer some advantages as the chances of your IP being block-listed somewhere are lower than known VPN providers.** + +This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial system and then pick a hosting (list here [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/)) or from a local reseller using cash from . + +**Do not in any circumstance use this new VPS/VPN/Proxy using your known connections. Only access it through Tor using Whonix Workstation for instance (this is explained later). This VPN will only be used later within a Virtual Machin over the Tor Network in a secure way as we do not trust VPN providers' "no-logging policies". This VPN provider should never know your real origin IP.** + +Please see [Appendix A1: Recommended VPS hosting providers] + +### VPN VPS: + +There are plenty of tutorials on how to do this like this one [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/vpn/guides/create-your-own-vpn-server) + +### Socks Proxy VPS: + +This is also an option obviously if you prefer to skip the VPN part. + +It is probably the easiest thing to set up since you will just use the SSH connection you have to your VPS and no further configuration should be required besides setting the browser of your guest VM to use the proxy in question. + +Here are a few tutorials on how to do this very quickly: + +- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/) + +- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) + +- (Windows) [[Archive.org]](https://web.archive.org/web/https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/) + +- (Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/) + +Here is my basic tutorial: + +#### Linux/macOS: + +Here are the steps: + +- Get your anonymous VPS set-up + +- From a terminal, SSH to your server by running: ```ssh -i ~/.ssh/id_rsa -D 8080 -f -C -q -N username@ip_of_your_server``` + +- Configure your browser to use localhost:8080 as a Socks Proxy for Browsing + +- Done! + +Explanation of arguments: + +- -i: The path to the SSH key to be used to connect to the host + +- -D: Tells SSH that we want a SOCKS tunnel on the specified port number (you can choose a number between 1025 and 65536) + +- -f: Forks the process to the background + +- -C: Compresses the data before sending it + +- -q: Uses quiet mode + +- -N: Tells SSH that no command will be sent once the tunnel is up + +#### Windows: + +Here are the steps: + +- Get your anonymous VPS set-up + +- Download and install Putty from [[Archive.org]](https://web.archive.org/web/https://www.putty.org/) + +- Set the following options in Putty and connect to your server + +![image51](media/image51.png) + +- Connect to your VPS using those settings + +- Configure your Browser to use localhost:8080 as a Socks Proxy + +- Done! + +# Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option + +**USE EXTREME CAUTION: THIS IS HIGHLY RISKY.** + +There might be worst-case situations where using Tor and VPNs are not possible due to extensive active censorship or blocking. Even when using Tor Bridges (see [Appendix X: Using Tor bridges in hostile environments]) + +Now, there might also be situations where simply using Tor or a VPN alone could be suspicious and could be dangerous for your safety. If this is the case, you could be in a very hostile environment where surveillance and control are high. + +But you still want to do something anonymously without disclosing/leaking any information. + +In that case, my last resort recommendation is to connect safely **from a distance** to a Public Wi-Fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) using your laptop and Tails "unsafe browser". See [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/Unsafe_Browser/). + +**If Tor usage alone is suspicious or risky, you should NOT allow Tails to try establishing a Tor connection at start-up by doing the following:** + +- At startup open the Additional Settings. + +- Enable Unsafe Browser. + +- Change the Connection from Direct to "Configure a Tor Bridge or Local Proxy" + +- After Start-up, Connect to a safe Network + +- When prompted, just quit the Tor Connection Wizard (to not establish a Tor connection) + +- Start and use the Unsafe Browser + +**We would strongly recommend the use of a long-range "Yagi" type directional Antenna with a suitable USB Wi-Fi Adapter. At least this will allow you to connect to public Wi-Fis from a "safe distance" but keep in mind that triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be used during an extended period (minutes at best). See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:].** + +Using Tails should prevent local data leaks (such as MAC addresses or telemetry) and allow you to use a Browser to get what you want (utilities, VPN account) before leaving that place as fast as possible. + +You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile environments if you want data persistence but this might be riskier. We would not risk it personally unless there was absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable VM in all cases. Never from the Host OS. + +**If you resort to this, please keep your online time as short as possible (minutes and not hours).** + +**Be safe and extremely cautious. This is entirely at your own risk.** + +Consider reading this older but still relevant guide [[Archive.org]](https://web.archive.org/web/https://archive.flossmanuals.net/bypassing-censorship/index.html) + +# Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance: + +It is possible to access/connect to remote distant Public Wi-Fis from a distance using a cheap directional Antenna that looks like this: + +![image52](media/image52.png) + +These antennas are widely available on various online shops for a cheap price (Amazon, AliExpress, Banggood ...). The only issue is that they are not discrete, and you might have to find a way to hide it (for instance in a Poster cardboard container in a Backpack). Or in a large enough Bag. Optionally (but riskier) you could even consider using it from your home if you have a nice Window view to various places where some Public Wi-Fi is available. + +Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently high power to use them. + +**We would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]](https://web.archive.org/web/https://www.alfa.com.tw/)**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]](https://web.archive.org/web/https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/)). + +See this post for a comparison of various adapters: [[Archive.org]](https://web.archive.org/web/https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html) (Usually those antennas are used by Penetration Testers to probe Wi-Fis from a distance and are often discussed within the scope of the Kali Linux distribution). + +The process is simple: + +- Plugin and install your USB adapter on your Host OS. + +- **Do not forget to randomize your MAC Address in case you bought this adapter online to prevent traceability (this is enabled by default in Tails).** + +- Connect the Long-Range Antenna to the USB adapter (in place of the supplied one). + +- Get to a convenient spot where you have a distant view of a place with Public Wi-Fi available (this can be a rooftop for instance), but you could also imagine hiding the Antenna in some bag and just sit on a bench somewhere. + +- Point the Directional Antenna in the direction of the Public Wi-Fi. + +- Connect to the Wi-Fi of your choice. + +**Do not forget tho that this will only delay a motivated adversary. Your signal can be triangulated easily by a motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you're connecting to (for instance using a device such as AirCheck ** [[Invidious]](https://yewtu.be/watch?v=8FV2QZ1BPnw)**, also see their other products here ** [[Archive.org]](https://web.archive.org/web/https://www.netally.com/products/)**). These products can easily be deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes.** + +Ideally, this should "not be an issue" since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security. + +# Appendix R: Installing a VPN on your VM or Host OS + +Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor): + +- Whonix Tutorial (should work with any VPN provider): [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) (use the Linux configurations below to get the necessary configuration files) + +- Windows Tutorials: + + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-windows/) + + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-windows) + + - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/windows) + + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-windows-vpn-application/) + +- macOS: + + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-and-use-mullvad-app-macos/) + + - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-macos/) + + - Safing: Not available on macOS + + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-mac-vpn-application/) + +- Linux: + + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-linux/) + + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-linux/) + + - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/linux) + + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/linux-vpn-setup/) + +**Important note: Tor does not support UDP, and you should use TCP instead with the VPN client in the Tor over VPN cases (on the VMs).** + +In all cases, you should set the VPN to start from boot and enable the "kill switch" if you can. This is an extra step since this guide proposes solutions that all fall back on the Tor network in case of VPN failure. + +Here are some guides provided by the recommended VPN providers in this guide: + +- Windows: + + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/) + + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/what-is-kill-switch/) + + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/using-mullvad-vpn-app/) + +- Whonix Workstation: Coming Soon, it is certainly possible, but we did not find a suitable and easy tutorial yet. It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. + +- macOS: + + - Mullvad same as Windows, the option should be in the provided VPN client + + - iVPN same as Windows, the option should be in the provided VPN client + + - Proton VPN same as Windows with the client, the option should be in the provided VPN client [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/blog/macos-vpn-kill-switch/) + +- Linux: + + - Mullvad: + + - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/wireguard-and-mullvad-vpn/) + + - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/linux-openvpn-installation/) + + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md) + + - iVPN: + + - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/) + + - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/) + +# Appendix S: Check your network for surveillance/censorship using OONI + +So, what is OONI? OONI stands for Open Observatory of Network Interference and is a sub-project of the Tor Project[^296]. + +First OONI will allow you to check online for surveillance/censorship in your country just by looking at their Explorer that features test results from other people. This can be done here: + +But these tests are limited and could not apply to your personal situation. If that is the case, you could consider running the OONI Probe yourself and running the tests yourself. + +The problem is that your network providers will be able to see those tests and your attempts at connecting to various services if the network is monitored. The other issue is that there are solutions to prevent OONI from working properly[^473]. + +While this might not be important in a normal environment, this could put you at risk in a hostile environment. **So, running these tests can be risky.** + +**If you are in such a hostile environment where you suspect network activity is actively monitored and the simple fact of trying to access some resources can put you at risk, you should take some precautions before even attempting this:** + +- **Do not run the tests from your home/work network.** + +- **Do not run these tests from a known device or a smartphone but only for a secured OS on an ideally dedicated laptop.** + + - **You will not be able to do this from Tails as Tails will try to connect to Tor by default** + + - **You should only do this with the Qubes OS route or the Whonix Route of this guide after completing one of the routes.** + +- **Only consider running these tests quickly from a Public Wi-Fi from a safe distance (see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]).** + +The probe can be found here: [[Archive.org]](https://web.archive.org/web/https://ooni.org/install/) for various platforms (iOS, Android, Windows, macOS, and Linux). + +# Appendix T: Checking files for malware + +## Integrity (if available): + +Usually, integrity checks[^474] are done using hashes of files (usually stored within checksum files). Older files could use CRC[^475], more recently MD5[^476] but those present several weaknesses (CRC, MD5 [^477] that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts). + +This is because they do not prevent Collision[^478] well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content. + +For this reason, it is usually recommended to use SHA-based [^479] hashes and the most used is probably the SHA-2[^480] based SHA-256 for verifying file integrity. SHA is much more resistant to collisions[^481] than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary. + +If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. Note that SHA-1 is not recommended, but is better than not having a hash to compare. + +This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone). + +In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity. + +So how to check checksums? (In this case SHA-256 but you could change to SHA-512 + +- Windows[^482]: + + - Open a Command Prompt + + - Run ```certutil -hashfile filename.txt sha256``` (replace sha256 by sha1 or sha512 or md5) + + - Compare your result to one from a source you trust for that file + +- macOS : + + - Open a Terminal + + - SHA: Run ```shasum -a 256 /full/path/to/your/file``` (replace 256 by 512 or 1 for SHA-1) + + - MD5: Run ```md5 /full/path/to/your/file``` + + - Compare your result to one from a source you trust for that file + +- Linux: + + - Open a Terminal + + - Run ```shasum /full/path/to/your/file``` (replace shasum by sha256sum, sha512sum or md5sum) + + - Compare your result to one from a source you trust for that file + +**Remember that checksums are just checksums. Having a matching checksum does not mean the file is safe.** + +## Authenticity (if available): + +Integrity is one thing. Authenticity is another thing. This is a process where you can verify some information is authentic and from the expected source. This is usually done by signing information (using GPG[^484] for instance) using public-key cryptography[^485]. + +Signing can serve both purposes and allow you to check for both integrity and authenticity. + +If available, you should always verify the signatures of files to confirm their authenticity. + +In essence: + +- Install GPG for your OS: + + - Windows: gpg4win ( [[Archive.org]](https://web.archive.org/web/https://www.gpg4win.org/)) + + - macOS: GPGTools ( [[Archive.org]](https://web.archive.org/web/https://gpgtools.org/)) + + - Linux: It should be pre-installed in most distributions + +- Download the Signature key from a trusted source. If someone is not giving you a key directly, you should check for multiple versions on other websites to confirm you are using the right key (GitHub, GitLab, Twitter, Keybase, Public Keys Servers...). + +- Import the trusted key (replace keyfile.asc by the filename of the trusted key): + + - Windows: + + - From a Command Prompt, Run ```gpg --import keyfile.asc``` + + - macOS: + + - From a Terminal, Run ```gpg --import keyfile.asc``` + + - Linux: + + - From a Terminal, Run ```gpg --import keyfile.asc``` + +- Verify the file signature against the imported (trusted) signature (replace filetoverify.asc by the signature file that was associated with the file, replace filetoverify.txt by the actual file to verify): + + - Windows: + + - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` + + - The result should show the signature is good and match the trusted signature you imported earlier. + + - macOS: + + - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` + + - The result should show the signature is good and match the trusted signature you imported earlier. + + - Linux: + + - Run ```gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt``` + + - The result should show the signature is good and match the trusted signature you imported earlier. + +For some other tutorials, please see: + +- [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/how-to-verify-signature/) + +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/vm/index.en.html) (See Basic OpenPGP verification). + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Verify_the_Whonix_images) + +All these guides should also apply to any other file with any other key. + +## Security (checking for actual malware): + +**Every check should ideally happen in sandboxed/hardened Virtual Machines. This is to mitigate the possibilities for malware to access your Host computer.** + +### Anti-Virus Software: + +You might be asking yourself, what about Anti-Virus solutions? Well, no ... these are not perfect solutions against many modern malware and viruses using polymorphic code[^486]. But it does not mean they cannot help against less sophisticated and known attacks. It depends on how to use them as AV software can become an attack vector in itself. + +Again, this is all a matter of threat modeling. Can AV software help you against the NSA? Probably not. Can it help you against less resourceful adversaries using known malware? Probably. + +Some will just argue against them broadly like Whonix[^487] but this topic is being discussed and disputed even at Whonix[^488] by other members of their community. + +Contrary to popular myths perpetuating the idea that only Windows is subject to malware and that detection tools are useless on Linux and macOS: + +- Yes, there are viruses and malware for Linux[^489]'[^490]'[^491]'[^492]'[^493] + +- Yes, there are viruses and malware for macOS[^501]'[^494][^495]'[^496][^497] + +My take on the matter is on the pragmatic side. There is still room for some AV software for some selective and limited use. But it depends on which one and how you use them: + +- Do not use AV software with real-time protection as they often run with administrator privileges and can become an attack vector. + +- Do not use Commercial AV software that uses any "cloud protection" or sends extensive telemetry and samples to their company. + +- Do use Open-Source non-real-time offline Anti-Virus/Anti-Malware tools as an added measure to scan some files such as: + + - Windows/Linux/macOS/Qubes OS: ClamAV ( [[Archive.org]](https://web.archive.org/web/https://www.clamav.net/)) + + - Linux/Qubes OS: RFXN Linux Malware Detect ( [[Archive.org]](https://web.archive.org/web/https://github.com/rfxn/linux-malware-detect)) + + - Linux/Qubes OS: Chkrootkit ( [[Archive.org]](https://web.archive.org/web/http://www.chkrootkit.org/)) + +- You could also use online services for **non-sensitive files*** such as VirusTotal () or Hybrid-analysis (). + + - You could also just check the VirusTotal database for the hash of your file if you don't want to send it over (see [[Archive.org]](https://web.archive.org/web/https://developers.virustotal.com/v3.0/docs/search-by-hash) (See the [Integrity (if available):] section again for guidance on how to generate hashes). + + - Other tools are also available for non-sensitive files and a convenient list is right here: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) + +* **Please be aware that while VirusTotal might seem very practical for scanning various files, their "privacy policy" is problematic (see ** [[Archive.org]](https://web.archive.org/web/https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy)**) and states:** + +"When you submit Samples to the Services, if you submit Samples to the Services, You will collect all of the information in the Sample itself and information about the act of submitting it". + +**So, remember that any document you submit to them will be kept, shared, and used commercially including the content. So, you should not do that with sensitive information and rely on various local AV scanners (that do not send samples online).** + +So, if you are in doubt: + +- For non-sensitive files, we do encourage you to check any documents/images/videos/archives/programs you intend to open with VirusTotal (or other similar tools) because ... Why not? (Either by uploading or checking hashes). + +- For sensitive files, we would recommend at least an offline unprivileged ClamAV scan of the files. + +For instance, this guide's PDF files were submitted to VirusTotal because it is meant to be public knowledge and we see no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check. + +### Manual Reviews: + +You can also try to check various files for malware using various tools. This can be done as an extra measure and is especially useful with documents rather than apps and various executables. + +These methods require more tinkering but can be useful if you want to go the extra length. + +#### PDF files: + +Again, regarding the PDFs of this guide and as explained in the README of my repository, you could check for anomalies using PDFID which you can download at [[Archive.org]](https://web.archive.org/web/https://blog.didierstevens.com/programs/pdf-tools/): + +- Install Python 3 (on Windows/Linux/macOS/Qubes OS) + +- Download PDFID and Extract the files + +- Run "python pdfid.py file-to-check.pdf" and you should see these at 0 in the case of the PDF files in this repository: + +``` + +/JS 0 #This indicates the presence of Javascript + +/JavaScript 0 #This indicates the presence of Javascript + +/AA 0 #This indicates the presence of automatic action on opening + +/OpenAction 0 #This indicates the presence of automatic action on opening + +/AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript + +/JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content + +/RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash + +/Launch 0 #This counts the launch actions + +/EmbeddedFile 0 #This indicates there are embedded files within the PDF + +/XFA 0 #This indicates the presence of XML Forms within the PDF + +``` + +Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious: + +- **Qubes OS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-app-linux-pdf-converter) which will convert your PDF into a flattened image file. This should theoretically remove any malicious code in it. Note that this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). + +- **(Deprecated) Linux/Qubes OS** (or possibly macOS through Homebrew or Windows through Cygwin): Consider not using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/pdf-redact-tools) which will also turn your PDF into a flattened image file. Again, this should theoretically remove any malicious code in it. Again, this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). **Note that this tool is deprecated and relies on a library called "ImageMagick" which is known for several security issues**[^498]**. You should not use this tool even if it is recommended in some other guides.** + +- **Windows/Linux/Qubes/OS/macOS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^499]. Consider installing this within a Linux VM for convenience instead of a Windows OS). + +#### Other types of files: + +Here are some various resources for this purpose where you will find what tool to use for what type: + +- **For Documents/Pictures:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^500]. Consider installing this within a Linux VM for convenience instead of a Windows OS). + +- **For Videos:** Be extremely careful, use an up-to-date player in a sandboxed environment. Remember [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) + +- This practical cheat sheet from SANS: [[Archive.org]](https://web.archive.org/web/https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf) (warning, many of those tools might be harder to use on Windows and you might consider using them from a Linux OS such as Tails, Whonix Workstation, or a Linux distribution of your choice as explained later in this guide. There are also other guides out there[^501] that might be of use). + +- This GitHub repository with various resources on malware analysis: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) + +- This interesting PDF detailing which tool to use for which file type [[Archive.org]](https://web.archive.org/web/https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf) + +**Even with all those resources, keep in mind you might still get advanced malware if those are not detected by those various tools. Be careful and remember to handle these files within isolated Virtual Machines, if possible, to limit the attack surface and vectors.** + +# Appendix U: How to bypass (some) local restrictions on supervised computers + +There might be situations where the only device you have at your disposal is not really yours such as: + +- Using a Work computer with restrictions in place on what you can do/run. + +- Misuse of Parental control features to monitor your computer usage (despite you being a non-consenting Adult). + +- Misuse of various monitoring apps to monitor your computer usage against your will. + +The situation might look desperate, but it is not necessarily the case as there are some safe ways to bypass these depending on how well your adversaries did their job securing your computer. + +## Portable Apps: + +There are plenty of methods you could use to bypass those restrictions locally. One of them would be to use portable apps[^502]. Those apps do not require installation on your system and can be run from a USB key or anywhere else. + +**But this is not a method we would recommend.** + +This is because those portable apps will not necessarily hide themselves (or be able to hide themselves) from the usage reports and forensic examination. This method is just too risky and will probably arise issues if noticed if you are in such a hostile environment. + +Even the most basic controls (supervision or parental) will send out detailed app usage to your adversary. + +## Bootable Live Systems: + +This method is the one we would recommend in those cases. + +It is relatively easy for your adversary to prevent this by setting up firmware BIOS/UEFI (see [Bios/UEFI/Firmware Settings of your laptop][Bios/UEFI/Firmware Settings of your laptop:]) controls but usually most adversaries will overlook this possibility which requires more technical knowledge than just relying on Software. + +This method could even decrease suspicion and increase your plausible deniability as your adversaries think they have things under control and that everything appears normal in their reports. + +This method only depends on one security feature (that they probably did not turn on in most cases): Boot Security. + +Boot Security is divided into several types: + +- Simple BIOS/UEFI password preventing the change of the boot order. This means you cannot start such a live system in place of your supervised OS without providing the BIOS/UEFI password. + +- Secure Boot. This is a "standard" feature preventing you from starting unsigned systems from your computer. While this feature could be configured to only allow your supervised system, usually by default it will allow running an entire range of signed systems (signed by Microsoft or the Manufacturer for instance). + +Secure Boot is relatively easy to bypass as there are plenty of Live Systems that are now Secure Boot compliant (meaning they are signed) and will be allowed by your laptop. + +The BIOS/UEFI password on the other hand is much harder to bypass without risks. In that case, you are left with two options: + +- Guess/Know the password so that you can change the boot order of your laptop without raising suspicions + +- Reset the password using various methods to remove the password. **we would not recommend doing this because if your adversaries went the extra length of enabling this security feature, they probably will be suspicious if it were disabled, and this might increase suspicion and decrease your plausible deniability considerably.** + +Again, this feature is usually overlooked by most unskilled/lazy adversaries and in my experience left disabled. + +**This is your best chance into bypassing local controls without traces.** + +The reason is that most of the controls are within your main Operating System software and only monitor what happens within the Operating System. Those measures will not be able to monitor what happened at the Hardware/Firmware level before the Operating System loads. + +## Precautions: + +While you might be able to bypass local restrictions easily using a Live System such as Tails, remember that your network might also be monitored for unusual activities. + +Unusual network activities showing up from a computer at the same time your computer is seemingly powered off might raise suspicions. + +If you are to resort to this, you should never do so from a monitored/known network but only from a safe different network. Ideally a safe public wi-fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]). + +**Do not use a live system on a Software supervised/monitored device on a known network.** + +**Refer to the Tails route to achieve this. See [The Tails route][The Tor Browser route:] and [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] sections.** + +# Appendix V: What browser to use in your Guest VM/Disposable VM + +**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:] for all browsers except Tor Browser.** + +There are 6 possibilities of browser to use on your guest/disposable VM: + +- Brave (Chromium-based) + +- Edge (Chromium-based, Windows Only) + +- Firefox + +- Safari (macOS VM only) + +- Tor Browser + +Here is a comparison table of one fingerprinting test of various browsers with their native settings (**but Javascript enabled for usability, except for Tor Safest mode**). + +**Disclaimer: these tests while nice are not conclusive of the real fingerprinting resistance. But they can help compare browsers between each other.** + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Browser

https://coveryourtracks.eff.org/

+

Fingerprinting Test with real Ad

Safari (Normal)*Fail (Unique)
Safari (Private Window) *Fail (Unique)
Edge (Normal)**Fail (Unique)
Edge (Private Window) **Fail (Unique)
Firefox (Normal)Fail (Unique)
Firefox (Private Window)Fail (Unique)
Chrome (Normal)Fail (Unique)
Chrome (Private Window)Fail (Unique)
Brave (Normal)Passed (Randomized)
Brave (Private Window)Passed (Randomized)
Brave (Tor Window)Passed (Randomized)
Tor Browser (Normal mode)Partial
Tor Browser (Safer mode)Partial
Tor Browser (Safest mode)Unknown (Result did not load)
+ +- \*: macOS only. \*\*: Windows only. + +Another useful resource to be considered for comparing browsers is: [[Archive.org]](https://web.archive.org/web/https://privacytests.org/) + +## Brave: + +**This is my recommended/preferred choice for a Browser within your guest VMs. This is not my recommended choice for a Browser within your Host OS where we strictly recommend Tor Browser as they recommend it themselves**[^503]**.** + +Why Brave despite the controversies[^504]? + +- You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences trying to create plenty of online identities using various browsers. You will have to trust me on that. + +- You will enjoy native ad-blocking where none is available in others by default without adding extensions[^505]. + +- Performance is arguably better than Firefox[^506]. + +- Brave is arguably better at fingerprinting resistance than others[^507]. + +- Security of Chromium-based Browser is arguably better and more secure than Firefox[^508]'[^509]. Within the context of this guide, security should be privileged to prevent any vulnerability or exploit from gaining access to the VM. + +- Comparison of both by Mozilla: [[Archive.org]](https://web.archive.org/web/https://www.mozilla.org/en-US/firefox/browsers/compare/brave/) + +- Comparison of both by Techlore: [[Invidious]](https://yewtu.be/watch?v=qkJGF3syQy4) + +- The whole traffic will be routed over a VPN over Tor anyway. So even if you mistakenly opt-in for some telemetry, it is not so important. Remember that in this anonymity threat model, we are mostly after anonymity and security. The privacy of our online identities does not matter that much unless the privacy issue is also a security issue that could help deanonymize you. + +- Brave was found to be sending no identifiable telemetry compared to other browsers[^510]. + +## Ungoogled-Chromium: + +**This browser is considered a security liability due to their systemic lagging on security patches**[^511]**.** + +**It is strongly advised not to use Ungoogled-Chromium.** + +## Edge: + +This is for Windows users only. Edge is a solid choice too. + +- You will encounter fewer issues later with account creations (captchas ...). This is based on my experiences trying to create plenty of online identities using various browsers. You will have to trust me on that. + +- Better Security than Firefox as it is Chromium-based[^512]'[^513]. + +- Better Performance than Firefox. + +- The whole traffic will be router through Tor anyway. + +- Can benefit from additional security using Microsoft Defender Application Guard (MDAG)[^514]. Note that this feature cannot be enabled in a Virtualbox VM unfortunately. + +- Native tracker blocking (Similar to Brave Shields). + +Cons: + +- You will have to disable some telemetry within the Browser + +## Safari: + +The macOS default browser. + +Pros: + +- It is a Browser with decent security and sandboxing capabilities. + +Cons: + +- It is macOS only (obviously) + +- It requires signing-in into the App Store to install extensions (impossible within the scope of this guide since it is a VM) + +- Even if you could, it lacks the best Extensions available for Firefox and Chrome. + +Overall, we would not recommend using Safari on a macOS VM but instead, go for another Browser such as Brave or Firefox. + +## Firefox: + +And of course, lastly, you could go with Firefox, + +Pros: + +- Well, it is out of the "Chromium" world and not taking part in expanding Chromium market share + +- In addition to being out of the Chromium world, it is also completely out of the Google world (despite the Mozilla Foundation being almost entirely funded by Google[^515]). + +- An impressive amount of customization through extensions for every possible need. + +- Firefox can be severely hardened to almost match the security of Chromium-based browsers. + +Cons: + +- Poorer performance compared to Chromium. + +Security (especially sandboxing) of Firefox is arguably weaker than Chromium-based browsers[^516]. + +- You will experience more captchas (this is based on my tests). + +## Tor Browser: + +If you are extra paranoid and want to use Tor Browser and have "Tor over VPN over Tor", you could go with Tor Browser within the VM as well. This is completely pointless/useless. + +We would not recommend this option. It is just silly. + +# Appendix V1: Hardening your Browsers: + +In this section, we'll discuss hardening your browsers. This has a heavy focus on the difference between Tracking Reduction and Tracking Evasion, and the pros and cons of either. First, let's define what they are [as described by Rohan Kumar](https://seirdy.one/posts/2022/06/25/two-types-of-privacy/): + +- Tracking reduction (TR) + - TR aims to reduce the amount of data collected about an exposed user. It reduces a footprint’s spread primarily by blocking trackers. Sometimes this can increase the size of a footprint. + +- Tracking evasion (TE) + - TE reduces the amount of data exposed by a user. Rather than eliminating data collection itself, TE prevents useful data from being made available in the first place. In other words, it reduces a footprint’s size. + +Browsers that provide Tracking Reduction are to be used for a more casual [Threat Model][Appendix B3: Threat modeling resources] whereas Tracking Evasion is more complex. But both need to be explored. Tracking Reduction focuses on browsing with less tracking. It involves things like content-blocking, firewalls, opt-outs, flipping telemetry buttons, etc. If you're this far into the guide, you likely have a very good understanding of this already. Tracking Evasion, however, involves techniques like using the portable Tor Browser Bundle to anonymize your footprint and online identity, avoiding identifiable extensions, and using randomized keystroke delays. It's more about minimizing your online footprint, to give you a less fingerprintable browsing environment and internet usage. + +A brief mention of this is necessary in determining operation needs for both. You need a certain level of understanding in both to achieve good standards and develop better browsing habits. This can and will overall provide you with a more viable solution to public trackers, government organizations looking to trace/track your browsing habits back to you, even just trolls attempting to doxx you. + +The following are the recommended safest routes for each browser according to the current versions of their respective software and the ability each one has to become more secure. In the guide we will provide both Tracking Reduction & Evasion and it will not require you to write even a single line of code. + +## Brave: + +- Download and install Brave browser from [[Archive.org]](https://web.archive.org/web/https://brave.com/download/) + +- **Open** Brave Browser + +- Go into **Settings** > **Appearances** (`brave://settings/appearance`) + + - (optional) **Disable** "Show autocomplete suggestions in address bar" + + - **Disable** "Show Brave Suggested Sites" + + - **Disable** "Show Brave Rewards icon in address bar" + + - **Enable** "Always show full URLs" + +- Go into **Settings** > **Shields** (`brave://settings/shields`) + + - Set Shields to **Advanced** + + - Set "Trackers and Ads blocking" to **Aggressive** + + - Set "Upgrade connections to HTTPS" to **Strict** + + - **Enable** "Block scripts" + + - Set "Block fingerprinting" to **Standard** or **Strict, may break sites** + + - Set "Block cookies" to **Only cross-site** + +- Go into **Settings** > **Social media blocking** (`brave://settings/socialBlocking`) + + - **Uncheck** the Facebook, Twitter, and LinkedIn embeds + +- Go to **Settings** > **Search engine** (`brave://settings/search`) + + - Set "Normal Window" and "Private Window" to use a more private and trackerless search engine + + - See [Appendix A3: Search Engines] for best options + + - **Disable** "Web Discovery Project" + + - **Disable** "Index other search engines" + +- Go into **Settings** > **Extensions** (`brave://settings/extensions`) + + - **Disable** everything + +- Go into **Settings** > **Wallet** (`brave://settings/wallet`) + + - **Disable** "Show Brave Wallet icon on toolbar" + + - Set **Default Ethereum wallet** to "None" + + - Set **Default Solana wallet** to "None" + +- Go into **Settings** > **Privacy and Security** (`brave://settings/privacy`) + + - **Disable** everything except "Private window with Tor" + + - (optional) Turn on **Automatically redirect .onion sites** + + - Set **WebRTC handling policy** to "Disable non-proxied UDP" + + - Go into **Clear Browsing Data** (`brave://settings/clearBrowserData`) + + - Select **On Exit** + + - Check all options + + - **Click** "Save" + + - Go into **Cookies and other site data** (`brave://settings/cookies`) + + - **Check** "Block third-party cookies" or "Block all cookies" (not recommended) + + - **Enable** "Clear cookies and site data when you close all windows" + + - Under "Sites that can always use cookies", check that you need any of these + +- Open a new Tab + +- **Click** "Customize" in the lower right corner + + - **Disable** everything in Customize Dashboard except maybe the clock + +- Go into **Settings** > **Shields** > **Content filtering** (`brave://settings/shields/filters`) + + - Select any additional adblocking filter you want + + - Recommended: **CJX's Annoyance**, **Easylist-Cookie**, **Fanboy's Annoyances**, **Fanboy's Social**, **Fanboy's Mobile Notifications**, and **uBlock Annoyances** + + - Add custom filter lists + + - Add the [ClearURLs for uBo (unofficial)](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/ClearURLs%20for%20uBo/clear_urls_uboified.txt) which uses the rules found in ClearURLs below + + - Add the [AdGuard URL Tracking Protection](https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt) which enables generic `$removeparam` rules + + - To keep all applied filters, **click** "Save" + +- Do not ever enable Brave Rewards (button should now be hidden on all sites) + +Addons to consider on Brave if you want additional protections: + +- LocalCDN () + + - Alternatively, DecentralEyes () + +- PrivacyBadger () + +- NoScript () + +- Either ClearURLs () **OR** the custom list above + +- LibRedirect () + +That's it and you should be pretty much covered. For full paranoia, you can also just "Block Scripts" to disable Javascript. Note that even disabling Javascript might not protect you fully[^517]. If you choose to disable JS, use the NoScript extension, not the Brave setting. + +## Ungoogled-Chromium: + +**This browser is considered a security liability due to their systemic lagging on security patches**[^518]**.** + +**It is strongly advised not to use Ungoogled-Chromium.** + +## Edge: + +Windows only: + +- Open Edge + +- Go into Settings + +- Go to Profiles and make sure everything is unchecked in every section (Personal Info, Passwords, Payment info, Profile preferences) + +- Go to Privacy, search, and services: + + - Go to Tracking Prevention: + + - Set to Strict or at least Balanced + + - Set to always use Strict with InPrivate Windows + + - Go to Privacy: + + - Enable send Do Not Track + + - Disable the options for the website to check your payment methods + + - Go to Optional Diagnostic Data: + + - Disable it + + - Go to Personalize your Web Experience: + + - Disable it + + - Go to Security + + - Disable everything + + - Go to Services + + - Disable everything + + - In Address Bar and Search: + + - Disable everything and change the search engine (see [Appendix A3: Search Engines]) + + - Go to Cookies and Sites Permissions: + + - Within All Permissions: + + - Within Cookies, make sure "Block Third-Party Cookies" is checked + + - Block everything except: + + - Javascript + + - Images + +Enable Application Guard for Edge (only on Host OS, not possible within a VirtualBox VM): + +**Skip if this is a VM** + +- Open Control Panel. + +- Click on Programs + +- Click on Turn Windows features on or off link + +- Check the Windows Defender Application Guard option + +- Click OK. + +- Click Restart. + +- Now you can open Edge and open a new "Application Guard" Window. + +That's about it for Edge but you are also free to add extensions from the Chrome Store such as: + +- uBlock Origin () + +- LocalCDN () + + - Alternatively, DecentralEyes () + +- PrivacyBadger () + +- HTTPS Everywhere () + +- NoScript () + +- ClearURLs () + +- LibRedirect () + + +## Safari: + +macOS Only: + +- Open Safari + +- Click the Safari top left Menu + +- Click Preferences + + - On the General Tab: + + - Change New Windows to "Empty Page" + + - Change New Tabs to "Empty page" + + - Change the Remove History after to "1 day" + + - Change the Remove Download list items to "When Safari Quits" or "When Successful Download" + + - Uncheck "Open Safe Files After Downloading" + + - On the Security Tab: + + - Disable "Warn when visiting a Fraudulent Website" (this sends the URLs your visit to Google for screening) + + - On the Privacy Tab: + + - Uncheck "Web Advertising" + + - On the Advanced Tab: + + - Check the "Show full website address" + +Consider [Appendix A5: Additional browser precautions with JavaScript enabled] + +That's about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App Store which you cannot do from a macOS VM. Again, we would not recommend sticking to Safari in a macOS VM but instead switching to Brave or Firefox. + +## Firefox: + +### Normal settings: + +- Open Firefox + +- On the Firefox Home Page: + + - Click Personalize + + - Uncheck/Disable Everything + +- Open Settings: + + - Go into Search + + - Change the search engine (See [Appendix A3: Search Engines]) + + - Go into Privacy & Security + + - Set to Custom + + - Cookies: Select All Third-Party Cookies + + - Tracking Content: In all Windows + + - Check Cryptominers + + - Check Fingerprinters + + - Set always send "Do Not Track" + + - Go to Logins and Passwords + + - Uncheck "Ask to save logins and passwords for websites" + + - Go to Permissions + + - Location: check block new requests + + - Camera: check block new requests + + - Microphone: check block new requests + + - Notifications: check block new requests + + - Autoplay: select Disable Audio and Video + + - Virtual Reality: check block new requests + + - Check Block Pop-ups + + - Check Warn when websites try to install add-ons + + - Go to Firefox Data Collection and Use + + - Disable everything + + - Go to HTTPS-Only Mode + + - Enable it on all Windows + +### Advanced settings: + +Consider [Arkenfox/user.js](https://github.com/arkenfox/user.js/), a heavily maintained and very easy to use browser config which uses a "user.js" to set all the privacy settings and disk avoidance values. Below we recommend that if you are not setting the Arkenfox config, at least setting the **about:config** values below. Arkenfox applies many others but these are the bare minimum for your protection while browsing. Remember: doing nothing and using a browser with its defaults will already be leaking many identifiable and trackable characteristics which are unique to you. See [Browser and Device Fingerprinting][Browser and Device Fingerprinting:] for more details on why default settings in browsers are unsafe. + +Those settings are explained on the following resources in order of recommendation if you want more details about what each setting does: + +1. [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Firefox/Privacy) **(most recommended)** + +2. [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide) + +Here are most of the steps combined from the sources above (some have been omitted due to the extensions recommended later below): + +- Navigate to "about:config" in the URL bar + +- Click Accept the Risk and Continue + + - Safe Settings (should not break anything) + + - Disable Firefox Pocket + + - Set "extensions.pocket.enabled" to false + + - Disable All Telemetry + + - Set "browser.newtabpage.activity-stream.feeds.telemetry" to false + + - Set "browser.ping-centre.telemetry" to false + + - Set "browser.tabs.crashReporting.sendReport" to false + + - Set "devtools.onboarding.telemetry.logged" to false + + - Set "toolkit.telemetry.enabled" to false + + - Search for "toolkit.telemetry.server" and clear it + + - Set "toolkit.telemetry.unified" to false + + - Set "beacon.enabled" to false + + - Disable Pre-Fetching + + - Set "network.dns.disablePrefetch" to true + + - Set "network.dns.disablePrefetchFromHTTPS" to true + + - Set "network.predictor.enabled" to false + + - Set "network.predictor.enable-prefetch" to false + + - Set "network.prefetch-next" to false + + - Set "browser.urlbar.speculativeConnect.enabled" to false + + - Disable Javascript in PDFs + + - Set "pdfjs.enableScripting" to false + + - Disable obsolete SSL encryption + + - Set "security.ssl3.rsa_des_ede3_sha" to false + + - Set "security.ssl.require_safe_negotiation" to true + + - Disable Firefox Accounts + + - Set "identity.fxaccounts.enabled" to false + + - Disable Geolocation + + - Set "geo.enabled" to false + + - Disable Web Notifications + + - Set "dom.webnotifications.enabled" to false + + - Disable Copy/Paste Notifications + + - Set "dom.event.clipboardevents.enabled" to false + + - Disable Microphone/Camera status fetching + + - Set "media.navigator.enabled" to false + + - Enable "Do Not Track" + + - Set "privacy.donottrackheader.enabled" to true + + - Disable SafeBrowsing + + - Set "browser.safebrowsing.malware.enabled" to false + + - Set "browser.safebrowsing.phishing.enabled" to false + + - Set "browser.safebrowsing.downloads.remote.enabled" to false + + - Moderate Settings (could break some websites) + + - Disable WebRTC (this will break all websites with video/audio communications) + + - Set "media.peerconnection.enabled" to false + + - Set "media.navigator.enabled" to false + + - Disable WebGL (this will break some media intensive websites) + + - Set "webgl.disabled" to true + + - Disable DRM + + - Set "media.eme.enabled" to false + + - Set "media.gmp-widevinecdm.enabled" to false + + - Set Cookiies Behavior + + - Set "network.cookie.cookieBehavior" to 1 + + - Set "network.http.referer.XOriginPolicy" to 2 + + - Change referer policy + + - Set "network.http.referer.XOriginTrimmingPolicy" to 2 + + - Change Session Storage behavior + + - Set "browser.sessionstore.privacy_level" to 2 + + - Disable Connection Tests for Captive Portals + + - Set "network.captive-portal-service.enabled" to false + + - Disable "Trusted Recursive Resolver" + + - Set/Create "network.trr.mode" and set it to 5 + + - Advanced (this will break some websites) + + - Set "privacy.resistFingerprinting" to true + + - Set "privacy.trackingprotection.fingerprinting.enabled" to true + + - Set "privacy.trackingprotection.cryptomining.enabled" to true + + - Set "privacy.trackingprotection.enabled" to true + + - Set "browser.send_pings" to false + + - Set "change privacy.firstparty.isolate" to true + + - Set "network.http.referer.XOriginPolicy" to "2" or use **Smart Referer** below + + - Set "change network.cookie.lifetimePolicy" to 2 (this deletes all cookies after each session) + +### Addons to install/consider: + +- uBlock Origin () + +- Smart Referer () + + - Set "network.http.referer.XOriginPolicy" value of "2" to "0" (so the extension works). **Disable** the whitelist (uncheck the **Use default whitelist** box) and set **Domain name matching** to **Strict**. + +- NoScript () + + - Blocks **all** scripts by default, no exceptions. Necessary in regular browser if you want to block all script executions. Not necessary in Tor Browser. + + - Within the options, change **Default** options to check everything except "ping", "unrestricted CSS", and "LAN". This will re-enable JavaScript and other web features, to prevent many websites from breaking + +- LibRedirect () + + - Redirect less privacy friendly websites like YouTube and Wikipedia to more privacy friendly open-source alternatives + +- Skip Redirect () + +### Bonus resources: + +Here are also two recent guides to harden Firefox: + +- [[Archive.org]](https://web.archive.org/web/https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/) + +- [[Archive.org]](https://web.archive.org/web/https://ebin.city/~werwolf/posts/firefox-hardening-guide/) + +# Appendix W: Virtualization + +So, you might ask yourself, what is Virtualization[^519]? + +Basically, it is like the Inception movie with computers. You have emulated software computers called Virtual Machines running on a physical computer. And you can even have Virtual Machines running within Virtual machines if you want to (but this will require a more powerful laptop in some cases). + +Here is a little basic illustration of what Virtualization is: + +![image53](media/image53.png) + +Each Virtual Machine is a sandbox. Remember the reasons for using them are to prevent the following risks: + +- Mitigate local data leaks and easier clean-up in case something gets messed up or it is suspected to be compromised. + +- Reduce malware/exploit attack surfaces (if your VM is compromised, the adversary still must figure out he is in a VM and then gain access to the Host OS which is not so trivial). + +- Mitigate online data leaks by being able to enforce strict network rules on Virtual Machines for accessing the network (such as passing through the Tor Network). + +## Nested virtualization risks + +**There is an inherently larger attack surface when nesting virtualization.** + +Here's some host information that can be leaked through the Virtual Machine: + +- Organizationally unique identifier or OUI - the unique identifier assigned to VMWare Guest VMs; + +- Virtual Windows registry keys like `ProductID` might show the Host Machine's environment: + `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProductId XXXXX-123-1234567-12345` + +- HDD, GPU, and mouse drivers can be exposed through: `HKEY_LOCAL_MACHINE\System\CurrentControlSet\` + +- Registry entries will show that this is a virtual mouse: `%WINDIR%\system32\drivers\vmmouse.sys` + +- Descriptor Table Registers: + + - Since it's a Virtual Machine using the same CPU cores, the descriptor values are relocated due to there only being space for one of each identifier per CPU. This is a dead giveaway and is used in detection by advanced malware. It's employed by malware architects to tell when the program is being ran in a forensics environment (e.g., Remnux or Flare VM) - popular tools/OS that are used by experts to analyze malware. + +- Guest VMs also indirectly access the same hardware as the Host OS. + +See for more techniques used by malware to detect virtualization. These techniques are mostly prevented by appending some settings to your VM config file (.vmx). + + +# Appendix X: Using Tor bridges in hostile environments + +In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk. + +In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/) yourself, as this would greatly help reduce the amount of censorship in the world. + +Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521]. + +*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) + +Here is the definition from the Tor Browser Manual[^523]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges". + +Some of those are called "Meek" bridges and are using a technique called "Domain Fronting" where your Tor client (Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would appear you are connecting to a normal website such as Microsoft.com. See for more information. + +As per their definition from their manual: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". Snowflake bridges make it appear like your connections are phone calls to random internet users. This is a type of "domain fronting" [^524]. See ["domain fronting"](https://www.bamsoftware.com/papers/fronting/#sec:introduction) from the link in the previous paragraph for a detailed explanation of these types of secret "bridges". + +Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/). + +First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges ( [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/)): + +- (Recommended if blocked but **safe**) Try to get an obfs4 bridge in the Tor connection options. + +- (Recommended if blocked but **safe**) Try to get a snowflake bridge in the Tor connection options. + +- **(Recommended if hostile/risky environment)** Try to get a meek bridge in the Tor connection options (might be your only option if you are for instance in China). + +![image54](media/image54.png) + +(Illustration from Tor Browser Bridge Configuration) + +If none of those build-in methods are working, you could try getting a manual bridge either from: + +- (for a meek bridge) + +- (for an obfs4 bridge) + +This website obviously could be blocked/monitored too so you could instead (if you have the ability) ask someone to do this for you if you have a trusted contact and some e2e encrypted messaging app. + +Finally, you could also request a bridge request by e-mail to with the subject empty and the body being: "get transport obfs4" or "get transport meek". There is some limitation with this method tho as it is only available from a Gmail e-mail address or Riseup. + +- See: [A note about Riseup:] Riseup has potentially been compromised. Use it at your own risk. + +Hopefully, these bridges should be enough to get you connected even in a hostile environment. + +If not, consider [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] + +# Appendix Y: Installing and using desktop Tor Browser + +## Installation: + +This is valid for Windows, Linux, and macOS. + +- Download and install Tor Browser according to the instructions from [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/download/) + +- Open Tor Browser + +## Usage and Precautions: + +- After opening Tor Browser, you will see an option to **Connect**, a checkbox to **Always connect automatically** and a button to **Configure connection**. The Tor Network settings are there for you to possibly configure Bridges to connect to Tor if you are experiencing issues connecting to Tor due to Censorship or Blocking. As explained here: [Appendix X: Using Tor bridges in hostile environments], this is now done automatically by the Tor Browser on Desktop. + +![image55](media/image55.png) + +- Personally, in the case of censorship or blocking, we would recommend using Meek-Azure bridges if needed. And Snowflake bridges as a second option. + +![image56](media/image56.png) + +- At this point, still before connecting, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. + +![image57](media/image57.png) + +- Standard (the default): + + - All features are enabled (including JavaScript) + +- Safer: + + - JavaScript is disabled on non-HTTPS websites + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +- Safest: + + - Javascript is disabled everywhere + + - Some fonts and symbols are disabled + + - Any media playback is "click to play" (disabled by default) + +We would recommend the "Safest" level by default. The "Safer" level should be enabled if you think you need access to a website not working without JavaScript. The Safest mode will most likely break many websites that rely actively on JavaScript. + +If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. + +**Optional and not recommended by the Tor Project**: If you are not using the "Safest" level, we will diverge from some but agree with others (for instance the Tails project and others[^525]) and will actually recommend some modifications of the default Tor Browser in the addition of two extensions: + +- uBlock Origin (as it is the case on Tails) while leaving the extension on the default settings: + + - Head over to within Tor Browser and install the extension. + +- LibRedirect: This is very practical if you use the "Safest" mode as Invidious instances require no JavaScript. + + - Head over to within Tor Browser and install the extension. + +Let's keep in mind that even 3 letters agencies recommend blocking ads for their internal users in order to improve security[^526]. + +If you did not go for the above **personal and not officially recommended options**, the Safer level should still be used with some extra precautions while using some websites: see [Appendix A5: Additional browser precautions with JavaScript enabled]. + +Now, you are really done, and you can now surf the web anonymously from your desktop device. + +# Appendix Z: Online anonymous payments using cryptocurrencies + +There are many services that you might want to use (VPS hosting, mail hosting, domain names...) but require payment of some kind. + +As mentioned before in this guide multiple times, we strongly recommend the use of services accepting cash (that you could send anonymously through the postal services) or Monero which you can buy and use directly and safely. + +- But what if the service you want does not accept Monero but does accept a more mainstream cryptocurrency such as Bitcoin (BTC) or Ethereum (ETH)? + + +**Bitcoin and other "mainstream cryptocurrencies" are not anonymous at all (Remember [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:]) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.** + +- **Stay away from so-called "private" mixers, tumblers and coinjoiners.** You might think this is a good idea, but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, they are also dangerous. They take custody of your coins. Use Monero to anonymize your crypto. Do not use a normal KYC-enabled exchange to buy/sell your Monero (such as Kraken), since this information on your purchases and withdrawals (for intended use) are retained in the exchange. Instead, use a P2P exchange that doesn't require KYC such as what can be found on . + + +- **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services].** + +## Using Bitcoin anonymously option: + +Despite this, it is possible to safely anonymize Bitcoin through the use of non-custodial collaborative transactions and privacy-preserving spending tools. This is possible with a protocol called [ZeroLink](https://code.samourai.io/whirlpool/Whirlpool/-/blob/whirlpool/THEORY.md) and an implementation called Whirlpool which as two clients that utilize it and provide the necessary spending tools, detailed below. So, you might be wondering how? Well, it is actually pretty simple: + +1. Purchase Bitcoin at a non-KYC exchange (such as one found on ) + +2. Create a wallet with [Samourai Wallet](https://www.samouraiwallet.com/) (Android) or [Sparrow Wallet](https://www.sparrowwallet.com/) (Desktop). Both of these use the Whirlpool protocol to gain the user forward-facing on-chain privacy on Bitcoin. + +3. Deposit coins into the wallet and follow the relevant instructions ([Samourai](https://docs.samourai.io/wallet/usage), [Sparrow](https://www.sparrowwallet.com/docs/mixing-whirlpool.html)) to remove their historic links. + +4. Funds should only be spent from the Postmix account, as that is the account with the coins that have gained anonymity through Whirlpool. + +- **You should run your own node when using Bitcoin and always use that for connecting from your wallet. You do not need to purchase separate hardware to do so, and it's simple to [do so by using the Tor Network](https://bitcoincoredocs.com/tor.html) as well.** + +## Using Monero anonymously option: + +1. Purchase Monero at a non-KYC exchange (such as one found on ) + +2. Create a Monero wallet on one of your anonymized VMs (for example, on the Whonix Workstation which includes a Monero GUI wallet natively or using the Monero GUI wallet from on other OSes) + +3. Transfer your Monero from the wallet from which you bought it to the wallet on your VM. We cannot stress enough how import it is to have two separate wallets for this process, even for handling Monero. + + +4. On the same VM (for instance again the Whonix Workstation), create a Bitcoin Wallet (again this is provided natively within the Whonix Workstation) + +5. From an anonymized browser (such as Tor Browser), use a non-KYC (Know Your Customer) service swapping service (see [Appendix A8: Crypto Swapping Services without Registration and KYC]) and convert your Monero to BTC and transfer those to the BTC Wallet you have on your anonymized VM + +6. You should now have an anonymized Bitcoin wallet that can be used for purchasing services that do not accept Monero. + +**You should never access this wallet from a non-anonymized environment. Always use well-thought OPSEC with your BTC transactions. Remember those can be traced back to you.** + +The origin of those BTC cannot be traced back to your real identity due to the use of Monero **unless Monero is broken** or if you consolidate outputs from spending at separate merchants. It is recommended to use privacy preserving wallets in the [Bitcoin section](Using Bitcoin anonymously option:). Please do read [Appendix B2: Monero Disclaimer]. + +**Regarding Zcash: this section previously included use of Zcash but it has been removed in light of newer, more accurate information.** + +## Warning about special tumbling, mixing, coinjoining privacy wallets and services: [Wikiless](https://wikiless.org/wiki/Cryptocurrency_tumbler) [Archive.org](https://web.archive.org/web/https://wikiless.org/wiki/Cryptocurrency_tumbler) + +Centralized "private" tumblers, mixers and coinjoiners are not recommended since they do not provide anonymity in a way that truly unlinks an output from its history. Here are some references about this issue: + + +- [Mixing detection on Bitcoin transactions using statistical patterns.](https://arxiv.org/pdf/2204.02019.pdf) [Archive.org](https://web.archive.org/web/https://arxiv.org/pdf/2204.02019.pdf) +- [An Analysis Of Bitcoin Laundry Services](https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail) [Archive.org](https://web.archive.org/web/https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail) +- [Mixing Strategies in Cryptocurrencies and An Alternative Implementation](https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation) [Archive.org](https://web.archive.org/web/https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation) + +Mixing BTC in this way should prevent any chain analysis on future transactions. This will *not* however hide any past transactions or the fact you purchased BTC from a KYC exchange. Instead we recommend to use Bitcoin wallets that utilize Whirlpool or Monero (preferred). + + +## When converting from BTC to Monero: + +**Now, as part of any process above, if you want to convert BTC back to Monero**, we recommend not using a swapping service but instead recommend using the new Monero Atomic Swap Tool: . This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. + +# Appendix A1: Recommended VPS hosting providers + +We will only recommend providers that accept Monero as payment and here is my personal shortlist: + +- **Njalla (my personal favorite but quite expensive, recommended by PrivacyGuides.org.** + +- **1984.is (my second favorite, much less expensive) .** + +- To be considered at your own risk (untested): + + - (warning, this might be against their ToS as they require personal identification on registration) + + - + + - (warning, this provider is rather "edgy" and could offend some people) + +Also consider these lists: + +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/community-resources/good-bad-isps/) + +- PrivacyGuides.org: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/providers/hosting/) + +Lastly, you could pick one (at your own risk) from the list here that does accept Monero: [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/) + +**Please do read [Appendix B2: Monero Disclaimer].** + +If the service does not accept Monero but does accept BTC, consider the following appendix: [Appendix Z: Paying anonymously online with BTC][Appendix Y: Installing and using desktop Tor Browser]. + +# Appendix A2: Guidelines for passwords and passphrases + +My opinion (and the one of many[^528]'[^529]'[^530]'[^531]'[^532]'[^533]) is that passphrases are generally better than passwords. So instead of thinking of better passwords, forget them altogether and use passphrases instead (when possible). Or just use a password manager with very long passwords (such as KeePassXC, the preferred password manager in this guide). + +The well-known shown-below XKCD [[Archive.org]](https://web.archive.org/web/https://xkcd.com/936/) is still valid despite some people disputing it (See [[Archive.org]](https://web.archive.org/web/https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength)). Yes, it is quite old now and is a little bit outdated and might be misinterpreted. But generally, it is still valid and a good argument for using passphrases instead of passwords. + +![image58](media/image58.png) + +(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) + +Here are some recommendations (based on Wikipedia[^534]): + +- Long enough to be hard to guess (typically four words is a minimum, five or more is better). + +- Not a famous quotation from literature, holy books, et cetera. + +- Hard to guess by intuition---even by someone who knows the user well. + +- Easy to remember and type accurately. + +- For better security, any easily memorable encoding at the user's own level can be applied. + +- Not reused between sites, applications, and other different sources. + +- Do not use only "common words" (like "horse" or "correct") + +Here is a nice website showing you some examples and guidelines: + +Watch this insightful video by Computerphile: [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) + +**Use a different one for each service/device if possible. Do not make it easy for an adversary to access all your information because you used the same passphrase everywhere.** + +**You might ask how? Simple: use a password manager such as the recommended KeePassXC. Only remember the passphrase to unlock the database and then store everything else in the KeePassXC database. Within KeePassXC you can then create extremely long passwords (30+ random characters) for each different service.** + +# Appendix A3: Search Engines + +Which search engine to pick in your VMs? + +We will not go into too many details. Just pick one from PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/search-engines/)). + +Personally, my favorites are: + +- (because you can easily use operators such as "!g" to google or "!b" to Bing) + +- + +- SearX () instances listed here: + +Note that some of those have a convenient ".onion" address: + +- DuckDuckGo: + +In the end, we were often not satisfied with the results of both those search engines and still ended up on Bing or Google. + +# Appendix A4: Counteracting Forensic Linguistics + +**Note that this information is taken and adapted from a Dread Post available here:** + +No plagiarism is intended but some important adaptations and modifications have been made to improve the source post in various ways. + +## Introduction: + +Stylometry is our personal and unique writing style. No matter who you are, you have a unique finger printable, and traceable writing style. This has been understood for a while now, and a branch of forensics is built off of this principle: forensic linguistics. In this field, the particular name for forensic linguistics applied to internet crime is called "Writeprint". Writeprint primarily aims to determine author identification over the internet by comparing a suspect's text to a known collection of writer invariant (normally written) texts, and even without comparison texts, this forensic technique can yield personal information about an author such as gender, age, and personality. + +## What does an adversary look for when examining your writing? + +1. Lexical features: analysis of word choice. + +2. Syntactic features: analysis of writing style, sentence structure, punctuation, and hyphenation. + +3. Structural features: analysis of structure and organization of writing. + +4. Content-specific words: analysis of contextually significant writing such as acronyms. + +5. Idiosyncratic features: analysis of grammatical errors, this is the most important factor to consider because it provides relatively high accuracy in author identification + +## Examples: + +You might think that this is not something that an adversary pays attention to? Think again! There have been multiple cases where adversaries such as law enforcement have used Writeprint techniques to help catch and sentence people. Here are some examples: + +- The OxyMonster case ( [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/)): + + - Public data revealed that Vallerius (a.k.a OxyMonster) has Instagram and Twitter accounts. Agents compared the writing style of "OxyMonster" on the Dream Market forum while in a senior Moderator role to the writing style of Vallerius on his public Instagram and Twitter accounts. Agents discovered many similarities in the use of words and punctuation to including the word "cheers;'' double exclamation marks; frequent use of quotation marks; and intermittent French post. + +Do not use the same writing style for your sensitive activities as for your normal activities. In particular, pay close attention to your use of common phrases, and punctuations. Also, as a side note: limit the amount of reference material that an adversary can use as comparison text, you do not want to find yourself in trouble because of your political Twitter post, or that Reddit post you made years ago, do you? + +- Here is another example from the book American Kingpin, about how a DEA agent investigated the writing style of DPR (Dread Pirate Roberts a.k.a Ross Ulbricht, founder of the Silk Road Dark Market) from a unique perspective: For one, Ross Ulbricht used the word "epic" a lot, which showed that he was likely young. He also used emoji smiley faces in his writing, though he never used a hyphen as the nose, writing them as ":)" rather than the old-fashioned ":-)". Yet the one attribute about Ulbricht that stood out was that rather than writing "yes" or "yeah" on the site's forums, Ulbricht instead always typed "yea". + +Pay attention to the little things that might add up. If you usually reply with "ok" to people, maybe try to reply with "okay" for your sensitive activities. You should NEVER use words or phrases from your sensitive activities (even if they are not in a public post) for normal purposes, and vice versa. Ross Ulbricht used "frosty" as the name for his Silk Road servers, and for his YouTube account, which helped convince law enforcement that Dread Pirate Roberts was in fact, Ross Ulbricht. + +## How to counteract the efforts of your adversary: + +1. Reduce the amount of comparison text for adversaries to compare you with. This goes with having a small online footprint for your normal activities. + +2. Use a word processor (such as LibreWriter) to fix any grammatical/spelling errors that you regularly encounter. + +3. Reduce or change the idioms that you use while conducting sensitive activities. + +4. Understand how your identity affects your writing style: Is your alias younger? Older? More educated? Or less educated? If your identity is older, maybe speak in a more JRR Tolkien style of writing. + +5. Pay attention to how your slang and spelling might identify you. If you are from the UK, you should say "maths", but if you are from the US you say "math". It does not matter how you say "maths", all that matters is that it can be used to profile you. This also applies to slang as many regions each have different and extremely particular slang. You do not ask someone from the USA for a "rubber" and expect them to give you an "eraser" as an example. + +6. Pay attention to your use of emoticons and emojis. In the previous example, the DEA agent was able to make a correct assumption that Ulbricht was likely young because he did not use a hyphen when making a smiley emoticon. + +7. Pay attention to how you structure your writing. Do you use two spaces after a period? Do you constantly use parenthesis in your writing? Do you use the oxford comma? + +8. Consider what symbols you use in your writing. Do you use €, £ or $? Do you use "dd-mm-yyyy" or "mm-dd-yyyy" for dates? Do you use "08:00 pm" or "20:00" for time? + +## What different linguistic choices could say about you: + +### Emoticons: + +1. Russians for example use ")" instead of ":-)" or ":)" to express a smiley face. + +2. Scandinavians use "=)" instead of ":-)" or ":)" for a smiley face. + +3. Younger people generally do not use a hyphen in their smiley faces and just use ":)". + +### Structural features: + +1. Two spaces after a period give off the impression that you are quite older because this is how typing was taught to people learning to type with typewriters. + +2. In the US people write numbers out with commas between numbers to the left of the starting number and with periods between numbers to the right of the starting number. This is in contrast to how people write out numbers on the rest of the planet. + +US: 1,000.00$ + +> Europe: 1.000,00€ + +### Spelling slang and symbols: + +1. Obviously, people in different nations use different slang. This is even more pronounced when you use slang that is not as well known in other places such as someone from the UK mentioning a "headmaster" when in other nations it is referred to as a "principal". + +2. Spelling is another important factor that is similar to slang, except it is harder to control. If you want to pretend that you are from the USA, but you actually live in Australia, it only takes one time of spelling "colour" as color to let people understand that something is up. + +3. Some people also spell words in a particular way that is not regional for example you might spell "ax" as "axe" or vice versa. + +4. Of course, the symbols you use on your keyboard can give a lot of information away, such as £'s or $'s. + +## Techniques to prevent writeprinting: + +Here are some techniques in order of use: + +### Spelling and grammar checking: + +This helps prevent some fingerprinting done using your spelling and grammar mistakes + +#### Offline using a word processor: + +Use a word processor such as LibreWriter and use the spelling and grammar checks features to fix mistakes you might have typed. + +#### Online using an online service: + +If you do nothave a word processor available or don't want to use one, you can also use an online spelling and grammar checker such as Grammarly (this requires an e-mail and an account creation). + +### Translation technique: + +**Disclaimer: a study archived here: seems to indicate the translation technique is inefficient to prevent stylometry. This step might be useless.** + +After being done with spelling and grammar fixes. Use a website or software such as Google Translate (or for a more privacy-friendly version, ) to translate between several different languages before translating back to your original language. These translations back and forth will alter your messages and make fingerprinting more difficult. + +### Search and replace: + +Finally, and optionally, add some salt by purposefully adding some mistakes to your messages. + +First decide upon a list of words that you frequently do not misspell, maybe the words "grammatical", "symbol", and "pronounced" (this list should include more words). **Do not use an AutoCorrect automatic replace option for this as it might correct when it does not make sense.** Instead, use Search and Replace and do this manually for each word. **Do not use "Replace All" either and review each change.** This is just the first step, for providing misinformation against linguistic fingerprinting. + +Next, find a list of words that you commonly use in your writing. Let us say that we love to use contractions when wew rite, maybe we always use words such as: "can't", "don't", "shouldn't", "won't", or "let's". Well, maybe go into LibreWriter and use "Search and Replace" to replace all contractions with the full versions of the words ("can't" > "cannot", "don't" > "do not", "shouldn't" > "should not", "won't" > "will not", "let's" > "let us"). This can make a large difference in your writing and give a difference in how people and most importantly your adversaries perceive you. You can change most words to be different, as an example you can change "huge" to "large". Just make sure these words fit with your identity. + +Now, consider changing your words choices to fit a geographic location. Maybe you live in the US, and you want to give the impression that your identity is from the UK. For example, you can make use of location-based spelling and lexicon. This is risky, and one mistake can give it away. + +First off, you need to decide where you want to give the impression of your location. Here is an example to give off the impression that you are from the US, or the UK. First, you will need to understand a thing or two about where your identity is "from", do not pretend that you are from the UK, yet have no idea about it other than it exists. + +After you have decided upon a good location that your identity is from, research the differences in language between the two languages (in this case between UK English and US English). Thanks to the internet, this is quite easy, and you can find Wikipedia pages conveniently highlighting the regional differences of a language between two nations. Pay attention to how certain words are spelled ("metre" > "meter") and what words are exchanged with each other ("boot" > "trunk"). Now that you have a list of words that can be exchanged with each other, and a list of spelling that are different, use the "Search and Replace" in your editor and change the words such as "colour" into "color", and "lorry" into "truck". **Again, do not use an AutoCorrect feature or "Replace All" as some changes might not make sense. Review each proposed change. As an example, if you were to use AutoCorrect or "Replace all" on the word "boot" to change into "trunk", this would make perfect sense in the context of cars. But it would not make any sense in the context of shoes.** + +### Final advice: + +Understand that you have to constantly think of what you type and how you type while conducting sensitive activities. + +Understand that altering your writing style for such purposes can ultimately change your baseline writing style, ironically making your writing traceable over longer periods. + +Proofread yourself at least one time after you are done writing anything to verify you made no mistakes in your process. Trust (yourself) but verify anyway. + +You might also consider the use of something like AnonyMouth [[Archive.org]](https://web.archive.org/web/https://github.com/psal/anonymouth) which is a tool that you can use to anonymize your documents, developed by PSAL, Drexel University's Privacy, Security, and Automation Laboratory [[Archive.org]](https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page). Such tools can prove invaluable. + +## Bonus links: + +- [[Archive.org]](https://web.archive.org/web/https://seirdy.one/posts/2022/07/09/stylometric-fingerprinting-redux/): Stylometric fingerprinting redux + +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Stylometry): Whonix documentation about stylometry. + +- [[Wikiless]](https://wikiless.org/wiki/Forensic_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Forensic_linguistics): Gives a brief rundown of the basics of forensic linguistics, not too informative. + +- [[Wikiless]](https://wikiless.org/wiki/Writeprint) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Writeprint): Gives a brief and informative rundown of forensic linguistics applied to internet investigations. + +- [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Stylometry): Gives a brief overview of Stylometry. + +- [[Wikiless]](https://wikiless.org/wiki/Content_similarity_detection) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Content_similarity_detection): We would recommend reading this, quite informative. + +- [[Wikiless]](https://wikiless.org/wiki/Author_profiling) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Author_profiling): Read through this as well if you are interested in this topic. + +- [[Wikiless]](https://wikiless.org/wiki/Native-language_identification) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Native-language_identification): This is less important if you use a translator, but if you do not use a translator to communicate on forums that are not in your native language, consider giving this a quick read through. + +- [[Wikiless]](https://wikiless.org/wiki/Computational_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Computational_linguistics): Only read through this if this topic is interesting to you. + +- [[Archive.org]](https://web.archive.org/web/https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf): Explains how authorities used forensic linguistics to help arrest OxyMonster (pages 13 -- 14). + +- [[Wikiless]](https://wikiless.org/wiki/Ted_Kaczynski#After_publication) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Ted_Kaczynski#After_publication): May have an IQ of 167, but he was caught primarily based on forensic linguistics. + +- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube. + +- [[Archive.org]](https://web.archive.org/web/https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. + +- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf): This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. We would advise reading the slides or watching the presentation on YouTube. + +# Appendix A5: Additional browser precautions with JavaScript enabled + +To avoid Browser and User Fingerprinting through JavaScript but while keeping JavaScript enabled, some additional safety measures should be observed at least on some websites: + +These recommendations are similar to the ones at the beginning of the guide and especially valid for certain websites. Mostly, the recommendation is to use privacy-friendly front-end instances and alternative services for a variety of services: + +- For YouTube links, use an Invidious instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious)) + + - We recommend [https://yewtu.be] + +- For Twitter links, use a Nitter instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter)) + + - We recommend [https://nitter.net] + +- For Wikipedia links, use a Wikiless instance ( [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless)) + +- For Reddit, use a LibReddit instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/spikecodes/libreddit)) + +- For Maps, consider using + +- For Translation, consider using SimplyTranslate at + +- For Search Engines use privacy-focused search engines such as: + + - StartPage: + + - DuckDuckGo: + + - SearX () instances: list available here: + +**(Optional)** Consider the use of the [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/) extension to automate the use of the above services. + +# Appendix A6: Mirrors + +Find it online at: + +- Original: + +- Tor Onion Mirror: + +- Archive.org: + +- Archive.today: + +- Archive.today over Tor: + +- PDF: [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf) [[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.pdf) + +- OpenDocument Text (ODT) version at: [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt) [[Tor Mirror]](http://thgtoa27ujspeqxasrfvcf5aozqdczvgmwgorrmblh6jn4nino3spcqd.onion/export/guide.odt) + + +# Appendix A7: Comparing versions + +If you want to compare an older version of the PDF with a newer version, consider these online tools (note that we do not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public): + +- + +- + +- + +If you want to compare the older version of the ODT format with a newer version, use the LibreWriter compare features as explained here: [[Archive.org]](https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html) + +# Appendix A8: Crypto Swapping Services without Registration and KYC + +## General Crypto Swapping: + +**Skip to next section for BTC to Monero. Do not use swapping services for BTC to Monero.** + +Here is a small list of non-KYC crypto swapping services, remember they all have a cost and fees: + +- + +- + +- Kilo Swap (Onion Hidden Service): + +**Consider having a look at which is an open-source project listing non-KYC exchanges/swapping services (repository at ).** + +## BTC to Monero only: + +**Do not use any swapping service, use their Atomic Swap feature.** See this Monero Atomic Swap Tool: . + +This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. + +# Appendix A9: Installing a Zcash wallet: + +Remember this should only be done on a secure environment such as VM behind the Whonix Gateway. + +## Debian 11 VM: + +- Load the Debian VM + +- Open a browser + +- Go to and download from a listed mirror. + +- Go to and download from a listed mirror. + +- Go to the ZecWallet Lite Website to download the latest DEB package (change the download directory to /home/user for convenience) + +- Open a Terminal window and run the following commands (with the updated downloaded version if needed): + + - **```**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**```** + + - **```**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**```** + + - **```**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**```** + +- Click the upper left menu, find then launch ZecWallet Lite + +## Ubuntu 20.04/21.04/21.10 VM: + +- Load the Ubuntu VM + +- Open a browser + +- Go to the ZecWallet Lite Website to download the latest DEB package + +- Open a Terminal window + +- Go to your download directory and run the following command (with the updated downloaded version if needed), for example: ```sudo apt install ./Zecwallet_Lite_1.7.5_amd64.deb``` + +- Click the upper left menu, find then launch ZecWallet Lite + +## Windows 10/11 VM: + +- Load the Windows VM + +- Open a browser + +- Go to + +- Download and install the latest Windows installer + +- Launch ZecWallet Lite + +## Whonix Workstation 16 VM: + +- Load the Whonix Workstation VM + +- Open Tor Browser + +- Go to and download from a listed mirror. + +- Go to and download from a listed mirror. + +- Go to the ZecWallet Lite Website to download the latest DEB package (change the download directory to /home/user for convenience) + +- Open a Terminal window and run the following commands (with the updated downloaded version if needed): + + - **```**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**```** + + - **```**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**```** + + - **```**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**```** + +- Click the upper left menu and go to Development, then launch ZecWallet Lite + +# Appendix B1: Checklist of things to verify before sharing information: + +Here is a checklist of things to verify before sharing information to anyone: + +- Check the files for any metadata: see [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:] + +- Check the files for anything malicious: see [Appendix T: Checking files for malware] + +- Check the files for any watermarking: see [Watermarking][Watermarking:] + +- Check any writing for possible forensics analysis: see [Appendix A4: Counteracting Forensic Linguistics] + +- Have a look at this part of the Whonix documentation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing) + +- Carefully assess the potential consequences and risks of communicating any sensitive information for you and others (legally, ethically, and morally). Remember ... Do not be evil. Legal is not necessarily Good. + +**After curating the files for anything you want to leave out. Double-check and even Triple check them. Then you could consider sending them to an organization such as a press organization or others.** + +# Appendix B2: Monero Disclaimer + +First, please read this small introduction video to Monero: [[Invidious]](https://yewtu.be/watch?v=H33ggs7bh8M) + +The anonymity of Monero depends on its crypto algorithms. If you do use Monero from a KYC Exchange. You can be almost certain that you are safe today. But you might not be in the long-term future if Monero algorithms are ever broken[^535] (think Quantum Computing). Do keep in mind that KYC regulations might force operators (such as Crypto Exchanges) to keep your financial records for up to 10 years and that you, therefore, need Monero algorithms to not be broken for the next 10 years as well. + +You may want to watch this insightful video for more details: [[Invidious]](https://yewtu.be/watch?v=j02QoI4ZlnU) + +Also please consider reading: [Privacy Limitations in Anonymity Networks with Monero](https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) [[Archive.org]](https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) + +**Use these at your own risk, sending cash payments to providers accepting cash (through the postal service) is always a better solution if/when possible.** + +# Appendix B3: Threat modeling resources + +Here are various threat modeling resources if you want to go deeper in threat modeling. + +We recommend the LINDDUN threat modeling method [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/): + - Researchers created an online tool to help make your threat model at [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go). + - It is synergistic with STRIDE below. + - It is focused on privacy but is clearly perfectly suitable for anonymity. + - It is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled readers. + - It is used in the making of the Threat Modeling Manifesto: [[Archive.org]](https://web.archive.org/web/https://www.threatmodelingmanifesto.org/) + +LINDDUN threat modeling tutorials and resources: + - **We recommend the following quick tutorial video from "The Hated One" YouTube channel with the approval and review from LINDDUN designers: ** [[Invidious]](https://yewtu.be/watch?v=6AXkJ3dot2s>) to get started. + - More resources for deeper understanding and usage: + + - You can read more here: [A Lightweight Approach to Privacy Threat Modeling](https://sion.info/assets/pdf/publications/WuytsIWPE2020.pdf) + - Here are two videos from [Dr. K. Wuyts](https://www.semanticscholar.org/author/Kim-Wuyts/3190241) (imec-DistriNet, KU Leuven) explaining the process: + - [Privacy & prejudice: on privacy threat modeling misconceptions](https://www.youtube.com/watch?v=zI4SFyq_Xjw) [[Invidious]](https://yewtu.be/watch?v=zI4SFyq_Xjw) + - [Privacy Threat Model Using LINDDUN](https://www.youtube.com/watch?v=C9F8X1j9Zpg) [[Invidious]](https://yewtu.be/watch?v=C9F8X1j9Zpg>) + +![image59](media/image59.png) +(Illustration from [LINDDUN2015](https://lirias.kuleuven.be/retrieve/295669)) + +Here are alternative resources and methodologies if LINDDUN doesn't suit you: + +- Online Operations Security: [https://github.com/devbret/online-OPSEC](https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC) +- Microsoft's STRIDE: [[Wikiless]](https://wikiless.org/wiki/STRIDE_%28security%29) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/STRIDE_%28security%29) +- PASTA: [[Archive.org]](https://web.archive.org/web/https://versprite.com/tag/pasta-threat-modeling/) +- Threat Modeling: 12 Available Methods: [[Archive.org]](https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/) +- Threat Modelling: [[Archive.org]](https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/) + +# Appendix B4: Important notes about evil-maid and tampering + +Your context needs to be taken into account. + +Preventing an evil-maid attack attack or tampering might lead to bad consequences. Your adversary might then resort to other means to obtain the key. + +On the other hand, allowing the attack but detecting it will not let your adversary know that you are aware of the tampering. You can then take steps safely to not reveal information and possibly leave. + +See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some tips. + +# Appendix B5: Types of CPU attacks: + +Select security issues plague many Intel CPUs, such as transient execution attacks (formerly called speculative execution side channel methods). Here you can check your CPU against affected micro-processors with known bugs [[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). + +The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. + +Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the +Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) [[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf) + +Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) [[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf). This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years. + +#### Some other microarchitecture bugs: + +- [PLATYPUS](https://platypusattack.com/) [[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/) - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR). +- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. +- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. +- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. +- [Downfall](https://downfall.page/) [[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/) - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes. +- [Phantom & Inception](https://comsec.ethz.ch/research/microarch/inception/) [[Archive.org]](https://web.archive.org/web/20230809095321/https://comsec.ethz.ch/research/microarch/inception/) - Attacks that leak arbitrary data using seemingly "phantom" instructions on AMD Zen CPUs; "[making] it take wrong actions based on supposedly self conceived experiences", an allusion to the Inception movie, one we have made before. + +# Appendix B6: Warning for using Orbot on Android + +While this is often misunderstood, Orbot on Android does not make your Tor-enabled apps go through Tor if you add them to the list. Orbot is acting as a device-wide VPN (also known as a "transparent proxy"). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity. + +What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot). + +Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node). + +This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor). + +"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged." + +And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: + +"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." + +# Appendix B7: Caution about Session Messenger + +Here are our reasons: + +- The company is based in Australia which has very *unfavorable* privacy laws.[^536]' [^537] +- They push their own cryptocurrency, Oxen, which creates a conflict of interest. +- They use LokiNet, which requires Oxen to run nodes to route Session traffic, and it costs 15,000 $OXEN or 3,750 $OXEN for a shared node[^538], which is about ~$1,800 US dollars or ~$500 US dollars, respectively. + - The price of running nodes essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. But there is a stakeless fork of Lokinet. + - Session's developers claim this to be an attempt to prevent [sybil attacks](https://en.wikipedia.org/wiki/Sybil_attack), but many have argued that this only encourages such attacks; by doing so, guaranteeing only governments and other well-funded organizations (the people these networks normally try to protect against) will ever have the financial resources to run nodes. (Eh, it's all pretty debatable. But $OXEN is privacy-focused.) +- They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability)[^418] in favor of long-term message keys and self-deleting cryptographic signatures, which provide much weaker security guarantees. [^539] + - This *might* not be as bad, if the nodes are free to run, but they're not. +- Session has been audited[^419] with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some, for example Techlore.[^420] +- Their funding is completely opaque. + +In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available, we will recommend going away from Session messenger as soon as possible. It is a last resort. + +--- + +# References: + +[^1]: English translation of German Telemedia Act [[Archive.org]](https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf). Section 13, Article 6, "The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility. ". + +[^2]: Wikipedia, Real-Name System Germany [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system) + +[^3]: Wikipedia, Don't be evil [[Wikiless]](https://wikiless.org/wiki/Don%27t_be_evil) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Don%27t_be_evil) + +[^4]: YouTube, WarGames - "The Only Winning Move" [[Invidious]](https://yewtu.be/watch?v=6DGNZnfKYnU) + +[^5]: Wikipedia, OSINT [[Wikiless]](https://wikiless.org/wiki/Open-source_intelligence) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Open-source_intelligence) + +[^6]: YouTube Internet Historian Playlist, HWNDU [[Invidious]](https://yewtu.be/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY) + +[^7]: Wikipedia, 4chan [[Wikiless]](https://wikiless.org/wiki/4chan) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/4chan) + +[^8]: PIA, See this good article on the matter [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/) (disclaimer: this is not an endorsement or recommendation for this commercial service). + +[^9]: Medium.com, Privacy, Blockchain and Onion Routing [[Scribe.rip]](https://scribe.rip/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) [[Archive.org]](https://web.archive.org/web/https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) + +[^10]: This World of Ours, James Mickens [[Archive.org]](https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf) + +[^11]: XKCD, Security [[Archive.org]](https://web.archive.org/web/https://xkcd.com/538/) + +[^12]: Wikipedia, Threat Model [[Wikiless]](https://wikiless.org/wiki/Threat_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Threat_model) + +[^13]: Bellingcat [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/) + +[^14]: Wikipedia, Doxing [[Wikiless]](https://wikiless.org/wiki/Doxing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Doxing) + +[^15]: YouTube, Internet Historian, The Bikelock Fugitive of Berkeley [[Invidious]](https://yewtu.be/watch?v=muoR8Td44UE) + +[^16]: BBC News, Tor Mirror [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-50150981) + +[^17]: GitHub, Real World Onion websites [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites) (updated extremely often) + +[^18]: Tor Project, Who Uses Tor [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) + +[^19]: Whonix Documentation, The importance of Anonymity [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anonymity) + +[^20]: Geek Feminism [[Archive.org]](https://web.archive.org/web/https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F) + +[^21]: Tor Project, Tor Users [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) + +[^22]: PrivacyHub, Internet Privacy in the Age of Surveillance [[Archive.org]](https://web.archive.org/web/https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/) + +[^23]: PIA Blog, 50 Key Stats About Freedom of the Internet Around the World [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/) + +[^24]: Wikipedia, IANAL [[Wikiless]](https://wikiless.org/wiki/IANAL) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IANAL) + +[^25]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) + +[^26]: Wikipedia, IP Address [[Wikiless]](https://wikiless.org/wiki/IP_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IP_address) + +[^27]: Wikipedia; Data Retention [[Wikiless]](https://wikiless.org/wiki/Data_retention) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Data_retention) + +[^28]: Wikipedia, Tor Anonymity Network [[Wikiless]](https://wikiless.org/wiki/Tor_(anonymity_network)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tor_(anonymity_network)) + +[^29]: Wikipedia, VPN [[Wikiless]](https://wikiless.org/wiki/Virtual_private_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_private_network) + +[^30]: Ieee.org, Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/8418599) + +[^31]: Wikipedia, DNS [[Wikiless]](https://wikiless.org/wiki/Domain_Name_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_Name_System) + +[^32]: Wikipedia, DNS Blocking [[Wikiless]](https://wikiless.org/wiki/DNS_blocking) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_blocking) + +[^33]: CensoredPlanet [[Archive.org]](https://web.archive.org/web/https://censoredplanet.org/) + +[^34]: ArXiv, Characterizing Smart Home IoT Traffic in the Wild [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.08288.pdf) + +[^35]: Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole [[Archive.org]](https://web.archive.org/web/https://labzilla.io/blog/force-dns-pihole) + +[^36]: Wikipedia, DNS over HTTPS: [[Wikiless]](https://wikiless.org/wiki/DNS_over_HTTPS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_HTTPS) + +[^37]: Wikipedia, DNS over TLS, [[Wikiless]](https://wikiless.org/wiki/DNS_over_TLS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_TLS) + +[^38]: Wikipedia, Pi-Hole [[Wikiless]](https://wikiless.org/wiki/Pi-hole) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pi-hole) + +[^39]: Wikipedia, SNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) + +[^40]: Wikipedia, ECH [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) + +[^41]: Wikipedia, eSNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) + +[^42]: Usenix.org, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/foci19-paper_chai_0.pdf) + +[^43]: Wikipedia, CDN [[Wikiless]](https://wikiless.org/wiki/Content_delivery_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Content_delivery_network) + +[^44]: Cloudflare, Good-bye ESNI, hello ECH! [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/encrypted-client-hello/) + +[^45]: ZDNET, Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/) + +[^46]: ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) + +[^47]: Wikipedia, OCSP [[Wikiless]](https://wikiless.org/wiki/Online_Certificate_Status_Protocol) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) + +[^48]: Madaidans Insecurities, Why encrypted DNS is ineffective [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/encrypted-dns.html) + +[^49]: Wikipedia, OCSP Stapling [[Wikiless]](https://wikiless.org/wiki/OCSP_stapling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OCSP_stapling) + +[^50]: Chromium Documentation, CRLSets [[Archive.org]](https://web.archive.org/web/https://dev.chromium.org/Home/chromium-security/crlsets) + +[^51]: ZDNet, Chrome does certificate revocation better [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/chrome-does-certificate-revocation-better/) + +[^52]: KUL, Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf) + +[^53]: ResearchGate, Oblivious DNS: Practical Privacy for DNS Queries [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries) + +[^54]: Nymity.ch, The Effect of DNS on Tor's Anonymity [[Archive.org]](https://web.archive.org/web/https://nymity.ch/tor-dns/) + +[^55]: Wikipedia, RFID [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) + +[^56]: Wikipedia, NFC [[Wikiless]](https://wikiless.org/wiki/Near-field_communication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Near-field_communication) + +[^57]: Samsonite Online Shop, RFID accessories [[Archive.org]](https://web.archive.org/web/https://shop.samsonite.com/accessories/rfid-accessories/) + +[^58]: Google Android Help, Android Location Services [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/3467281?hl=en) + +[^59]: Apple Support, Location Services and Privacy [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT207056) + +[^60]: 2016 International Conference on Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs for crowd localization [[Archive.org]](https://web.archive.org/web/http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf) + +[^61]: Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense [[Archive.org]](https://web.archive.org/web/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/) + +[^62]: Medium.com, The Perils of Probe Requests [[Scribe.rip]](https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5) [[Archive.org]](https://web.archive.org/web/https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5) + +[^63]: State University of New York, Towards 3D Human Pose Construction Using Wi-Fi [[Archive.org]](https://web.archive.org/web/https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf) + +[^64]: Digi.Ninja, Jasager [[Archive.org]](https://web.archive.org/web/https://digi.ninja/jasager/) + +[^65]: Hak5 Shop, Wi-Fi Pineapple [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/wifi-pineapple) + +[^66]: Wikipedia, Deautentication Attack [[Wikiless]](https://wikiless.org/wiki/Wi-Fi_deauthentication_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack) + +[^67]: Wikipedia, Capture Portal [[Wikiless]](https://wikiless.org/wiki/Captive_portal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Captive_portal) + +[^68]: HackerFactor Blog, Deanonymizing Tor Circuits [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html) + +[^69]: KU Leuven, Website Fingerprinting through Deep Learning [[Archive.org]](https://web.archive.org/web/https://distrinet.cs.kuleuven.be/software/tor-wf-dl/) + +[^70]: KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning [[Archive.org]](https://web.archive.org/web/https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf) + +[^71]: Internet Society, Website Fingerprinting at Internet Scale [[Archive.org]](https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf) + +[^72]: KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf) + +[^73]: DailyDot, How Tor helped catch the Harvard bomb threat suspect [[Archive.org]](https://web.archive.org/web/https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/) + +[^74]: ArsTechnica, How the NSA can break trillions of encrypted Web and VPN connections [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/) + +[^75]: Wikipedia, Sybil Attack [[Wikiless]](https://wikiless.org/wiki/Sybil_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sybil_attack) + +[^76]: ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/) + +[^77]: ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries [[Archive.org]](https://web.archive.org/web/https://www.pnas.org/content/early/2020/11/24/2011893117) + +[^78]: CryptoEngineering, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) + +[^79]: Apple Support [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210515) + +[^80]: XDA, Samsung's Find My Mobile app can locate Galaxy devices even when they're offline [[Archive.org]](https://web.archive.org/web/https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/) + +[^81]: Apple Support, If your Mac is lost or stolen [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204756) + +[^82]: Wikipedia, BLE [[Wikiless]](https://wikiless.org/wiki/Bluetooth_Low_Energy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Bluetooth_Low_Energy) + +[^83]: Cryptography Engineering Blog, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) + +[^84]: Wikipedia, IMEI [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) + +[^85]: Wikipedia, IMSI [[Wikiless]](https://wikiless.org/wiki/International_mobile_subscriber_identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_mobile_subscriber_identity) + +[^86]: Android Documentation, Device Identifiers [[Archive.org]](https://web.archive.org/web/https://source.android.com/devices/tech/config/device-identifiers) + +[^87]: Google Privacy Policy, Look for IMEI [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy/embedded?hl=en-US) + +[^88]: Wikipedia, IMEI and the Law [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) + +[^89]: Bellingcat, The GRU Globetrotters: Mission London [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/) + +[^90]: Bellingcat,"V" For "Vympel": FSB's Secretive Department "V" Behind Assassination Of Georgian Asylum Seeker In Germany [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/) + +[^91]: Wikipedia, CCTV [[Wikiless]](https://wikiless.org/wiki/Closed-circuit_television) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Closed-circuit_television) + +[^92]: Apple, Transparency Report, Device Requests [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html) + +[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) + +[^94]: Wikipedia, IMSI Catcher [[Wikiless]](https://wikiless.org/wiki/IMSI-catcher) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher) + +[^95]: Wikipedia, Stingray [[Wikiless]](https://wikiless.org/wiki/Stingray_phone_tracker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stingray_phone_tracker) + +[^96]: Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous 'Stingrays' Become 'Obsolete' [[Archive.org]](https://web.archive.org/web/https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778) + +[^97]: Wikipedia, MITM [[Wikiless]](https://wikiless.org/wiki/Man-in-the-middle_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack) + +[^98]: Purism, Librem 5 [[Archive.org]](https://web.archive.org/web/https://shop.puri.sm/shop/librem-5/) + +[^99]: Wikipedia, MAC Address [[Wikiless]](https://wikiless.org/wiki/MAC_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MAC_address) + +[^100]: Acyclica Road Trend Product Sheet, [[Archive.org]](https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf) + +[^101]: ResearchGate, Tracking Anonymized Bluetooth Devices [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf) + +[^102]: Wikipedia, CPU [[Wikiless]](https://wikiless.org/wiki/Central_processing_unit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Central_processing_unit) + +[^103]: Wikipedia, Intel Management Engine [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) + +[^104]: Wikipedia, AMD Platform Security Processor [[Wikiless]](https://wikiless.org/wiki/AMD_Platform_Security_Processor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor) + +[^105]: Wikipedia, IME, Security Vulnerabilities [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) + +[^106]: Wikipedia, IME, Assertions that ME is a backdoor [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) + +[^107]: Wikipedia, IME, Disabling the ME [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) + +[^108]: Libreboot, [[Archive.org]](https://web.archive.org/web/https://libreboot.org/) / Coreboot, [[Archive.org]](https://web.archive.org/web/20220501042320/https://www.coreboot.org/) + +[^109]: Apple, Differential Privacy White Paper [[Archive.org]](https://web.archive.org/web/https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) + +[^110]: Wikipedia, Differential Privacy [[Wikiless]](https://wikiless.org/wiki/Differential_privacy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Differential_privacy) + +[^111]: Continuing Ed, The All-Seeing "i": Apple Just Declared War on Your Privacy [[Archive.org]](https://web.archive.org/web/https://edwardsnowden.substack.com/p/all-seeing-i) + +[^112]: Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) + +[^113]: Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained -- sources [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT) + +[^114]: ZDnet, I asked Apple for all my data. Here's what was sent back [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/apple-data-collection-stored-request/) + +[^115]: De Correspondent, Here's how we found the names and addresses of soldiers and secret agents using a simple fitness app [[Archive.org]](https://web.archive.org/web/https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27) + +[^116]: Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online [[Archive.org]](https://web.archive.org/web/https://www.websiteplanet.com/blog/gethealth-leak-report/) + +[^117]: Wired, The Strava Heat Map and the End of Secrets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/) + +[^118]: Bellingcat, How to Use and Interpret Data from Strava's Activity Map [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/) + +[^119]: The Guardian, Fitness tracking app Strava gives away location of secret US army bases [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases) + +[^120]: Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ [[Archive.org]](https://web.archive.org/web/https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/) + +[^121]: Washington Post, Alexa has been eavesdropping on you this whole time [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59) + +[^122]: Washington Post, What does your car know about you? We hacked a Chevy to find out [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/) + +[^123]: Using Metadata to find Paul Revere ( [[Archive.org]](https://web.archive.org/web/https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/)) + +[^124]: Wikipedia, Google SensorVault, [[Wikiless]](https://wikiless.org/wiki/Sensorvault) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sensorvault) + +[^125]: NRKBeta, My Phone Was Spying on Me, so I Tracked Down the Surveillants [[Archive.org]](https://web.archive.org/web/https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/) + +[^126]: New York Times [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html) + +[^127]: Sophos, Google data puts innocent man at the scene of a crime [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/) + +[^128]: Wikipedia, Geofence Warrant [[Wikiless]](https://wikiless.org/wiki/Geo-fence_warrant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Geo-fence_warrant) + +[^129]: Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard) + +[^130]: TechCrunch, Google says geofence warrants make up one-quarter of all US demands [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/08/19/google-geofence-warrants/) + +[^131]: TechDirt, Google Report Shows 'Reverse Warrants' Are Swiftly Becoming Law Enforcement's Go-To Investigative Tool [[Archive.org]](https://web.archive.org/web/https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml) + +[^132]: Vice.com, Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon) + +[^133]: Wikipedia, Room 641A [[Wikiless]](https://wikiless.org/wiki/Room_641A) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Room_641A) + +[^134]: Wikipedia, Edward Snowden [[Wikiless]](https://wikiless.org/wiki/Edward_Snowden) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Edward_Snowden) + +[^135]: Wikipedia, Permanent Record [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)) + +[^136]: Wikipedia, XKEYSCORE [[Wikiless]](https://wikiless.org/wiki/XKeyscore) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/XKeyscore) + +[^137]: ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA [[Archive.org]](https://web.archive.org/web/https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html) + +[^138]: Wikipedia, MUSCULAR [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)) + +[^139]: Wikipedia, SORM [[Wikiless]](https://wikiless.org/wiki/SORM) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SORM) + +[^140]: Wikipedia, Tempora [[Wikiless]](https://wikiless.org/wiki/Tempora) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tempora) + +[^141]: Wikipedia, PRISM [[Wikiless]](https://wikiless.org/wiki/PRISM_(surveillance_program)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) + +[^142]: Justsecurity, General Hayden [[Archive.org]](https://web.archive.org/web/https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/) + +[^143]: IDMB, The Social Dilemma [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt11464826/) + +[^144]: ArsTechnica, How the way you type can shatter anonymity---even on Tor [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/) + +[^145]: Wikipedia, Stylometry [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stylometry) + +[^146]: Paul Moore Blog, Behavioral Profiling: The password you can't change. [[Archive.org]](https://web.archive.org/web/https://paul.reviews/behavioral-profiling-the-password-you-cant-change/) + +[^147]: Wikipedia, Sentiment Analysis [[Wikiless]](https://wikiless.org/wiki/Sentiment_analysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sentiment_analysis) + +[^148]: EFF, CoverYourTracks [[Archive.org]](https://web.archive.org/web/https://coveryourtracks.eff.org/) + +[^149]: Berkeley.edu, On the Feasibility of Internet-Scale Author Identification [[Archive.org]](https://web.archive.org/web/https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf) + +[^150]: Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users) + +[^151]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) + +[^152]: SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics [[Archive.org]](https://web.archive.org/web/https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics) + +[^153]: ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/) + +[^154]: Bellingcat MH17 - Russian GRU Commander 'Orion' Identified as Oleg Ivannikov [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/) + +[^155]: Facebook Research, Deepface [[Archive.org]](https://web.archive.org/web/https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/) + +[^156]: Privacy News Online, Putting the "face" in Facebook: how Mark Zuckerberg is building a world without public anonymity [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/) + +[^157]: CNBC, "Facebook has mapped populations in 23 countries as it explores satellites to expand internet" [[Archive.org]](https://web.archive.org/web/https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html) + +[^158]: MIT Technology Review, This is how we lost control of our faces, [[Archive.org]](https://web.archive.org/web/https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/) + +[^159]: Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/) + +[^160]: Brown Institute, Open-Source Investigation, [[Archive.org]](https://web.archive.org/web/https://brown.columbia.edu/open-source-investigation/) + +[^161]: NewScientist, Facebook can recognize you in photos even if you're not looking [[Archive.org]](https://web.archive.org/web/https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/) + +[^162]: Google Patent, Techniques for emotion detection and content delivery [[Archive.org]](https://web.archive.org/web/https://patents.google.com/patent/US20150242679) + +[^163]: APNews, Chinese 'gait recognition' tech IDs people by how they walk [[Archive.org]](https://web.archive.org/web/https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a) + +[^164]: The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape [[Archive.org]](https://web.archive.org/web/https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/) + +[^165]: City Security Magazine, Gait recognition: a useful identification tool [[Archive.org]](https://web.archive.org/web/https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/) + +[^166]: Vice.com, Tech Companies Are Training AI to Read Your Lips [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips) + +[^167]: New Atlas, Eye tracking can reveal an unbelievable amount of information about you [[Archive.org]](https://web.archive.org/web/https://newatlas.com/science/science/eye-tracking-privacy/) + +[^168]: TechCrunch, Facial recognition reveals political party in troubling new research [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/) + +[^169]: Nature.com, Facial recognition technology can expose political orientation from naturalistic facial images [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf) + +[^170]: Slate [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html) + +[^171]: The Conversation [[Archive.org]](https://web.archive.org/web/https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804) + +[^172]: The Verge [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy) + +[^173]: ZDNET [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/) + +[^174]: CNET [[Archive.org]](https://web.archive.org/web/https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/) + +[^175]: Oosto [[Archive.org]](https://web.archive.org/web/https://oosto.com/) + +[^176]: BuzzFeed.news, Surveillance Nation [[Archive.org]](https://web.archive.org/web/https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition) + +[^177]: Wired, Clearview AI Has New Tools to Identify You in Photos [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/) + +[^178]: NEC, Neoface [[Archive.org]](https://web.archive.org/web/https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html) + +[^179]: The Guardian, Met police deploy live facial recognition technology [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology) + +[^180]: YouTube, The Economist, China: facial recognition and state control [[Invidious]](https://yewtu.be/watch?v=lH2gMNrUuEY) + +[^181]: CNN, Want your unemployment benefits? You may have to submit to facial recognition first [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html) + +[^182]: Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/) + +[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) + +[^184]: Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems) + +[^185]: BBC, WhatsApp photo drug dealer caught by 'groundbreaking' work [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/uk-wales-43711477) + +[^186]: CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html) + +[^187]: Vice.com, Cops Got a Drug Dealer's Fingerprints From Photos of His Hand on WhatsApp [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers) + +[^188]: Kraken Blog, [[Archive.org]](https://web.archive.org/web/https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/) + +[^189]: JUSTIA Patent, Identification of taste attributes from an audio signal [[Archive.org]](https://web.archive.org/web/https://patents.justia.com/patent/10891948) + +[^190]: PYMNTS, Iris Scan Serves As Traveler ID At Dubai Airport [[Archive.org]](https://web.archive.org/web/https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/) + +[^191]: IMDB, Gattaca 1997, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0119177/) + +[^192]: IMDB, Person of Interest 2011 [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt1839578) + +[^193]: IMDB, Minority Report 2002, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0181689) + +[^194]: Wikipedia, Deepfake [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) + +[^195]: Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future [[Archive.org]](https://web.archive.org/web/https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278) + +[^196]: Wikipedia, Deepfake Events [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) + +[^197]: Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/) + +[^198]: Joseph Steinberg, How To Prevent Facial Recognition Technology From Identifying You [[Archive.org]](https://web.archive.org/web/https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/) + +[^199]: NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms [[Archive.org]](https://web.archive.org/web/https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf) + +[^200]: BBC, Facial recognition identifies people wearing masks [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-55573802) + +[^201]: University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer Vision [[Archive.org]](https://web.archive.org/web/http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download) + +[^202]: Wikipedia, Phishing [[Wikiless]](https://wikiless.org/wiki/Phishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Phishing) + +[^203]: Wikipedia, Social Engineering [[Wikiless]](https://wikiless.org/wiki/Social_engineering_(security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Social_engineering_(security)) + +[^204]: BBC, Spy pixels in emails have become endemic [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-56071437) + +[^205]: Vice, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) + +[^206]: Wikipedia, Exploit [[Wikiless]](https://wikiless.org/wiki/Exploit_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Exploit_(computer_security)) + +[^207]: Wikipedia, Freedom Hosting [[Wikiless]](https://wikiless.org/wiki/Freedom_Hosting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Freedom_Hosting) + +[^208]: Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/09/freedom-hosting-fbi/) + +[^209]: Wikipedia, 2020 United States federal government data breach [[Wikiless]](https://wikiless.org/wiki/2020_United_States_federal_government_data_breach) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach) + +[^210]: BBC, China social media: WeChat and the Surveillance State [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907) + +[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/) + +[^212]: Wikipedia, Sandbox [[Wikiless]](https://wikiless.org/wiki/Sandbox_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security)) + +[^213]: Wired, Why the Security of USB Is Fundamentally Broken [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2014/07/usb-security/) + +[^214]: Wikipedia, Stuxnet [[Wikiless]](https://wikiless.org/wiki/Stuxnet) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stuxnet) + +[^215]: Superuser.com, How do I safely investigate a USB stick found in the parking lot at work? [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work) + +[^216]: The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden) + +[^217]: Wikipedia, Rootkit [[Wikiless]](https://wikiless.org/wiki/Rootkit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rootkit) + +[^218]: Wikipedia, Userspace [[Wikiless]](https://wikiless.org/wiki/User_space) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/User_space) + +[^219]: Wikipedia, Firmware [[Wikiless]](https://wikiless.org/wiki/Firmware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Firmware) + +[^220]: Wikipedia, BIOS [[Wikiless]](https://wikiless.org/wiki/BIOS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BIOS) + +[^221]: Wikipedia, UEFI [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) + +[^222]: Bellingcat, Joseph Mifsud: Rush for the EXIF [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/) + +[^223]: Zoom Support, Adding a watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark) + +[^224]: Zoom Support, Audio Watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark) + +[^225]: CreativeCloud Extension, IMATAG [[Archive.org]](https://web.archive.org/web/https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html) + +[^226]: NexGuard, [[Archive.org]](https://web.archive.org/web/https://dtv.nagra.com/nexguard-forensic-watermarking) + +[^227]: Vobile Solutions, [[Archive.org]](https://web.archive.org/web/https://www.vobilegroup.com) + +[^228]: Cinavia, [[Archive.org]](https://web.archive.org/web/https://www.cinavia.com/languages/english/pages/technology.html) + +[^229]: Imatag, [[Archive.org]](https://web.archive.org/web/https://www.imatag.com/) + +[^230]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) + +[^231]: IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/4428921) + +[^232]: ScienceDirect, Robust audio watermarking using perceptual masking [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking) + +[^233]: IEEExplore, Spread-spectrum watermarking of audio signals [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio) + +[^234]: Google Scholar, source camera identification [[Archive.org]](https://web.archive.org/web/https://scholar.google.com/scholar?q=source+camera+identification) + +[^235]: Wikipedia, Printing Steganography [[Wikiless]](https://wikiless.org/wiki/Machine_Identification_Code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Machine_Identification_Code) + +[^236]: MIT, SeeingYellow, [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220224174025/http://seeingyellow.com/) + +[^237]: arXiv, An Analysis of Anonymity in the Bitcoin System [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1107.4524.pdf) + +[^238]: Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/) + +[^239]: CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops [[Archive.org]](https://web.archive.org/web/https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/) + +[^240]: Wikipedia, KYC [[Wikiless]](https://wikiless.org/wiki/Know_your_customer) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer) + +[^241]: arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1906.05754.pdf) + +[^242]: YouTube, Breaking Monero [[Invidious]](https://yewtu.be/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y) + +[^243]: Monero, Monero vs Princeton Researchers, [[Archive.org]](https://web.archive.org/web/https://monero.org/monero-vs-princeton-researchers/) + +[^244]: Wikipedia, Cryptocurrency Tumbler [[Wikiless]](https://wikiless.org/wiki/Cryptocurrency_tumbler) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cryptocurrency_tumbler) + +[^245]: Wikipedia, Security Through Obscurity [[Wikiless]](https://wikiless.org/wiki/Security_through_obscurity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security_through_obscurity) + +[^246]: ArXiv, Tracking Mixed Bitcoins [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2009.14007.pdf) + +[^247]: SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight) + +[^248]: Magnet Forensics, Magnet AXIOM [[Archive.org]](https://web.archive.org/web/https://www.magnetforensics.com/products/magnet-axiom/cloud/) + +[^249]: Cellebrite, Unlock cloud-based evidence to solve the case sooner [[Archive.org]](https://web.archive.org/web/https://www.cellebrite.com/en/ufed-cloud/) + +[^250]: Property of the People, Lawful Access to Secure Messaging Apps Data, [[Archive.org]](https://web.archive.org/web/https://propertyofthepeople.org/document-detail/?doc-id=21114562) + +[^251]: Chromium Documentation, Technical analysis of client identification mechanisms [[Archive.org]](https://web.archive.org/web/https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms) + +[^252]: Mozilla Wiki, Fingerprinting [[Archive.org]](https://web.archive.org/web/https://wiki.mozilla.org/Fingerprinting) + +[^253]: Grayshift, [[Archive.org]](https://web.archive.org/web/https://www.grayshift.com/) + +[^254]: Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions [[Archive.org]](https://web.archive.org/web/https://securephones.io/main.pdf) + +[^255]: Loup-Vaillant.fr, Rolling Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://loup-vaillant.fr/articles/rolling-your-own-crypto) + +[^256]: Dhole Moments, Crackpot Cryptography and Security Theater [[Archive.org]](https://web.archive.org/web/https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/) + +[^257]: Vice.com, Why You Don't Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto) + +[^258]: arXiv, MIT, You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2107.04940.pdf) + +[^259]: YouTube, Great Crypto Failures [[Invidious]](https://yewtu.be/watch?v=loy84K3AJ5Q) + +[^260]: Cryptography Dispatches, The Most Backdoor-Looking Bug I've Ever Seen [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) + +[^261]: Citizenlab.ca, Move Fast and Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/) + +[^262]: Jack Poon, The myth of military grade encryption [[Scribe.rip]](https://scribe.rip/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) [[Archive.org]](https://web.archive.org/web/https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) + +[^263]: Congruent Labs, Stop calling it "Military-Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.congruentlabs.co/military-grade-encryption/) + +[^264]: IronCoreLabs Blog, "Military Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588) + +[^265]: Wikipedia, BLAKE2, [[Wikiless]](https://wikiless.org/wiki/BLAKE_(hash_function)#BLAKE2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2) + +[^266]: Wikipedia, AES Instruction Set, [[Wikiless]](https://wikiless.org/wiki/AES_instruction_set) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AES_instruction_set) + +[^267]: Wikipedia, ChaCha Variants, [[Wikiless]](https://wikiless.org/wiki/Salsa20#ChaCha_variant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant) + +[^268]: Wikipedia, Serpent, [[Wikiless]](https://wikiless.org/wiki/Serpent_(cipher)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Serpent_(cipher)) + +[^269]: Wikipedia, TwoFish, [[Wikiless]](https://wikiless.org/wiki/Twofish) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Twofish) + +[^270]: Lacatora, The PGP Problem [[Archive.org]](https://web.archive.org/web/https://latacora.singles/2019/07/16/the-pgp-problem.html) + +[^271]: Wikipedia, Shor's Algorithm, [[Wikiless]](https://wikiless.org/wiki/Shor%27s_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Shor%27s_algorithm) + +[^272]: Wikipedia, Gag Order, [[Wikiless]](https://wikiless.org/wiki/Gag_order) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gag_order) + +[^273]: Wikipedia, National Security Letter [[Wikiless]](https://wikiless.org/wiki/National_security_letter) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/National_security_letter) + +[^275]: ArsTechnica, VPN servers seized by Ukrainian authorities weren't encrypted [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) + +[^276]: BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/) + +[^277]: CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case [[Archive.org]](https://web.archive.org/web/https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/) + +[^278]: Heise Online (German), [[Archive.org]](https://web.archive.org/web/https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html) + +[^279]: PCMag, Did PureVPN Cross a Line When It Disclosed User Information? [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information) + +[^280]: Internet Archive, Wipeyourdata, "No logs" EarthVPN user arrested after police finds logs [[Archive.org]](https://web.archive.org/web/https://archive.is/XNuVw) + +[^281]: Wikipedia, Lavabit Suspension and Gag order, [[Wikiless]](https://wikiless.org/wiki/Lavabit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit) + +[^282]: Internet Archive, Invisibler, What Everybody Ought to Know About HideMyAss + +[^283]: Wikipedia, Warrant Canary [[Wikiless]](https://wikiless.org/wiki/Warrant_canary) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary) + +[^284]: Washington Post, The intelligence coup of the century [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/) + +[^285]: Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices [[Archive.org]](https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432) + +[^286]: Wikipedia, Das Leben der Anderen [[Wikiless]](https://wikiless.org/wiki/The_Lives_of_Others) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others) + +[^287]: Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/air-gap-researcher-mordechai-guri/) + +[^288]: Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They're Doing [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/) + +[^289]: Scientific American, A Shiny Snack Bag's Reflections Can Reconstruct the Room around It [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/) + +[^290]: Scientific American, Footstep Sensors Identify People by Gait [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/) + +[^291]: Ben Nassi, Lamphone [[Archive.org]](https://web.archive.org/web/https://www.nassiben.com/lamphone) + +[^292]: The Guardian, Laser spying: is it really practical? [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices) + +[^293]: ArsTechnica, Photos of an NSA "upgrade" factory show Cisco router getting implant [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/) + +[^294]: Wikipedia, Rubber-hose Cryptanalysis [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) + +[^295]: Defuse.ca, TrueCrypt's Plausible Deniability is Theoretically Useless [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) + +[^296]: Wikipedia, OONI, [[Wikiless]](https://wikiless.org/wiki/OONI) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI) + +[^297]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) + +[^298]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) + +[^299]: Usenix.org, Shedding too much Light on a Microcontroller's Firmware Protection [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf) + +[^300]: TorProject.org, Can I run Tor Browser on an iOS device? [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-3/) + +[^301]: Wikipedia, Tails [[Wikiless]](https://wikiless.org/wiki/Tails_(operating_system)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tails_(operating_system)) + +[^302]: Vice.com, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) + +[^303]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) + +[^304]: YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s) + +[^305]: Qubes OS, Anti-Evil Maid, [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) + +[^306]: QubesOS FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) + +[^307]: Wikipedia, Secure Boot [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) + +[^308]: Wikipedia, Booting [[Wikiless]](https://wikiless.org/wiki/Booting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Booting) + +[^309]: Wired, Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/12/better-data-security-nail-polish/) + +[^310]: Wikipedia, Virtual Machine [[Wikiless]](https://wikiless.org/wiki/Virtual_machine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_machine) + +[^311]: Wikipedia, Plausible Deniability [[Wikiless]](https://wikiless.org/wiki/Plausible_deniability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability) + +[^312]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) + +[^313]: PrivacyGuides.org, Don't use Windows 10 - It's a privacy nightmare [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) + +[^314]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) + +[^315]: Wikipedia, Key Disclosure Laws [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) + +[^316]: GP Digital, World map of encryption laws and policies [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/) + +[^317]: Wikipedia, Bitlocker [[Wikiless]](https://wikiless.org/wiki/BitLocker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BitLocker) + +[^318]: Wikipedia, Evil Maid Attack [[Wikiless]](https://wikiless.org/wiki/Evil_maid_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Evil_maid_attack) + +[^319]: Wikipedia, Cold Boot Attack [[Wikiless]](https://wikiless.org/wiki/Cold_boot_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cold_boot_attack) + +[^320]: CITP 2008 () [[Invidious]](https://yewtu.be/watch?v=JDaicPIgn9U) + +[^321]: ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems) + +[^322]: SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500) + +[^323]: SourceForge, Veracrypt Forum [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/) + +[^324]: Microsoft, BitLocker Countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) + +[^325]: SANS, Windows ShellBag Forensics in-depth [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545) + +[^326]: University of York, Forensic data recovery from the Windows Search Database [[Archive.org]](https://web.archive.org/web/https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf) + +[^327]: A forensic insight into Windows 10 Jump Lists [[Archive.org]](https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf) + +[^328]: Wikipedia, Gatekeeper [[Wikiless]](https://wikiless.org/wiki/Gatekeeper_(macOS)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gatekeeper_(macOS)) + +[^329]: Alpine Linux Wiki, Setting up a laptop [[Archive.org]](https://web.archive.org/web/https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop) + +[^330]: Wikipedia Veracrypt [[Wikiless]](https://wikiless.org/wiki/VeraCrypt) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VeraCrypt) + +[^331]: OSTIF Veracrypt Audit, 2016 + +[^332]: Veracrypt Documentation, Unencrypted Data in RAM [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html) + +[^333]: Veracrypt Documentation, Data Leaks [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html) + +[^334]: Dolos Group, From Stolen Laptop to Inside the Company Network [[Archive.org]](https://web.archive.org/web/https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network) + +[^335]: Trammell Hudson's Projects, Understanding TPM Sniffing Attacks [[Archive.org]](https://web.archive.org/web/https://trmm.net/tpm-sniffing/) + +[^336]: Jon Aubrey, attacking laptops that are protected by Microsoft Bitlocker drive encryption [[Nitter]](https://nitter.net/SecurityJon/status/1445020885472235524) + +[^337]: F-Secure Labs, Sniff, there leaks my BitLocker key [[Archive.org]](https://web.archive.org/web/https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/) + +[^338]: Microsoft, BitLocker Countermeasures, Attacker countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) + +[^339]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) + +[^340]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) + +[^341]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) + +[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]](https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds) + +[^343]: WindowsCentral, Trim Tutorial [[Archive.org]](https://web.archive.org/web/https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance) + +[^344]: Veracrypt Documentation, Trim Operation [[Archive.org]](https://web.archive.org/web/https://veracrypt.eu/en/docs/trim-operation/) + +[^345]: Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf) + +[^346]: Milan Broz's Blog, TRIM & dm-crypt ... problems? [[Archive.org]](https://web.archive.org/web/http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html) + +[^347]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) + +[^348]: Wikipedia, Virtualbox [[Wikiless]](https://wikiless.org/wiki/VirtualBox) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VirtualBox) + +[^349]: VirtualBox Ticket 17987 [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/ticket/17987) + +[^350]: Whonix Documentation, Spectre Meltdown [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) + +[^351]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) + +[^352]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) + +[^353]: Wikipedia, Whonix [[Wikiless]](https://wikiless.org/wiki/Whonix) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Whonix) + +[^354]: Oracle Virtualbox Manual, Snapshots [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html) + +[^355]: Utica College, Forensic Recovery Of Evidence From Deleted Oracle Virtualbox Virtual Machines + +[^356]: Wikipedia, Spectre [[Wikiless]](https://wikiless.org/wiki/Spectre_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)) + +[^357]: Wikipedia, Meltdown [[Wikiless]](https://wikiless.org/wiki/Meltdown_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)) + +[^358]: Whonix Documentation, Stream Isolation, By Settings [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation#By_Settings) + +[^359]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) + +[^360]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) + +[^361]: Whonix Documentation, Bridged Adapters Warning [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking) + +[^362]: Qubes OS, FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution) + +[^363]: Qubes OS, System Requirements [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/system-requirements/) + +[^364]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) + +[^365]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) + +[^366]: Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk (Issue #2414) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-issues/issues/2414) + +[^367]: Wikipedia, AppArmor [[Wikiless]](https://wikiless.org/wiki/AppArmor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AppArmor) + +[^368]: Wikipedia, SELinux [[Wikiless]](https://wikiless.org/wiki/Security-Enhanced_Linux) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security-Enhanced_Linux) + +[^369]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) + +[^370]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) + +[^371]: Wikipedia, Captcha [[Wikiless]](https://wikiless.org/wiki/CAPTCHA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA) + +[^372]: Wikipedia, Turing Test [[Wikiless]](https://wikiless.org/wiki/Turing_test) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Turing_test) + +[^373]: Google reCAPTCHA [[Archive.org]](https://web.archive.org/web/https://www.google.com/recaptcha/about/) + +[^374]: hCaptcha [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/) + +[^375]: hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service) + +[^376]: Nearcyan.com, You (probably) don't need ReCAPTCHA [[Archive.org]](https://web.archive.org/web/https://nearcyan.com/you-probably-dont-need-recaptcha/) + +[^377]: ArsTechnica, "Google's reCAPTCHA turns "invisible," will separate bots from people without challenges" [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/) + +[^378]: BlackHat Asia 2016, "I'm not a human: Breaking the Google reCAPTCHA" [[Archive.org]](https://web.archive.org/web/https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf) + +[^379]: Google Blog [[Archive.org]](https://web.archive.org/web/https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html) + +[^380]: Cloudflare Blog, Cloudflare supports Privacy Pass [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/cloudflare-supports-privacy-pass/) + +[^381]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) + +[^382]: Wikipedia, Device Fingerprinting [[Wikiless]](https://wikiless.org/wiki/Device_fingerprint) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint) + +[^383]: Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications [[Archive.org]](https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html) + +[^384]: Google Help, Access age-restricted content & features [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/10071085) + +[^385]: Wikipedia, Dark Pattern [[Wikiless]](https://wikiless.org/wiki/Dark_pattern) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dark_pattern) + +[^386]: The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight) + +[^387]: DigitalInformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification [[Archive.org]](https://web.archive.org/web/https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html) + +[^388]: Vice.com, PornHub Announces 'Biometric Technology' to Verify Users [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id) + +[^389]: Variety, China Launches Hotline to Report Online Comments That 'Distort' History or 'Deny' Its Cultural Excellence [[Archive.org]](https://web.archive.org/web/https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/) + +[^390]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) + +[^391]: Wikipedia, Zero-trust Security Model [[Wikiless]](https://wikiless.org/wiki/Zero_trust_security_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model) + +[^392]: Wikipedia, Espionage, Organization [[Wikiless]](https://wikiless.org/wiki/Espionage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Espionage) + +[^393]: Medium.com, Kyle McDonald, How to recognize fake AI-generated images [[Scribe.rip]](https://scribe.rip/@kcimc/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) [[Archive.org]](https://web.archive.org/web/https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) + +[^394]: Jayway Blog, Using ML to detect fake face images created by AI [[Archive.org]](https://web.archive.org/web/https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/) + +[^395]: Wikipedia, Sim Swapping [[Wikiless]](https://wikiless.org/wiki/SIM_swap_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SIM_swap_scam) + +[^396]: Whonix Documentation, Tor Configuration [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tor) + +[^397]: Tor Browser Documentation, Editing Torrc [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/tbb-editing-torrc/) + +[^398]: Facebook Onion Website + +[^399]: Google Help [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/114129?hl=en) + +[^400]: Google Help, Customer Matching Process [[Archive.org]](https://web.archive.org/web/https://support.google.com/google-ads/answer/7474263?hl=en) + +[^401]: Google, Your account is disabled [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/40695) + +[^402]: Google, Request to restore the account [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/contact/disabled2) + +[^403]: Google Help, Update your account to meet age requirements [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/1333913?hl=en) + +[^404]: Jumio, ID verification features [[Archive.org]](https://web.archive.org/web/https://www.jumio.com/features/) + +[^405]: Privacyguides.org recommended E-mail Providers [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/email/) + +[^406]: Proton Registration Human Verification [[Archive.org]](https://web.archive.org/web/https://proton.me/support/human-verification) + +[^407]: Twitter Appeal Form + +[^408]: KnowYourMeme, Good Luck, I'm Behind 7 Proxies [[Archive.org]](https://web.archive.org/web/https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies) + +[^409]: Wikipedia, end-to-end encryption [[Wikiless]](https://wikiless.org/wiki/End-to-end_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/End-to-end_encryption) + +[^410]: Wikipedia, Forward Secrecy [[Wikiless]](https://wikiless.org/wiki/Forward_secrecy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Forward_secrecy) + +[^411]: Proton Blog, What is zero-access encryption? [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/zero-access-encryption/) + +[^412]: Wikipedia, Cambridge Analytica Scandal [[Wikiless]](https://wikiless.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) + +[^413]: Signal Blog, Technology preview: Sealed sender for Signal [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/sealed-sender/) + +[^414]: Signal Blog, Private Contact Discovery [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/private-contact-discovery/) + +[^415]: Signal Blog, Private Group System [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/signal-private-group-system/) + +[^416]: Privacyguides.org, File-Sharing [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/file-sharing/) + +[^417]: Privacyguides.org, Real-Time Communication [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/real-time-communication/) + +[^418]: GetSession.org, The Session Protocol: What's changing --- and why [[Archive.org]](https://web.archive.org/web/https://getsession.org/session-protocol-explained/) + +[^419]: Quarkslab, Audit of Session Secure Messaging Application [[Archive.org]](https://web.archive.org/web/https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html) + +[^420]: Techlore, Top 5 BEST Messengers For Privacy [[Invidious]](https://yewtu.be/watch?v=aVwl892hqb4) + +[^421]: Wikipedia, IPFS [[Wikiless]](https://wikiless.org/wiki/InterPlanetary_File_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/InterPlanetary_File_System) + +[^422]: Praxis Films, Open Letter from Laura Poitras [[Archive.org]](https://web.archive.org/web/https://www.praxisfilms.org/open-letter-from-laura-poitras/) + +[^423]: Wikipedia, SecureDrop [[Wikiless]](https://wikiless.org/wiki/SecureDrop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SecureDrop) + +[^424]: Wikipedia, TPM [[Wikiless]](https://wikiless.org/wiki/Trusted_Platform_Module) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trusted_Platform_Module) + +[^425]: Wikipedia, Pastebin [[Wikiless]](https://wikiless.org/wiki/Pastebin) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pastebin) + +[^426]: Wikipedia, Wear Leveling [[Wikiless]](https://wikiless.org/wiki/Wear_leveling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wear_leveling) + +[^427]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) + +[^428]: Wikipedia, Write Amplification [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) + +[^429]: Wikipedia, Trim Disadvantages [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) + +[^430]: Wikipedia, Garbage Collection [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) + +[^431]: Techgage, Too TRIM? When SSD Data Recovery is Impossible [[Archive.org]](https://web.archive.org/web/https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/) + +[^432]: ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function) + +[^433]: ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives [[Archive.org]](https://web.archive.org/web/https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/) + +[^434]: Forensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools [[Archive.org]](https://web.archive.org/web/https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/) + +[^435]: ResearchGate, Solid State Drive Forensics: Where Do We Stand? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand) + +[^436]: BleepingComputer, Firmware attack can drop persistent malware in hidden SSD area [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/) + +[^437]: Wikipedia, Parted Magic [[Wikiless]](https://wikiless.org/wiki/Parted_Magic) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Parted_Magic) + +[^438]: Wikipedia, hdparm [[Wikiless]](https://wikiless.org/wiki/Hdparm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Hdparm) + +[^439]: GitHub, nvme-cli [[Archive.org]](https://web.archive.org/web/https://github.com/linux-nvme/nvme-cli) + +[^440]: PartedMagic Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/secure-erase/) + +[^441]: Partedmagic NVMe Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/nvme-secure-erase/) + +[^442]: UFSExplorer, Can I recover data from an encrypted storage? [[Archive.org]](https://web.archive.org/web/https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php) + +[^443]: Apple Developer Documentation [[Archive.org]](https://web.archive.org/web/https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html) + +[^444]: EFF, How to: Delete Your Data Securely on macOS [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos) + +[^445]: Privacyguides.org, Productivity tools [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/productivity/) + +[^446]: Whonix Documentation, Scrubbing Metadata [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Metadata) + +[^447]: Tails documentation, MAT [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/) + +[^448]: GitHub, Disable Gatekeeper on macOS Big Sur (11.x) [[Archive.org]](https://web.archive.org/web/https://disable-gatekeeper.github.io/) + +[^449]: DuckDuckGo help, Cache [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/) + +[^450]: DuckDuckGo help, Sources [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/) + +[^451]: Wikipedia, Dead Drop [[Wikiless]](https://wikiless.org/wiki/Dead_drop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dead_drop) + +[^452]: Wikipedia, Secure Communication Obfuscation [[Wikiless]](https://wikiless.org/wiki/Obfuscation) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Obfuscation) + +[^453]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) + +[^454]: Wikipedia, Kleptography [[Wikiless]](https://wikiless.org/wiki/Kleptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Kleptography) + +[^455]: Wikipedia, Koalang [[Wikiless]](https://wikiless.org/wiki/Koalang) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang) + +[^456]: Wikipedia, OPSEC [[Wikiless]](https://wikiless.org/wiki/Operations_security) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Operations_security) + +[^457]: Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes [[Archive.org]](https://web.archive.org/web/https://quoteinvestigator.com/2014/07/13/truth/) + +[^458]: Privacyguides.org, Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) + +[^461]: Medium.com, Digging into the System Resource Usage Monitor (SRUM) [[Scribe.rip]](https://scribe.rip/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) [[Archive.org]](https://web.archive.org/web/https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) + +[^462]: SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/) + +[^463]: DBAN, [[Archive.org]](https://web.archive.org/web/https://dban.org/) + +[^464]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) + +[^466]: Wikipedia, Faraday Cage, [[Wikiless]](https://wikiless.org/wiki/Faraday_cage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Faraday_cage) + +[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]](https://web.archive.org/web/20211011220410/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf) + +[^468]: arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1512.05616.pdf) + +[^469]: Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences [[Archive.org]](https://web.archive.org/web/https://dl.acm.org/doi/pdf/10.1145/3309074.3309076) + +[^470]: YouTube, Fingerprinting Paper - Forensic Education [[Invidious]](https://yewtu.be/watch?v=sO98kDLkh-M) + +[^471]: Wikipedia, Touch DNA, [[Wikiless]](https://wikiless.org/wiki/Touch_DNA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Touch_DNA) + +[^472]: TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss..... [[Archive.org]](https://web.archive.org/web/https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps) + +[^473]: GitHub, Mhinkie, OONI-Detection [[Archive.org]](https://web.archive.org/web/https://github.com/mhinkie/ooni-detection) + +[^474]: Wikipedia, File Verification [[Wikiless]](https://wikiless.org/wiki/File_verification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/File_verification) + +[^475]: Wikipedia, CRC [[Wikiless]](https://wikiless.org/wiki/Cyclic_redundancy_check) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cyclic_redundancy_check) + +[^476]: Wikipedia, MD5 [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) + +[^477]: Wikipedia, MD5 Security [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) + +[^478]: Wikipedia, Collisions [[Wikiless]](https://wikiless.org/wiki/Collision_(computer_science)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_(computer_science)) + +[^479]: Wikipedia, SHA [[Wikiless]](https://wikiless.org/wiki/Secure_Hash_Algorithms) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Secure_Hash_Algorithms) + +[^480]: Wikipedia, SHA-2 [[Wikiless]](https://wikiless.org/wiki/SHA-2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SHA-2) + +[^481]: Wikipedia, Collision Resistance [[Wikiless]](https://wikiless.org/wiki/Collision_resistance) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_resistance) + +[^482]: GnuPG Gpg4win Wiki, Check integrity of Gpg4win packages [[Archive.org]](https://web.archive.org/web/https://wiki.gnupg.org/Gpg4win/CheckIntegrity) + +[^484]: Wikipedia, GPG [[Wikiless]](https://wikiless.org/wiki/GNU_Privacy_Guard) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/GNU_Privacy_Guard) + +[^485]: Wikipedia, Public-Key Cryptography [[Wikiless]](https://wikiless.org/wiki/Public-key_cryptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Public-key_cryptography) + +[^486]: Wikipedia, Polymorphic Code [[Wikiless]](https://wikiless.org/wiki/Polymorphic_code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Polymorphic_code) + +[^487]: Whonix Documentation, Use of AV, [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Malware_and_Firmware_Trojans) + +[^488]: Whonix Forums, [[Archive.org]](https://web.archive.org/web/https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8) + +[^489]: AV-Test Security Report 2018-2019, [[Archive.org]](https://web.archive.org/web/https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf) + +[^490]: ZDNet, ESET discovers 21 new Linux malware families [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/) + +[^491]: NakeSecurity, EvilGnome -- Linux malware aimed at your desktop, not your servers [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/) + +[^492]: Immunify, HiddenWasp: How to detect malware hidden on Linux & IoT [[Archive.org]](https://web.archive.org/web/https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot) + +[^493]: Wikipedia, Linux Malware [[Wikiless]](https://wikiless.org/wiki/Linux_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Linux_malware) + +[^494]: Wikipedia, macOS Malware [[Wikiless]](https://wikiless.org/wiki/MacOS_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MacOS_malware) + +[^495]: MacWorld, List of Mac viruses, malware and security flaws [[Archive.org]](https://web.archive.org/web/https://www.macworld.co.uk/feature/mac-viruses-list-3668354/) + +[^496]: JAMF, The Mac Malware of 2020 [[Archive.org]](https://web.archive.org/web/https://resources.jamf.com/documents/macmalware-2020.pdf) + +[^497]: macOS Security and Privacy Guide, [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) + +[^498]: ImageTragick.com, [[Archive.org]](https://web.archive.org/web/https://imagetragick.com/) + +[^499]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) + +[^500]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) + +[^501]: Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet [[Archive.org]](https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/) + +[^502]: Wikipedia, Portable Applications [[Wikiless]](https://wikiless.org/wiki/Portable_application) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Portable_application) + +[^503]: Brave Help, What is a Private Window with Tor Connectivity? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor) + +[^504]: BlackGNU, Brave, the false sensation of privacy [[Archive.org]](https://web.archive.org/web/https://blackgnu.net/brave-is-shit.html) + +[^505]: Brave Help Center, What is "Shields"? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields) + +[^506]: VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave [[Archive.org]](https://web.archive.org/web/https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/) + +[^507]: Brave.com, Brave, Fingerprinting, and Privacy Budgets [[Archive.org]](https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/) + +[^508]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) + +[^509]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) + +[^510]: ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home) + +[^511]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) + +[^512]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) + +[^513]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) + +[^514]: Microsoft.com, Microsoft Edge support for Microsoft Defender Application Guard [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard) + +[^515]: PcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox) + +[^516]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) + +[^517]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) + +[^518]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) + +[^519]: Wikipedia, Virtualization [[Wikiless]](https://wikiless.org/wiki/Virtualization) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtualization) + +[^520]: Tor Project, Project Snowflake [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/) + +[^521]: GitHub, Obfs4 Repository [[Archive.org]](https://web.archive.org/web/https://github.com/Yawning/obfs4/) + +[^523]: Tor Browser Manual, Pluggable Transport [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/circumvention/) + +[^524]: Wikipedia, Domain Fronting [[Wikiless]](https://wikiless.org/wiki/Domain_fronting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_fronting) + +[^525]: GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569) + +[^526]: Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous) + +[^528]: NIST, NIST Has Spoken - Death to Complexity, Long Live the Passphrase! [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/) + +[^529]: ZDnet, FBI recommends passphrases over password complexity [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/) + +[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) + +[^531]: Proton Blog, Let's settle the password vs. passphrase debate once and for all [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase) + +[^532]: YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) [[Invidious]](https://yewtu.be/watch?v=yzGzB-yYKcc) + +[^533]: YouTube, How to Choose a Password -- Computerphile [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) + +[^534]: Wikipedia, Passphrase [[Wikiless]](https://wikiless.org/wiki/Passphrase#Passphrase_selection) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection) + +[^535]: Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world [[Archive.org]](https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf) + +[^536]: Wikipedia, Privacy in Australian Law [[Wikiless]](https://wikiless.org/wiki/Privacy_in_Australian_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Privacy_in_Australian_law) + +[^537]: Parliament of Autralia, Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, [[Archive.org]](https://web.archive.org/web[/https://en.wikipedia.org/wiki/Privacy_in_Australian_law](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623)) + +[^538]: Lokinet Documentation, Service Nodes, [[Archive.org]](https://web.archive.org/https://loki.network/service-nodes/) + +[^539]: Session Documentation, Session protocol explained, [[Archive.org]](https://web.archive.org/[https://loki.network/service-nodes/](https://getsession.org/session-protocol-explained)) + + [Appendix A1: Recommended VPS hosting providers]: #appendix-a1-recommended-vps-hosting-providers + [Appendix A2: Guidelines for passwords and passphrases]: #appendix-a2-guidelines-for-passwords-and-passphrases + [Appendix A3: Search Engines]: #appendix-a3-search-engines + [Appendix A4: Counteracting Forensic Linguistics]: #appendix-a4-counteracting-forensic-linguistics + [Appendix A5: Additional browser precautions with JavaScript enabled]: #appendix-a5-additional-browser-precautions-with-javascript-enabled + [Appendix A6: Mirrors]: #appendix-a6-mirrors + [Appendix A7: Comparing versions]: #appendix-a7-comparing-versions + [Appendix A8: Crypto Swapping Services without Registration and KYC]: #appendix-a8-crypto-swapping-services-without-registration-and-kyc + [Appendix A9: Installing a Zcash wallet:]: #appendix-a9-installing-a-zcash-wallet + [Appendix B1: Checklist of things to verify before sharing information:]: #appendix-b1-checklist-of-things-to-verify-before-sharing-information + [Appendix B2: Monero Disclaimer]: #appendix-b2-monero-disclaimer + [Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources + [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering + [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks + [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android + [Appendix B7: Caution about Session Messenger]: #appendix-b7-caution-about-session-messenger + [Appendix A: Windows Installation]: #appendix-a-windows-installation + [Appendix B: Windows Additional Privacy Settings]: #appendix-b-windows-additional-privacy-settings + [Appendix C: Windows Installation Media Creation]: #appendix-c-windows-installation-media-creation + [Appendix D: Using System Rescue to securely wipe an SSD drive]: #appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive + [Appendix E: Clonezilla]: #appendix-e-clonezilla + [Appendix F: Diskpart]: #appendix-f-diskpart + [Appendix G: Safe Browser on the Host OS]: #appendix-g-safe-browser-on-the-host-os + [Appendix H: Windows Cleaning Tools]: #appendix-h-windows-cleaning-tools + [Appendix I: Using ShredOS to securely wipe an HDD drive:]: #appendix-i-using-shredos-to-securely-wipe-an-hdd-drive + [Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]: #appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives + [Appendix K: Considerations for using external SSD drives]: #appendix-k-considerations-for-using-external-ssd-drives + [Appendix L: Creating a mat2-web guest VM for removing metadata from files]: #appendix-l-creating-a-mat2-web-guest-vm-for-removing-metadata-from-files + [Appendix M: BIOS/UEFI options to wipe disks in various Brands]: #appendix-m-biosuefi-options-to-wipe-disks-in-various-brands + [Appendix N: Warning about smartphones and smart devices]: #appendix-n-warning-about-smartphones-and-smart-devices + [Appendix O: Getting an anonymous VPN/Proxy]: #appendix-o-getting-an-anonymous-vpnproxy + [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]: #appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option + [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]: #appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance + [Appendix R: Installing a VPN on your VM or Host OS]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os + [Appendix S: Check your network for surveillance/censorship using OONI]: #appendix-s-check-your-network-for-surveillancecensorship-using-ooni + [Appendix T: Checking files for malware]: #appendix-t-checking-files-for-malware + [Appendix U: How to bypass (some) local restrictions on supervised computers]: #appendix-u-how-to-bypass-some-local-restrictions-on-supervised-computers + [Appendix V: What browser to use in your Guest VM/Disposable VM]: #appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm + [Appendix V1: Hardening your Browsers:]: #appendix-v1-hardening-your-browsers + [Appendix W: Virtualization]: #appendix-w-virtualization + [Appendix X: Using Tor bridges in hostile environments]: #appendix-x-using-tor-bridges-in-hostile-environments + [Appendix Y: Installing and using desktop Tor Browser]: #appendix-y-installing-and-using-desktop-tor-browser + [Appendix Z: Online anonymous payments using cryptocurrencies]: #appendix-z-online-anonymous-payments-using-cryptocurrencies + [(Optional) VM kill switch:]: #optional-vm-kill-switch + [**If you think you got burned:**]: #if-you-think-you-got-burned + [1]: #pick-your-connectivity-method-1 + [2]: #getting-an-anonymous-vpnproxy-1 + [3]: #keepassxc-1 + [4]: #windows-3 + [5]: #macos-3 + [6]: #whonix-1 + [7]: #macos-4 + [8]: #linux-qubes-os-1 + [9]: #windows-4 + [10]: #installation-5 + [11]: #windows-5 + [12]: #windows-6 + [13]: #linux-3 + [14]: #trim-support-1 + [15]: #atanvme-operations-secure-erasesanitize-1 + [16]: #macos-5 + [17]: #trim-support-2 + [18]: #atanvme-operations-secure-erasesanitize-2 + [19]: #manual-reviews-1 + [20]: #brave-1 + [21]: #ungoogled-chromium-1 + [22]: #edge-1 + [23]: #safari-1 + [24]: #firefox-1 + [25]: #installation-6 + [26]: #introduction-1 + [A small final editorial note:]: #a-small-final-editorial-note + [ATA/NVMe Operations (Secure Erase/Sanitize):]: #atanvme-operations-secure-erasesanitize + [About paid services:]: #about-paid-services + [Acknowledgments:]: #acknowledgments + [Addons to install/consider:]: #addons-to-installconsider + [Advanced settings:]: #advanced-settings + [Adversarial considerations:]: #adversarial-considerations + [Adversaries (threats)]: #threats + [Android Virtual Machine:]: #android-virtual-machine + [Android:]: #android + [Anti Evil Maid (AEM):]: #anti-evil-maid-aem + [Anti-Virus Software:]: #anti-virus-software + [Archive.today:]: #archive.today + [Authenticity (if available):]: #authenticity-if-available + [BTC to Monero only:]: #btc-to-monero-only + [Backing up your work securely:]: #backing-up-your-work-securely + [Bad Cryptography:]: #bad-cryptography + [Baidu:]: #baidu + [Behavioral Analysis:]: #behavioral-analysis + [Bing:]: #bing + [Bios/UEFI/Firmware Settings of your laptop:]: #biosuefifirmware-settings-of-your-laptop + [Bonus links:]: #bonus-links + [Bonus resources:]: #bonus-resources + [Bootable Live Systems:]: #bootable-live-systems + [Brave:]: #brave + [Browser and Device Fingerprinting:]: #browser-and-device-fingerprinting + [Budget/Material limitations:]: #budgetmaterial-limitations + [Captchas:]: #captchas + [Cash/Monero-Paid VPN:]: #cashmonero-paid-vpn + [Checking if your Tor Exit Node is terrible:]: #checking-if-your-tor-exit-node-is-terrible + [Communicating sensitive information to various known organizations:]: #communicating-sensitive-information-to-various-known-organizations + [Conclusion:]: #conclusion-4 + [Connect to a Public Wi-Fi:]: #connect-to-a-public-wi-fi + [Contents:]: #contents + [Covering your tracks:]: #covering-your-tracks + [Creating new identities:]: #creating-new-identities + [Creating your anonymous online identities:]: #creating-your-anonymous-online-identities + [Debian 11 VM:]: #debian-11-vm + [Donations:]: #donations + [DuckDuckGo:]: #duckduckgo + [E-Mail verification:]: #e-mail-verification + [Edge:]: #edge + [Emoticons:]: #emoticons + [Examples:]: #examples + [Extra Tools Cleaning]: #extra-tools-cleaning + [Files:]: #files + [Final advice:]: #final-advice + [Final step:]: #final-step + [Financial transactions:]: #financial-transactions + [Find some safe places with decent public Wi-Fi:]: #find-some-safe-places-with-decent-public-wi-fi + [Firefox:]: #firefox + [Full Disk/System Backups:]: #full-disksystem-backups + [Gait Recognition and Other Long-Range Biometrics]: #gait-recognition-and-other-long-range-biometrics + [Garbage Collection:]: #garbage-collection + [General Crypto Swapping:]: #general-crypto-swapping + [General Preparations:]: #general-preparations + [Get a USB key:]: #get-a-usb-key + [Get a dedicated laptop for your sensitive activities:]: #get-a-dedicated-laptop-for-your-sensitive-activities + [Getting Online:]: #getting-online + [Getting an anonymous Phone number:]: #getting-an-anonymous-phone-number + [Getting an anonymous VPN/Proxy:]: #getting-an-anonymous-vpnproxy + [Getting used to using better passwords:]: #getting-used-to-using-better-passwords + [Google:]: #google-1 + [Hardening Linux]: #hardening-linux + [Hardening Qubes OS:]: #hardening-qubes-os + [Hardening macOS]: #hardening-macos + [Helping others staying anonymous:]: #helping-others-staying-anonymous + [Hidden communications in plain sight:]: #hidden-communications-in-plain-sight + [How to counteract the efforts of your adversary:]: #how-to-counteract-the-efforts-of-your-adversary + [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:]: #how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives + [How to securely wipe your whole Laptop/Drives if you want to erase everything:]: #how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything + [How to share files privately and/or chat anonymously:]: #how-to-share-files-privately-andor-chat-anonymously + [How to share files publicly but anonymously:]: #how-to-share-files-publicly-but-anonymously + [How to spot if someone has been searching your stuff:]: #how-to-spot-if-someone-has-been-searching-your-stuff + [Human interaction:]: #human-interaction + [IP Filters:]: #ip-filters + [If you can use Tor:]: #if-you-can-use-tor-2 + [If you cannot use Tor:]: #if-you-cannot-use-tor-7 + [If you have no time:]: #if-you-have-no-time + [If you have some time:]: #if-you-have-some-time + [Important Warning:]: #important-warning + [Information:]: #information + [Installation:]: #installation-3 + [Integrity (if available):]: #integrity-if-available + [Internet Archive:]: #internet-archive + [Introduction:]: #introduction + [KeepassXC:]: #keepassxc + [Lid Closure Behavior:]: #lid-closure-behavior + [Limitations:]: #limitations + [Linux (Qubes OS):]: #linux-qubes-os + [Linux (all versions including Qubes OS):]: #linux-all-versions-including-qubes-os + [Linux (non-Qubes OS):]: #linux-non-qubes-os + [Linux (non-Qubes):]: #linux-non-qubes + [Linux Host OS:]: #linux-host-os + [Linux Virtual Machine (Whonix or Linux):]: #linux-virtual-machine-whonix-or-linux + [Linux:]: #linux-2 + [Live Face recognition and biometrics (again):]: #live-face-recognition-and-biometrics-again + [Local Data Leaks and Forensics:]: #local-data-leaks-and-forensics + [Maintenance tasks:]: #maintenance-tasks + [Malicious USB devices:]: #malicious-usb-devices + [Malicious/Rogue Wi-Fi Access Points:]: #maliciousrogue-wi-fi-access-points + [Malware and Exploits in your apps and services:]: #malware-and-exploits-in-your-apps-and-services + [Malware and backdoors in your Hardware Firmware and Operating System:]: #malware-and-backdoors-in-your-hardware-firmware-and-operating-system + [Malware in your files/documents/e-mails:]: #malware-in-your-filesdocumentse-mails + [Malware, exploits, and viruses:]: #malware-exploits-and-viruses + [Manual reviews:]: #manual-reviews + [Microarchitectural Side-channel Deanonymization Attacks:]: #microarchitectural-side-channel-deanonymization-attacks + [Nested virtualization risks]: #nested-virtualization-risks + [No logging but logging anyway policies:]: #no-logging-but-logging-anyway-policies + [Normal settings:]: #normal-settings + [Note about Plausible Deniability:]: #note-about-plausible-deniability + [Note about plausible deniability on Linux]: #note-about-plausible-deniability-on-linux + [Notes:]: #notes + [Offline Backups:]: #offline-backups + [Online Backups:]: #online-backups + [Online Phone Number (less recommended)]: #online-phone-number + [Others:]: #others + [Overview:]: #overview + [Persistent Plausible Deniability using Whonix within Tails:]: #persistent-plausible-deniability-using-whonix-within-tails + [Phishing and Social Engineering:]: #phishing-and-social-engineering + [Phone verification:]: #phone-verification + [Physically Tamper protect your laptop:]: #physically-tamper-protect-your-laptop + [Pick your connectivity method:]: #pick-your-connectivity-method + [Pick your guest workstation Virtual Machine:]: #pick-your-guest-workstation-virtual-machine + [Picking your Host OS (the OS installed on your laptop):]: #picking-your-host-os-the-os-installed-on-your-laptop + [Picking your route:]: #picking-your-route + [Pixelized or Blurred Information:]: #pixelized-or-blurred-information + [Portable Apps:]: #portable-apps + [Pre-requisites and limitations:]: #pre-requisites-and-limitations + [Pre-requisites:]: #pre-requisites + [Precautions:]: #precautions + [Printing Watermarking]: #printing-watermarking + [Privacy Settings:]: #privacy-settings + [Proof of ID verification:]: #proof-of-id-verification + [Properties and Metadata:]: #properties-and-metadata + [Quick note: Correlation vs Attribution:]: #quick-note-correlation-vs-attribution + [Qwant:]: #qwant + [Redacting Documents/Pictures/Videos/Audio safely:]: #redacting-documentspicturesvideosaudio-safely + [References:]: #references + [Removing Metadata from Files/Documents/Pictures:]: #removing-metadata-from-filesdocumentspictures + [Removing some traces of your identities on search engines and various platforms:]: #removing-some-traces-of-your-identities-on-search-engines-and-various-platforms + [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]: #route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial + [Safari:]: #safari + [Search and replace:]: #search-and-replace + [Security (checking for actual malware):]: #security-checking-for-actual-malware + [Selected Files Backups:]: #selected-files-backups + [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):]: #self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux + [Setup a safe Browser within Qubes OS (optional but recommended):]: #setup-a-safe-browser-within-qubes-os-optional-but-recommended + [Setup an Android VM:]: #setup-an-android-vm + [Setup the VPN ProxyVM:]: #setup-the-vpn-proxyvm + [Sign-in with some platform:]: #sign-in-with-some-platform + [Skills:]: #skills + [Socks Proxy VPS:]: #socks-proxy-vps + [Some Advanced targeted techniques:]: #some-advanced-targeted-techniques + [Some Devices can be tracked even when offline:]: #some-devices-can-be-tracked-even-when-offline + [Some additional measures against forensics:]: #some-additional-measures-against-forensics + [Some bonus resources:]: #some-bonus-resources + [Some laptop recommendations:]: #some-laptop-recommendations + [Some last OPSEC thoughts:]: #some-last-opsec-thoughts + [Some low-tech old-school tricks:]: #some-low-tech-old-school-tricks + [Spelling and grammar checking:]: #spelling-and-grammar-checking + [Spelling slang and symbols:]: #spelling-slang-and-symbols + [Steps for all other routes:]: #steps-for-all-other-routes + [Steps for all routes:]: #steps-for-all-routes + [Structural features:]: #structural-features + [Synchronizing your files between devices Online:]: #synchronizing-your-files-between-devices-online + [Tails:]: #tails + [Techniques to prevent writeprinting:]: #techniques-to-prevent-writeprinting + [The Detached Headers Way]: #the-detached-headers-way + [The Qubes Route:]: #the-qubes-route + [The Real-Name System:]: #the-real-name-system + [The Tails route:]: #the-tails-route + [The Tor Browser route:]: #the-tor-browser-route + [The Veracrypt Way]: #the-veracrypt-way + [The Whonix route:]: #the-whonix-route + [The Wi-Fi and Bluetooth devices around you:]: #the-wi-fi-and-bluetooth-devices-around-you + [Timing limitations:]: #timing-limitations + [Tools that provide a boot disk for wiping from boot:]: #tools-that-provide-a-boot-disk-for-wiping-from-boot + [Tools that provide only support from running OS (for external drives).]: #tools-that-provide-only-support-from-running-os-for-external-drives. + [Tor Browser settings on Tails:]: #tor-browser-settings-on-tails + [Tor Browser:]: #tor-browser + [Tor over VPN:]: #tor-over-vpn-1 + [Tor over VPN]: #tor-over-vpn + [Translation technique:]: #translation-technique + [Trim Operations:]: #trim-operations + [Trim Support:]: #trim-support + [Ubuntu 20.04/21.04/21.10 VM:]: #ubuntu-20.0421.0421.10-vm + [Understanding HDD vs SSD:]: #understanding-hdd-vs-ssd + [Understanding some basics of how some information can lead back to you and how to mitigate some:]: #understanding-some-basics-of-how-some-information-can-lead-back-to-you-and-how-to-mitigate-some + [Understanding the methods used to prevent anonymity and verify identity:]: #understanding-the-methods-used-to-prevent-anonymity-and-verify-identity + [Ungoogled-Chromium:]: #ungoogled-chromium + [Updating Qubes OS:]: #updating-qubes-os + [Updating Whonix from version 15 to version 16:]: #updating-whonix-from-version-15-to-version-16 + [Usage and Precautions:]: #usage-and-precautions + [User Moderation:]: #user-moderation + [User details checking:]: #user-details-checking + [Using Bitcoin anonymously option:]: #using-bitcoin-anonymously-option + [Using Monero anonymously option:]: #using-monero-anonymously-option + [VPN VPS:]: #vpn-vps + [VPN client installation (cash/Monero paid):]: #vpn-client-installation-cashmonero-paid + [Virtualbox Hardening recommendations]: #virtualbox-hardening-recommendations + [Virtualbox on your Host OS:]: #virtualbox-on-your-host-os + [Warning about special tumbling, mixing, coinjoining privacy wallets and services]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg + [Watermarking:]: #watermarking + [Wear-Leveling.]: #wear-leveling. + [What different linguistic choices could say about you:]: #what-different-linguistic-choices-could-say-about-you + [What does an adversary look for when examining your writing?]: #what-does-an-adversary-look-for-when-examining-your-writing + [When converting from BTC to Monero:]: #when-converting-from-btc-to-monero + [Whonix Virtual Machines:]: #whonix-virtual-machines + [Whonix Workstation 16 VM:]: #whonix-workstation-16-vm + [Whonix:]: #whonix + [Wikipedia:]: #wikipedia + [Windows 10/11 VM:]: #windows-1011-vm + [Windows 10/11 Virtual Machine:]: #windows-1011-virtual-machine + [Windows Host OS:]: #windows-host-os + [Windows, Linux, and macOS:]: #windows-linux-and-macos + [Windows:]: #windows-2 + [Yahoo Search:]: #yahoo-search + [Yandex:]: #yandex + [Your Anonymized Tor/VPN traffic:]: #your-anonymized-torvpn-traffic + [Your Bluetooth MAC address:]: #your-bluetooth-mac-address + [Your CPU:]: #your-cpu + [Your Cloud backups/sync services:]: #your-cloud-backupssync-services + [Your Clues about your Real Life and OSINT:]: #your-clues-about-your-real-life-and-osint + [Your Cryptocurrencies transactions:]: #your-cryptocurrencies-transactions + [Your DNS and IP requests:]: #your-dns-and-ip-requests + [Your Digital Fingerprint, Footprint, and Online Behavior:]: #your-digital-fingerprint-footprint-and-online-behavior + [Your Face, Voice, Biometrics, and Pictures:]: #your-face-voice-biometrics-and-pictures + [Your Hardware Identifiers:]: #your-hardware-identifiers + [Your IMEI and IMSI (and by extension, your phone number):]: #your-imei-and-imsi-and-by-extension-your-phone-number + [Your IP address:]: #your-ip-address + [Your Metadata including your Geo-Location:]: #your-metadata-including-your-geo-location + [Your Network:]: #your-network + [Your Operating Systems and Apps telemetry services:]: #your-operating-systems-and-apps-telemetry-services + [Your RFID enabled devices:]: #your-rfid-enabled-devices + [Your Smart devices in general:]: #your-smart-devices-in-general + [Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address + [Your files, documents, pictures, and videos:]: #your-files-documents-pictures-and-videos + [Yourself:]: #yourself + [iOS:]: #ios + [macOS Host OS:]: #macos-host-os + [macOS Virtual Machine:]: #macos-virtual-machine + [macOS:]: #macos-2 diff --git a/guide.md.asc b/guide.md.asc deleted file mode 100644 index 4a590934..00000000 --- a/guide.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQRwAKCRAhq2tqbLLD -NwEYAQC4XTUNu0aCzyx4ax7aL4Jg9QpkOqCRA1SvsOXZOpTEUQEA1qKtLJTttdtk -Nhyn+5zWOWyKdMeaLX9XZi5LD3MX9gc= -=ox/D ------END PGP SIGNATURE----- diff --git a/guide.md.minisig b/guide.md.minisig deleted file mode 100644 index 7ea3a76a..00000000 --- a/guide.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/oGQRp/VE+MdepfsVPMBwnnnC6ZwK/cJ+RQUWbA4NoMs+reYZsRzISIwhcjOAk324IZG1S5FpyPm7zWI+nuoiQE= -trusted comment: timestamp:1691603017 file:guide.md hashed -/Rt9Ve7VMSA796TUzKQW5GJtoBlaIAOqouxlQeosXYRlqpBySDvsdXwOLNob0TnU6x5wEnmQxBNV1uieQlcSBA== diff --git a/keys/email-key.asc b/keys/email-key.asc new file mode 100644 index 00000000..0b449858 --- /dev/null +++ b/keys/email-key.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZc0QYxYJKwYBBAHaRw8BAQdAm8mOR8/0qWrm9Tqzfl9Ks5rjtIbQZLAR/qxH +HVGJsxi0S0Fub255bW91cyBQbGFuZXQgRW1haWwgRW5jcnlwdGlvbi9TaWduaW5n +IEtleSA8YW5vbnltb3VzcGxhbmV0QGRpc3Jvb3Qub3JnPoiTBBMWCgA7FiEE/L0s +q979H7ounnWRoags0t0s+JAFAmaGpeoCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC +HgcCF4AACgkQoags0t0s+JAnfgD9ElP0fKPuFP/QPUFsNTqzpjMP7/Hs/Krb72Q1 +IjQvvtYBAAAb4J8OsoNcm0E0plU0VmmV3fBR6gg5wCouXsqmxUYJiHUEEBYKAB0W +IQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCZqRFEAAKCRAX7KBfdo3t9vKmAQCcSDQh +taelouP/jBTXv29Rlm79jQMTrcZsm5mOPvaEpQD/THLMiBK9cHKOg6QTAKfnDX5E +9hcrDtmzIRGwMJQAAwi0LUFub255bW91cyBQbGFuZXQgRW1haWwgRW5jcnlwdGlv +bi9TaWduaW5nIEtleYiTBBMWCgA7FiEE/L0sq979H7ounnWRoags0t0s+JAFAmXN +EGMCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQoags0t0s+JDbRAEA +uZlBmMGgZ3bh12Js9jjDcu+jhKqL4fJrJG5z9+KFkQwA/An1StA6EhcM7qlzZ5bz +m2SZAbP9hQRZGmfaeU2P5KgHiHUEEBYKAB0WIQSfpUNtDuNgmFFXOCUX7KBfdo3t +9gUCZqRFEAAKCRAX7KBfdo3t9rQ/AP4q/YRPFI6yRKbBvjzX8WAMAGoClBmwDA1M +UKd8/rfNfgD+OYWE+GkfPc0kGmp5By7Ny4ewqeWnpTQXvwbX0fYQiwG4OARlzRBj +EgorBgEEAZdVAQUBAQdApPitK71WFqWUCycq2bWYYykmU1YFgea3q/V3DfsbbhID +AQgHiHgEGBYKACAWIQT8vSyr3v0fui6edZGhqCzS3Sz4kAUCZc0QYwIbDAAKCRCh +qCzS3Sz4kLhXAQDhI8tMCEWLu3MhG9pI8BBYH4fS7kuN8ggxqDSbRpKJdgEAk1CA +06WvsH4/n0HmJ83sJSbmFGmEMp2RyvKbdCIW5gI= +=EUM1 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/keys/master-signing-key.asc b/keys/master-signing-key.asc new file mode 100644 index 00000000..a499d50d --- /dev/null +++ b/keys/master-signing-key.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZc0QSBYJKwYBBAHaRw8BAQdAlcja6tPBBslO+4rPnH+/76g6oveawnmbxO8k +VO0mBQ60I0Fub255bW91cyBQbGFuZXQgTWFzdGVyIFNpZ25pbmcgS2V5iJIEExYK +ADsWIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCZc0QSAIbAwULCQgHAgIiAgYVCgkI +CwIEFgIDAQIeBwIXgAAKCRAX7KBfdo3t9jcsAPiSpRDUJfyp9NxaIxTQtV8OXXzT +CpwwLOpVf5aEg7TmAQC6wwnNXlnngbdBUCLT4jXBsnAQW0bSXIjSTLtgFEPcAoiT +BBMWCgA7FiEEn6VDbQ7jYJhRVzglF+ygX3aN7fYFAmXNEEgCGwMFCwkIBwICIgIG +FQoJCAsCBBYCAwECHgcCF4AACgkQF+ygX3aN7fY3LAEAAJKlENQl/Kn03FojFNC1 +Xw5dfNMKnDAs6lV/loSDtOYBALrDCc1eWeeBt0FQItPiNcGycBBbRtJciNJMu2AU +Q9wCuDgEZc0QSBIKKwYBBAGXVQEFAQEHQP1nHDDQfCi8qGG2QJj/wmMUl8ZGEiAY +pVc/+S0ZIJEnAwEIB4h4BBgWCgAgFiEEn6VDbQ7jYJhRVzglF+ygX3aN7fYFAmXN +EEgCGwwACgkQF+ygX3aN7fbSGAD9GLAarXceWbfEUWYC4IwVJAKSHDPWSzLGgFnV +x/D3238A/RiJHKYzmigvFLL/A28WStW6P47CjNYjJCS490qG/L0G +=YLNt +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pgp/old/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc b/keys/old/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc similarity index 100% rename from pgp/old/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc rename to keys/old/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc diff --git a/pgp/AnonymousPlanet-Email-Key_B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C.asc b/keys/old/AnonymousPlanet-Email-Key_B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C.asc similarity index 100% rename from pgp/AnonymousPlanet-Email-Key_B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C.asc rename to keys/old/AnonymousPlanet-Email-Key_B6D1757632A280F99F2DCBFDB9AB9D93AFF05B9C.asc diff --git a/pgp/AnonymousPlanet-Master-Signing-Key_9EA98278639F1CD853E096CBFF94507587A6A9B9.asc b/keys/old/AnonymousPlanet-Master-Signing-Key_9EA98278639F1CD853E096CBFF94507587A6A9B9.asc similarity index 100% rename from pgp/AnonymousPlanet-Master-Signing-Key_9EA98278639F1CD853E096CBFF94507587A6A9B9.asc rename to keys/old/AnonymousPlanet-Master-Signing-Key_9EA98278639F1CD853E096CBFF94507587A6A9B9.asc diff --git a/pgp/AnonymousPlanet-Release-Signing-Key_83A6CF9EF57AC25B5C7F5D29285E6048A12321B2.asc b/keys/old/AnonymousPlanet-Release-Signing-Key_83A6CF9EF57AC25B5C7F5D29285E6048A12321B2.asc similarity index 100% rename from pgp/AnonymousPlanet-Release-Signing-Key_83A6CF9EF57AC25B5C7F5D29285E6048A12321B2.asc rename to keys/old/AnonymousPlanet-Release-Signing-Key_83A6CF9EF57AC25B5C7F5D29285E6048A12321B2.asc diff --git a/pgp/old/contact@anonymousplanet.org-old-public-key.asc b/keys/old/contact@anonymousplanet.org-old-public-key.asc similarity index 100% rename from pgp/old/contact@anonymousplanet.org-old-public-key.asc rename to keys/old/contact@anonymousplanet.org-old-public-key.asc diff --git a/keys/release-signing-key.asc b/keys/release-signing-key.asc new file mode 100644 index 00000000..dfc81d0c --- /dev/null +++ b/keys/release-signing-key.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZc0J8xYJKwYBBAHaRw8BAQdAWIpOKf8GnTINRH7uW4oeGW4D4vfmK9xeQrnq +n/TMIMe0JEFub255bW91cyBQbGFuZXQgUmVsZWFzZSBTaWduaW5nIEtleYiTBBMW +CgA7FiEEwwI9vqP7OMQ4uh7tzsYK7ei5kqIFAmXNCfMCGwMFCwkIBwICIgIGFQoJ +CAsCBBYCAwECHgcCF4AACgkQzsYK7ei5kqJJVgD+NKdW7U/uMWl6Ov1Ye9PPy6Mb +IyyCYd2j5snO60e7msQA/0rxLaeLwzraevcE+WpdPMadxP2M8MxIKrKeAkKAe+IJ +iHUEEBYKAB0WIQSfpUNtDuNgmFFXOCUX7KBfdo3t9gUCZqRFIAAKCRAX7KBfdo3t +9o9LAP426yx71EP9sLKKpkkdAT19HJgsNBeA7SdR/DtMzWEbegD/f2oQYwVz3O1w +7xuUqJMHS6/bN1E8B78JSi576up9rA24OARlzQnzEgorBgEEAZdVAQUBAQdAzn/5 +sYmQpV/7CarY+zm/qQh27DKfVneEh1u/zxWlCh8DAQgHiHgEGBYKACAWIQTDAj2+ +o/s4xDi6Hu3Oxgrt6LmSogUCZc0J8wIbDAAKCRDOxgrt6LmSontRAQC+T9rYd5qD +o+CA3V6z+ioHQQdJGMHgB4sdHYxtY1f9fgEA64FcjDwW0xM7ab3OHMshgJiONkiz +P4ym6jtslqsFaAI= +=6MaQ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/legacy.md.asc b/legacy.md.asc deleted file mode 100644 index b07b7eb3..00000000 --- a/legacy.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQSQAKCRAhq2tqbLLD -N8W3AQCnAB8bxCbzwhvNcMYHGzK/iECOd33nJgcpXAD5dOxd+wEA+8adkZSQwcAV -yT5Bi4KGlKofIdRP5BFW91eAICxq1wA= -=cSob ------END PGP SIGNATURE----- diff --git a/legacy.md.minisig b/legacy.md.minisig deleted file mode 100644 index b3d696eb..00000000 --- a/legacy.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/vAqSGLl3ShK3I0FWnH2G/nSm3okr+6qDd9cUSO5tBGSW0zioY4VOyr8YLGrmATU/SqID4hZSgDMqaOdIefHIAs= -trusted comment: timestamp:1691603019 file:legacy.md hashed -RUutH/z2TqQJ6giMJWJopNMaLPptXWvy2SOh4CYQb0D2F0OVsnnQODqHOfDBfdt4FelY4uCSnTny1kv0d3DDCg== diff --git a/links.md.asc b/links.md.asc deleted file mode 100644 index 62859f65..00000000 --- a/links.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQSwAKCRAhq2tqbLLD -N8S8AP99ctaLQ+J98BooQUUN2lA/VfgdnNkuCnJLhQo176TXuQEAui1kV2yQleia -zPTuIP1vH8z/hn3cBPacCPGQkjGCwwQ= -=UAMV ------END PGP SIGNATURE----- diff --git a/links.md.minisig b/links.md.minisig deleted file mode 100644 index 7a611274..00000000 --- a/links.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/lSYKfp88pXXzY04mYACpMwlo0xFgo872BGm9v1aLF10k/K0+hO9TDMceidTYM3qqVdnUOZ6Wvc2jHPb2SdwJQs= -trusted comment: timestamp:1691603021 file:links.md hashed -7awokFnaTG4u+x+SumvyQao2RnDLzelKq7foxm+SSUBBGxhy/p2c+3u0tWgeHLAthuNAWnv/7d0nqFXEwcd1DQ== diff --git a/make.sh b/make.sh index 7f29e8b8..2083f09a 100755 --- a/make.sh +++ b/make.sh @@ -15,7 +15,7 @@ if [[ "$1" == "" ]]; then for f in ./*; do echo "Signing: $f" # verify with GPG - gpg --default-key 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 --armor --detach-sign --sign "$f" + gpg --default-key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 --armor --detach-sign --sign "$f" # verify with `minisign -Vm -P RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM` yes '' | minisign -S -s /home/user/.minisign/minisign.key -m "$f" done @@ -24,29 +24,26 @@ if [[ "$1" == "" ]]; then for f in ./*.md; do echo "Signing: $f" # verify with GPG - gpg --default-key 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 --armor --detach-sign --sign "$f" + gpg --default-key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 --armor --detach-sign --sign "$f" # verify with `minisign -Vm -P RWQ0WYJ07DUokK8V/6LNJ9bf/O/QM9k4FSlDmzgEeXm7lEpw3ecYjXDM` yes '' | minisign -S -s /home/user/.minisign/minisign.key -m "$f" done - cp /home/user/KEY_ROTATION.md.42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc ./KEY_ROTATION.md.asc - cp /home/user/KEY_ROTATION.md.902835EC74825934.minisig ./KEY_ROTATION.md.minisig sha256sum *.md > sha256sum.txt - gpg --default-key 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 --armor --detach-sign sha256sum.txt + gpg --default-key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 --armor --detach-sign sha256sum.txt yes '' | minisign -S -s /home/user/.minisign/minisign.key -m sha256sum.txt b2sum *.md > b2sum.txt - gpg --default-key 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2 --armor --detach-sign b2sum.txt + gpg --default-key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 --armor --detach-sign b2sum.txt yes '' | minisign -S -s /home/user/.minisign/minisign.key -m b2sum.txt echo "Signed all files." echo "Done." exit fi -bn="$1" - -echo "Generating HTML..." -pandoc --self-contained "$bn".md -o export/"$bn".html --metadata title="The Hitchhiker's Guide to Online Anonymity" -echo "Generating PDF..." -pandoc --self-contained "$bn".md -o export/"$bn".pdf --metadata title="The Hitchhiker's Guide to Online Anonymity" -t context -echo "Generating ODT..." -pandoc --self-contained "$bn".md -o export/"$bn".odt --metadata title="The Hitchhiker's Guide to Online Anonymity" +# bn="$1" +# echo "Generating HTML..." +# pandoc --self-contained "$bn".md -o export/"$bn".html --metadata title="The Hitchhiker's Guide to Online Anonymity" +# echo "Generating PDF..." +# pandoc --self-contained "$bn".md -o export/"$bn".pdf --metadata title="The Hitchhiker's Guide to Online Anonymity" -t context +# echo "Generating ODT..." +# pandoc --self-contained "$bn".md -o export/"$bn".odt --metadata title="The Hitchhiker's Guide to Online Anonymity" diff --git a/moderncrypto-rules.md.asc b/moderncrypto-rules.md.asc deleted file mode 100644 index fc0ac680..00000000 --- a/moderncrypto-rules.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQTQAKCRAhq2tqbLLD -N7F0AP4oBCGnzE9hEKxVN2MhgpArVZIf/5cRWjuiFqRp7Uj+EAD9H0ZRZUqNcSCy -2td2Mzih/+mawHUSSog55eaD88CSKAI= -=KY32 ------END PGP SIGNATURE----- diff --git a/moderncrypto-rules.md.minisig b/moderncrypto-rules.md.minisig deleted file mode 100644 index 9017c665..00000000 --- a/moderncrypto-rules.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/pNx6BCj6u0LY2YRUkVLOPqkc+MKWrBr0MkOHSHYhIXPbk+r/MAnbPmxpAGP20XFAAARa97VpcRkDsDgNf6+Uw0= -trusted comment: timestamp:1691603023 file:moderncrypto-rules.md hashed -AxSkVgSbn6cFiqFN92BGRgHOnoKj4b4mDGfajrjqvqJ1Ocp0kB3LSBZkMxX86+LJvk0NnzTFitYyFF9QcWFFDQ== diff --git a/sha256sum.txt b/sha256sum.txt deleted file mode 100644 index 6a4685db..00000000 --- a/sha256sum.txt +++ /dev/null @@ -1,17 +0,0 @@ -96d4c8aeb438e65d31293ba88f6e953d38c2406ae2455a05677fdfd14865cdc1 CHANGELOG.md -bba42faffa2aad96ae527518b813b0b7122dc9bf19d75171cab646dc98dcb05f CODE_OF_CONDUCT.md -819887555ed57dbab8e047ffd486940092811dd8a44c876094fa99c7acec2dae CONTRIBUTING.md -8eb08c322220b525af3acfd717f2cf8880393db07bfc516a6ae342d135f25604 KEY_ROTATION.md -3711f963c05d0be80d53e5923308a6dee31b203da23435c9cfb7c7b6e4dd5e19 LICENSE.md -595f8cd1d8106b5cc0d42da601ec9e5ac8f858ab8e7ab61f0e15176176fc3535 README.md -3867689c4f59a3c0282ee3ffaa15564f60f7a7e621005dd16afd5f3a3d8db057 about.md -6c65d21a15bcd581f33b5f7f2b02eb65d73b6990778c9df687c2aea47eee6907 briar.md -cdfe19b2c9b8cd75e3795789140fc246b45f912969e3a9a4fac0f3ea7e806d37 chatrooms-rules.md -b953000e50f0607c6cd9d0650d37bba13678c6a92e66ab7ab4585c284ba2e950 constitution.md -a48018aa4eb8c2fb346cd7abec5de4d4ef2b4c47d8896a7d5dd295e4719dc160 donations.md -ae5e53f03e777f0efe542f90cf6b144618ec1c4d7a07bbd8058cabbd7bb5a050 guide.md -ca7931e201056dd44bc77959dc3e4298a1b5c712b6c249f19746d949d2079f49 legacy.md -49de49f95b714140a155092e720889a1f90d5e9e2b39661b55cf9ab2ed1b1440 links.md -5226426677ba08c70435102a5477db9e7c8e7868a3fde3fc5a551386a0417920 moderncrypto-rules.md -f1b3ed5c5f501aeac758668929585b9c85d981fd54fafce52ce1cdf6d414ef45 twitter.md -8704da5528a70006f39fa33584b96e219db81739b3d5ca78efae0f885a67afd9 verify.md diff --git a/sha256sum.txt.asc b/sha256sum.txt.asc deleted file mode 100644 index b0628a1f..00000000 --- a/sha256sum.txt.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQUwAKCRAhq2tqbLLD -N0VzAQCu0fYKQ8CNQBRuAey9F0iOiWZwqQg0VhmjOfrhkVfhygD/U33CIn8RFRSI -w2sfSMNjg2hyJ3hqAhj0nXPkbcqtpA0= -=wYiM ------END PGP SIGNATURE----- diff --git a/sha256sum.txt.minisig b/sha256sum.txt.minisig deleted file mode 100644 index 6e9eb25a..00000000 --- a/sha256sum.txt.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/rrm+Yo1+SQdY75+qQJJGxSyPbVsTrZgjba4asJMHiXrsiDngJPg3iPl2W0tT32edA1QyWsVCkACl9cUq2z3Xww= -trusted comment: timestamp:1691603028 file:sha256sum.txt hashed -RSEvDbS+HFxp1L6zcDq0eje7zZDdak6GhKAw3mxhAPoNgnDdelmqkk4bBnp5n0H+EVaxXEN+07OgJCbl+POlCg== diff --git a/twitter.md.asc b/twitter.md.asc deleted file mode 100644 index 6dd96e65..00000000 --- a/twitter.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQTwAKCRAhq2tqbLLD -NyTFAP0XkH4xBrjrPFe8zqYwmWduVbt3PecQEuqNSCWQDJpGCAEAqJ9B8+uysH72 -d4FCb2r5vcgB9rYwa56kZA7CDtl18Aw= -=s+Nq ------END PGP SIGNATURE----- diff --git a/twitter.md.minisig b/twitter.md.minisig deleted file mode 100644 index ab61c8cc..00000000 --- a/twitter.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/kjN63PlxnjtdMJPd0FowcHL/5v8iiRnbyZXjznc1ABgRmw9HdVjH6Gye/LG7A53ZgFt3EbXDB8MtxaM0IGilQE= -trusted comment: timestamp:1691603025 file:twitter.md hashed -JEovo9pxhFhNDgQLob/r6u3qqJs8AFZCdIP+eqTeXA09dQvmfgh5CS7TYInkbkcXjwj3GT5BcLcjVV2YZBpCAg== diff --git a/verify.md b/verify.md index d8c20622..cd83b468 100644 --- a/verify.md +++ b/verify.md @@ -15,15 +15,15 @@ The Minisign signatures for each PDF and ODT files are available here: First get the hash of your local file by following these steps for your OS: Windows: -- From a command prompt, run ```certutil -hashfile filename.txt sha256``` +- From a command prompt, run `certutil -hashfile filename.txt sha256` - Compare the obtained hash result of your local file to the online file's published hash. They should match. macOS: -- From a terminal, run ```shasum -a 256 /full/path/to/your/file``` +- From a terminal, run `shasum -a 256 /full/path/to/your/file` - Compare the obtained hash result of your local file to the online file's published hash. They should match. Linux: -- From a terminal, run ```sha256sum /full/path/to/your/file``` +- From a terminal, run `sha256sum /full/path/to/your/file` - Compare the obtained hash result of your local file to the online file's published hash. They should match. All commits and releases on this repository are cryptographically signed and verified by each collaborator (check for the "Verified" tags on commits and releases). @@ -37,36 +37,36 @@ To verify files with GPG signatures, you should first install gpg on your system Import the master signing key from a trusted source of the publisher using the following command from a command prompt or terminal: -```gpg --auto-key-locate nodefault,wkd --locate-keys 9EA98278639F1CD853E096CBFF94507587A6A9B9``` +`gpg --auto-key-locate nodefault,wkd --locate-keys 9FA5436D0EE360985157382517ECA05F768DEDF6` -In theory this command should fetch the key from the a default pool server. If this doesn't work, you can also download/view it directly from here (in our case): +In theory this command should fetch the key from the a default pool server. You should download/view it directly from the website: [here](https://anonymousplanet.org/keys/master-signing-key.asc) or from the local directory [here](keys/) in case you generated the site on your own. The old/defunct/revoked (for whatever reason) keys are [here](keys/old/). -As well as the published key on any keyserver below (search for the fingerprint ```9EA98278639F1CD853E096CBFF94507587A6A9B9```): +You may also retrieve published keys (e.g. the MSK) at any keyserver below (search for the fingerprint `9FA5436D0EE360985157382517ECA05F768DEDF6`): - - - You should then import it manually by issuing the following command on any OS: -```gpg --import 9EA98278639F1CD853E096CBFF94507587A6A9B9.asc``` +`gpg --import 9FA5436D0EE360985157382517ECA05F768DEDF6.asc` The master signing key allows you to verify all other project-related keys. Once you have the master signing key and are confident it's the correct key (nobody has tampered with it), mark the key as trusted by locally signing it: -```gpg --lsign-key 9EA98278639F1CD853E096CBFF94507587A6A9B9``` +`gpg --lsign-key 9FA5436D0EE360985157382517ECA05F768DEDF6` Alternatively, if you use Kleopatra, it will ask you to certify the key. Certify the key to mark it as trusted. Once you have the master key downloaded, imported, and certified, you will obtain a copy of the release key. -```gpg --auto-key-locate nodefault,wkd --locate-keys 83A6CF9EF57AC25B5C7F5D29285E6048A12321B2``` (to import the release signing key) +`gpg --auto-key-locate nodefault,wkd --locate-keys C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2` (to import the release signing key) - (to download the key yourself) + (to download the key yourself) If you use GPG directly, you won't need to mark the release signing key as trusted, because it's already signed by the master signing key. If you use Kleopatra, the process to import the release signing key is the same as importing the master signing key. Finally, verify the asc signature file (links above) against the PDF file by issuing the following example command: -```gpg --verify guide.pdf.asc guide.pdf``` +`gpg --verify guide.pdf.asc guide.pdf` This should output a result showing it matches a signature created by the release signing key, and is therefore a good result. @@ -77,15 +77,17 @@ To verify the files with Minisign: - First, download minisign from . - Download the files along with their \*.minisig signature file (these should be in the same directory). - Download the Minisign public key available on the website and repository: [minisign.pub](minisign.pub) (again, place it in the same directory for convenience). -- Run the following command in a command prompt or terminal within the directory with both files: ```minisign -Vm guide.pdf -p minisign.pub```. -- Output should show ```Signature and comment signature verified```. +- Run the following command in a command prompt or terminal within the `export` directory: + - `minisign -Vm guide.pdf -p minisign.pub` +- Output should show `Signature and comment signature verified`. ### How to check the relative safety of files or even URLs (such as https://anonymousplanet.org) using VirusTotal: **Note: we do not endorse VirusTotal. It should be used with extreme caution, never with any sensitive files, due to their privacy policies. Do not upload sensitive files to VirusTotal.** The PDF and ODT files of this guide have been automatically scanned by VT, see the links below for an example but do not trust these hashes blindly. Check the hashes match and re-upload to VT if needed: - PDF file: [[VT Scan]](https://www.virustotal.com/gui/file/7b3b90fe11fbeae31a5feb14ccb06ffcb17b0259d1ce9a837a4b46d5e62c1f17?nocache=1) -- ODT file: [[VT Scan]](https://www.virustotal.com/gui/file/f8aa13c29fff848417f358ff99f3e06a7d088fdd211550853220a9a2c013c19a?nocache=1) +- ODT file: [[VT Scan]](https://www.virustotal.com/gui/file/f8aa13c29fff848417f358ff99f3e06a7d088fdd211550853220a9a2c013c19a?nocache=1) +- URL: [[URL Scan]](https://www.virustotal.com/gui/url/a6cf53fbf790c84aee04bdaa562f753eb2b61b76bcfa6bdef896c309d8dcddaf) ### Additional manual safety checks for the PDF files: @@ -95,7 +97,7 @@ Here are the steps: - Install the latest version (e.g., 3.10.6 stable) of Python, download [pdfid](https://didierstevens.com/files/software/pdfid_v0_2_8.zip) and, from a command prompt or terminal, run: -```python pdfid.py file-to-check.pdf``` +`python pdfid.py file-to-check.pdf` And you should see the following entries at **0** for safety, this 0 means there is no Javascript or any action that could possibly execute malicious macros, scripts, etc. Normally this won't be necessary as most modern PDF readers won't execute those scripts anyway. diff --git a/verify.md.asc b/verify.md.asc deleted file mode 100644 index 9331ca49..00000000 --- a/verify.md.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYKAB0WIQTIfYdGb9IFlFzxCjghq2tqbLLDNwUCZNPQUQAKCRAhq2tqbLLD -NwI6AQCI6TQmYki7nQ89vFP3wFHEbC2p32PLqPUHmwc2DXe9EgEAjXtH2YN6y0zB -AY/NXJ298hupnkEefGtVwMX6bEZ1Og0= -=rkCe ------END PGP SIGNATURE----- diff --git a/verify.md.minisig b/verify.md.minisig deleted file mode 100644 index 60c342c7..00000000 --- a/verify.md.minisig +++ /dev/null @@ -1,4 +0,0 @@ -untrusted comment: signature from minisign secret key -RUSn9xivowlq/lZuwV3UjFiQtYMBtud7PkXDfcWwO0NnRS5z4m/XWFHnEdR+LxZVW9gV+Ra9kNX59kkRmOf9z2jHWoE4i65Ndgw= -trusted comment: timestamp:1691603026 file:verify.md hashed -mbxIFdqNJHG3cZNkycY3WWDKgpiy6v8cBzSBk/7KSgQlOpY7DB64FAHld7ESvLoKzBtRQQnqlriKCAEIisHgCg==