The Hitchhiker's Guide to Online Anonymity

Ми наполегливо рекомендуємо вам використовувати Briar для спілкування з людьми поблизу!

За допомогою цієї програми ви можете спілкуватися, навіть коли немає Інтернету.

This guide is a work in progress. While we are doing the best we can to correct issues, inaccuracies, and improve the content, general structure, and readability; it will probably never be “finished”.

There might be some wrong or outdated information in this guide because no human is omniscient, and humans do make mistakes. Please do not take this guide as a definitive gospel or truth because it is not. Mistakes have been written in the guide in earlier versions and fixed later when discovered. There are likely still some mistakes in this guide at this moment (hopefully few). Those are fixed as soon as possible when discovered.

Your experience may vary. Remember to check regularly for an updated version of this guide.

This guide is a non-profit open-source initiative, licensed under Creative Commons Attribution-NonCommercial 4.0 International (cc-by-nc-4.0 ^{[Archive.org]}).

Please consider donating if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.

If you do not want the hassle and use one of the browsers below, you could also just install the following extension on your browser: https://libredirect.github.io/ ^{[Archive.org]}:

Finally note that this guide does mention and even recommends various commercial services (such as VPNs, CDNs, e-mail providers, hosting providers…) but is not endorsed or sponsored by any of them in any way. There are no referral links and no commercial ties with any of these providers. This project is 100% non-profit and only relying on donations.

Contents:

Pre-requisites and limitations:

Pre-requisites:

Limitations:

Introduction:

TLDR for the whole guide: “A strange game. The only winning move is not to play” ⁴.

Making a social media account with a pseudonym or artist/brand name is easy. And it is enough in most use cases to protect your identity as the next George Orwell. There are plenty of people using pseudonyms all over Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/… But the vast majority of those are anything but anonymous and can easily be traced to their real identity by your local police officers, random people within the OSINT⁵ (Open-Source Intelligence) community, and trolls⁶ on 4chan⁷.

This is a good thing as most criminals/trolls are not tech-savvy and will usually be identified with ease. But this is also a terrible thing as most political dissidents, human rights activists and whistleblowers can also be tracked rather easily.

This guide aims to provide an introduction to various de-anonymization techniques, tracking techniques, ID verification techniques, and optional guidance to creating and maintaining reasonably and truly online anonymous identities including social media accounts safely. This includes mainstream platforms and not only the privacy-friendly ones.

It is important to understand that the purpose of this guide is anonymity and not just privacy but much of the guidance you will find here will also help you improve your privacy and security even if you are not interested in anonymity. There is an important overlap in techniques and tools used for privacy, security, and anonymity but they differ at some point:

Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to find you? Probably not … Mossad will be doing “Mossad things” ¹⁰ and will probably find you no matter how hard you try to hide¹¹.

Will this guide help you protect your privacy from OSINT researchers like Bellingcat¹³, Doxing¹⁴ trolls on 4chan¹⁵, and others that have no access to the NSA toolbox? More likely. Tho we would not be so sure about 4chan.

(Note that the “magical amulets/submarine/fake your own death” jokes are quoted from the excellent article “This World of Ours” by James Mickens, 2014above¹⁶)

Disclaimer: Jokes aside (magical amulet…). Of course, there are also advanced ways to mitigate attacks against such advanced and skilled adversaries but those are just out of the scope of this guide. It is crucially important that you understand the limits of the threat model of this guide. And therefore, this guide will not double in size to help with those advanced mitigations as this is just too complex and will require an exceedingly high knowledge and skill level that is not expected from the targeted audience of this guide.

The EFF provides a few security scenarios of what you should consider depending on your activity. While some of those tips might not be within the scope of this guide (more about Privacy than Anonymity), they are still worth reading as examples. See https://ssd.eff.org/en/module-categories/security-scenarios ^{[Archive.org]}.

This guide is written with hope for those good-intended individuals who might not be knowledgeable enough to consider the big picture of online anonymity and privacy.

Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your local law before use (IANAL²⁵). “Trust but verify”²⁶ all the information yourself (or even better, “Never Trust, always verify”²⁷). We strongly encourage you to inform yourself and do not hesitate to check any information in this guide with outside sources in case of doubt. Please do report any mistake you spot to us as we welcome criticism. Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as possible.

Understanding some basics of how some information can lead back to you and how to mitigate some:

There are many ways you can be tracked besides browser cookies and ads, your e-mail, and your phone number. And if you think only the Mossad or the NSA/FSB can find you, you would be wrong.

First, you could also consider these more general resources on privacy and security to learn more basics:

Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.

Now, here is a non-exhaustive list of some of the many ways you could be tracked and de-anonymized:

Your Network:

Your IP address:

Disclaimer: this whole paragraph is about your public-facing Internet IP and not your local network IP.

Your IP address²⁸ is the most known and obvious way you can be tracked. That IP is the IP you are using at the source. This is where you connect to the internet. That IP is usually provided by your ISP (Internet Service Provider) (xDSL, Mobile, Cable, Fiber, Cafe, Bar, Friend, Neighbor). Most countries have data retention regulations²⁹ that mandate keeping logs of who is using what IP at a certain time/date for up to several years or indefinitely. Your ISP can tell a third party that you were using a specific IP at a specific date and time, years after the fact. If that IP (the original one) leaks at any point for any reason, it can be used to track down you directly. In many countries, you will not be able to have internet access without providing some form of identification to the provider (address, ID, real name, e-mail …).

Needless to say, that most platforms (such as social networks) will also keep (sometimes indefinitely) the IP addresses you used to sign-up and sign into their services.

Here are some online resources you can use to find some information about your current public IP right now:

For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it as much as we can through a combination of various means:

Do note that, unfortunately, these solutions are not perfect, and you will experience performance issues³².

Your DNS and IP requests:

DNS stands for “Domain Name System”³³ and is a service used by your browser (and other apps) to find the IP addresses of a service. It is a huge “contact list” (phone book for older people) that works like asking it a name and it returns the number to call. Except it returns an IP instead.

Every time your browser wants to access a certain service such as Google through www.google.com. Your Browser (Chrome or Firefox) will query a DNS service to find the IP addresses of the Google web servers.

Usually, the DNS service is provided by your ISP and automatically configured by the network you are connecting to. This DNS service could also be subject to data retention regulations or will just keep logs for other reasons (data collection for advertising purposes for instance). Therefore, this ISP will be capable of telling everything you did online just by looking at those logs which can, in turn, be provided to an adversary. Conveniently this is also the easiest way for many adversaries to apply censoring or parental control by using DNS blocking³⁴. The provided DNS servers will give you a different address (than their real one) for some websites (like redirecting thepiratebay.org to some government website). Such blocking is widely applied worldwide for certain sites³⁵.

Using a private DNS service or your own DNS service would mitigate these issues, but the other problem is that most of those DNS requests are by default still sent in clear text (unencrypted) over the network. Even if you browse PornHub in an incognito Window, using HTTPS and using a private DNS service, chances are exceedingly high that your browser will send a clear text unencrypted DNS request to some DNS servers asking basically “So what’s the IP address of www.pornhub.com?”.

Because it is not encrypted, your ISP and/or any other adversary could still intercept (using a Man-in-the-middle attack³⁶) your request will know and possibly log what your IP was looking for. The same ISP can also tamper with the DNS responses even if you are using a private DNS. Rendering the use of a private DNS service useless.

As a bonus, many devices and apps will use hardcoded DNS servers bypassing any system setting you could set. This is for example the case with most (70%) Smart TVs and a large part (46%) of Game Consoles³⁷. For these devices, you will have to force them³⁸ to stop using their hardcoded DNS service which could make them stop working properly.

A solution to this is to use encrypted DNS using DoH (DNS over HTTPS³⁹), DoT (DNS over TLS⁴⁰) with a private DNS server (this can be self-hosted locally with a solution like pi-hole⁴¹, remotely hosted with a solution like nextdns.io or using the solutions provider by your VPN provider or the Tor network). This should prevent your ISP or some go-between from snooping on your requests … except it might not.

Small in-between Disclaimer: This guide does not necessarily endorse or recommends Cloudflare services even if it is mentioned several times in this section for technical understanding.

Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI⁴² handshakes (this can be checked here at Cloudflare: https://www.cloudflare.com/ssl/encrypted-sni/ ^{[Archive.org]} ). As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello⁴³ previously known as eSNI⁴⁴) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party⁴⁵. And this option is not enabled by default either so you will have to enable it yourself.

In addition to limited browser support, only web Services and CDNs⁴⁶ behind Cloudflare CDN support ECH/eSNI at this stage⁴⁷. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as:

Some countries like Russia⁴⁸ and China⁴⁹ might (unverified despite the articles) block ECH/eSNI handshakes at the network level to allow snooping and prevent bypassing censorship. Meaning you will not be able to establish an HTTPS connection with a service if you do not allow them to see what it was.

The issues do not end here. Part of the HTTPS TLS validation is called OCSP⁵⁰ and this protocol used by Firefox-based browsers will leak metadata in the form of the serial number of the certificate of the website you are visiting. An adversary can then easily find which website you are visiting by matching the certificate number⁵¹. This issue can be mitigated by using OCSP stapling⁵². Unfortunately, this is enabled but not enforced by default in Firefox/Tor Browser. But the website you are visiting must also be supporting it and not all do. Chromium-based browsers on the other hand use a different system called CRLSets⁵³’⁵⁴ which is arguably better.

Here is an illustration of the issue you could encounter on Firefox-based browsers:

Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies⁵⁵ have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see Your Anonymized Tor/VPN traffic).

One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS⁵⁶) to further increase privacy/anonymity but unfortunately, as far as we know, these methods are only provided by Cloudflare as of this writing (https://blog.cloudflare.com/welcome-hidden-resolver/ ^{[Archive.org]}, https://blog.cloudflare.com/oblivious-dns/ ^{[Archive.org]}). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers⁵⁷).

Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See https://github.com/alecmuffett/dohot ^{[Archive.org]}. This guide will not help you with this one at this stage, but it might be coming soon.

Here is an illustration showing the current state of DNS and HTTPS privacy based on my current knowledge.

As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome.

But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/ ^{[Archive.org]}. This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS … An adversary can still guess the website you are visiting anyway.

Therefore, to mitigate all these issues (as much as possible and as best as we can), this guide will later recommend two solutions: Using Tor and a virtualized (See Appendix W: Virtualization) multi-layered solution of VPN over Tor solution (DNS over VPN over Tor or DNS over TOR). Other options will also be explained (Tor over VPN, VPN only, No Tor/VPN) but are less recommended.

Your RFID enabled devices:

RFID stands for Radio-frequency identification⁵⁸, it is the technology used for instance for contactless payments and various identification systems. Of course, your smartphone is among those devices and has RFID contactless payment capabilities through NFC⁵⁹. As with everything else, such capabilities can be used for tracking by various actors.

But unfortunately, this is not limited to your smartphone, and you also probably carry some amount of RFID enabled device with you all the time such as:

While all these cannot be used to de-anonymize you from a remote online adversary, they can be used to narrow down a search if your approximate location at a certain time is known. For instance, you cannot rule out that some stores will effectively scan (and log) all RFID chips passing through the door. They might be looking for their loyalty cards but are also logging others along the way. Such RFID tags could be traced to your identity and allow for de-anonymization.

The only way to mitigate this problem is to have no RFID tags on you or to shield them again using a type of Faraday cage. You could also use specialized wallets/pouches that specifically block RFID communications. Many of those are now made by well-known brands such as Samsonite⁶⁰. You should just not carry such RFID devices while conducting sensitive activities.

The Wi-Fi and Bluetooth devices around you:

Geolocation is not only done by using mobile antennas triangulation. It is also done using the Wi-Fi and Bluetooth devices around you. Operating systems makers like Google (Android⁶¹) and Apple (IOS⁶²) maintain a convenient database of most Wi-Fi access points, Bluetooth devices, and their location. When your Android smartphone or iPhone is on (and not in Plane mode), it will scan actively (unless you specifically disable this feature in the settings) Wi-Fi access points, and Bluetooth devices around you and will be able to geolocate you with more precision than when using a GPS.

This active and continuous probing can then be sent back to Google/Apple/Microsoft as part of their Telemetry. The issue is that this probing is unique and can be used to uniquely identify a user and track such user. Shops, for example, can use this technique to fingerprint customers including when they return, where they go in the shop and how long they stay at a particular place. There are several papers⁶³’⁶⁴ and articles⁶⁵ describing this issue in depth.

This allows them to provide accurate locations even when GPS is off, but it also allows them to keep a convenient record of all Wi-Fi Bluetooth devices all over the world. Which can then be accessed by them or third parties for tracking.

Note: If you have an Android smartphone, Google probably knows where it is no matter what you do. You cannot really trust the settings. The whole operating system is built by a company that wants your data. Remember that if it is free then you are the product.

But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to track your movements accurately just based on radio interferences. What this means is that it is possible to track your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat conspiracy theory claim but here are the references⁶⁶ with demonstrations showing this tech in action: http://rfpose.csail.mit.edu/ ^{[Archive.org]} and the video here: https://www.youtube.com/watch?v=HgDdaMy8KNE ^[Invidious]

You could therefore imagine many use cases for such technologies like recording who enters specific buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby tracking them from outside. Even if they have no smartphone on them.

Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage.

There is not much you can do about these. Besides being non-identifiable in the first place.

Malicious/Rogue Wi-Fi Access Points:

These have been used at least since 2008 using an attack called “Jasager”⁶⁷ and can be done by anyone using self-built tools or using commercially available devices such as Wi-Fi Pineapple⁶⁸.

These devices can fit in a small bag and can take over the Wi-Fi environment of any place within their range. For instance, a Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients to disconnect from their current Wi-Fi (using de-authentication, disassociation attacks⁶⁹) while spoofing the normal Wi-Fi networks at the same location. They will continue to perform this attack until your computer, or you decide to try to connect to the rogue AP.

These devices can then mimic a captive portal⁷⁰ with the exact same layout as the Wi-Fi you are trying to access (for instance an Airport Wi-Fi registration portal). Or they could just give you unrestricted access internet that they will themselves get from the same place.

Once you are connected through the Rogue AP, this AP will be able to execute various man-in-the-middle attacks to perform analysis on your traffic. These could be malicious redirections or simple traffic sniffing. These can then easily identify any client that would for instance try to connect to a VPN server or the Tor Network.

This can be useful when you know someone you want to de-anonymize is in a crowded place, but you do not know who. This would allow such an adversary to possibly fingerprint any website you visit despite the use of HTTPS, DoT, DoH, ODoH, VPN, or Tor using traffic analysis as pointed above in the DNS section.

These can also be used to carefully craft and serve you advanced phishing webpages that would harvest your credentials or try to make you install a malicious certificate allowing them to see your encrypted traffic.

How to mitigate those? If you do connect to a public wi-fi access point, use Tor, or use a VPN and then Tor (Tor over VPN) or even (VPN over Tor) to obfuscate your traffic from the rogue AP while still using it.

Your Anonymized Tor/VPN traffic:

Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize encrypted Tor traffic over the years⁷¹. Most of those techniques are Correlation attacks that will correlate your network traffic in one way or another to logs or datasets. Here are some examples:

Be aware again that this might not be enough against a motivated global adversary⁷⁷ with wide access to global mass surveillance. Such an adversary might have access to logs no matter where you are and could use those to de-anonymize you. Usually, these attacks are part of what is called a Sybil Attack⁷⁸. These adversaries are out of the scope of this guide.

Lastly, do remember that using Tor can already be considered suspicious activity⁷⁹, and its use could be considered malicious by some⁸⁰.

This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi-fi’s for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated adversaries and are out of scope from this guide.

Some Devices can be tracked even when offline:

You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used. Most people would think that’s overkill. Well, unfortunately, no, this is now becoming true at least for some devices:

Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth Low-Energy⁸⁵. They do not have access to the devices directly (which are not connected to the internet) but instead use BLE to find them through other nearby devices⁸⁶. They are using peer-to-peer short-range Bluetooth communication to broadcast their status through nearby online devices.

They could now find such devices and keep the location in some database that could then be used by third parties or themselves for various purposes (including analytics, advertising, or evidence/intelligence gathering).

Your Hardware Identifiers:

Your IMEI and IMSI (and by extension, your phone number):

The IMEI (International Mobile Equipment Identity⁸⁷) and the IMSI (International Mobile Subscriber Identity⁸⁸) are unique numbers created by cell phone manufacturers and cell phone operators.

The IMEI is tied directly to the phone you are using. This number is known and tracked by the cell phone operators and known by the manufacturers. Every time your phone connects to the mobile network, it will register the IMEI on the network along with the IMSI (if a SIM card is inserted but that is not even needed). It is also used by many applications (Banking apps abusing the phone permission on Android for instance⁸⁹) and smartphone Operating Systems (Android/IOS) for identification of the device⁹⁰. It is possible but difficult (and not illegal in many jurisdictions⁹¹) to change the IMEI on a phone but it is probably easier and cheaper to just find and buy some old (working) Burner phone for a few Euros (this guide is for Germany remember) at a flea market or some random small shop.

The IMSI is tied directly to the mobile subscription or pre-paid plan you are using and is tied to your phone number by your mobile provider. The IMSI is hardcoded directly on the SIM card and cannot be changed. Remember that every time your phone connects to the mobile network, it will also register the IMSI on the network along with the IMEI. Like the IMEI, the IMSI is also being used by some applications and smartphone Operating systems for identification and is being tracked. Some countries in the EU for instance maintain a database of IMEI/IMSI associations for easy querying by Law Enforcement.

Today, giving away your (real) phone number is the same or better than giving away your Social Security number/Passport ID/National ID.

For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities (See more practical guidance in Getting an anonymous Phone number section).

While there are some smartphones manufacturers like Purism with their Librem series¹⁰¹ who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same “burner phone” and only switch SIM cards instead of having to switch both for privacy.

Your Wi-Fi or Ethernet MAC address:

The MAC address¹⁰² is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, …) and it is possible again for them to track where and when the computer with the MAC address in question was sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (or a CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the Mobile Provider antenna logs at that time (IMEI/IMSI).

Operating Systems makers (Google/Microsoft/Apple) will also keep logs of devices and their MAC addresses in their logs for device identification (Find my device type services for example). Apple can tell that the MacBook with this specific MAC address was tied to a specific Apple Account before. Maybe yours before you decided to use the MacBook for sensitive activities. Maybe to a different user who sold it to you but remembers your e-mail/number from when the sale happened.

Your home router/Wi-Fi access point keeps logs of devices that are registered on the Wi-Fi, and these can be accessed too to find out who has been using your Wi-Fi. Sometimes this can be done remotely (and silently) by the ISP depending on if that router/Wi-Fi access point is being “managed” remotely by the ISP (which is often the case when they provide the router to their customers).

Some commercial devices will keep a record of MAC addresses roaming around for various purposes such as road congestion¹⁰³.

So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to randomize MAC addresses (Android, IOS, Linux, and Windows 10/11) with the notable exception of macOS which does not support this feature even in its latest Big Sur version.

Your Bluetooth MAC address:

Your Bluetooth MAC is like the earlier MAC address except it is for Bluetooth. Again, it can be used to track you as manufacturers and operating system makers keep logs of such information. It could be tied to a sale place/time/date or accounts and then could be used to track you with such information, the shop billing information, the CCTV, or the mobile antenna logs in correlation.

Operating systems have protections in place to randomize those addresses but are still subject to vulnerabilities¹⁰⁴.

For this reason, and unless you really need those, you should just disable Bluetooth completely in the BIOS/UEFI settings if possible or in the Operating System otherwise.

On Windows 10, you will need to disable and enable the Bluetooth device in the device manager itself to force randomization of the address for next use and prevent tracking.

In general, this should not be too much of a concern compared to MAC Addresses. BT Addresses are randomized quite often.

Your CPU:

All modern CPUs¹⁰⁵ are now integrating hidden management platforms such as the now infamous Intel Management Engine¹⁰⁶ and the AMD Platform Security Processor¹⁰⁷.

Those management platforms are small operating systems running directly on your CPU as long as they have power. These systems have full access to your computer’s network and could be accessed by an adversary to de-anonymize you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine https://www.youtube.com/watch?v=9fhNokIgBMU ^[Invidious].

These have already been affected by several security vulnerabilities in the past¹⁰⁸ that allowed malware to gain control of target systems. These are also accused by many privacy actors including the EFF and Libreboot of being a backdoor into any system¹⁰⁹.

There are some not so straightforward ways¹¹⁰ to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP.

Note that to AMD’s defense, so far and AFAIK, there were no security vulnerabilities found for ASP and no backdoors either: See https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s ^[Invidious]. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME.

If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot or Coreboot ¹¹¹ if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its fork Libreboot).

Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information https://www.whonix.org/wiki/Spectre_Meltdown ^{[Archive.org]} (warning: these can severely impact the performance of your VMs).

We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network.

Your Operating Systems and Apps telemetry services:

Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular Operating Systems now collect telemetry information by default even if you never opt-in or opted-out¹¹² from the start. Some like Windows will not even allow disabling telemetry completely without some technical tweaks. This information collection can be extensive and include a staggering number of details (metadata and data) on your devices and their usage.

Here are good overviews of what is being collected by those five popular OSes in their last versions:

Not only are Operating Systems gathering telemetry services but so are Apps themselves like Browsers, Mail Clients, and Social Networking Apps installed on your system.

It is important to understand that this telemetry data can be tied to your device and help de-anonymizing you and later can be used against you by an adversary that would get access to this data.

This does not mean for example that Apple devices are terrible choices for good Privacy (tho this might be changing¹¹⁵), but they are certainly not the best choices for (relative) Anonymity. They might protect you from third parties knowing what you are doing but not from themselves. In all likelihood, they certainly know who you are.

Later in this guide, we will use all the means at our disposal to disable and block as much telemetry as possible to mitigate this attack vector in the Operating Systems supported in this guide. These will include Windows, macOS, and even Linux in some regard.

Your Smart devices in general:

Data is being transmitted even if you opt-out¹¹⁶, processed, and stored indefinitely (most likely unencrypted¹¹⁷) by various third parties¹¹⁸.

But that is not all, this section is not called “Smartphones” but “Smart devices” because it is not only your smartphone spying on you. It is also every other smart device you could have:

Conclusion: Do not bring your smart devices with you when conducting sensitive activities.

Yourself:

Your Metadata including your Geo-Location:

Your metadata is all the information about your activities without the actual content of those activities. For instance, it is like knowing you had a call from an oncologist before then calling your family and friends successively. You do not know what was said during the conversation, but you can guess what it was just from the metadata¹²⁷.

This metadata will also often include your location that is being harvested by Smartphones, Operating Systems (Android¹²⁸/IOS), Browsers, Apps, Websites. Odds are several companies are knowing exactly where you are at any time¹²⁹ because of your smartphone¹³⁰.

This location data has been used in many judicial cases¹³¹ already as part of “geofencing warrants” ¹³² that allow law enforcement to ask companies (such as Google/Apple) a list of all devices present at a certain location at a certain time. In addition, this location data is even sold by private companies to the military who can then use it conveniently¹³³. These warrants are becoming widely used by law enforcement¹³⁴‘¹³⁵’¹³⁶.

If you want to experience yourself what a “geofencing warrant” would look like, here is an example: https://wigle.net/.

Now let us say you are using a VPN to hide your IP. The social media platform knows you were active on that account on November 4th from 8 am to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot trace back that VPN IP to your IP. Your ISP however knows (or at least can know) you were connected to that same VPN provider on November 4th from 7:30 am to 2 pm but does not know what you were doing with it.

The question is: Is there someone somewhere that would have both pieces of information available¹³⁷ for correlation in a convenient database?

Your Digital Fingerprint, Footprint, and Online Behavior:

This is the part where you should watch the documentary “The Social Dilemma”¹⁴⁷ on Netflix as they cover this topic much better than anyone else IMHO.

This includes is the way you write (stylometry) ¹⁴⁸‘¹⁴⁹, the way you behave¹⁵⁰’¹⁵¹. The way you click. The way you browse. The fonts you use on your browser¹⁵². Fingerprinting is being used to guess who someone is by the way that user is behaving. You might be using specific pedantic words or making specific spelling mistakes that could give you away using a simple Google search for similar features because you typed comparably on some Reddit post 5 years ago using a not so anonymous Reddit account¹⁵³. The words you type in a search engine alone can be used against you as the authorities now have warrants to find users who used specific keywords in search engines¹⁵⁴.

Social Media platforms such as Facebook/Google can go a step further and can register your behavior in the browser itself. For instance, they can register everything you type even if you do not send it / save it. Think of when you draft an e-mail in Gmail. It is saved automatically as you type. They can register your clicks and cursor movements as well.

All they need to achieve this in most cases is Javascript enabled in your browser (which is the case in most Browsers including Tor Browser by default). Even with Javascript disabled, there are still ways to fingerprint you¹⁵⁵.

While these methods are usually used for marketing purposes and advertising, they can also be a useful tool for fingerprinting users. This is because your behavior is unique or unique enough that over time, you could be de-anonymized.

Analysis algorithms could then be used to match these patterns with other users and match you to a different known user. It is unclear whether such data is already used or not by Governments and Law Enforcement agencies, but it might be in the future. And while this is mostly used for advertising/marketing/captchas purposes now. It could and probably will be used for investigations in the short or mid-term future to deanonymize users.

Here is a fun example you try yourself to see some of those things in action: https://clickclickclick.click (no archive links for this one sorry). You will see it becoming interesting over time (this requires Javascript enabled).

You need to act and fully adopt a role as an actor would do for a performance. You need to become a different person, think, and act like that person. This is not a technical mitigation but a human one. You can only rely on yourself for that.

Ultimately, it is mostly up to you to fool those algorithms by adopting new habits and not revealing real information when using your anonymous identities. See Appendix A4: Counteracting Forensic Linguistics.

Your Clues about your Real Life and OSINT:

These are clues you might give over time that could point to your real identity. You might be talking to someone or posting on some board/forum/Reddit. In those posts, you might over time leak some information about your real life. These might be memories, experiences, or clues you shared that could then allow a motivated adversary to build a profile to narrow their search.

A real use and well-documented case of this was the arrest of the hacker Jeremy Hammond¹⁵⁸ who shared over time several details about his past and was later discovered.

You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example:

You should never share real individual experiences/details using your anonymous identities that could later lead to finding your real identity. You will see more details about this in the Creating new identities section.

Your Face, Voice, Biometrics, and Pictures:

“Hell is other people”, even if you evade every method listed above, you are not out of the woods yet thanks to the widespread use of advanced Face recognition by everyone.

Companies like Facebook have used advanced face recognition for years¹⁶⁰’¹⁶¹ and have been using other means (Satellite imagery) to create maps of “people” around the world¹⁶². This evolution has been going on for years to the point we can now say “we lost control of our faces”¹⁶³.

If you are walking in a touristy place, you will most likely appear in someone’s selfie within minutes without knowing it. That person could then go ahead and upload that selfie to various platforms (Twitter, Google Photos, Instagram, Facebook, Snapchat …). Those platforms will then apply face recognition algorithms to those pictures under the pretext of allowing better/easier tagging or to better organize your photo library. In addition to this, the same picture will provide a precise timestamp and in most cases geolocation of where it was taken. Even if the person does not provide a timestamp and geolocation, it can still be guessed with other means¹⁶⁴’¹⁶⁵.

Gait Recognition and Other Long-Range Biometrics

Even if you are not looking at the camera, they can still figure out who you are¹⁶⁶, make out your emotions¹⁶⁷, analyze your gait¹⁶⁸‘¹⁶⁹’¹⁷⁰, read your lips¹⁷¹, analyze the behavior of your eyes¹⁷², and probably guess your political affiliation¹⁷³’¹⁷⁴.

Contrary to popular belief and pop culture, modern gait recognition systems aren’t fooled by simply changing how you walk (ex. with something uncomfortable in your shoe), as they analyze the way your body’s muscles move across your entire body, as you perform certain actions. The best way to fool modern gait recognition is to wear loose clothes that obscure the way your muscles move as you perform actions.

Other things than can be used to identify you include your earlobes, which are actually more identifiable than fingerprints, or even the shape of your skull. As such, soft headcoverings such as balaclavas are not recommendable for obscuring your identity - they make you look incredibly suspicious, while also conforming to the shape of your skull.

Governments already know who you are because they have your ID/Passport/Driving License pictures and often added biometrics (Fingerprints) in their database. Those same governments are integrating those technologies (often provided by private companies such as the Israeli Oosto¹⁸⁰, Clearview AI¹⁸¹‘¹⁸², or NEC¹⁸³) in their CCTV networks to look for “persons of interest”¹⁸⁴. And some heavily surveilled states like China have implemented widespread use of Facial Recognition for various purposes¹⁸⁵’¹⁸⁶ including possibly identifying ethnic minorities¹⁸⁷. A simple face recognition error by some algorithm can ruin your life¹⁸⁸’¹⁸⁹.

Here are some resources detailing some techniques used by Law Enforcement today:

Apple is making FaceID mainstream and pushing its use to log you into many services including the Banking systems.

The same goes with fingerprint authentication being mainstreamed by many smartphone makers to authenticate yourself. A simple picture where your fingers appear can be used to de-anonymize you¹⁹⁰‘¹⁹¹’¹⁹²’¹⁹³.

The same goes with your voice which can be analyzed for various purposes as shown in the recent Spotify patent¹⁹⁴.

We can safely imagine a near future where you will not be able to create accounts or sign in anywhere without providing unique biometrics (A suitable time to re-watch Gattaca¹⁹⁶, Person of Interest¹⁹⁷ , and Minority Report¹⁹⁸). And you can safely imagine how useful these large biometrics databases could be to some interested third parties.

At this time, there are a few steps²⁰³ you can use to mitigate (and only mitigate) face recognition when conducting sensitive activities where CCTV might be present:

(Note that if you intend to use these where advanced facial recognition systems have been installed, these measures could also flag as you as suspicious by themselves and trigger a human check)

Phishing and Social Engineering:

Phishing²⁰⁷ is a social engineering²⁰⁸ type of attack where an adversary could try to extract information from you by pretending or impersonating something/someone else.

A typical case is an adversary using a man-in-the-middle²⁰⁹ attack or a fake e-mail/call to ask for your credential for a service. This could for example be through e-mail or through impersonating financial services.

Such attacks can also be used to de-anonymize someone by tricking them into downloading malware or revealing personal information over time. The only defense against those is not to fall for them and common sense.

Malware, exploits, and viruses:

Malware in your files/documents/e-mails:

Using steganography or other techniques, it is easy to embed malware into common file formats such as Office Documents, Pictures, Videos, PDF documents…

These could be simple pixel-sized images²¹⁰ hidden in your e-mails that would call a remote server to try and get your IP address.

These could be exploiting a vulnerability in an outdated format or an outdated reader²¹¹. Such exploits could then be used to compromise your system.

You should always use extreme caution. To mitigate these attacks, this guide will later recommend the use of virtualization (See Appendix W: Virtualization) to mitigate leaking any information even in case of opening such a malicious file.

Malware and Exploits in your apps and services:

So, you are using Tor Browser or Brave Browser over Tor. You could be using those over a VPN for added security. But you should keep in mind that there are exploits²¹² (hacks) that could be known by an adversary (but unknown to the App/Browser provider). Such exploits could be used to compromise your system and reveal details to de-anonymize you such as your IP address or other details.

A real use case of this technique was the Freedom Hosting²¹³ case in 2013 where the FBI inserted malware²¹⁴ using a Firefox browser exploit on a Tor website. This exploit allowed them to reveal details of some users. More recently, there was the notable SolarWinds²¹⁵ hack that breached several US government institutions by inserting malware into an official software update server.

In some countries, Malware is just mandatory and/or distributed by the state itself. This is the case for instance in China with WeChat²¹⁶ which can then be used in combination with other data for state surveillance²¹⁷.

There are countless examples of malicious browser extensions, smartphone apps, and various apps that have been infiltrated with malware over the years.

To reflect these recommendations, this guide will therefore later guide you in the use of Virtualization (See Appendix W: Virtualization) so that even if your Browser/Apps get compromised by a skilled adversary, that adversary will find himself stuck in a sandbox²¹⁸ without being able to access identifying information or compromise your system.

Malicious USB devices:

There are readily available commercial and cheap “badUSB” ²¹⁹devices that can take deploy malware, log your typing, geolocate you, listen to you or gain control of your laptop just by plugging them in. Here are some examples that you can already buy yourself:

Such devices can be implanted anywhere (charging cable, mouse, keyboard, USB key …) by an adversary and can be used to track you or compromise your computer or smartphone. The most notable example of such attacks is probably Stuxnet²²⁰ in 2005.

While you could inspect a USB key physically, scan it with various utilities, check the various components to see if they are genuine, you will most likely never be able to discover complex malware embedded in genuine parts of a genuine USB key by a skilled adversary without advanced forensics equipment²²¹.

To mitigate this, you should never trust such devices and plug them into sensitive equipment. If you use a charging device, you should consider the use of a USB data blocking device that will only allow charging but not any data transfer. Such data blocking devices are now readily available in many online shops. You should also consider disabling USB ports completely within the BIOS of your computer unless you need them (if you can).

Malware and backdoors in your Hardware Firmware and Operating System:

This might sound a bit familiar as this was already partially covered previously in the Your CPU section.

Malware and backdoors can be embedded directly into your hardware components. Sometimes those backdoors are implemented by the manufacturer itself such as the IME in the case of Intel CPUs. And in other cases, such backdoors can be implemented by a third party that places itself between orders of new hardware and customer delivery²²².

Such malware and backdoors can also be deployed by an adversary using software exploits. Many of those are called rootkits²²³ within the tech world. Usually, these types of malware are harder to detect and mitigate as they are implemented at a lower level than the userspace²²⁴ and often in the firmware²²⁵ of hardware components itself.

What is firmware? Firmware is a low-level operating system for devices. Each component in your computer probably has firmware including for instance your disk drives. The BIOS²²⁶/UEFI²²⁷ system of your machine for instance is a type of firmware.

These can allow remote management and are capable of enabling full control of a target system silently and stealthily.

As mentioned previously, these are harder to detect by users but some limited steps that can be taken to mitigate some of those by protecting your device from tampering and use some measures (like re-flashing the bios for example). Unfortunately, if such malware or backdoor is implemented by the manufacturer itself, it becomes extremely difficult to detect and disable those.

Your files, documents, pictures, and videos:

Properties and Metadata:

This can be obvious to many but not to all. Most files have metadata attached to them. Good examples are pictures that store EXIF²²⁸ information which can hold a lot of information such as GPS coordinates, which camera/phone model took it, and when it was taken precisely. While this information might not directly give out who you are, it could tell exactly where you were at a certain moment which could allow others to use various sources to find you (CCTV or other footage taken at the same place at the same time during a protest for instance). You must verify any file you would put on those platforms for any properties that might hold any information that might lead back to you.

This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance a very convenient tool to geo-locate YouTube videos: https://mattw.io/youtube-geofind/location ^{[Archive.org]}

For this reason, you will always have to be incredibly careful when uploading files using your anonymous identities and check the metadata of those files.

Even if you publish a plain text file, you should always double or triple-check it for any information leakage before publishing. You will find some guidance about this in the Some additional measures against forensics section at the end of the guide.

Watermarking:

Pictures/Videos/Audio:

Pictures/Videos often contain visible watermarks indicating who is the owner/creator but there are also invisible watermarks in various products aiming at identifying the viewer itself.

So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are chances that those might contain invisible watermarking within them that would include information about you as a viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video²²⁹ or Audio²³⁰) or with extensions²³¹ for popular apps such as Adobe Premiere Pro. These can be inserted by various content management systems.

These watermarks are not easily detectable and could allow identification of the source despite all efforts.

In addition to watermarks, the camera used for filming (and therefore the device used for filming) a video can also be identified using various techniques such as lens identification²⁴⁰ which could lead to de-anonymization.

Be extremely careful when publishing videos/pictures/audio files from known commercial platforms as they might contain such invisible watermarks in addition to details in the images themselves. There is no guaranteed 100% protection against those. You will have to use common sense.

Printing Watermarking:

Did you know your printer is most likely spying on you too? Even if it is not connected to any network? This is usually a known fact by many people in the IT community but few outside people.

Many printers will print an invisible watermark allowing for identification of the printer on every printed page. This is called Printer Steganography²⁴¹. There is no tangible way to mitigate this but to inform yourself on your printer and make sure it does not print any invisible watermark. This is important if you intend to print anonymously.

Do not ever print in Color, usually, watermarks are not present without color toners/cartridges²⁴².

Pixelized or Blurred Information:

Did you ever see a document with blurred text? Did you ever make fun of those movies/series where they “enhance” an image to recover seemingly impossible-to-read information?

Well, there are techniques for recovering information from such documents, videos, and pictures.

This is of course an open-source project available for all to use. But you can imagine that such techniques have probably been used before by other adversaries. These could be used to reveal blurred information from published documents that could then be used to de-anonymize you.

Some online services could even help you do this automatically to some extent like MyHeritage.com enhance tool:

Of course, this tool is more like “guessing” than really deblurring at this point, but it could be enough to find you using various reverse image searching services.

For this reason, it is always extremely important that you correctly redact and curate any document you might want to publish. Blurring is not enough, and you should always completely blacken/remove any sensitive data to avoid any attempt at recovering data from any adversary. Do not pixelized, do not blur, just put a hard black rectangle to redact information.

Your Cryptocurrencies transactions:

Contrary to widespread belief, Crypto transactions (such as Bitcoin and Ethereum) are not anonymous²⁴³. Most cryptocurrencies can be tracked accurately through various methods²⁴⁴’²⁴⁵.

The main issue is not setting up a random Crypto wallet to receive some currency behind a VPN/Tor address (at this point, the wallet is anonymous). The issue is mainly when you want to convert Fiat money (Euros, Dollars …) to Crypto and then when you want to cash in your Crypto. You will have few realistic options but to transfer those to an exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges have known wallet addresses and will keep detailed logs (due to KYC²⁴⁶ financial regulations) and can then trace back those crypto transactions to you using the financial system²⁴⁷.

There are some cryptocurrencies with privacy/anonymity in mind like Monero but even those have some and warnings to consider²⁴⁸’²⁴⁹.

Even if you use Mixers or Tumblers²⁵⁰ (services that specialize in “anonymizing” cryptocurrencies by “mixing them”), keep in mind this is only obfuscation²⁵¹ and not actual anonymity²⁵². Not only are they only obfuscation but they could also put you in trouble as you might end up exchanging your crypto against “dirty” crypto that was used in various questionable contexts²⁵³.

This does not mean you cannot use Bitcoin anonymously at all. You can actually use Bitcoin anonymously as long as you do not convert it to actual currency and use a Bitcoin wallet from a safe anonymous network. Meaning you should avoid KYC/AML regulations by various exchanges and avoid using the Bitcoin network from any known IP address. See Appendix Z: Paying anonymously online with BTC (or any other cryptocurrency).

Overall, the best option for using Crypto with reasonable anonymity and privacy is still Monero and you should ideally not use any other for sensitive transactions unless you are aware of the limitations and risks involved. Please do read Appendix B2: Monero Disclaimer.

Your Cloud backups/sync services:

All companies are advertising their use of end-to-end encryption (E2EE). This is true for almost every messaging app and website (HTTPS). Apple and Google are advertising their use of encryption on their Android devices and their iPhones.

But what about your backups? Those automated iCloud/Google Drive backups you have?

Well, you should know that most of those backups are not fully end-to-end encrypted and will hold some of your information readily available for a third party. You will see their claims that data is encrypted at rest and safe from anyone … Except they usually do keep a key to access some of the data themselves. These keys are used for them indexing your content, recover your account, collecting various analytics.

There are specialized commercial forensics solutions available (Magnet Axiom²⁵⁴, Cellebrite Cloud²⁵⁵) that will help an adversary analyze your cloud data with ease.

You should not trust cloud providers with your (not previously and locally encrypted) sensitive data and you should be wary of their privacy claims. In most cases, they can access your data and provide it to a third party if they want to²⁵⁶.

The only way to mitigate this is to encrypt your data on your side and then only upload it to such services or just not use them at all.

Your Browser and Device Fingerprints:

Your Browser and Device Fingerprints²⁵⁷ are set of properties/capabilities of your System/Browser. These are used on most websites for invisible user tracking but also to adapt the website user experience depending on their browser. For instance, websites will be able to provide a “mobile experience” if you are using a mobile browser or propose a specific language/geographic version depending on your fingerprint. Most of those techniques work with recent Browsers like Chromium-based²⁵⁸ browsers (such as Chrome/Edge) or Firefox²⁵⁹ unless taking specific measures.

You can find a lot of detailed information and publications about this on these resources:

Most of the time, those fingerprints will, unfortunately, be unique or nearly unique to your Browser/System. This means that even If you log out from a website and then log back in using a different username, your fingerprint might remain the same if you did not take precautionary measures.

An adversary could then use such fingerprints to track you across multiple services even if you have no account on any of them and are using adblocking. These fingerprints could in turn be used to de-anonymize you if you keep the same fingerprint between services.

Local Data Leaks and Forensics:

Most of you have probably seen enough Crime dramas on Netflix or TV to know what forensics are. These are technicians (usually working for law enforcement) that will perform various analysis of evidence. This of course could include your smartphone or laptop.

While these might be done by an adversary when you already got “burned”, these might also be done randomly during a routine control or a border check. These unrelated checks might reveal secret information to adversaries that had no prior knowledge of such activities.

Forensics techniques are now very advanced and can reveal a staggering amount of information from your devices even if they are encrypted²⁶⁰. These techniques are widely used by law enforcement all over the world and should be considered.

I also highly recommend that you read some documents from a forensics examiner perspective such as:

And finally, here is this very instructive detailed paper on the current state of IOS/Android security from the John Hopkins University: https://securephones.io/main.html²⁶¹.

When it comes to your laptop, the forensics techniques are many and widespread. Many of those issues can be mitigated by using full disk encryption, virtualization (See Appendix W: Virtualization), and compartmentalization. This guide will later detail such threats and techniques to mitigate them.

Bad Cryptography:

There is a frequent adage among the infosec community: “Don’t roll your own crypto!”.

We would not want people discouraged from studying and innovating in the crypto field because of that adage. So instead, we would recommend people to be cautious with “Roll your own crypto” because it is not necessarily good crypto:

Yet, this is not stopping some from doing it anyway and publishing various production Apps/Services using their self-made cryptography or proprietary closed-source methods:

Cryptography is a complex topic and bad cryptography could easily lead to your de-anonymization.

In the context of this guide,we recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods.

So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using “bad crypto” or “good crypto”. Once you get the technical details, you could check this page for seeing what it is worth: https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html ^{[Archive.org]}

Later this guide will not recommend “bad cryptography” and that should hopefully be enough to protect you?

No logging but logging anyway policies:

Many people have the idea that privacy-oriented services such as VPN or E-Mail providers are safe due to their no-logging policies or their encryption schemes. Unfortunately, many of those same people forget that all those providers are legal commercial entities subject to the laws of the countries in which they operate.

Any of those providers can be forced to silently (without your knowing (using for example a court order with a gag order²⁷⁹ or a national security letter²⁸⁰) log your activity to de-anonymize you. There have been several recent examples of those:

Some providers have implemented the use of a Warrant Canary²⁸⁹ that would allow their users to find out if they have been compromised by such orders, but this has not been tested yet as far as we know.

Finally, it is now well known that some companies might be sponsored front ends for some state adversaries (see the Crypto AG story²⁹⁰ and Omnisec story²⁹¹).

For these reasons, you mustn’t trust such providers for your privacy despite all their claims. In most cases, you will be the last person to know if any of your accounts were targeted by such orders and you might never know at all.

To mitigate this, in cases where you want to use a VPN, we will recommend the use of a cash/Monero-paid VPN provider over Tor to prevent the VPN service from knowing any identifiable information about you.

If the VPN provider knows nothing about you, it should mitigate any issue due to them not logging but logging anyway.

Some Advanced targeted techniques:

(Illustration: an excellent movie we highly recommend: Das Leben der Anderen²⁹²)

Realistically, this guide will be of little help against such adversaries as such malware could be implanted on the devices by a manufacturer, anyone in the middle²⁹⁹, or by anyone with physical access to the air-gapped computer but there are still some ways to mitigate such techniques:

Some bonus resources:

Notes:

If you still do not think such information can be used by various actors to track you, you can see some statistics for yourself for some platforms and keep in mind those are only accounting for the lawful data requests and will not count things like PRISM, MUSCULAR, SORM or XKEYSCORE explained earlier:

General Preparations:

Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context,we only have one to recommend:

Picking your route:

First, here is a small basic UML diagram showing your available options according to your skills/budget/time/resources.

Timing limitations:

Budget/Material limitations:

Your only option on M1 Macs is probably to stick with Tor Browses for now. But we would guess that if you can afford an M1 Mac you should probably get a dedicated x86 laptop for more sensitive activities.

Skills:

Adversarial considerations:

Now that you know what is possible, you should also consider threats and adversaries before picking the right route.

Threats:

Adversaries:

In all cases, you should read these two pages from the Whonix documentation that will give you in-depth insight into your choices:

You might be asking yourself: “How do I know if I’m in a hostile online environment where activities are actively monitored and blocked?”

Steps for all routes:

Getting used to using better passwords:

Getting an anonymous Phone number:

Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just want anonymous browsing or if the platforms you will use allow registration without a phone number.

Physical Burner Phone and prepaid SIM card:

Get a burner phone:

This is rather easy. Leave your smartphone on and at home. Have some cash and go to some random flea market or small shop (ideally one without CCTV inside or outside and while avoiding being photographed/filmed) and just buy the cheapest phone you can find with cash and without providing any personal information. It only needs to be in working order.

A note regarding your current phone: The point of leaving your smartphone on is to create avoid leaking the fact that you’re not using the device. If a smartphone is turned off, this creates a metadata trail that can be used to correlate the time your smartphone was turned off with the activation of your burner. If possible, leave your phone doing something (for example, watching YouTube on auto-play) to obscure the metadata trail further. This will not make it impossible to correlate your inactivity, but may make it more difficult if your phone’s usage patterns can look convincing while you buy your burner.

We would recommend getting an old “dumbphone” with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi.

It will also be crucial not to power on that burner phone ever (not even without the SIM card) in any geographical location that could lead to you (at your home/work for instance) and never at the same location as your other known smartphone (because that one has an IMEI/IMSI that will easily lead to you). This might seem like a big burden, but it is not as these phones are only being used during the setup/sign-up process and for verification from time to time.

You should test that the phone is in working order before going to the next step. But we will repeat ourselves and state that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) and that you test the phone at a random location that cannot be tracked back to you (and again, do not do that in front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either.

When you are certain the phone is in working order, disable Bluetooth then power it off (remove the battery if you can) and go back home and resume your normal activities. Go to the next step.

Getting an anonymous pre-paid SIM card:

This is the hardest part of the whole guide. It is a SPOF (Single Point of Failure). The places where you can still buy prepaid SIM cards without ID registration are getting increasingly limited due to various KYC type regulations³⁰⁶.

You should be able to find a place that is “not too far” and just go there physically to buy some pre-paid cards and top-up vouchers with cash. Do verify that no law was passed before going that would make registration mandatory (in case the above wiki was not updated). Try to avoid CCTV and cameras and do not forget to buy a Top-Up voucher with the SIM card (if it is not a package) as most pre-paid cards will require a top-up before use.

Double-check that the mobile operators selling the pre-paid SIM cards will accept the SIM activation and top-up without any ID registration of any kind before going there. Ideally, they should accept SIM activation and top-up from the country you live in.

We would recommend GiffGaff in the UK as they are “affordable”, do not require identification for activation and top-up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM card will therefore grant you three numbers to use for your needs.

Power off the phone after activation/top-up and before going home. Do not ever power it on again unless you are not at a place that can be used to reveal your identity and ideally leave your real phone on but at home before going to the safe place with only your burner phone.

Online Phone Number:

DISCLAIMER: Do not attempt this until you are done setting up a secure environment according to one of the selected routes. This step will require online access and should only be done from an anonymous network. Do not do this from any known/unsecured environment. Skip this until you have finished one of the routes.

There are many commercial services offering numbers to receive SMS messages online but most of those have no anonymity/privacy and can be of no help as most Social Media platforms place a limit on how many times a phone number can be used for registration.

There are some forums and subreddits (like r/phoneverification/) where users will offer the service of receiving such SMS messages for you for a small fee (using PayPal or some crypto payment). Unfortunately, these are full of scammers and very risky in terms of anonymity. You should not use those under any circumstance.

To this date, we do not know any reputable service that would offer this service and accept cash payments (by post for instance) like some VPN providers. But a few services are providing online phone numbers and do accept Monero which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that you could consider:

Now, what if you have no money? Well, in that case, you will have to try your luck with free services and hope for the best. Here are some examples, use at your own risk:

DISCLAIMER:We cannot vouch for any of these providers and therefore we will still recommend doing it yourself physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that requires any kind of identification using your real identity. Please do read Appendix B2: Monero Disclaimer.

Therefore IMHO, it is just more convenient, cheaper, and less risky to just get a pre-paid SIM card from one of the physical places that still sell them for cash without requiring ID registration. But at least there is an alternative if you have no other choice.

Get a USB key:

Get at least one or two decent size generic USB keys (at least 16GB but we would recommend 32GB).

Some might be very efficient³⁰⁷ but many are gimmicky gadgets that offer no real protection³⁰⁸.

Find some safe places with decent public Wi-Fi:

You need to find safe places where you will be able to do your sensitive activities using some publicly accessible Wi-Fi (without any account/ID registration, avoid CCTVs).

This can be anywhere that will not be tied to you directly (your home/work) and where you can use the Wi-Fi for a while without being bothered. But also, a place where you can do this without being “noticed” by anyone.

Situational awareness is key, and you should be constantly aware of your surroundings and avoid touristy places like it was plagued by Ebola. You want to avoid appearing on any picture/video of anyone while someone is taking a selfie, making a TikTok video, or posting some travel pictures on their Instagram. If you do, remember chances are high that those pictures will end up online (publicly or privately) with full metadata attached to them (time/date/geolocation) and your face. Remember these can and will be indexed by Facebook/Google/Yandex/Apple and probably all three letters’ agencies.

While this will not be available yet to your local police officers, it could be in the near future.

You will ideally need a set of 3-5 separate places such as this to avoid using the same place twice. Several trips will be needed over the weeks for the various steps in this guide.

The Tor Browser route:

This part of the guide will help you in setting up the simplest and easiest way to browse the web anonymously. It is not necessarily the best method and there are more advanced methods below with (much) better security and (much) better mitigations against various adversaries. Yet, this is a straightforward way of accessing resources anonymously and quickly with no budget, no time, no skills, and limited usage.

So, what is Tor Browser? Tor Browser (https://www.torproject.org/ ^{[Archive.org]}) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind.

This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: https://www.youtube.com/watch?v=JWII85UlzKw ^[Invidious]. After that, you should probably head over to their page to read their quick overview here: https://2019.www.torproject.org/about/overview.html.en ^{[Archive.org]}. Without going into too many technical details, Tor Browser is an easy and simple “fire and forget” solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone.

Windows, Linux, and macOS:

Android:

Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked.

As with the desktop version, you need to know there are safety levels in Tor Browser. On Android, you can access these by following these steps:

We would recommend the “Safer” level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites and/or if you are extra paranoid.

If you are extra paranoid, use the “Safest” level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking.

Now, you are really done, and you can now surf the web anonymously from your Android device.

iOS:

While the official Tor Browser is not yet available for iOS, there is an alternative called Onion Browser endorsed by the Tor Project³⁰⁹.

Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS.

As with the desktop version, you need to know there are safety levels in Onion Browser. On iOS, you can access these by following these steps:

We would recommend the “Silver” level for most cases. The Gold level should only be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Gold mode will also most likely break many websites that rely actively on JavaScript.

Now, you are really done, and you can now surf the web anonymously from your iOS device.

Important Warning:

This route is the easiest but is not designed to resist highly skilled adversaries. It is however usable on any device regardless of the configuration. This route is also vulnerable to correlation attacks (See Your Anonymized Tor/VPN traffic) and is blind to anything that might be on your device (this could be any malware, exploit, virus, remote administration software, parental controls…). Yet, if your threat model is quite low, it is probably sufficient for most people.

If you have time and want to learn, we recommend going for other routes instead as they offer far better security and mitigate far more risks while lowering your attack surface considerably.

The Tails route:

This part of the guide will help you in setting up Tails if one of the following is true:

Tails³¹⁰ stands for The Amnesic Incognito Live System. It is a bootable Live Operating System running from a USB key that is designed for leaving no traces and forcing all connections through the Tor network.

You insert the Tails USB key into your laptop, boot from it and you have a full operating system running with privacy and anonymity in mind. As soon as you shut down the computer, everything will be gone unless you saved it somewhere.

Tails is an amazingly straightforward way to get going in no time with what you have and without much learning. It has extensive documentation and tutorials.

WARNING: Tails is not always up to date with their bundled software. And not always up to date with the Tor Browser updates either. You should always make sure you are using the latest version of Tails and you should use extreme caution when using bundled apps within Tails that might be vulnerable to exploits and reveal your location³¹¹.

Taking all this into account and the fact that their documentation is great, we will just redirect you towards their well-made and well-maintained tutorial:

Tor Browser settings on Tails:

We would recommend the “Safer” level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript.

If you are extra paranoid, use the “Safest” level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking.

When you are done and have a working Tails on your laptop, go to the Creating your anonymous online identities step much further in this guide or if you want persistence and plausible deniability, continue with the next section.

Persistent Plausible Deniability using Whonix within Tails:

This would allow the creation of a hybrid system mixing Tails with the Virtualization options of the Whonix route in this guide.

In that case, as the project outlines it, there should be no traces of any of your activities on your computer and the sensitive work could be done from VMs stored into a Hidden container that should not be easily discoverable by a soft adversary.

This option is particularly interesting for “traveling light” and to mitigate forensics attacks while keeping persistence on your work. You only need 2 USB keys (one with Tails and one with a Veracrypt container containing persistent Whonix). The first USB key will appear to contain just Tails and the second USB will appear to contain just random garbage but will have a decoy volume which you can show for plausible deniability.

You might also wonder if this will result in a “Tor over Tor” setup, but it will not. The Whonix VMs will be accessing the network directly through clearnet and not through Tails Onion Routing.

Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm ^{[Archive.org]}

Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means.

First Run:

Note, if during the import you are having issues such as “NS_ERROR_INVALID_ARG (0x80070057)”, this is probably because there is not enough disk space on your Hidden volume for Whonix. Whonix themselves recommend 32GB of free space but that’s probably not necessary and 10GB should be enough for a start. You can try working around this error by renaming the Whonix .OVA file to .TAR and decompressing it within Tails. When you are done with decompression, delete the OVA file and import the other files with the Import wizard. This time it might work.

Subsequent Runs:

Steps for all other routes:

Get a dedicated laptop for your sensitive activities:

Ideally, you should get a dedicated laptop that will not be tied to you in any effortless way (ideally paid with cash anonymously and using the same precautions as previously mentioned for the phone and the SIM card). It is recommended but not mandatory because this guide will help you harden your laptop as much as possible to prevent data leaks through various means. There will be several lines of defense standing between your online identities and yourself that should prevent most adversaries from de-anonymizing you besides state/global actors with considerable resources.

This laptop should ideally be a clean freshly installed Laptop (Running Windows, Linux, or macOS), clean of your normal day-to-day activities, and offline (never connected to the network yet). In the case of a Windows laptop, and if you used it before such a clean install, it should also not be activated (re-installed without a product key). Specifically, in the case of MacBooks, it should never have been tied to your identity before in any means. So, buy second-hand with cash from an unknown stranger who does not know your identity

This is to mitigate some future issues in case of online leaks (including telemetry from your OS or Apps) that could compromise any unique identifiers of the laptop while using it (MAC Address, Bluetooth Address, and Product key …). But also, to avoid being tracked back if you need to dispose of the laptop.

If you used this laptop before for different purposes (like your day-to-day activities), all its hardware identifiers are probably known and registered by Microsoft or Apple. If later any of those identifiers is compromised (by malware, telemetry, exploits, human errors …) they could lead back to you.

The laptop should have at least 250GB of Disk Space at least 6GB (ideally 8GB or 16GB) of RAM and should be able to run a couple of Virtual Machines at the same time. It should have a working battery that lasts a few hours.

This laptop could have an HDD (7200rpm) or an SSD/NVMe drive. Both possibilities have their benefits and issues that will be detailed later.

All future online steps performed with this laptop should ideally be done from a safe network such as Public Wi-Fi in a safe place (see Find some safe places with decent public Wi-Fi). But several steps will have to be taken offline first.

Some laptop recommendations:

We would strongly recommend getting a “business grade” laptop (meaning not consumer/gaming-grade laptop) if you can. For instance, some ThinkPad from Lenovo (my personal favorite).

This is because those business laptops usually offer better and more customizable security features (especially in the BIOS/UEFI settings) with longer support than most consumer laptops (Asus, MSI, Gigabyte, Acer…). The interesting features to look for are IMHO:

Bios/UEFI/Firmware Settings of your laptop:

PC:

Usually how to access it is by pressing a specific key (F1, F2, or Del) at boot (before your OS).

Only enable those on a “need to use” basis and disable them again after use. This can help mitigate some attacks in case your laptop is seized while locked but still on OR if you had to shut it down rather quickly and someone took possession of it (this topic will be explained later in this guide).

About Secure boot:

So, what is Secure Boot³¹⁸? In short, it is a UEFI security feature designed to prevent your computer from booting an operating system from which the bootloader was not signed by specific keys stored in the UEFI firmware of your laptop.

When the operating system (or the Bootloader³¹⁹) supports it, you can store the keys of your bootloader in your UEFI firmware, and this will prevent booting up any unauthorized Operating System (such as a live OS USB or anything similar).

Secure Boot settings are protected by the password you set up to access the BIOS/UEFI settings. If you have that password, you can disable Secure Boot and allow unsigned OSes to boot on your system. This can help mitigate some Evil-Maid attacks (explained later in this guide).

In most cases, Secure Boot is disabled by default or is enabled but in “setup” mode which will allow any system to boot. For Secure Boot to work, your Operating System will have to support it and then sign its bootloader and push those signing keys to your UEFI firmware. After that, you will have to go to your BIOS/UEFI settings and save those pushed keys from your OS and change the Secure Boot from setup to user mode (or custom mode in some cases).

After doing that step, only the Operating Systems from which your UEFI firmware can verify the integrity of the bootloader will be able to boot.

Most laptops will have some default keys already stored in the secure boot settings. Usually, those are from the manufacturer itself or some companies such as Microsoft. So, this means that by default, it will always be possible to boot some USB disks even with secure boot. These include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, OpenSUSE, Tails, Clonezilla, and many others. Secure Boot is however not supported at all by Qubes OS at this point.

In some laptops, you can manage those keys and remove the ones you do not want with a “custom mode” to only authorize your bootloader that you could sign yourself if you want to.

So, what is Secure Boot protecting you from? It will protect your laptop from booting unsigned bootloaders (by the OS provider) with for instance injected malware.

Additionally, several attacks could be possible against Secure Boot as explained (in-depth) in these technical videos:

So, it can be useful as an added measure against some adversaries but not all. Secure Boot in itself is not encrypting your hard drive. It is an added layer but that is it.

Mac:

This feature will mitigate the possibility for some adversaries to use hardware hacks to disable/bypass your firmware password. Note that this will also prevent Apple themselves from accessing the firmware in case of repair.

Physically Tamper protect your laptop:

At some point, you will inevitably leave this laptop alone somewhere. You will not sleep with it and take it everywhere every single day. You should make it as hard as possible for anyone to tamper with it without you noticing it. This is mostly useful against some limited adversaries that will not use a 5$ wrench against you³²⁰.

It is important to know that it is trivially easy for some specialists to install a key logger in your laptop, or to just make a clone copy of your hard drive that could later allow them to detect the presence of encrypted data in it using forensic techniques (more on that later).

While this is a good cheap method, it could also raise suspicions as it is quite “noticeable” and might just reveal that you “have something to hide”. So, there are more subtle ways of achieving the same result. You could also for instance make a close-up macro photography of the back screws of your laptop or just use a small amount of candle wax within one of the screws that could just look like usual dirt. You could then check for tampering by comparing the photographs of the screws with new ones. Their orientation might have changed a bit if your adversary was not careful enough (Tightening them exactly the same way they were before). Or the wax within the bottom of a screw head might have been damaged compared to before.

The same techniques can be used with USB ports where you could just put a tiny amount of candle wax within the plug that would be damaged by inserting a USB key in it.

In riskier environments, check your laptop for tampering before using it regularly.

The Whonix route:

Picking your Host OS (the OS installed on your laptop):

This route will make extensive use of Virtual Machines³²², they will require a host OS to run the Virtualization software. You have three recommended choices in this part of the guide:

In addition, chances are high that your Mac is or has been tied to an Apple account (at the time of purchase or after signing-in) and therefore its unique hardware identifiers could lead back to you in case of hardware identifiers leak.

Linux is also not necessarily the best choice for anonymity depending on your threat model. This is because using Windows will allow us to conveniently use Plausible Deniability³²³ (aka Deniable Encryption³²⁴) easily at the OS level. Windows is also unfortunately at the same time a privacy nightmare³²⁵ but is the only easy to set up option for using OS-wide plausible deniability. Windows telemetry and telemetry blocking are also widely documented which should mitigate many issues.

So, what is Plausible Deniability? You can cooperate with an adversary requesting access to your device/data without revealing your true secret. All this using Deniable Encryption³²⁶.

A soft lawful adversary could ask for your encrypted laptop password. At first, you could refuse to give out any password (using your “right to remain silent”, “right not to incriminate yourself”) but some countries are implementing laws³²⁷’³²⁸ to exempt this from such rights (because terrorists and “think of the children”). In that case, you might have to reveal the password or face jail time in contempt of court. This is where plausible deniability will come into play.

You could then reveal a password, but that password will only give access to “plausible data” (a decoy OS). The forensics will be well aware that it is possible for you to have hidden data but should not be able to prove this (if you do this right). You will have cooperated, and the investigators will have access to something but not what you actually want to hide. Since the burden of proof should lie on their side, they will have no options but to believe you unless they have proof that you have hidden data.

This feature can be used at the OS level (a plausible OS and a hidden OS) or at the files level where you will have an encrypted file container (similar to a zip file) where different files will be shown depending on the encryption password you use.

This also means you could set up your own advanced “plausible deniability” setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see Some additional measures against forensics section later). There is a project for achieving this within Tails (https://github.com/aforensics/HiddenVM ^{[Archive.org]}) which would make your Host OS non-persistent and use plausible deniability within Tails.

In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10/11 Home (and not Pro). This is because Windows 10/11 Pro natively offers a full-disk encryption system (Bitlocker³²⁹) where Windows 10/11 Home offers no full-disk encryption at all. You will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10/11 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10/11 Pro would be suspicious.

Note about Linux: So, what about Linux and plausible deniability? Yes, it is possible to achieve plausible deniability with Linux too. More information within the Linux Host OS section later.

Threats with encryption:

The 5$ Wrench:

Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. Avoid, if possible, the use of plausible deniability-capable software (such as Veracrypt) if your threat model includes hard adversaries. So, Windows users should in that case install Windows Pro as a Host OS and use Bitlocker instead.

Evil-Maid Attack:

Evil Maid Attacks³³⁰ are conducted when someone tampers with your laptop while you are away. To install to clone your hard drive, install malware or a key logger. If they can clone your hard drive, they can compare one image of your hard drive at the time they took it while you were away with the hard drive when they seize it from you. If you used the laptop again in between, forensics examiners might be able to prove the existence of the hidden data by looking at the variations between the two images in what should be an empty/unused space. This could lead to compelling evidence of the existence of hidden data. If they install a key logger or malware within your laptop (software or hardware), they will be able to simply get the password from you for later use when they seize it. Such attacks can be done at your home, your hotel, a border crossing, or anywhere you leave your devices unattended.

Cold-Boot Attack:

Cold Boot attacks³³¹ are trickier than the Evil Maid Attack but can be part of an Evil Maid attack as it requires an adversary to come into possession of your laptop while you are actively using your device or shortly afterward.

The idea is rather simple, as shown in this video³³², an adversary could theoretically quickly boot your device on a special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the USB ports are disabled or if they feel like they need more time, they could open it and “cool down” the memory using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. You will later apply a few principles to mitigate these.

In the case of Plausible Deniability, there have been some forensics studies³³³ about technically proving the presence of the hidden data with a simple forensic examination (without a Cold Boot/Evil Maid Attack) but these have been contested by other studies³³⁴ and by the maintainer of Veracrypt³³⁵ so we would not worry too much about those yet.

The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added ones:

Here are also some interesting tools to consider for Linux users to defend against these:

About Sleep, Hibernation, and Shutdown:

If you want better security, you should shut down your laptop completely every time you leave it unattended or close the lid. This should clean and/or release the RAM and provide mitigations against cold boot attacks. However, this can be a bit inconvenient as you will have to reboot completely and type in a ton of passwords into various apps. Restart various VMs and other apps. So instead, you could also use hibernation (not supported on Qubes OS). Since the whole disk is encrypted, hibernation in itself should not pose a large security risk but will still shut down your laptop and clear the memory while allowing you to conveniently resume your work afterward. What you should never do is using the standard sleep feature which will keep your computer on, and the memory powered. This is an attack vector against evil-maid and cold-boot attacks discussed earlier. This is because your powered-on memory holds the encryption keys to your disk (encrypted or not) and could then be accessed by a skilled adversary.

This guide will provide guidance later on how to enable hibernation on various host OSes (except Qubes OS) if you do not want to shut down every time.

Local Data Leaks (traces) and forensics examination:

As mentioned briefly earlier, these are data leaks and traces from your operating system and apps when you perform any activity on your computer. These mostly apply to encrypted file containers (with or without plausible deniability) than OS-wide encryption. Such leaks are less “important” if your whole OS is encrypted (if you are not compelled to reveal the password).

Let us say for example you have a Veracrypt encrypted USB key with plausible deniability enabled. Depending on the password you use when mounting the USB key, it will open a decoy folder or the sensitive folder. Within those folders, you will have decoy documents/data within the decoy folder and sensitive documents/data within the sensitive folder.

In all cases, you will (most likely) open these folders with Windows Explorer, macOS Finder, or any other utility and do whatever you planned to do. Maybe you will edit a document within the sensitive folder. Maybe you will search for a document within the folder. Maybe you will delete one or watch a sensitive video using VLC.

Well, all those Apps and your Operating System might keep logs and traces of that usage. This might include the full path of the folder/files/drives, the time those were accessed, temporary caches of those files, the “recent” lists in each app, the file indexing system that could index the drive, and even thumbnails that could be generated

Windows:

macOS:

Linux:

Forensics could’ use all those leaks (see Local Data Leaks and Forensics) to prove the existence of hidden data and defeat your attempts at using plausible deniability and to find out about your various sensitive activities.

It will be therefore important to apply various steps to prevent forensics from doing this by preventing and cleaning these leaks/traces and more importantly by using whole disk encryption, virtualization, and compartmentalization.

Forensics cannot extract local data leaks from an OS they cannot access. And you will be able to clean most of those traces by wiping the drive or by securely erasing your virtual machines (which is not as easy as you think on SSD drives).

Some cleaning techniques will nevertheless be covered in the “Cover your Tracks” part of this guide at the very end.

Online Data Leaks:

Whether you are using simple encryption or plausible deniability encryption. Even if you covered your tracks on the computer itself. There is still a risk of online data leaks that could reveal the presence of hidden data.

Telemetry is your enemy. As explained earlier in this guide, the telemetry of Operating Systems but also from Apps can send staggering amounts of private information online.

In the case of Windows, this data could for instance be used to prove the existence of a hidden OS / Volume on a computer and would be readily available at Microsoft. Therefore, it is critically important that you disable and block telemetry with all the means at your disposal. No matter what OS you are using.

Conclusion:

You should never conduct sensitive activities from a non-encrypted system. And even if it is encrypted, you should never conduct sensitive activities from the Host OS itself. Instead, you should use a VM to be able to efficiently isolate and compartmentalize your activities and prevent local data leaks.

If you have little to no knowledge of Linux or if you want to use OS-wide plausible deniability, we recommend going for Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks.

If you have no interest in OS-wide plausible deniability and want to learn to use Linux, we will strongly recommend going for Linux or the Qubes OS route if your hardware allows it.

In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should ideally not be used for any of your day-to-day activities.

Linux Host OS:

As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at least we do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk.

I also recommend that you do the initial installation completely offline to avoid any data leak.

You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are not necessarily better at security than other systems such as macOS and Windows. See this reference to understand why https://madaidans-insecurities.github.io/linux.html ^{[Archive.org]}.

Full disk encryption:

For other distros, you will have to document yourself, but it will likely be similar. Encryption during install is just much easier in the context of this guide.

Note about plausible deniability on Linux:

There are several ways to achieve plausible deniability on Linux³⁴¹ and it is possible to achieve. Here are some more details about some of the ways we would recommend. All these options require some higher level of skills at using Linux.

The Detached Headers Way:

The Veracrypt Way:

It is technically possible to not only use Veracrypt but also to achieve plausible deniability on a Linux Host OS by using Veracrypt for system full-disk encryption (instead of LUKS). This is not supported by Veracrypt (System encryption is only supported on Windows) and requires some tinkering with various commands. This is not recommended at all for unskilled users and should only be used at your own risk.

Reject/Disable any telemetry:

Disable anything unnecessary:

Hibernation:

As explained previously, you should not use the sleep features but shut down or hibernate your laptop to mitigate some evil-maid and cold-boot attacks. Unfortunately, this feature is disabled by default on many Linux distros including Ubuntu. It is possible to enable it, but it might not work as expected. Follow this information at your own risk. If you do not want to do this, you should never use the sleep function and power off instead (and set the lid closing behavior to power off instead of sleep).

These settings should mitigate cold boot attacks if you can hibernate fast enough.

Enable MAC address randomization:

Hardening Linux:

Setting up a safe Browser:

macOS Host OS:

Note: At this time, this guide will not support ARM M1 MacBooks (yet). Due to Virtualbox not supporting this architecture yet. It could however be possible if you use commercial tools like VMWare or Parallels but those are not covered in this guide.

As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at leastWedo not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk.

I also recommend that you do the initial installation completely offline to avoid any data leak.

During the install:

Hardening macOS:

Enable Firmware password with “disable-reset-capability” option:

Enable Hibernation instead of sleep:

Again, this is to prevent some cold-boot and evil-maid attacks by powering down your RAM and cleaning the encryption key when you close the lid. You should always either hibernate or shut down. On macOS, the hibernate feature even has a special option to specifically clear the encryption key from memory when hibernating (while you might have to wait for the memory to decay on other Operating Systems). Once again there are no easy options to do this within the settings so instead, we will have to do this by running a few commands to enable hibernation:

Now when you close the lid of your MacBook, it should hibernate instead of sleep and mitigate attempts at performing cold-boot attacks.

In addition, you should also set up an automatic sleep (Settings > Energy) so that your MacBook will hibernate automatically if left unattended.

Disable unnecessary services:

Prevent Apple OCSP calls:

Up to you really. We would block it because we do not want any telemetry at all from my OS to the mothership without my specific consent. None.

Enable Full Disk encryption (Filevault):

Be careful when enabling. Do not store the recovery key at Apple if prompted (should not be an issue since you should be offline at this stage). You do not want a third party to have your recovery key.

MAC Address Randomization:

Unfortunately, macOS does not offer a native convenient way of randomizing your MAC Address and so you will have to do this manually. This will be reset at each reboot, and you will have to re-do it each time to ensure you do not use your actual MAC Address when connecting to various Wi-Fis

You can do this by issuing the following commands in terminal (without the parentheses):

Setting up a safe Browser:

Windows Host OS:

I also recommend that you do the initial installation completely offline to avoid any data leak.

Installation:

Enable MAC address randomization:

Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware addresses

Setting up a safe Browser:

Enable some additional privacy settings on your Host OS:

Windows Host OS encryption:

If you intend to use system-wide plausible deniability:

Veracrypt³⁴² is the software we will recommend for full-disk encryption, file encryption, and plausible deniability. It is a fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for:

It is to my knowledge the only (convenient and usable by anyone) free, open-source, and openly audited³⁴³ encryption software that also provides plausible deniability for widespread use and it works with Windows Home Edition.

After installation, please take a moment to review the following options that will help mitigate some attacks:

If you do not want to use encrypted memory (because performance might be an issue), you should at least enable hibernation instead of sleep. This will not clear the keys from memory (you are still vulnerable to cold boot attacks) but at least should mitigate them if your memory has enough time to decay.

If you do not intend to use system-wide plausible deniability:

For this case, we will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is that BitLocker does not offer a plausible deniability possibility contrary to Veracrypt. A hard adversary has then no incentive in pursuing his “enhanced” interrogation if you reveal the passphrase.

Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward.

Unfortunately, this is not enough. With this setup, your Bitlocker key can just be stored as-is in the TPM chip of your computer. This is rather problematic as the key can be extracted in some cases with ease³⁴⁶‘³⁴⁷’³⁴⁸’³⁴⁹.

To mitigate this, you will have to enable a few more options as per the recommendations of Microsoft³⁵⁰:

Enable Hibernation (optional):

Again, as explained earlier. You should never use the sleep/stand-by feature to mitigate some cold-boot and evil-maid attacks. Instead, you should Shut down or hibernate. You should therefore switch your laptop from sleeping to hibernating when closing the lid or when your laptop goes to sleep.

(Note that you cannot enable hibernation if you previously enabled RAM encryption within Veracrypt)

The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the other hand will leave the memory powered on (including your decryption key) and could leave your laptop vulnerable to cold-boot attacks.

Deciding which sub-route you will take:

Always be sure to check for new versions of Veracrypt frequently to ensure you benefit from the latest patches. Especially check this before applying large Windows updates that might break the Veracrypt bootloader and send you into a boot loop.

NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM PASSWORD IN QWERTY (display the password as a test). This can cause issues if your boot input is using your laptop’s keyboard (AZERTY for example) as you will have set up your password in QWERTY and will input it at boot time in AZERTY. So, make sure you check when doing the test boot what keyboard layout your BIOS is using. You could fail to log in just because of the QWERTY/AZERTY mix-up. If your BIOS boots using AZERTY, you will need to type the password in QWERTY within Veracrypt.

Route A and B: Simple Encryption using Veracrypt (Windows tutorial)

You do not have to have an HDD for this method, and you do not need to disable Trim on this route. Trim leaks will only be of use to forensics in detecting the presence of a Hidden Volume but will not be of much use otherwise.

This route is rather straightforward and will just encrypt your current Operating System in place without losing any data. Be sure to read all the texts Veracrypt is showing you, so you have a full understanding of what is going on. Here are the steps:

There will be another section on creating encrypted file containers with Plausible Deniability on Windows.

Route B: Plausible Deniability Encryption with a Hidden OS (Windows only)

This is only recommended on an HDD drive. This is not recommended on an SSD drive.

Your Hidden OS should not be activated (with an MS product key). Therefore, this route will recommend and guide you through a full clean installation that will wipe everything on your laptop.

As you can see this process requires you to have two partitions on your hard drive from the start.

Mandatory if you have an SSD drive and you still want to do this against the recommendation: Disable SSD Trim in Windows³⁵⁵ (again this is NOT recommended at all as disabling Trim in itself is highly suspicious). Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks³⁵⁶ that could allow forensics to defeat your plausible deniability³⁵⁷ ³⁵⁸. The only way around this at the moment is to have a laptop with a classic HDD drive instead.

Step 1: Create a Windows 10/11 install USB key

Step 2: Boot the USB key and start the Windows 10/11 install process (Hidden OS)

Step 3: Privacy Settings (Hidden OS)

Step 4: Veracrypt installation and encryption process start (Hidden OS)

Do not connect this OS to your known Wi-Fi. You should download the Veracrypt installer from a different computer and copy the installer here using a USB key. Here are the steps:

Step 5: Reboot and boot the USB key and start the Windows 10/11 install process again (Decoy OS)

Step 6: Privacy settings (Decoy OS)

Step 7: Veracrypt installation and encryption process start (Decoy OS)

Step 8: Test your setup (Boot in Both)

Step 9: Changing the decoy data on your Outer Volume safely

Basically, you are going to mount your Outer Volume while also providing the Hidden Volume passphrase within the Mount Options to protect the Hidden Volume from being overwritten. Veracrypt will then allow you to write data to the Outer volume without risking overwriting any data on the Hidden Volume:

This operation will not actually mount the Hidden Volume and should prevent the creation of any forensic evidence that could lead to the discovery of the hidden OS. However, while you are performing this operation, both passwords will be stored in your RAM and therefore you could still be susceptible to a Cold-Boot Attack. To mitigate this, be sure to have the option to encrypt your RAM too as instructed before.

Step 10: Leave some forensics evidence of your outer Volume (with the decoy Data) within your Decoy OS

We must make the Decoy OS as plausible as possible. We also want your adversary to think you are not that smart.

Therefore, it is important to voluntarily leave some forensic evidence of your Decoy Content within your Decoy OS. This evidence will let forensic examiners see that you mounted your Outer Volume frequently to access its content.

Notes:

Remember that you will need valid excuses for this plausible deniability scenario to work:

Virtualbox on your Host OS:

This step and the following steps should be done from within the Host OS. This can either be your Host OS with simple encryption (Windows/Linux/macOS) or your Hidden OS with plausible deniability (Windows only).

In this route, you will make extensive use of the free Oracle Virtualbox³⁶⁰ software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience).

All your sensitive activities will be done from within a guest Virtual Machine running Windows 10/11 Pro (not Home this time), Linux, or macOS.

Pick your connectivity method:

Tor only:

With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases.

There is one main drawback tho: Some services block/ban Tor Exit nodes outright and will not allow account creations from those.

To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section.

VPN/Proxy over Tor:

As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN/Proxy account connecting to their services from a Tor Exit node.

If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity.

If an adversary somehow compromises your VM OS (with malware or an exploit for instance), they will be trapped within the internal Network of Whonix and should be unable to reveal the IP of the public Wi-Fi.

This solution however has one main drawback to consider: Interference with Tor Stream Isolation³⁶³.

Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is:

VPN/Proxy over Tor falls on the right-side³⁶⁴ meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases:

You should however consider not using this method when your aim is just to browse random various unauthenticated websites as you will not benefit from Stream Isolation and this could make correlation attacks easier over time for an adversary between each of your sessions (see Your Anonymized Tor/VPN traffic). If your goal however is to use the same identity at each session on the same authenticated services, the value of Stream isolation is lessened as you can be correlated through other means.

You should also know that Stream Isolation is not necessarily configured by default on Whonix Workstation. It is only pre-configured for some applications (including Tor Browser).

Also, note that Stream Isolation does not necessarily change all the nodes in your Tor circuit. It can sometimes only change one or two. In many cases, Stream Isolation (for instance within the Tor Browser) will only change the relay (middle) node and the exit node while keeping the same guard (entry) node.

Tor over VPN:

You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, we would not necessarily recommend it:

It is also possible to consider VPN over Tor over VPN (User > VPN > Tor > VPN > Internet) using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor ^{[Archive.org]}).

This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity.

Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route.

Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity.

VPN only:

If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.

Just using a VPN or even a VPN over VPN makes no sense as those can be traced back to you over time. One of the VPN providers will know your real origin IP (even if it is in a safe public space) and even if you add one over it, the second one will still know you were using that other first VPN service. This will only slightly delay your de-anonymization. Yes, it is an added layer … but it is a persistent centralized added layer, and you can be de-anonymized over time. This is just chaining 3 ISPs that are all subject to lawful requests.

In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.

No VPN/Tor:

If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high.

Just do not, it is not worth it and too risky IMHO. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes.

Conclusion:

Unfortunately, using Tor alone will raise the suspicion of many destinations’ platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor is still the best solution for anonymity and must be somewhere for anonymity.

For more information, you can also see the discussions here that could help decide yourself:

Getting an anonymous VPN/Proxy:

Whonix:

Connection Type	Anonymity	Ease of Access to online resources	Tor Stream isolation	Safer where Tor is suspicious/dangerous	Speed	Cost	Recommended
Tor Alone	Good	Medium	Possible	No	Medium	Free	Yes
Tor over VPN	Good+	Medium	Possible	Yes	Medium	Around 50€/y	If needed (Tor inaccessible)
Tor over VPN over Tor	Best	Medium	Possible	Yes	Poor	Around 50€/y	Yes
VPN over Tor	Good-	Good	No	No	Medium	Around 50€/y	If needed (convenience)
Self-Hosted VPS VPN/Proxy over Tor	Good-	Very Good	No	Yes	Medium	Around 50€/y	If needed (convenience)
VPN/Proxy over Tor over VPN	Good-	Good	No	Yes	Poor	Around 100€/y	If needed (convenience and Tor inaccessible)
VPN/Proxy Alone	Bad	Good	N/A	Yes	Good	Around 50€/y	No.
No Tor and VPN	Bad	Unknown	N/A	No	Good	Around 100€ (Antenna)	No.

This route will use Virtualization and Whonix³⁶⁵ as part of the anonymization process. Whonix is a Linux distribution composed of two Virtual Machines:

You will be able to decide which flavor to use based on my recommendations. We recommend the second one as explained before.

Whonix is well maintained and has extensive and incredibly detailed documentation.

A note on Virtualbox Snapshots:

Later, you will create and run several Virtual Machines within Virtualbox for your sensitive activities. Virtualbox provides a feature called “Snapshots”³⁶⁶ that allow for saving the state of a VM at any point in time. If for any reason later you want to go back to that state, you can restore that snapshot at any moment.

I strongly recommend that you do make use of this feature by creating a snapshot after the initial installation/update of each VM. This snapshot should be done before its use for any sensitive/anonymous activity.

This will allow you to turn your VMs into a kind of disposable “Live Operating Systems” (like Tails discussed earlier). Meaning that you will be able to erase all the traces of your activities within a VM by restoring a Snapshot to an earlier state. Of course, this will not be “as good” as Tails (where everything is stored in memory) as there might be traces of this activity left on your hard disk. Forensics studies have shown the ability to recover data from a reverted VM³⁶⁷. Fortunately, there will be ways to remove those traces after the deletion or reverting to an earlier snapshot. Such techniques will be discussed in the Some additional measures against forensics section of this guide.

Download Virtualbox and Whonix utilities:

This will conclude the preparations and you should now be ready to start setting up the final environment that will protect your anonymity online.

Virtualbox Hardening recommendations:

This offset should be within a 60000-millisecond range and should be different for each VM and here are some examples (which can be later applied to any VM):

Also, consider applying these mitigations from VirtualBox to mitigate Spectre³⁶⁸/Meltdown³⁶⁹ vulnerabilities by running this command from the VirtualBox Program Directory. All of these are described here: https://www.whonix.org/wiki/Spectre_Meltdown ^{[Archive.org]} (be aware these can impact severely the performance of your VMs but should be done for best security).

Tor over VPN:

Skip this step if you do not intend to use Tor over VPN and only intend to use Tor or cannot.

If you intend to use Tor over VPN for any reason. You first must configure a VPN service on your host OS.

Remember that in this case, we recommend having two VPN accounts. Both paid with cash/Monero (see Appendix O: Getting an anonymous VPN/Proxy). One will be used in the Host OS for the first VPN connection. The other could be used in the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN).

Whonix Virtual Machines:

Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should consider connecting using Bridges as explained in this tutorial https://www.whonix.org/wiki/Bridges ^{[Archive.org]}.

Pick your guest workstation Virtual Machine:

Using Whonix/Linux will require more skills on your side as these are Linux distributions. You will also encounter more difficulties if you intend to use specific software that might be harder to use on Whonix/Linux. Setting up a VPN over Tor on Whonix will also be more complicated than on Windows as well.

If you can use Tor:

You can decide if you prefer to conduct your sensitive activities from the Whonix Workstation provided in the earlier section (highly recommended) or from a Custom VM that will use the Whonix Gateway like the Whonix Workstation (less secure but might be required depending on what you intend to do).

If you cannot use Tor:

Linux Virtual Machine (Whonix or Linux):

Whonix Workstation (recommended and preferred):

Just use the provided Whonix Workstation VM. It is the safest and most secure way to go on this route.

It is also the only VM that will provide Stream Isolation pre-configured for most apps by default³⁷⁰.

Linux (any distro):

Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See https://www.whonix.org/wiki/VM_Fingerprinting ^{[Archive.org]}

If you can use Tor (natively or over a VPN):

Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry.

If you cannot use Tor:

Choose a browser within the VM:

Windows 10/11 Virtual Machine:

Windows 10 and 11 ISO download:

If you can use Tor (natively or over a VPN):

Install:

Network Settings:

Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.

If you cannot use Tor:

Install:

Network Settings:

Choose a browser within the VM:

Additional Privacy settings in Windows 10/11:

Android Virtual Machine:

Because sometimes you want to run mobile Apps anonymously too. You can also set up an Android VM for this purpose. As in other cases, ideally, this VM will also be sitting behind the Whonix Gateway for Tor network connectivity. But this can also be set up as VPN over Tor over VPN

If you can use Tor (natively or over a VPN):

Later in the VM settings during creation, go into Network and select Internal Network, Whonix.

If you cannot use Tor:

Installation:

AnBox:

Basically follow the tutorial here for installing AnBox on the Whonix Workstation: https://www.whonix.org/wiki/Anbox ^{[Archive.org]} for running Android Applications within an AnBox VM.

Or follow the instructions here https://anbox.io/ to install on any other VM (Linux Only)

Android-x86:

macOS Virtual Machine:

Yes, you can actually run macOS within Virtualbox (on Windows/Linux/macOS host systems) if you want to use macOS. You can run any version of macOS you want.

If you can use Tor (natively or over a VPN):

During the following tutorials, before starting the macOS VM, make sure you do put the macOS VMs on the Whonix Network.

Afterward, and during the install, you will need to input an IP address manually to connect through the Whonix Gateway.

If you cannot use Tor:

Installation:

There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage…) without a genuine ID. You can set such IDs using this script: https://github.com/myspaghetti/macos-virtualbox ^{[Archive.org]} but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal).

Note: We also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configurationWeused which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead:

Hardening macOS:

Choose a browser within the VM:

KeepassXC:

You will need something to store your data (logins/passwords, identities, and TOTP³⁷¹ information).

For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA³⁷² authentication with the authenticator feature.

Remember this should ideally be installed on your Guest VM and not on your Host OS. You should never do any sensitive activities from your Host OS.

VPN client installation (cash/Monero paid):

If you decided to not use a cash-paid VPN and just want to use Tor, skip this step.

About VPN Client Data Mining/Leaks:

You might be asking yourself if those VPN clients are trustworthy not to leak any information about your local environment to the VPN provider when using them in the “VPN over Tor” context.

Remember that all VPN activities are happening from a sandboxed VM on an internal network behind a Network Gateway (the Whonix Gateway). It does not matter much if the VPN client leaves some identifiers on your guest VM. The guest VM is still sandboxed and walled-off from the Host OS. The attack surface is IMHO pretty small especially when using the reputable and recommended VPN providers within the guides (iVPN, Mullvad, Proton VPN, and maybe Safing.io).

At best, the VPN client would know your local IP (internal IP) and some randomized identifiers but should not be able to get anything from the Host OS. And in theory, the VPN client should not send any telemetry back to the VPN provider. If your VPN client does this or asks this, you should consider changing the provider.

(Optional) Allowing only the VMs to access the internet while cutting off the Host OS to prevent any leak:

This step will allow you to configure your Host OS so that only the Whonix Gateway VM will have access to the internet. This will therefore prevent any “leak” from your Host OS while letting the Whonix Gateway establish the tor connectivity. The other VMs (Whonix Workstation or any other VM you installed behind it will not be affected)

The Lazy Way (not supported by Whonix but it will work if you are in a hurry, see further for the better way):

This way is not supported by the Whonix project³⁷³ but we will go ahead and give this option anyway. IMHO this is helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs.

Note that this option as-is will only work on Wi-Fis without a captive portal (where you must enter some information to unlock access).

Configuration of the Whonix Gateway VM:

For this to work, we will need to change some configurations on the Whonix Gateway VM. we will need to add a DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will still have to have internet access allowed for now.

Configuration of the Host OS:

Now you must block internet access from your Host OS while still allowing the VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi association to get an IP address.

Windows Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

Linux Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

macOS Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

The Better Way (recommended):

Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here.

This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge.

For this purpose, we will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an Ubuntu-based distro and we would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup.

Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else.

Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu.

Installing XUbuntu VM:

Configuring the Whonix Gateway VM:

By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you configured earlier:

Configuration of the Host OS:

Now you must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will then use your Wi-fi association to get an IP address.

If necessary, from the XUbuntu Bridge VM, you will be able to launch a Browser to enter information into any captive/registration portal on the Wi-Fi network.

Only the XUbuntu Bridge VM should be able to access the internet. The Host OS will be limited to local traffic only.

Windows Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

Linux Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

macOS Host OS:

The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected:

The best way:

This way will not go against Whonix recommendations (as it will not expose the Whonix Gateway to the Host OS) and will have the advantage of allowing connections not only to open Wi-Fis but also to the ones with a Captive Portal where you need to enter some information to access the internet. Yet this will still not be supported by the Whonix project, but it is fine as the main concern for the earlier Lazy Way is to have the Whonix Gateway VM exposed to the Host Network, and it will not be the case here. This option is the best because the network will be completely disabled on the Host OS from booting up.

This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi network. This option requires a working USB Wi-Fi Dongle that will be passed through to a bridge VM.

Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else.

Of course, you can also achieve this with any other Linux distro if you so decide you do not like XUbuntu.

Configuration of the Host OS:

Configuring the Whonix Gateway VM:

By default, the Whonix Gateway has no DHCP client and will require one to get an IP from a shared network you will configure later, on a Bridge VM:

Installing XUbuntu VM:

At this stage, your Host OS should have no network at all and your XUbuntu VM should have a fully working Wi-Fi connection and this Wi-Fi connection will be shared to the Internal Network “XUbuntu Bridge”.

Additional configuration of the Whonix Gateway VM:

Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM you just made on the earlier step:

At this stage, your Whonix Gateway VM should be getting internet access from the XUbuntu Bridge VM which in turn is getting internet access from the Wi-Fi Dongle and sharing it. Your Host OS should have no network connectivity at all.

All the VMs behind the Whonix Gateway should now work fine without additional configuration.

Final step:

The Qubes Route:

Note that while this route is written for Qubes OS 4.0.x, it should also work with Qubes OS 4.1.x but it hasn’t been tested yet. The guide will be updated and tested for Qubes OS 4.1 soon. In the mean time, you can see the changelog here: https://www.qubes-os.org/doc/releases/4.1/release-notes/

As they say on their website, Qubes OS is a reasonably secure, free, open-source, and security-oriented operating system for single-user desktop computing. Qubes OS leverages and extensively uses Xen-based virtualization to allow for the creation and management of isolated compartments called Qubes.

Qubes OS is not a Linux distribution³⁷⁴ but a Xen distribution. It is different from Linux distributions because it will make extensive use of Virtualization and Compartmentalization so that any app will run in a different VM (Qube). As a bonus, Qubes OS integrates Whonix by default and allows for increased privacy and anonymity. It is highly recommended that you document yourself over Qubes OS principles before going this route. Here are some recommended resources:

This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org.

Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements ^{[Archive.org]}, the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB.

The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require and allocate a certain amount of memory that will not be available for other apps. If you are running native Windows apps within Qubes OS Qubes, the ram overhead will be significant.

You should also check their hardware compatibility here https://www.qubes-os.org/hcl/ ^{[Archive.org]} before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself.

I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide plausible deniability ^{[Archive.org]}, unlike the Whonix route.

Pick your connectivity method:

Tor only:

With this solution, all your network goes through Tor, and it should be sufficient to guarantee your anonymity in most cases.

There is one main drawback tho: Some services block/ban Tor Exit nodes outright and will not allow account creations from those.

To mitigate this, you might have to consider the next option: VPN over Tor but consider some risks associated with it explained in the next section.

VPN/Proxy over Tor:

As you can see in this illustration, if your cash (preferred)/Monero paid VPN/Proxy is compromised by an adversary (despite their privacy statement and no-logging policies), they will only find an anonymous cash/Monero paid VPN account connecting to their services from a Tor Exit node.

If an adversary somehow manages to compromise the Tor network too, they will only reveal the IP of a random public Wi-Fi that is not tied to your identity.

This solution however has one main drawback to consider: Interference with Tor Stream Isolation³⁷⁵.

Stream isolation is a mitigation technique used to prevent some correlation attacks by having different Tor Circuits for each application. Here is an illustration to show what stream isolation is:

VPN/Proxy over Tor falls on the right-side³⁷⁶ meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases:

Tor over VPN:

You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor?

This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity.

Achieving this technically is easy within this route, you need two separate anonymous VPN accounts and must connect to the first VPN from the Host OS and follow the route.

Conclusion: Only do this if you think using Tor alone is risky/impossible but VPNs are okay. Or just because you can and so why not. This method will not lower your security/privacy/anonymity.

VPN only:

If you can use VPNs then you should be able to add a Tor layer over it. And if you can use Tor, then you can add an anonymous VPN over Tor to get the preferred solution.

In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.

No VPN/Tor:

If you cannot use VPN nor Tor where you are, you probably are in a very hostile environment where surveillance and control are extremely high.

Just do not, it is not worth it and too risky IMHO. You can be de-anonymized almost instantly by any motivated adversary that could get to your physical location in a matter of minutes.

Conclusion:

Unfortunately, using Tor alone will raise the suspicion of many destinations’ platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor remains the best solution for anonymity and must be somewhere for anonymity.

For more information, you can also see the discussions here that could help decide yourself:

Getting an anonymous VPN/Proxy:

Note about Plausible Deniability:

Installation:

To be sure your Qubes ISO hasn’t been tampered with, you should get the Qubes master key fingerprint from multiple different sources. This guide can be used as one source.

Connection Type	Anonymity	Ease of Access to online resources	Tor Stream isolation	Safer where Tor is suspicious/dangerous	Speed	Cost	Recommended
Tor Alone	Good	Medium	Possible	No	Medium	Free	Yes
Tor over VPN	Good+	Medium	Possible	Yes	Medium	Around 50€/y	If needed (Tor inaccessible)
Tor over VPN over Tor	Best	Medium	Possible	Yes	Poor	Around 50€/y	Yes
VPN over Tor	Good-	Good	No	No	Medium	Around 50€/y	If needed (convenience)
Self-Hosted VPS VPN/Proxy over Tor	Good-	Very Good	No	No	Medium	Around 50€/y	If needed (convenience)
VPN/Proxy over Tor over VPN	Good-	Good	No	Yes	Poor	Around 100€/y	If needed (convenience and Tor inaccessible)
VPN/Proxy Alone	Bad	Good	N/A	Yes	Good	Around 50€/y	No
No Tor and VPN	Bad	Unknown	N/A	No	Good	Around 100€ (Antenna)	No. At your own risk.

The Qubes master signing key fingerprint should match 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494.

Lid Closure Behavior:

Unfortunately, Qubes OS does not support hibernation³⁷⁷ which is IMHO an issue regarding cold-boot attacks. To mitigate those, we highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features.

Connect to a Public Wi-Fi:

Upgrading Qubes OS from 4.0.x to 4.1.x (you should do it)

Updating Qubes OS:

After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You must keep Qubes OS always updated before conducting any sensitive activities. Especially your Browser VMs. Normally, Qubes OS will warn you about updates in the upper right corner with a gear icon. As this might take a while in this case due to using Tor, you can force the process by doing the following:

Upgrading Whonix from version 15 to version 16:

Hardening Qubes OS:

Disclaimer: This section is under construction and will be worked on heavily in the next releases. This section is for more advanced users.

Application Sandboxing:

While Qubes OS is already sandboxing everything by design, it is also useful to consider sandboxing apps themselves using AppArmor or SELinux.

AppArmor:

“AppArmor is a Mandatory Access Control framework. When enabled, AppArmor confines programs according to a set of rules that specify what files a given program can access. This initiative-taking approach helps protect the system against both known and unknown vulnerabilities” (Debian.org).

Basically, AppArmor³⁷⁸ is an application sandboxing system. By default, it is not enabled but supported by Qubes OS.

SELinux:

SELinux³⁷⁹ is similar to AppArmor. The differences between SELinux and AppArmor are technical details into which we will not get.

In this guide and the context of Qubes OS, it is important to mention it as it is the recommended method by Fedora which is one of the default systems on Qubes OS.

You could make use of SELinux on your Fedora Templates. But this is up to you. Again, this is for advanced users.

Setup the VPN ProxyVM:

Skip this step if you do not want to use a VPN and just use Tor only or if VPN is not an option either.

This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or Proton VPN for instance).

Download the VPN configuration from your cash/Monero paid VPN provider:

If you can use Tor:

Using Tor Browser (be careful not to use any Clearnet Browser for this), download the necessary OpenVPN configuration files for Linux from your VPN provider.

This can be done by using the Qubes OS integrated Tor Browser by accessing the Applications icon (upper left corner) and selecting the Disposable Tor Browser application.

If you cannot use Tor:

When you are done downloading the configuration files within the Disposable Browser (usually a zip file), copy them to your ProxyVM VPN Gateway machine (using right-click on the file and send to another AppVM).

Configure the ProxyVM:

VPN over Tor:

Set up a disposable Browser Qube for VPN over Tor use:

You should now have a Disposable Browser VM that works with your cash/Monero paid VPN over Tor.

Tor Over VPN:

Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead of sys-firewall:

Alternatively, you can also create any other type of disposable VM (but less secure than the Whonix one):

You should now have a Disposable Browser VM that works with Tor over a cash/Monero paid VPN.

Any other combination? (VPN over Tor over VPN for instance)

By now you should understand how easy it is to route traffic from one VM to the other with Qubes.

You can create several ProxyVMs for VPN accesses and keep the Whonix one for Tor. You just need to change the NetVM settings of the various VMs to change the layout.

This would result in User > VPN > Tor > VPN > Internet (VPN over Tor over VPN). Experiment for yourself. Qubes OS is great for these things.

Setup a safe Browser within Qubes OS (optional but recommended):

Fedora Disposable VM:

Whonix Disposable VM:

Additional browser precautions:

Setup an Android VM:

If you can use Tor (natively or over a VPN):

If you cannot use Tor:

Installation:

This should pop up an Android interface. Sometimes it will crash, and you might have to run it twice to make it work.

That’s it, you should now have an Android Qube over Tor (or anything else) capable of running pretty much any App you can sideload with ADB. This is, for now, and IMHO, the easiest way to get Android emulation on Qubes OS.

KeePassXC:

You will need something to store your data (logins/passwords, identities, and TOTP³⁸⁰ information).

For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA³⁸¹ authentication with the authenticator feature.

In the context of Qubes OS you should store your sensitive information within the Domain-vault Qube:

Creating your anonymous online identities:

Understanding the methods used to prevent anonymity and verify identity:

Captchas:

Captcha³⁸² stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” are Turing tests³⁸³ puzzles you need to complete before accessing a form/website. You will mostly encounter those provided by Google (reCAPTCHA service³⁸⁴) and Cloudflare (hCaptcha³⁸⁵). hCaptcha is used on 15% of the internet by their own metrics³⁸⁶.

They are designed to separate bots from humans but are also clearly used to deter anonymous and private users from accessing services.

If you often use VPNs or Tor, you will quickly encounter many captchas everywhere³⁸⁷. Quite often when using Tor, even if you succeed in solving all the puzzles (sometimes dozens in a row), you will still be denied after solving the puzzles.

While most people think those puzzles are only about solving a little puzzle, it is important to understand that it is much more complex, and that modern Captchas uses advanced machine learning and risk analysis algorithms to check if you are human³⁸⁸:

It is also highly likely that those platforms could already reliably identify you based on the unique way you interact with those puzzles. This could work despite obfuscation of your IP address / Browser and clearing all cookies.

You will often experience several in a row (sometimes endlessly) and sometimes exceedingly difficult ones involving reading undecipherable characters or identifying various objects on endless pictures sets. You will also have more captchas if you use an ad-blocking system (uBlock for example) or if your account was flagged for any reason for using VPNs or Tor previously.

You will also have (in my experience) more Captchas (Google’s reCAPTCHA) if you do not use a Chromium-based browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser extension called Buster that could help you those https://github.com/dessant/buster ^{[Archive.org]}.

As for Cloudflare (hCaptcha), you could also use their Accessibility solution here (https://www.hcaptcha.com/accessibility ^{[Archive.org]}) which would allow you to sign-up (with your anonymous identity created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution to mitigate hCaptcha would be to use their own solution called “Privacy Pass”³⁹¹ https://privacypass.github.io/ ^{[Archive.org]} in the form of a Browser extension you could install in your VM Browser.

You should therefore deal with those carefully and force yourself to alter the way you are solving them (speed/movement/accuracy/…) to prevent “Captcha Fingerprinting”.

Fortunately, as far as we are aware, these are not yet officially/publicly used to de-anonymize users for third parties.

To not have those issues, you should consider using a VPN over Tor. And the best option to avoid those is likely to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server.

Phone verification:

Phone verification is advertised by most platforms to verify you are human. But do not be fooled, the main reason for phone verification is not only to check if you are human but also to be able to de-anonymize you if needed.

Most platforms (including the privacy-oriented ones such as Signal/Telegram/Proton will require a phone number to register, and most countries now make it mandatory to submit a proof of ID to register³⁹².

E-Mail verification:

E-Mail verification is what used to be enough but is not anymore in most cases. What is important to know is that open e-mail providers (disposable e-mail providers for instance) are flagged as much as open proxies (like Tor).

Most platforms will not allow you to register using an “anonymous” or disposable e-mail. As they will not allow you to register using an IP address from the Tor network.

The key thing to this is that it is becoming increasingly difficult to sign-up for a free e-mail account anywhere without providing (you guessed it) … a cell phone number. That same cell phone number can be used conveniently to track you down in most places.

It is possible that those services (Proton for instance) might require you to provide an e-mail address for registration. In that case, we would recommend you create an e-mail address from these providers:

Keep in mind that those do not provide a zero-access design (a zero-access design is where only you can access your e-mail - not even the service’s admins can read your messages). This means they can access your e-mail at rest in their database.

A note about Riseup:

RiseUp’s warrant canary has been renewed late, with their Twitter posting a cryptic message seeming to tell users not to trust them. Due to the suspicious situation, this guide can no longer recommend them.

_{For the https://riseup.net [Tor Mirror] (It has come to my attention that the site now, unfortunately, requires an invitation from a current registered user)}

Protecting your anonymous online identities e-mails using Aliasing services:

If you want to avoid communicating your anonymous e-mail addresses to various parties. We would strongly suggest considering using e-mail aliasing services such as:

These services will allow creating random aliases for your anonymous e-mail (on Proton for example) and could increase your general privacy if you do not want to disclose that e-mail for any purpose. They are both recommended by Privacyguides.org and Privacytools.io. I’m recommending them as well.

User details checking:

Obviously, Reddit does not do this (yet), but Facebook most likely does and will look for “suspicious” things in your details (which could include face recognition).

Proof of ID verification:

The deal-breaker in most cases. As far as we know, only Facebook and LinkedIn (outside of financial services) have requested such verifications which involve sending pictures of some form of identification (passport, national ID card, driver’s license …). The only way to do this would involve creating fake official documents (forgery) using some decent Photoshop skills and this might be illegal in most places.

Therefore, this is a line we are not going to help you cross within this guide. Some services are offering such services online, but we think they are bad actors and are overstepping their boundaries.

In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated financial services may request proof of identification. So, the legality of asking for such documents is debatable and we beieve such platforms should not be allowed to require those.

In few countries (like Germany), this practice is illegal and online platforms such as Facebook or LinkedIn are legally bound to allow you to use a pseudonym and remain anonymous.

IP Filters:

As stated previously in this guide, many platforms will apply filters on the IPs of the users. Tor exit nodes are publicly listed, and VPN exit servers are “well known”. There are many commercial and free services providing the ability to block those IPs with ease (hi Cloudflare).

Many platforms’ operators and administrators do not want traffic from these IPs as they often drive a lot of unlawful/malicious/unprofitable traffic to their platforms. Usually using the same excuses:

Fortunately, those systems are not perfect, and you will (still) be able to get around those restrictions by switching identities (in the case of Tor) and looking trying to access the website each time until you find an Exit Node that is not block-listed (yet).

The tolerance is much higher with VPNs as they are not considered “open proxies” but that will not stop many platforms from making them hard to use by forcing increasingly difficult captchas on most VPN users.

For this reason, this guide does recommend the use of VPN over Tor (and not Tor over VPN) in certain use cases. Remember that the best option to avoid those is to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server.

Browser and Device Fingerprinting:

Browser and Device³⁹³ Fingerprinting are usually integrated into the Captcha services but also in other various services.

Many platforms (like Google³⁹⁴) will check your browser for various capabilities and settings and block Browsers they do not like. This is one of the reasons we recommend using Chromium-based Browsers such as Brave Browser over Tor Browser within this VM.

Chances are you will find your browser fingerprint unique no matter what you do.

Human interaction:

Some platforms will add this as a bonus step and require you to have an actual human interaction with a customer care representative. Usually by e-mail but sometimes by chat/phone. They will want to verify that you exist by asking you to reply to an e-mail/chat/phone call.

It is annoying but quite easy to deal with in our case. We are not making bots. This guide is for humans making human accounts.

User Moderation:

Many platforms will delegate and rely on their users to moderate the others and their content. These are the “report” features that you will find on most platforms.

Getting reported thousands of times does not matter when you are Donald Trump or Kim Kardashian but if you as a sole “friendless” anonymous user gets reported even once, you might get suspended/flagged/banned instantly.

Behavioral Analysis:

Financial transactions:

Simple and efficient, some platforms will require you to perform a financial transaction to verify your account sometimes under the pretext of verifying your age. This could be a credit card verification or an exceedingly small amount bank wire. Some will accept a donation in a main cryptocurrency like Bitcoin or Ethereum.

While this might seem innocent, this is obviously an ID verification and de-anonymization method. This is just indirectly relying on third-party financial KYC³⁹⁵ regulations.

This is for instance now the case on YouTube for some European Users³⁹⁶ but also used by services like Amazon that requires a valid payment method for creating an account.

Sign-in with some platform:

“Why do this user-verification ourselves when we can just ask others to deal with it?”

You will notice this, and you probably already encountered this. Some apps/platforms will ask/require you to sign in with a well-known and well-used reputable platform instead of their own system (Sign-in with Google/Facebook/Apple/Twitter).

This option is often presented as the “default one”, hiding away the “Sign-in with e-mail and password” with clever Dark Patterns³⁹⁷ and unfortunately sometimes needed.

This method will delegate the verification process on those platforms instead of assuming that you will not be able to create an anonymous Google/Facebook/Apple/Twitter account with ease.

Live Face recognition and biometrics (again):

This is a common method used on some Crypto trading platforms and some dating Apps.

Some platforms/apps will require you to take a live picture of yourself either doing something (a wink, holding an arm up …) or showing a custom piece of information (a handwritten text, a passport, or ID) within the picture. Sometimes the platform/app will require several pictures to increase their certainty.

This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you with other means anyway) and some dating apps like Tinder³⁹⁸. Unfortunately, this method is now also sometimes being used on Facebook³⁹⁹ and Instagram as part of their verification methods (tho we did not face it yet so far).

In some cases, these verifications must be done from your Smartphone and with an “in-app” camera to prevent you from sending a previously saved (edited) image.

Recently even platforms such as PornHub decided to implement similar measures in the future⁴⁰⁰.

This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use “deep fake” technology software such as the open-source FaceSwap https://github.com/deepfakes/faceswap ^{[Archive.org]} to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo).

Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such “face swaps” on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project https://github.com/iperov/DeepFaceLive ^{[Archive.org]}.

Manual reviews:

These can be triggered by any of the above and just means someone (usually specialized employees) will review your profile manually and decide whether it is real or not based on their subjective opinion.

Some countries have even developed hotlines where you can report any subversive content⁴⁰¹.

Pros: Usually that verdict is “final”, and you will probably avoid further issues if you are good.

Cons: Usually that verdict is “final”, and you will probably be banned without any appeal possibility if you are not good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when trying to appeal that specific identity (this happens on Instagram for instance where if your account gets “suspended” obviously by some manual review, trying to complete the appeal form will just throw an error and tell you to try again later (We have been trying this same appeal for that identity for the past 6 months at least).

Getting Online:

Now that you have a basic understanding of all the ways you can be de-anonymized, tracked, and verified. Let us get started at evading these while staying anonymous. Remember:

So what? Well instead of not trusting anyone or anything, we would advise to “Trust but verify”⁴⁰² (or “Never trust, always verify” if you are more hardcore about it and want to apply Zero-Trust Security⁴⁰³) instead.

Creating new identities:

This is the fun part where you will now create your identities from thin air. These identities do not exist but should be plausible and look “organic”. They should ideally have a story, a “legend” (yes this is the real term for this⁴⁰⁴).

All these should be crafted carefully for every single identity, and you should be incredibly careful to stick to the details of each legend when using those identities. Nothing can leak that could lead to your real persona. Nothing could leak that could compromise the consistency of your legend. Everything should always be consistent.

Now is also the moment where you could finally consider getting an online phone number as explained in the Online Phone Number (less recommended) section.

We will help you bit by listing a few tips we learned while researching over the years (disclaimer: this is based on my individual experiences alone):

Slight issue tho: MyHeritrage.com bans Tor Exit nodes so you might have again to consider VPN over Tor for this.

Note: If you are having trouble finding an exit node in the country of your choice you can force using specific countries for Exit Nodes (and therefore exit countries) on Tor by editing the torrc file on the Whonix Gateway or even the Tor Browser:

Checking if your Tor Exit Node is terrible:

Skip this if you are using a VPN/Proxy over Tor (tho you can also do the same checks with a VPN exit node if you want).

Not all Tor Exit nodes are equal. This is mostly due to what type of “exit policy” their operator applies to them.

Some Tor Exit nodes are seen are more or less “clean” and will only show up in the Tor Exit nodes lists. Some other Tor Exit nodes are seen as “dirty” and will show up in dozens of various blocklists. So how do you know if you are on a clean one or a bad one? It is not that simple.

If you are using Tor Browser Bundle (not on Whonix Workstation, on Tails, or on the Host/Guest OS):

If you are using Tor Browser on the Whonix Workstation:

If you are not using Tor Browser on a guest non-whonix VM behind the Whonix Gateway:

The Real-Name System:

Unfortunately, not using your real identity is against the ToS (Terms of Services) of many services (especially those owned by Microsoft and Facebook). But don’t despair, as explained in the Requirements, it’s still legal in Germany where the courts have upheld up the legality of not using real names on online platforms (§13 VI of the German Telemedia Act of 2007⁴¹¹’⁴¹²). Fortunately, ToS cannot override laws (yet).

This does not mean that it is illegal in other places but that it might be a breach of their Terms of Services if you do not have the law on your side. Remember this guide only endorses this for German users residing in Germany.

Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and we are not lawyers. Do this at your own risk.

Some platforms are bypassing this requirement altogether by requiring a valid payment method instead (see Financial transactions:). While this does not directly require a real name through their ToS, this has the same results as they usually only accept mainstream (not Monero/Cash) payment methods (such as Visa/MasterCard/Maestro or PayPal) which do require a real-name legally as part of their KYC⁴¹³ regulations. The result is the same and even better than a simple real-name policy you could ignore in some countries such as Germany.

About paid services:

If you intend to use paid services, privilege those accepting cash payments or Monero payments which you can do directly and safely while keeping your anonymity.

Overview:

This section will show you an overview of the current various requirements on some platforms:

The following overview does not mention the privacy practices of those platforms but only their requirements for registering an account. If you want to use privacy-aware tools and platforms, head on to https://privacyguides.org ^{[Archive.org]}.

Below you’ll find a list of “problematic services”. If they’re not below, it means there are no issues at all with anything (like Briar for example)

Amazon:

Service	Against ToS	Requires Phone	Requires E-Mail	VPN Sign-up	Tor Sign-up	Captchas	ID or Financial Checks	Facial Checks	Manual Checks	Overall difficulty
Amazon	No	No	Yes	Yes	Yes	No	Yes*	No	Unclear	N/A
Apple	Yes*	Yes	Yes	Yes	Yes	No	No	No	No	Medium
Binance	Yes*	No	Yes	Yes	No	Yes	No	No	No	Medium
Briar	No	No	No	Yes	Yes	No	No	No	No	Easy
Discord	No	No	Yes	Yes	Yes	Yes	No	No	No	Medium
Element	No	No	No	Yes	Yes	Yes	No	No	No	Easy
Facebook	Yes*	Yes	Yes	Maybe	Maybe	Yes	Maybe	Maybe	Maybe	Hard
GitHub	No	No	Yes	Yes	Yes	Yes	No	No	No	Easy
GitLab	No	No	Yes	Yes	Yes	Yes	No	No	No	Easy
Google	No	Likely	Likely	Yes	Yes	Yes	Maybe	No	Maybe	Medium
HackerNews	No	No	No	Yes	Yes	Yes	No	No	No	Easy
Instagram	Unclear	Likely	Yes	Yes	Yes	Yes	No	Maybe	Maybe	Medium
Jami	No	No	No	Yes	No	No	No	No	No	Easy
iVPN	No	No	No	Yes	Yes	No	No	No	No	Easy
Kraken	Yes*	No	Yes	Yes	No	No	No	No	No	Medium
LinkedIn	Yes*	Yes	Yes	Yes	Yes	Yes	Maybe	Maybe	Maybe	Hard
MailFence	No	No	Yes	Yes	Maybe	Yes	No	No	No	Medium
Medium	No	No	Yes	Yes	Yes	No	No	No	No	Easy
Microsoft	Yes*	Maybe	Maybe	Yes	Yes	Yes	No	No	No	Medium
Mullvad	No	No	No	Yes	Yes	No	No	No	No	Easy
Njalla	No	No	No	Yes	Yes	No	No	No	No	Easy
OnionShare	No	No	No	Yes	Yes	No	No	No	No	Easy
OnlyFans	No	No	Yes	Yes	Yes	Yes	Yes (for full functionalities)	No	No	Hard (for full functionalities)
Proton Mail	No	Maybe	Likely	Yes	Yes	Yes	No	No	No	Medium
Proton VPN	No	No	Yes	Yes	Yes	No	No	No	No	Medium
Reddit	No	No	No	Yes	Yes	No	No	No	No	Easy
Slashdot	Yes*	No	No	Yes	Yes	Yes	No	No	No	Medium
Telegram	No	Yes	No	Yes	Yes	No	No	No	No	Easy
Tutanota	No	No	No	Maybe	No	Yes	No	No	No	Hard
Twitch	No	No	Yes	Yes	Yes	Yes	No	No	No	Easy
Twitter	No	Yes	Yes	Yes	Yes	Yes	No	No	Maybe	Medium
WhatsApp	Yes*	Yes	No	Yes	Yes	No	No	No	No	Medium
4chan	No	No	No	No	No	Yes	No	No	No	Hard

A. Use of Amazon Services on a Product. To use certain Amazon Services on a Product, you must have your own Amazon.com account, be logged in to your account on the Product, and have a valid payment method associated with your account. "

While it does not technically require a real name. It does require a valid payment method. Unfortunately, it will not accept “cash” or “Monero” as a payment method. So instead, they are relying on financial KYC (where a real-name policy is pretty much enforced everywhere).

Because of this valid payment method requirement, we could not test this. While this is seemingly not against their ToS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method anonymously which AFAIK is pretty much impossible or extremely difficult.

Apple:

In order to use the Service, you must enter your Apple ID and password to authenticate your Account. You agree to provide accurate and complete information when you register with, and as you use, the Service (“Service Registration Data”), and you agree to update your Service Registration Data to keep it accurate and complete".

Note that this account will not allow you to set up an Apple mail account. For that, you will need an Apple device.

Binance:

Discord:

You might encounter more issues using the Web Client (Captchas). Especially with Tor Browser.

I suggest using the Discord Client app on a VM through Tor or ideally through VPN/Proxy over Tor to mitigate such issues.

Element:

Facebook:

When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must:

Facebook is one of the most aggressive platforms with identity verification and is pushing hard their “real name policy”. It is why this guide is only advised to German residents.

I also suspect strongly based on my test that the following points have an impact on your likelihood of being suspended over time:

If your account gets suspended, you will need to appeal the decision through a quite simple form that will require you to submit a “proof of ID”. However, that proof of ID verification system is more lenient than LinkedIn and will allow you to send various documents which require far less Photoshop skills.

It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If that is the case, we are afraid it is a dead-end for now unless you use a deepfake face swapping technique.

If you do file an appeal, you will have to wait for Facebook to review it (I do not know whether this is automatic or human) and you will have to wait and hope for them to unsuspend your account.

GitHub:

Be sure to go into Settings > E-Mail and make your e-mail private as well as block any push that would reveal your e-mail.

GitLab:

Google:

Proton is good … but to appear less suspicious, it is simply better to also have a mainstream Google Mail account.

As Proton, Google will also most likely require a phone number during sign-up as part of their verification process. However contrary to Proton, Google will store that phone number during the sign-up process and will also limit the number of accounts that can be created during the sign-up⁴¹⁵’⁴¹⁶.

From my experience during my research, this count is limited to three accounts/phone numbers. If you are unlucky with your number (if it was previously used by another mobile user), it might be less.

You should therefore use again your online phone number OR your burner phone and pre-paid SIM card to create the account. Do not forget to use the identity details you made up earlier (birthdate). When the account is created, please do take some time to do the following:

Keep in mind that there are different algorithms in place to check for weird activity. If you receive any mail (on Proton) prompting about a Google Security Warning. Click it and click the button to say, “Yes it was me”. It helps.

Do not use that account for “sign-up with Google” anywhere unless necessary.

Be extremely careful if you decide to use the account for Google activities (such as Google Maps reviews or YouTube Comments) as those can easily trigger some checks (Negative reviews, Comments breaking Community Guidelines on YouTube).

If your account gets suspended ⁴¹⁷ (this can happen on sign-up, after signing-up or after using it in some Google services), you can still get it unsuspended by submitting⁴¹⁸ an appeal/verification (which will again require your Phone number and possibly an e-mail contact with Google support with the reason). Suspension of the account does not disable the e-mail forwarding, but the suspended account will be deleted after a while.

If your account gets banned, you will have no appeal and the forwarding will be disabled. Your phone number will be flagged, and you will not be able to use it to sign-up on a different account. Be careful when using those to avoid losing them. They are precious.

It is also possible that Google will require an ID check through indirect financial KYC or ID picture check if you try to access/publish mature content on their platform⁴¹⁹.

Instagram:

"You can’t impersonate others or provide inaccurate information. You do not have to disclose your identity on Instagram, but you must provide us with accurate and up-to-date information (including registration information). Also, you may not impersonate someone you are not, and you can’t create an account for someone else unless you have their express permission".

This one is a bit of an Oxymoron don’t you think? So, we are not sure whether it is allowed or not.

It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity (within the app or through an e-mail request). If that is the case, we are afraid it is a dead-end for now.

It is no secret that Instagram is part of Facebook however it is more lenient than Facebook when it comes to user verification. It is quite unlikely you will get suspended or banned after signing up. But it could help.

For instance, we noticed that you will face fewer issues creating a Facebook account if you already have a valid Instagram account. You should always create an Instagram account before trying Facebook.

Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be able to enable Authenticator 2FA from the web for a reason we do not know.

Jami:

Kraken:

LinkedIn:

“To use the Services, you agree that: (1) you must be the”Minimum Age" (described below) or older; (2) you will only have one LinkedIn account, which must be in your real name; and (3) you are not already restricted by LinkedIn from using the Services. Creating an account with false information is a violation of our terms, including accounts registered on behalf of others or persons under the age of sixteen. "

LinkedIn is far less aggressive than twitter but will nonetheless require a valid e-mail (preferably again your Gmail) and a phone number in most cases (tho not always).

LinkedIn however is relying a lot on reports and user/customer moderation. You should not create a profile with an occupation inside a private corporation or a small startup company. The company employees are monitoring LinkedIn activity and receive notifications when new people join. They can then report your profile as fake, and your profile will then be suspended or banned pending appeal.

LinkedIn will then require you to go through a verification process that will, unfortunately, require you to send an ID proof (identity card, passport, driver’s license). This ID verification is processed by a company called Jumio⁴²⁰ that specializes in ID proofing. This is most likely a dead end as this would force you to develop some strong Photoshop skills.

Instead, you are far less likely to be reported if you just stay vague (say you are a student/intern/freelance) or pretend you work for a large public institution that is too large for anyone to care or check.

MailFence:

Medium:

Microsoft:

"i. Creating an Account. You can create a Microsoft account by signing up online. You agree not to use any false, inaccurate, or misleading information when signing up for your Microsoft account".

So yes, it is still possible to create an MS account without a phone number and using Tor or VPN, but you might have to cycle through a few exit nodes to achieve this.

After signing up you should set up 2FA authentication within the security options and using KeePassXC TOTP.

OnlyFans:

Unfortunately, you will be extremely limited with that account and to do anything you will need dot complete their verification process which requires a KYC type financial transaction check. So, not very useful.

Proton:

You obviously need an e-mail for your online identity and disposable e-mails are pretty much banned everywhere.

Proton is a free e-mail provider based in Switzerland that advocates security and privacy.

They are recommended by Privacyguides.org⁴²¹. Their only apparent issue is that they do require (in most cases) a phone number or another e-mail address for registration (when you try to register from a VPN or Tor at least).

They claim they do not store/link the phone/e-mail associated with the registration but only store a hash that is not linked to the account⁴²². If their claim is true and the hash is not linked to your account, and that you followed my guide about the phone number, you should be reasonably safe from tracking.

Reddit:

Reddit is simple. All you need to register is a valid username and a password. Normally they do not even require an e-mail (you can skip the e-mail when registering, leaving it blank).

No issues whatsoever signing up over Tor or VPN besides the occasional Captchas.

Slashdot:

Some areas of the Sites may require you to register with us. When and if you register, you agree to (a) provide accurate, current, and complete information about yourself as prompted by our registration form (including your e-mail address) and (b) to maintain and update your information (including your e-mail address) to keep it accurate, current, and complete. You acknowledge that should any information provided by you be found to be untrue, inaccurate, not current, or incomplete, we reserve the right to terminate this Agreement with you and your current or future use of the Sites (or any portion thereof)".

Telegram:

Telegram is quite straightforward, and you can download their portable Windows app to sign-up and log in.

In most cases, we had no issues whether it was over Tor or VPN, butWehad a few cases where my telegram account was just banned for violating terms of services (not sure which one?). This again despite not using them for anything.

They provide an appeal process through e-mail, but we had no success with getting any answer.

Their appeal process is just sending an e-mail to recover@telegram.org ^{[Archive.org]} stating your phone number and issue and hope they answer.

Tutanota:

Twitter:

Twitter is extremely aggressive in preventing anonymity on its network. You should sign-up using e-mail and password (not phone) and not using “Sign-in with Google”. Use your Gmail as the e-mail address.

More than likely, your account will be suspended immediately during the sign-up process and will require you to complete a series of automated tests to unlock. This will include a series of captchas, confirmation of your e-mail and Twitter handle, or other information. In some cases, it will also require your phone number.

In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter what. In that case, you will have to pick up and hear the verification code. We suspect this is another method of preventing automated systems and malicious users from selling text receiving services over the internet.

Twitter will store all this information and link it to your account including your IP, e-mail, and phone number. You will not be able that phone number to create a different account.

After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for “suspicious activity” or “violating community guidelines” despite you not using it at all (not even a single tweet/follow/like/retweet or DM) but this time by another system. We call this the “Double-tap”.

This time you will need to submit an appeal using a form⁴²³, provide a good reason and wait for the appeal to be processed by Twitter. During that process, you may receive an e-mail (on Proton) asking you to reply to a customer service ticket to prove that you do have access to your e-mail and that it is you. This will be directed toward your Gmail address but will arrive on your Proton.

Do not reply from Proton as this will raise suspicions, you must sign in to Gmail (unfortunately) and compose a new mail from there copy-pasting the E-Mail, Subject, and Content from Proton. As well as a reply confirming you have access to that e-mail.

After a few days, your account should get unsuspended “for good”. No issues after that but keep in mind they can still ban your account for any reason if you violate the community guidelines. The phone number and e-mail will then be flagged, and you will have no other option but to get a new identity with a new number to sign-up again. Do not use this account for trolling.

Twitch:

Note that you will not be able to enable 2FA on Twitch using only e-mail. This feature requires a phone number to enable.

WhatsApp:

“Registration. You must register for our Services using accurate information, provide your current mobile phone number, and, if you change it, update your mobile phone number using our in-app change number feature. You agree to receive text messages and phone calls (from us or our third-party providers) with codes to register for our Services”.

4chan:

4chan is 4chan … This guide will not explain 4chan to you. They block Tor exit nodes and known VPN IP ranges.

You are going to have to find a separate way to post there using at least seven proxies⁴²⁴ that are not known by 4chan blocking system (hint: Anonymous VPS using Monero is probably your best option).

Crypto Wallets:

Use any crypto wallet app within the Windows Virtual Machine. But be careful not to transfer anything toward an Exchange or a known Wallet. Crypto is in most cases NOT anonymous and can be traced back to you when you buy/sell any (remember the Your Cryptocurrencies transactions section).

If you really want to use Crypto, use Monero which is the only one with reasonable privacy/anonymity.

Ideally, you should find a way to buy/sell crypto with cash from an unknown person.

What about those mobile-only apps (WhatsApp/Signal)?

There are only three ways of securely using those anonymously (that we would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, “tedious” to say the least.

There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not even possible on IOS as far as we know). By reliable, we mean being sure that the smartphone will not leak anything such as geolocation or anything else from booting up to shutting down.

Anything else:

It should work in most cases with most platforms. The hardest platform to use with full anonymity is Facebook.

This will obviously not work with banks and most financial platforms (such as PayPal or Crypto Exchanges) requiring actual real official and existing identification. This guide will not help you there as this would be illegal in most places.

How to share files privately and/or chat anonymously:

There are plenty of messaging apps everywhere. Some have excellent UI and UX and terrible Security/Privacy. Some have excellent Security/Privacy but terrible UI and UX. It is not easy to pick the ones that you should use for sensitive activities. So, this section will help you do that.

Before going further, there are also some key basic concepts you should understand:

End-to-end Encryption:

End-to-end Encryption⁴²⁵ (aka e2ee) is a rather simple concept. It just means only you and your destination know each-others public encryption keys and no one in between that would be eavesdropping would be able to decrypt the communication.

For these reasons, it is always important to check the claims of various apps. Open-Source apps should always be preferred to verify what kind of encryption they are using and if their claims are true. If not open source, such apps should have an openly available independent (made by a reputable third party) report confirming their claims.

Roll your own crypto:

Always be cautious of apps rolling their own crypto until it has been reviewed by many in the crypto community (or even better published and peer-reviewed academically). Again, this is harder to verify with closed-source proprietary apps.

It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, auditing, testing… And since you are probably not a cryptanalyst (and we are not either), chances are high we are not competent to assess the cryptography of some apps.

Forward Secrecy:

Forward Secrecy⁴²⁶ (FS aka PFS for Perfect Forward Secrecy) is a property of the key agreement protocol of some of those messaging apps and is a companion feature of e2ee. This happens before you establish communication with the destination. The “Forward” refers to the future in time and means that every time you establish a new e2ee communication, a new set of keys will be generated for that specific session. The goal of forward secrecy is to maintain the secrecy of past communications (sessions) even if the current one is compromised. If an adversary manages to get hold of your current e2ee keys, that adversary will then be limited to the content of the single session and will not be able to easily decrypt past ones.

This has some user experience drawbacks like for instance, a new device could not be able to conveniently access the remotely stored chat history without additional steps.

So, in short, Forward Secrecy protects past sessions against future compromises of keys or passwords.

Some providers and apps claiming to offer e2ee do not offer FS/PFS sometimes for usability reasons (group messaging for instance is more complex with PFS). It is therefore important to prefer open-source apps providing forward secrecy to those that do not.

Zero-Access Encryption at rest:

Zero-Access Encryption⁴²⁷ at rest is used when you store data at some provider (let us say your chat history or chat backups) but this history or backup is encrypted on your side and cannot be read or decrypted by the provider hosting it.

Zero-Access encryption is an added feature/companion to e2ee but is applied mainly to data at rest and not communications.

So again, it is best to prefer Apps/Providers that do offer Zero-Access Encryption at rest and cannot read/access any of your data/metadata even at rest and not only limited to communications.

Such a feature would have prevented important hacks such as the Cambridge Analytica scandal⁴²⁸ if it were implemented.

Metadata Protection:

For Instance, WhatsApp might not know what you are saying but they might know who you are talking to, how long and when you have been talking to someone, who else is in groups with you, and if you transferred data with them (such as large files).

End-to-end Encryption does not in itself protect an eavesdropper from harvesting your metadata.

This data can also be protected/obfuscated by some protocols to make metadata harvesting substantially harder for eavesdroppers. This is the case for instance with the Signal Protocol which does offer some added protection with features like:

Other Apps like Briar or OnionShare will protect metadata by using the Tor Network as a shield and storing everything locally on-device. Nothing is stored remotely, and all communications are either direct using proximity wi-fi/Bluetooth or remotely through the Tor network.

Most apps however and especially closed-source proprietary commercial apps will collect and retain your metadata for various purposes. And such metadata alone is enough to figure out a lot of things about your communications.

Again, it is important to prefer open-source apps with privacy in mind and various methods in place to protect not only the content of communications but all the associated metadata.

Open-Source:

Finally, Open-Source apps should always be preferred because they allow third parties to check actual capabilities and weaknesses vs claims of marketing departments. Open-Source does not mean the app should be free or non-commercial. It just means transparency.

Comparison:

App⁰	e2ee¹	Roll Your Own Crypto	Perfect Forward Secrecy	Zero-Access Encryption at-rest⁵	Metadata Protection (obfuscation, encryption…)	Open-Source	Default Privacy Settings	Native Anonymous Sign-up (no e-mail or phone)	Possible through Tor	Privacy and Security Track Record ***	De-centralized	Additional notes
Berty (avoid)	Yes	No	Yes	Yes	Yes	Yes ¹³	Good	Yes	Yes	Good	Yes (peer to peer)	Not sufficiently reviewed by this project, cannot recommend
Briar (preferred)	Yes	No ¹	Yes	Yes	Yes (strong)	Yes	Good	Yes	Natively³	Good	Yes (peer to peer)
Cwtch (preferred)	Yes	No	Yes	Yes	Yes (strong)	Yes	Good	Yes	Natively	Good	Yes (peer to peer)
Discord (avoid)	No	Closed-source⁷	No	No	No	No	Bad	E-Mail Required	Virtualization	Bad	No
Element / Matrix.org (preferred)	Yes (opt-in)	No	Yes	Yes	Poor²	Yes	Good	Yes	Via Proxy³ or Virtualization	Good	Partial (federated servers)
Facebook Messenger (avoid)	Partial (Only 1to1 / opt-in)	Closed-source⁷	Yes	No	No	No	Bad	E-Mail and Phone required	Virtualization	Bad	No
OnionShare (preferred)	Yes	No	TBD⁸	TBD⁸	Yes (strong)	Yes	Good	Yes	Natively	Good	Yes (peer to peer)
Apple Messages (aka iMessage)	Yes	Closed-source⁷	No	Partial	No	No	Good	Apple device Required	Maybe Virtualization using real Apple device ID	Bad	No
IRC	Yes (OTR plugins)	No	No	No	No	Yes	Bad	Yes	Via Proxy³ or Virtualization	Good	No
Jami (preferred)	Yes	No³	Yes	Yes	Partial	Yes	Good	Yes	Via Proxy³ or Virtualization⁹	Good	Partial	Tor breaks some features
KakaoTalk (avoid)	Yes	Closed-source⁷	No⁴	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
Keybase	Yes	No	Partial (exploding message)	No	No	Yes	Good	E-Mail Required			No
Kik (avoid)	No	Closed-source⁷	No	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
Line (avoid)	Partial (opt-in)	Closed-source⁷	No	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
Pidgin with OTR (avoid)	Yes (OTR⁵)	No	Yes	No	No	Yes	Bad	Yes	Via Proxy³ or Virtualization	Bad⁶	No
Tox (avoid)	Yes	No	No	No	No	Yes	Good	Yes	Via Proxy³ or Virtualization	Medium⁷	Yes	Known cryptographic weaknesses¹⁴
Session (Preferred only on iOS)	Yes	No	No	Yes	Yes	Yes	Good	Yes	Via Proxy³ or Virtualization¹⁰	Good	Yes	Lacks PFS, deniability
Signal	Yes	No	Yes	Yes	Yes (moderate)	Yes	Good	Phone Required	Virtualization	Good	No	Requires burner or anonymous VOIP number for anonymous usage
Skype (avoid)	Partial (Only 1to1 / opt-in)	Closed-source⁷	No	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
SnapChat (avoid)	No	Closed-source⁷	No	No	No	No	Bad	No (but possible)	Virtualization	Bad	No	Deleted/expired messages are easily recoverable¹⁵,¹⁶
Teams (avoid)	Yes	Closed-source⁷	No	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
Telegram	Partial (Only 1to1 / opt-in)	Yes (MTProto⁸)	Partial (secret chats only)	Yes	No	Partial⁵	Medium (e2ee off by default)	Phone Required	Via Proxy³ or Virtualization	Medium⁹	No
Viber (avoid)	Partial (Only 1to1)	Closed-source⁷	Yes	No	No	No	Bad	No (but possible)	Virtualization	Bad	No
WeChat (avoid)	No	Closed-source⁷	No	No	No	No	Bad	No	Virtualization	Bad	No
WhatsApp (avoid)	Yes	Closed-source⁷	Yes	No	No	No	Bad	Phone Required	Virtualization	Bad	No
Wickr Me	Partial (Only 1to1)	No	Yes	No	Yes (moderate)	No	Good	Yes	Virtualization	Good	No
Gajim (XMPP) (preferred)	Yes	No	Yes	No	No	Yes	Good	Yes	Via Proxy³ or Virtualization	Good	Partial
Zoom (avoid¹⁰)	Disputed¹¹	No	TBD⁸	No	No	No	Bad	E-Mail Required	Virtualization	Bad¹²	No	Malware risk¹⁷

Briar Documentation, Bramble Transport Protocol version 4 https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md ^{[Archive.org]}↩︎
Serpentsec, Matrix https://web.archive.org/web/https://serpentsec.1337.cx/matrix ↩︎
Wikipedia, GnuTLS, https://en.wikipedia.org/wiki/GnuTLS ^[Wikiless] ^{[Archive.org]}↩︎
KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A Security and Privacy Audit of KakaoTalk’s End-to-End Encryption www.diva-portal.org/smash/get/diva2:1046438/FULLTEXT01.pdf ^{[Archive.org]}↩︎
Wikipedia, OTR https://en.wikipedia.org/wiki/Off-the-Record_Messaging ^[Wikiless] ^{[Archive.org]}↩︎
Pidgin Security Advisories, https://www.pidgin.im/about/security/advisories/ ^{[Archive.org]}↩︎
Whonix Forum, Tox Integration https://forums.whonix.org/t/tox-qtox-whonix-integration/1219 ^{[Archive.org]}↩︎
Telegram Documentation, MTProto Mobile Protocol https://core.telegram.org/mtproto ^{[Archive.org]}↩︎
Wikipedia, Telegram Security Breaches, https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches ^[Wikiless] ^{[Archive.org]}↩︎
TechCrunch, Maybe we shouldn’t use Zoom after all, https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ ^{[Archive.org]}↩︎
The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing https://theintercept.com/2020/03/31/zoom-meeting-encryption/ ^{[Tor Mirror]} ^{[Archive.org]}↩︎
Serpentsec, Secure Messaging: Choosing a chat app https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app ↩︎
Berty, Development, https://berty.tech ↩︎
Tox Handshake Vulnerable to KCI, https://github.com/TokTok/c-toxcore/issues/426 ↩︎
The Guardian, Deleted Snapchat photos recovered ‘within days’ by forensics company, https://www.theguardian.com/technology/2013/may/09/snapchat-photos-not-deleted ↩︎
The Guardian, Snapchat’s expired snaps are not deleted, just hidden, https://web.archive.org/web/20131115224243/https://www.theguardian.com/media-network/partner-zone-infosecurity/snapchat-photos-not-deleted-hidden ↩︎
The Guardian, ‘Zoom is malware’: why experts worry about the video conferencing platform, https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing ↩︎

Some apps like Threema and Wire were excluded from this comparison due to not being free and not accepting anonymous cash methods such as Cash/Monero.

Conclusion:

We will recommend these options in that order (as also recommend by Privacyguides.org⁴³²’⁴³³ except for Session and Cwtch):

** Note that these options (Briar, Cwtch, and OnionShare) do not support multi-devices yet. Your information is strictly stored on the device/OS where you are setting it up. Do not use those on a non-persistent OS unless you want ephemeral use.

Any safe options for mobile devices? Yes, but these are not endorsed/recommended except Briar on Android. Remember also that this guide discourages the use of smartphones for sensitive activities in general.

Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).

WhileWedo not recommend most of the messaging platforms for the various reasons outlined above (phone number and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this guide (virtualization behind a Tor Gateway on a non-persistent OS).

The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto choices but also because they allow convenient anonymous sign-up without going through the many hassles of having a phone number/e-mail verification method and are open source. Those should be privileged in most cases.

We do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, we strongly recommend against using Signal if possible.

How to share files publicly but anonymously:

Redacting Documents/Pictures/Videos/Audio safely:

You might want to self-publish some information safely and anonymously in the form of writing, pictures, videos, …

While the commercial alternatives are feature-rich, they are also proprietary closed-source and often have various issues such as:

It is possible to use commercial software for making sensitive documents, but you should be extra careful with all the options in the various Apps (commercial or free) to prevent any data leak from revealing information about you.

Here is a comparative table of recommended/included software compiled from various sources (PrivacyGuides.org, Whonix, Tails, Prism-Break.org, and me). Keep in mind my recommendation considers the context of this guide with only sporadic online presence on a need basis.

Type	Whonix	Prism-Break.org	PrivacyGuides.org	Tails	This guide
Offline Document Editing	LibreOffice	N/A	LibreOffice*	LibreOffice	LibreOffice, Notepad++
Online Document Editing (collaboration)	N/A	Cryptpad.fr	Cryptpad.fr, Etherpad.org, Privatebin.net	N/A	Cryptpad.fr, Etherpad.org, Privatebin.net
Pictures Editing	Flameshot (L)	N/A	N/A	GIMP	GIMP
Audio Editing	Audacity	N/A	N/A	Audacity	Audacity
Video Editing	Flowblade (L)	N/A	N/A	N/A	Flowblade (L) Olive (?) OpenShot (?) ShotCut (?)
Screen Recorder	Vokoscreen	N/A	N/A	N/A	Vokoscreen
Media Player	VLC	N/A	N/A	VLC	VLC
PDF Viewer	Ristretto (L)	N/A	N/A	N/A	Browser
PDF Redaction	PDF-Redact Tools (L)	N/A	N/A	PDF-Redact Tools (L)	LibreOffice, PDF-Redact Tools (L)

Legend: * Not recommended but mentioned. N/A = Not Included or absence of recommendation for that software type. (L)= Linux Only but can maybe be used on Windows/macOS through other means (HomeBrew, Virtualization, Cygwin). (?)= Not tested but open-source and could be considered.

In all cases, we strongly recommend only using such applications from within a VM or Tails to prevent as much leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See Removing Metadata from Files/Documents/Pictures).

Communicating sensitive information to various known organizations:

You might be interested in communicating information to some organization such as the press anonymously.

For this, we strongly recommend the use of SecureDrop⁴³⁹ (https://securedrop.org/ ^{[Archive.org]}) which is an open-source project from the Freedom of the Press Foundation.

If not SecureDrop is not available, you could consider any other means of communication, but you should privilege those that are encrypted end to end. Do not ever do this from your real identity but only from a secure environment using an anonymous identity.

Maintenance tasks:

Backing up your work securely:

Do not ever upload encrypted file containers with plausible deniability (hidden containers within them) to most cloud services (iCloud, Google Drive, OneDrive, Dropbox) without safety precautions. This is because most cloud services keep backups/versioning of your files, and such backups/versioning of your encrypted containers can be used for differential analysis to prove the existence of a hidden container.

Instead, this guide will recommend other methods of backing up your stuff safely.

Offline Backups:

These backups can be done on an external hard drive or a USB key. Here are the various possibilities.

Selected Files Backups:

Requirements:

For these back-ups, you will need a USB key or an external hard drive with enough storage capacity to store the files you want to back up.

Veracrypt:

For this purpose, we will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, security, and portability.

Normal File containers:

In this container, you can then store sensitive data manually and or use any backup utility you want to backup files from the OS to that container.

Hidden File containers with plausible deniability:

The process is also fairly simple and similar to the earlier tutorial except for this time you will use the Veracrypt wizard to create a Hidden Veracrypt Volume instead of a Standard Veracrypt Volume.

You can create a Hidden volume within an existing Standard Volume or just use the wizard to create a new one.

Let us say you want a container of 8GB, the Wizard will first create an “outer volume” where you will be able to store decoy information when prompted. Some decoy files (somewhat sensible, plausible but not what you want to hide) should be stored in the decoy volume.

Then Veracrypt will ask you to create a smaller hidden container (for instance 2GB or 4GB) within the outer volume where you can store your actual hidden files.

When you select the file for mounting in Veracrypt, depending on which password you provide, it will mount the Outer decoy volume or the Hidden volume.

You can then mount your hidden volume and use it to store sensitive files normally.

Be careful when mounting the Outer decoy volume to update its content. You should protect the hidden volume from being overwritten when doing this as working in the decoy volume could overwrite data in the hidden volume.

To do this, when mounting the Decoy Volume, select Mount Options and Check the “Protect hidden volume” option and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt documentation: https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html ^{[Archive.org]}

Full Disk/System Backups:

TLDR version: Just use Clonezilla as it worked reliably and consistently with all my tests on all operating systems except for Macs where you should probably use native utilities (Time Machine/Disk utility instead) to avoid compatibility issues and since you are using Native macOS encryption. When using Windows, do not back up a partition containing a hidden OS in case you use Plausible Deniability (as explained before, this backup could allow an adversary to prove the existence of the hidden OS by comparing the last backup to the current system where data will have changed and defeat plausible deniability, use file containers instead).

We made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déjà Dup…) and personally we do not think it is worth it. Instead, we would recommend that you periodically back up your system with a simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour depending on the speed of your destination media.

For backing up single files while you work, we recommend using file containers or encrypted media directly and manually as explained in the earlier section.

Requirements:

You will need a separate external drive with at least the same or more free space available than your source disk. If your laptop has a 250GB disk. You will need at least 250GB of free disk space for the full image backup. Sometimes this will be reduced significantly with compression by the backup utility but as a safety rule, you should have at least the same or more space on your backup drive.

Some general warnings and considerations:

Linux:

Ubuntu (or any other distro of choice):

We will recommend the use of the open-source Clonezilla utility for convenience and reliability but there are many other native Linux utilities and methods you could use for this purpose.

QubesOS:

Qubes OS recommends using their own utility for backups as documented here https://www.qubes-os.org/doc/backup-restore/ ^{[Archive.org]}. But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps.

Windows:

We will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial utilities that offer the same functionality, but we do not see any advantage in using any of them vs Clonezilla.

macOS:

So, plug in an external drive and it should prompt you to use it as a Time Machine backup.

It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from the recovery options and you will be also able to use this disk for backing up other devices.

It is possible to also use Clonezilla to clone your Mac Hard Drive, but it could bring hardware compatibility issues and probably will not add much in terms of security. So, for macOS, We are not specifically recommending Clonezilla.

Online Backups:

Files:

Obviously do not ever do/access those backups from unsecured/unsafe devices but only from the secure environments, you picked before.

Self-hosting:

Self-hosting (using Nextcloud for instance) is also a possibility provided you do have an anonymous hosting

Cloud-hosting:

We are currently not aware of any online storage/hosting platform accepting cash payments unlike providers mentioned before.

If you do intend to store sensitive data on “mainstream platforms” (Dropbox, Google Drive, OneDrive…), remember not to ever store plausible deniability containers on those and remember to encrypt and check (for metadata…) anything locally before uploading there. Either with software like Veracrypt or with a software like Cryptomator (https://cryptomator.org/). Do not ever upload non-encrypted files on those platforms and repeating myself, only access them from a secure shielded VM.

Information:

On these providers, you can just create a password-protected pad with the information you want to store.

Just create a pad, protect it with a password and write your info in it. Remember the address of the pad.

Synchronizing your files between devices Online:

Just use SyncThing, it is the safest and most secure way to synchronize between devices, it is free and open-source, and it can easily be used in a portable way without install from a container that needs syncing.

Covering your tracks:

Understanding HDD vs SSD:

If you intend to wipe your whole HDD laptop, the process is rather straightforward. The data is written at a precise location on a magnetic (hard) platter (why it is called a hard drive) and your OS knows precisely where it is on the platter, where to delete it, and where to overwrite it for secure deletion using simple processes (like just overwriting that location over and over until no traces are left).

On the other hand, if you are using an SSD drive, the process is not as simple as the drive uses several internal mechanisms to extend its lifespan and performance. Three of those processes are of particular interest when it comes to us in this guide. SSD drives are divided themselves into two main categories:

The methods and utilities to manage/wipe them will vary depending on the type of drive you are using. So, it is important you know which one you have inside your laptop.

On most recent laptops, chances are high that it will be one of the middle options (M.2 SATA or M.2 NVMe).

Wear-Leveling.

These drives use a technique called wear leveling⁴⁴². At a high level, wear leveling works as follows. The space on every disk is divided into blocks that are themselves divided into pages, like the chapters in a book are made of pages. When a file is written to disk, it is assigned to a certain set of pages and blocks. If you wanted to overwrite the file in an HDD, then all you would have to do is tell the disk to overwrite those blocks. But in SSDs and USB drives, erasing and re-writing the same block can wear it out. Each block can only be erased and rewritten a limited number of times before that block just will not work anymore (the same way if you keep writing and erasing with a pencil and paper, eventually the paper might rip and be useless). To counteract this, SSDs and USB drives will try to make sure that the number of times each block has been erased and rewritten is about the same so that the drive will last as long as possible (thus the term wear leveling). As a side effect, sometimes instead of erasing and writing the block, a file was originally stored on, the drive will instead leave that block alone, mark it as invalid, and just write the modified file to a different block. This is like leaving the chapter in the book unchanged, writing the modified file on a different page, and then just updating the book’s table of contents to point to the new location. All of this occurs at a very low level in the electronics of the disk, so the operating system does not even realize it has happened. This means, however, that even if you try to overwrite a file, there is no guarantee the drive will actually overwrite it, and that’s why secure deletion with SSDs is so much harder.

Wear-leveling alone can therefore be a disadvantage for security and an advantage for adversaries such as forensics examiners. This feature makes classic “secure deletion” counter-productive and useless and is why this feature was removed on some Operating Systems like macOS (as from version 10.11 El Capitan) where you could enable it before on the Recycle Bin.

Most of those old secure deletion utilities were written with HDD in mind and have no control over wear-leveling and are completely pointless when using an SSD. Avoid them on an SSD drive.

Trim Operations:

So, what now? Well here comes the Trim⁴⁴³ operation. When you delete data on your SSD, your OS should support what is called a Trim operation command and could (should) issue this Trim command to the SSD drive periodically (daily, weekly, monthly…). This Trim command will then let know the SSD drive controller that there are pages within blocks containing data that are now free to be really deleted without deleting anything itself.

Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide (macOS, Windows 10/11, Ubuntu, Qubes OS 4.1.x …).

If Trim operations are not done regularly (or at all), then the data is never deleted pro-actively and at some point, all the blocks and pages will be occupied by data. Your OS will not see this and will just see free space as you delete files, but your SSD controller will not (this is called Write Amplification⁴⁴⁴). This will then force the SSD controller to erase those pages and blocks on the fly which will reduce the write performance. This is because while your OS/SSD can write data to any free page in any bock, erasure is only possible on entire blocks, therefore, forcing your SSD to perform many operations to write new data. Overwriting is just not possible. This will defeat the wear-leveling system and cause performance degradation of your SSD over time. Every time you delete a file on an SSD, your OS should issue a Trim command along with the deletion to let the SSD controller know the pages containing the file data are now free for deletion.

So, Trim itself does not delete any data but just marks it for deletion. Data deleted without using Trim (if Trim has been disabled/blocked/delayed for instance) will still be deleted at some point by the SSD garbage collection or if you want to overwrite what the OS sees at free space. But it might stick around for a bit longer than if you use Trim.

As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by a Trim operation when deleting a file). As explained on https://en.wikipedia.org/wiki/Trim_(computing) ^[Wikiless] ^{[Archive.org]}; the erase operation can only be done on entire blocks (and not on single pages).

In addition to marking files for deletion (on reputable SSD drives), Trim usually makes those unreadable using a method called “Deterministic Read After Trim” or “Deterministic Zeroes After Trim”. This means that if an adversary tries to read data from a trimmed page/block and somehow manages to disable garbage collection, the controller will not return any meaningful data.

Trim is your ally and should always be enabled when using an SSD drive and should offer sufficient reasonable protection. And this is also the reason you should not use Veracrypt Plausible deniability on a Trim enabled SSD as this feature is incompatible with Trim⁴⁴⁵.

Garbage Collection:

Garbage collection⁴⁴⁶ is an internal process running within your SSD drive that looks for data marked for erasure. This process is done by the SSD controller, and you have no control over it. If you go back to the illustration above, you will see that Garbage collection is the last step and will notice that some pages are marked for deletion in a specific block, then copy the valid pages (not marked for deletion) to a different free destination block and then will be able to erase the source block entirely.

Garbage collection in itself does NOT require Trim to function, but it will be much faster and more efficient if Trim is performed. Garbage collection is one of the processes that will actually erase data from your SSD drive permanently.

Conclusion:

So, the fact is that it is very unlikely⁴⁴⁷‘⁴⁴⁸ and difficult for a forensic examiner to be able to recover data from a Trimmed SSD but it is not completely impossible either⁴⁴⁹’⁴⁵⁰’⁴⁵¹ if they are fast enough and have access to extensive equipment, skills, and motivation⁴⁵².

Within the context of this guide which also uses full disk encryption. Deletion and Trim should be reasonably secure enough on any SSD drive and will be recommended as the standard method of deletion.

How to securely wipe your whole Laptop/Drives if you want to erase everything:

So, you want to be sure. To achieve 100% secure deletion on an SSD drive, you will need to use specific SSD techniques (If you are using an HDD drive, skip this part and go to your OS of choice):

For maximum overkill paranoia security, Sanitize Block Erase option should be preferred but Secure Erase is probably more than enough when considering your drive is already encrypted. Unfortunately, are no free easy (bootable with a graphical menu) all-in-one tools available and you will be left with either going with drive manufacturers provided tools, the free manual hdparm⁴⁵⁴ , and nvme-cli⁴⁵⁵ utilities or going with a commercial tool such as PartedMagic.

This guide will therefore recommend the use of the free utilities hdparm and nvme-cli using a Live System Rescue system.

If you can afford it, just buy Parted Magic for 11$ which provides an easy-to-use graphical tool for wiping SSD drives using the option of your choice⁴⁵⁶’⁴⁵⁷.

Note: Again, before proceeding, you should check your BIOS as some will offer a built-in tool to securely erase your drive (ATA/NVMe Secure Erase or ATA/NVMe Sanitize). If this is available, you should use that, and the following steps will not be necessary. Check this before going ahead to avoid the hassle, see Appendix M: BIOS/UEFI options to wipe disks in various Brands).

Linux (all versions including Qubes OS):

System/Internal SSD:

Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.

External SSD:

If your USB controller and USB SSD disk support Trim and ATA/NVMe secure erase, you could wipe them cautiously using hdparm using the same method as the System Disk above except you will not install Linux on it obviously. Keep in mind tho that this is not recommended (see Considerations above).

If it does not support Trim and/or ATA secure erase, you could (not securely) wipe the drive normally (without passes like an HDD) and re-encrypt it completely using your utility of choice (LUKS or Veracrypt for instance). The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe.

Internal/System HDD:

External/Secondary HDD and Thumb Drives:

Windows:

Unfortunately, you will not be able to wipe your Host OS using the Microsoft built-in tools within the settings. This is because your bootloader was modified with Veracrypt and will make the operation fail. In addition, this method would not be effective with an SSD drive.

System/Internal SSD:

External SSD:

If you are not sure about the Trim support on your USB disk, (not securely) wipe it normally (simple quick format will do) and then encrypt the disk again using Veracrypt or Bitlocker. The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe.

Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit or PrivaZer free space erase options). See Extra Tools Cleaning.

Internal/System HDD:

External/Secondary HDD and Thumb Drives:

macOS:

System/Internal SSD:

In most cases, if your disk was encrypted with Filevault and you just perform a normal erase, it should be “enough” according to them. It is not according to me, so you have no option besides re-installing macOS again and re-encrypt it with Filevault again after re-installing. This should perform a “crypto erase” by overwriting your earlier install and encryption. This method will be quite slow, unfortunately.

If you want to do a faster secure erase (or have no time to perform a re-install and re-encryption), you can try using the method described in Appendix D: Using System Rescue to securely wipe an SSD drive (This will not work on M1 Macs). Be careful tho as this will also erase your recovery partition which is needed to reinstall macOS.

External SSD:

If your USB controller and USB SSD disk support Trim and ATA secure erase, and if Trim is enabled on the disk by macOS, you can just wipe the whole disk normally and data should not be recoverable on recent disks.

If you are not sure about Trim support or want more certainty, you can (not securely) wipe it using macOS disk utility before fully re-encrypting them again using these two tutorials from Apple:

The full disk re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe.

External HDD and Thumb Drives:

How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:

The same principles from the earlier chapters apply to this one. The same issues arise too.

With an HDD drive, you can securely delete files by just deleting them and then apply one or more “passes” to overwrite the data in question. This can be done with many utilities on all OSes.

With an SSD drive, however, again everything becomes a bit complicated because you are never sure anything is really deleted due to wear leveling, reliance on the Trim operation, and garbage collection of the drive. An adversary that has the decryption key of your SSD (whether it is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your drive and then attempt a recovery using classic recovery utilities⁴⁵⁸ and could succeed if the data were not trimmed properly. But this is again highly unlikely.

Since the Trim operation is not continuous on most recent hard drives but scheduled, simply forcing a Trim operation should be enough. But again, the only way to be 100% sure a file is securely deleted from your unlocked encrypted SSD is to again overwrite all the free space after deletion of the files in question or to decrypt/re-encrypt the drive. But this is overkill and not necessary. A simple disk-wide Trim should be sufficient.

Remember tho that no matter the deletion method you use for any file on any medium (HDD drive, SSD, USB Thumb drive). It will probably leave other traces (logs, indexing, shellbags …) within your system and those traces will also need to be cleaned. Also, remember that your drives should be fully encrypted and so this is most likely an extra measure. More on that later in the Some additional measures against forensics section.

Windows:

Remember you cannot use Trim at all if you are using Plausible Deniability on an SSD drive against all recommendations.

System/Internal SSD drive:

At this stage, and just delete the file permanently (empty the recycle bin) and trim/garbage collection will do the rest. This should be sufficient.

If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10/11), you could also force a disk-wide Trim using the Windows native Optimize tool (see Appendix H: Windows Cleaning Tools).

If data were deleted by some utility (for instance by Virtualbox when reverting a snapshot), you could also issue a disk-wide Trim to clean anything remaining using the same Optimize tool.

Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again to force a Trim. You are done. That is probably enough in my opinion.

If you want more security and do not trust the Trim operation, then you will have no option but to either:

Internal/External HDD or a USB Thumb Drive:

In the case of USB thumb drives, consider wiping free space using one of the above utilities after file deletion or wiping them completely using Eraser / KillDisk as instructed previously.

External SSD drive:

If Trim is supported and enabled by Windows for your external SSD drive. There should be no issue in securely deleting data normally just with normal delete commands. Additionally, you could also force a Trim using the Windows native Optimize tool (see Appendix H: Windows Cleaning Tools):

If Trim is not supported or you are not sure, you might have to ensure secure data deletion by:

Linux (non-Qubes OS):

System/Internal SSD drive:

Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to Trim operations and garbage collection.

If you do not want to wait for the periodic Trim (set to Weekly by default in Ubuntu), you could also force a disk-wide Trim by running fstrim --all from a terminal. This will issue an immediate trim and should ensure sufficient security. This utility is part of the util-linux package on Debian/Ubuntu and should be installed by default on Fedora.

If you want more security and do not trust the Trim operation, then you will have no option but to either:

Internal/External HDD drive or a Thumb Drive:

External SSD drive:

If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue an fstrim --all from the terminal to trim the drive. This utility is part of the “util-linux” package on Debian/Ubuntu and should be installed by default on Fedora.

If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility such as:

Linux (Qubes OS):

System/Internal SSD drive:

As with other Linux distros, normal deletion and trim should be sufficient on most SSD drives. So just permanently delete the file (and empty any recycle bin) and it should be unrecoverable due to periodic Trim operations and garbage collection.

As with other Linux Systems, if you want more security and do not trust the Trim operation then you will have no option but to either:

Internal/External HDD drive or a Thumb Drive:

External SSD drive:

If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility from a Qube connected to the USB device in question:

Repeat these steps on any other partition if there are separate partitions on the same SSD drive before deleting the files.

Repeat these steps on any other partition if there are separate partitions on the same SSD drive.

macOS:

System/Internal SSD drive:

Just permanently delete the file (and empty recycle bin) and it should be unrecoverable due to trim operations and garbage collection.

Yes. TRIM operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are performed only after metadata changes are persisted to stable storage".

System/Internal, External HDD drive or a Thumb Drive:

Unfortunately, Apple has removed the secure erase options from the trash bin even for HDD drives⁴⁶⁰. So, you are left with using other tools:

In the case of USB thumb drives, consider wiping them completely using Disk Utility as instructed previously.

External SSD drive:

If Trim is supported and enabled by macOS for your external SSD drive. There should be no issue in securely deleting data.

Some additional measures against forensics:

Note that the same SSD issue discussed in the earlier section will arise here. You can never really be 100% sure your SSD data is deleted when you ask it to do so unless you wipe the whole drive using specific methods above.

We are not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. Without doing that, you will have to trust the SSD Trim operation which in my opinion is enough. It is reasonable and again very unlikely that forensics will be able to restore your files after a Deletion with Trim.

In addition, most of these measures here should not be needed since your whole drive should be encrypted and therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these are just “bonus measures” for weak/unskilled adversaries.

Removing Metadata from Files/Documents/Pictures:

Pictures and videos:

ExifCleaner:

ExifTool:

Remember that ExifTool is natively available on Tails and Whonix Workstation.

Windows Native tool:

Cloaking/Obfuscating to prevent picture recognition:

PDF Documents:

PDFParanoia (Linux/Windows/macOS/QubesOS):

ExifCleaner (Linux/Windows/macOS/QubesOS):

ExifTool (Linux/Windows/macOS/QubesOS):

MS Office Documents:

ExifCleaner:

ExifTool:

LibreOffice Documents:

ExifCleaner:

ExifTool:

All-in-one Tool:

Another option good tool IMHO to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org⁴⁶¹ (https://0xacab.org/jvoisin/mat2 ^{[Archive.org]}) which you can use on Linux quite easily. We never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux.

Mat2 is also pre-installed on the Whonix Workstation VM⁴⁶² and available on Tails by default⁴⁶³.

Tails:

Tails is great for this; you have nothing to worry about even if you use an SSD drive. Shut it down and it is all gone as soon as the memory decays.

Whonix:

macOS:

Guest OS:

Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a Trim command on your Mac using Disk Utility by executing a first-aid on the Host OS again as explained at the end of the next section.

Host OS:

Quarantine Database (used by Gatekeeper and XProtect):

macOS (up to and including Big Sur) keeps a Quarantine SQL Database of all the files you ever downloaded from a Browser. This database is located at ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2.

You can query it yourself by running the following command from terminal: sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 "select * from LSQuarantineEvent"

Lastly, you can also disable Gatekeeper altogether by issuing the following command in the terminal⁴⁶⁴:

In addition to this convenient database, each saved file will also carry detailed file system HFS+/APFS attributes showing for instance when it was downloaded, with what, and from where.

You can view these just by opening a terminal and typing mdls filename and xattr -l filename on any downloaded file from any browser.

(Note that Apple has removed the convenient xattr –c option that would just remove all attributes at once so you will have to do this for each attribute on each file)

These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy (right?), and we are not aware of any convenient tool that will deal with those at the moment.

Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are set by the browsers. So, we tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the results as of the date of this guide:

As you can see for yourself the easiest mitigation is to just use Private Windows. These do not write those origin/quarantine attributes and do not store the entries in the QuarantineEventsV2 database.

Browser	Quarantine DB Entry	Quarantine File Attribute	Origin File Attribute
Safari (Normal)	Yes	Yes	Yes
Safari (Private Window)	No	No	No
Firefox (Normal)	Yes	Yes	Yes
Firefox (Private Window)	No	No	No
Chrome (Normal)	Yes	Yes	Yes
Chrome (Private Window)	Partial (timestamp only)	No	No
Brave (Normal)	Partial (timestamp only)	No	No
Brave (Private Window)	Partial (timestamp only)	No	No
Brave (Tor Window)	Partial (timestamp only)	No	No
Tor Browser	No	No	No

Clearing the QuarantineEventsV2 is easy as explained above. Removing the attributes takes some work. Brave is the only tested browser that will not store those attributes by default in normal operations.

Various Artifacts:

In addition, macOS keeps various logs of mounted devices, connected devices, known networks, analytics, documents revisions…

Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: https://www.titanium-software.fr/en/onyx.html ^{[Archive.org]}. Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years.

Force a Trim operation after cleaning:

Linux (Qubes OS):

If you are using Whonix on Qubes OS, please consider following some of their guides:

Linux (non-Qubes):

Guest OS:

Revert to an earlier snapshot of the Guest VM on Virtualbox (or any other VM software you are using) and perform a trim command on your laptop using fstrim --all. This utility is part of the util-linux package on Debian/Ubuntu and should be installed by default on Fedora. Then switch to the next section.

Host OS:

Normally you should not have traces to clean within the Host OS since you are doing everything from a VM if you follow this guide.

After cleaning up, make sure you have the fstrim utility installed (should be by default on Fedora) and part of the util-linux package on Debian/Ubuntu. Then just run fstrim --all on the Host OS. This should be sufficient on SSD drives as explained earlier.

Windows:

Guest OS:

Revert to an earlier snapshot on Virtualbox (or any other VM software you are using) and perform a trim command on your Windows using the Optimize as explained at the end of the next section

Host OS:

Now that you had a bunch of activities with your VMs or Host OS, you should take a moment to cover your tracks. Most of these steps should not be undertaken on the Decoy OS in case of the use of plausible deniability. This is because you want to keep decoy/plausible traces of sensible but not secret activities available for your adversary. If everything is clean, then you might raise suspicion.

Diagnostic Data and Telemetry:

Then let us re-randomize the MAC addresses of your Virtual Machines and the Bluetooth Address of your Host OS.

Event logs:

Windows Event logs will keep many various pieces of information that could contain traces of your activities such as the devices that were mounted (including Veracrypt NTFS volumes for instance⁴⁶⁵), your network connections, app crash information, and various errors. It is always best to clean those up regularly. Do not do this on the Decoy OS.

Veracrypt History:

By default, Veracrypt saves a history of recently mounted volumes and files. You should make sure Veracrypt never saves History. Again, do not do this on the Decoy OS if you are using plausible deniability for the OS. We need to keep the history of mounting the decoy Volume as part of the plausible deniability:

Now you should clean the history within any app that you used including Browser history, Cookies, Saved Passwords, Sessions, and Form History.

Browser History:

Wi-Fi History:

Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you “forgot” those in the Wi-Fi settings. As far as we know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way:

Shellbags:

As explained earlier, Shellbags are basically histories of accessed volumes/files on your computer. Remember that shellbags are exceptionally useful sources of information for forensics⁴⁶⁶ and you need to clean those. Especially if you mounted any “hidden volume” anywhere. Again, you should not do this on the Decoy OS:

Extra Tools Cleaning:

After cleaning those earlier traces, you should also use third-party utilities that can be used to clean various traces. These include the traces of the files/folders you deleted.

PrivaZer:

BleachBit:

Force a Trim with Windows Optimize (for SSD drives):

With this Native Windows 10/11 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them.

Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation (https://en.wikipedia.org/wiki/Trim_(computing) ^[Wikiless] ^{[[Archive.org]]).}

Removing some traces of your identities on search engines and various platforms:

Chances are your actions (such as posts on various platforms, your profiles) will be indexed (and cached) by many search engines.

Contrary to widespread belief, it is possible to have some but not all this information removed by following some steps. While this might not remove the information on the websites themselves, it will make it harder for people to find it using search engines:

You can check some useful information about how to and get delete various accounts on these websites:

When you are done with this part, you should now handle search engines and while you may not be able to have the information deleted, you can ask them to update/remove outdated information which could then remove some cached information.

Google:

Unfortunately, this will require you to have a Google account to request the update/removal (however this can be done with any Google account from anyone). There is no way around this except waiting.

If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces.

Bing:

Unfortunately, this will require you to have a Microsoft account to request the update/removal (however this can be done with any Microsoft account from any identity). There is no way around this except waiting.

If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces.

DuckDuckGo:

DuckDuckGo does not store a cached version of pages⁴⁶⁹ and will instead forward you to a Google/Bing cached version if available.

In addition, DuckDuckGo source most of their searches from Bing (and not Google)⁴⁷⁰ and therefore removing the content from Bing should in time have it removed it from DuckDuckGo too.

Yandex:

Unfortunately, this will require you to have a Yandex account to request removals (however this can be done with any Yandex account from any identity). There is no way around this except waiting.

There you could input the URL that does not exist anymore if you had them deleted.

This will only work with pages that have been deleted and therefore will not work with removing the cache of existing records. For that unfortunately there is no tool available to force a cache update, but you can still try their feedback tool:

Search for the page that was changed (where your profile was deleted/changed) and click the arrow next to the result. Select Complain. And submit a complaint about the page not matching the search result. Hopefully, this will force Yandex to re-crawl the page and re-index it after some time. This could take days or weeks.

Qwant:

As far as we know, there is no readily available tool to force this, and you will have to wait for the results to get updated if there is any. If you know a way, please report this to us through the GitHub issues.

Yahoo Search:

Yes, Yahoo Search still exists but as per their help page https://help.yahoo.com/kb/SLN4530.html ^{[Archive.org]}, there is no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks.

Baidu:

As far asWeknow, there is no readily available tool to force this unless you control the website (and do it through their webmaster tools). Therefore, you will have to wait for the results to get updated if there is any. If you know a way, please report this to me through the GitHub issues.

Wikipedia:

This will not remove any information about your online identities that could appear in other articles but only your own identity on Wikipedia as a user.

Archive.today:

Some information can sometimes be removed on demand (sensitive information for example) as you can see many examples here: https://blog.archive.today/archive

Internet Archive:

You can remove pages from internet archives but only if you own the website in question and contact them about it. Most likely you will not be able to remove archives from say “Reddit posts” or anything alike. But you could still ask and see what they answer.

You can send an e-mail request for us to review to info@archive.org with the URL (web address) in the text of your message".

Others:

Some low-tech old-school tricks:

Hidden communications in plain sight:

You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure operating systems …) can make you suspicious just by using them. Using could be the equivalent of stating openly “I something to hide” to an observer which could then motivate some adversaries to investigate/survey you further.

So, there are other ways you could exchange or send messages online to others in case of need without disclosing your identity or establishing direct communication with them. These have been in use by various organizations for decades and can be of help if you do not want to attract attention by using secure tech while still communicating some sensitive information without attracting attention.

A commonly used technique that combines the idea of a Dead Drop⁴⁷¹ and Secure Communication Obfuscation⁴⁷² through Steganography⁴⁷³ and/or Kleptography⁴⁷⁴ and has many names such as Koalang⁴⁷⁵ or “Talking Around” or even “Social Steganography”. This technique is very old and still widely used nowadays by teenagers to bypass parental control. It is hiding in plain sight.

Here is one example if you want to let someone know something is wrong and they should go dark? That they should immediately wipe all their data, get rid of their burner phones and sensitive information?

What if you want to let someone you trust (friends, family, lawyers, journalists …) know that you are in trouble, and they should look out for you?

All this without revealing the identity of the person you are sending the message to nor disclosing the content of that message to any third party and without raising suspicions and without using any of the secure methods mentioned above.

Well, you could just use any online public platform for this (Instagram, Twitter, Reddit, any forum, YouTube …) by using in-context (of the chosen platform/media) agreed upon (between you and your contact) coded messages that only your contact would understand.

This could be a set of specific emojis or a specifically worded mundane comment. Or even just a like on a specific post from a known influencer you usually watch and like. While this would look completely normal to anyone, this could mean a lot to a knowledgeable reader who could then take appropriate agreed-upon actions. You could also hide the message using Steganography using for instance https://stegcloak.surge.sh/.

You do not even have to go that far. A simple “Last seen” time on a specific account could be enough to trigger a message agreed upon. If your interlocutor sees that this account was online. It could mean there is an issue.

How to spot if someone has been searching your stuff:

There are some old tricks that you can use to spot if people have been messing with your stuff while you were away.

One trick for instance is quite simple and just requires a wire/cable. Simply lay objects on your desk/night table or in your drawers following a straight line. You can use a simple USB cable as a tool to align them.

Make a line with your cable and place objects along the line. When you are back, just check those places and check if the objects are still placed along the line. This allows you not to remember precisely where your things were without taking pictures.

Fortunately, modern technology has made this even simpler. If you suspect someone might be looking through your stuff while you are away, you can just take a picture of the area with your phone before leaving. When you are back, just compare the areas with your pictures and everything should be exactly where you left it. If anything moved, then someone was there.

It will be extremely hard and time-consuming for an adversary to search through your stuff and then replace it exactly as you left it with complete precision.

What if it is a printed document or book and you want to know if someone read it? Even simpler. Just carefully make a note within the document with a pencil. And then erase it with any pencil eraser as if you wanted to correct it. The trick is to carefully leave the eraser traces/residues on the area you erased/pencil written areas and close the document. You could also take a picture of the residues before closing the document.

Most likely if someone went through your document to read it and re-placed it carefully, this residue will fall off or be moved significantly. It is a simple old-school trick that could tell you someone searched a document you had.

Some last OPSEC thoughts:

Wait, what is OPSEC? Well, OPSEC means Operations Security⁴⁷⁶. The basic definition is: “OPSEC is the process of protecting individual pieces of data that could be grouped together to give the bigger picture”.

OPSEC is often just applying common sense and being cautious about your activities including in the physical world:

FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER THAN TECHNICAL FAILURES.

If you think you got burned:

If you have some time:

If you have no time:

A small final editorial note:

After reading this whole guide, we hope you will have gained some additional beneficial insight about privacy and anonymity. It is clear now, in my humble opinion, that the world we live in has only a few safe harbors remaining where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references should, we hope, reveal to you how far down we are in the rabbit hole.

You should also know that most of the digital information described in length in this guide can be forged or tampered with by a motivated adversary for any purpose. Even if you do manage to keep secrets from prying eyes, anyone can fabricate anything to fit their narrative:

You should not hesitate to question this type of information from any source in this age of disinformation.

“A lie can travel halfway around the world while the truth is putting on its shoes”⁴⁷⁷

Please keep thinking for yourself, use critical thinking, and keep an open mind. “Sapere Aude” (Dare to know!).

“In the end the Party would announce that two and two made five, and you would have to believe it” – George Orwell, 1984, Book One, Chapter Seven.

Donations:

This project has no funding or sponsoring, and donations are more than welcome.

(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of the repository if you do not know how to do that).

Helping others staying anonymous:

If you want to give a hand to users facing censorship and oppression, please consider helping them by helping the Tor Network. You can do so in several ways:

If you want a bit more challenge, you can also run a Tor Exit node anonymously using the recommended VPS providers above.

Acknowledgments:

Appendix A: Windows Installation

This is the Windows 10/11 installation process that should be valid for any Windows 10/11 install within this guide.

Windows 10 (See below for Windows 11)

Installation:

DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process).

Privacy Settings:

Windows 11

Installation:

Privacy Settings:

Appendix B: Windows Additional Privacy Settings

As written earlier in this guide and as noted by PrivacyGuides.org⁴⁷⁸, Windows 10/11 is a privacy nightmare. And disabling everything during and after the installation using the settings available to you is not enough. The amount of telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need to download and use a couple of utilities to (hopefully) force Windows 10/11 into not sending data back to Microsoft.

These measures added to the settings during installation should be hopefully sufficient to prevent Microsoft from snooping on your OS.

You will need to update and re-run those utilities frequently and after any Windows major update as they tend to silently re-enable telemetry using those updates.

As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See https://github.com/beerisgood/windows10_hardening ^{[Archive.org]} (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection…)

Appendix C: Windows Installation Media Creation (Windows 10) or Download (Windows 11)

Windows 10

These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions:

Windows 11

Appendix D: Using System Rescue to securely wipe an SSD drive.

Appendix E: Clonezilla

Each backup could take a while depending on the speed of your laptop and the speed of your external drive. In my experience, expect about 1 hour per backup depending on the drive size and the write speed of your backup media (my tests were done backing up 256GB SSDs on a USB 3.0 7200rpm HDD).

Appendix F: Diskpart

Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, You will use Diskpart to show the Disk ID but also change it if necessary.

This could be needed if you restore a backup on a new HDD/SSD that has an ID that differs from the one backed up and Windows could refuse to boot.

Diskpart can be run from any Windows environment using a command prompt. This includes recovery disks created by utilities such as Macrium Reflect, any Windows Installation media, EaseUS Todo Free rescue disks.

Appendix G: Safe Browser on the Host OS

If you can use Tor:

This guide will only recommend using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous ^{[Archive.org]}: “If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows.”.

This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive activities.

If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges as explained here: https://bridges.torproject.org/ ^{[Archive.org]}

Use this browser for all the next steps within the host OS unless instructed otherwise.

If you cannot use Tor:

Because it is too dangerous/risky/suspicious. We would recommend as a last resort using Firefox, or Brave only using Private Windows for now.

Use this method for all the next steps within the host OS unless instructed otherwise.

Appendix H: Windows Cleaning Tools

In this guide we will recommend two-third native tools and two third-party tools:

I prefer PrivaZer because it has more customization and smarter features, but we would understand if you do not trust them and prefer open-source software in which case we would recommend BleachBit which offers a bit less customization but similar functionalities.

Both these utilities can delete files and can overwrite the free space after deletion to improve secure deletion even on SSD drives. Remember this can reduce the lifespan of your SSD drives a bit.

Appendix I: Using ShredOS to securely wipe an HDD drive:

If you want to go with System-Rescue, just head to their website and follow the instructions.

Windows:

Linux:

Appendix J: Manufacturer tools for Wiping HDD and SSD drives:

Be sure to use the right wipe mode for the right disk. Wipe and Passes are for HDD drives. There are specific options for SSD drives (such as ATA Secure Erase or Sanitize).

Tools that provide a boot disk for wiping from boot:

Tools that provide only support from running OS (for external drives).

Appendix K: Considerations for using external SSD drives

I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, we recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).

So how to check if your external USB SSD supports Trim and other ATA/NVMe operations from your Host OS?

Windows:

Trim Support:

It is possible Windows will detect your external SSD properly and enable Trim by default. Check if Optimize Works using the Windows Native disk utility as explained in the internal SSD section of Windows.

ATA/NVMe Operations (Secure Erase/Sanitize):

Use the manufacturer-provided tools to check and perform these operations … It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo ^{[Archive.org]} but will not actually check if it is working. See Appendix J: Manufacturer tools for Wiping HDD and SSD drives.

If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section.

Linux:

Trim Support:

ATA/NVMe Operations (Secure Erase/Sanitize):

But this seems to be based on anecdotal experiences. So, if you are sure your external SSD supports Trim (see vendor documentation). You could just try at your own risk to use nvme-cli or hdparm to issue secure erases.

macOS:

Trim Support:

According to Apple Documentation⁴⁸³, Trim is supported on APFS (asynchronously) and HFS+ (through period trim or first-aid).

So, if it is supported (and enabled on your external SSD), you should be able to issue a Trim on a non-APFS drive using Disk Utility and First Aid which should issue a Trim.

If your disk supports it but it is not enabled in macOS. You could try issuing a “sudo trimforce enable” command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789 ^{[Archive.org]})

If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here https://cindori.org/trimenabler/ ^{[Archive.org]} which claims support for external drives.

ATA/NVMe Operations (Secure Erase/Sanitize):

We are not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options:

Appendix L: Creating a mat2-web guest VM for removing metadata from files

This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway. Whonix will not easily (AFAIK) allow communications between VMs on its network by default.

You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later.

Or install it from a VM within a VM then move it to host OS for Host-Only usage:

Now you can just start this small mat2 VM when needed, browse to it from your Guest VM and use the interface to remove any metadata from most files.

After each use of this VM, you should revert to the Snapshot to erase all traces.

Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.

Appendix M: BIOS/UEFI options to wipe disks in various Brands

Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS for various brands:

Appendix N: Warning about smartphones and smart devices

Addititionally, if using a smartphone as a burner, know that they send a lot of diagnostics by default. Enough to potentially identify you based on your device usage patterns (a technique known as biometric profiling). You should avoid using your burner unless absolutely necessary, to minimize the information that can be collected and used to identify you.

Note: Please do not consider commercial gimmicky all-in devices for anonymity. The only way to achieve proper OPSEC is by doing it yourself. See those examples to see why it is not a clever idea:

You should never rely on some external commercial service to protect your anonymity.

Appendix O: Getting an anonymous VPN/Proxy

If you follow my advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (Monero). You will later use this VPN to connect to the various services anonymously but never directly from your IP.

Cash/Monero-Paid VPN:

In addition, we will also mention a newcomer to watch: Safing SPN https://safing.io/ ^{[Archive.org]}) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their “SPN”). Note that Safing SPN is not available on macOS at the moment. This possibility is “provisional” and at your own risk, but we think was worth mentioning.

We would not recommend Proton VPN as much because they do require an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also has a tendency to require phone number verification for users who register over Tor.

Do not in any circumstance use this new VPN account unless instructed or connect to that new VPN account using your known connections. This VPN will only be used later in a secure way as we do not trust VPN providers’ “no-logging policies”. This VPN provider should ideally never know your real origin IP (your home/work one for instance).

Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):

The other alternative is setting up your own VPN/Proxy using a VPS (Virtual Private Server) on a hosting platform that accepts Monero (recommended).

This will offer some advantages as the chances of your IP being block-listed somewhere are lower than known VPN providers.

This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial system and then pick a hosting (list here https://www.getmonero.org/community/merchants/#exchanges ^{[Archive.org]}) or from a local reseller using cash from https://localmonero.co.

Do not in any circumstance use this new VPS/VPN/Proxy using your known connections. Only access it through Tor using Whonix Workstation for instance (this is explained later). This VPN will only be used later within a Virtual Machin over the Tor Network in a secure way as we do not trust VPN providers’ “no-logging policies”. This VPN provider should never know your real origin IP.

VPN VPS:

Socks Proxy VPS:

It is probably the easiest thing to set up since you will just use the SSH connection you have to your VPS and no further configuration should be required besides setting the browser of your guest VM to use the proxy in question.

Linux/macOS:

Windows:

Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option

There might be worst-case situations where using Tor and VPNs are not possible due to extensive active censorship or blocking. Even when using Tor Bridges (see Appendix X: Using Tor bridges in hostile environments)

Now, there might also be situations where simply using Tor or a VPN alone could be suspicious and could be dangerous for your safety. If this is the case, you could be in a very hostile environment where surveillance and control are high.

But you still want to do something anonymously without disclosing/leaking any information.

If Tor usage alone is suspicious or risky, you should NOT allow Tails to try establishing a Tor connection at start-up by doing the following:

We would strongly recommend the use of a long-range “Yagi” type directional Antenna with a suitable USB Wi-Fi Adapter. At least this will allow you to connect to public Wi-Fis from a “safe distance” but keep in mind that triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be used during an extended period (minutes at best). See Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance.

Using Tails should prevent local data leaks (such as MAC addresses or telemetry) and allow you to use a Browser to get what you want (utilities, VPN account) before leaving that place as fast as possible.

You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile environments if you want data persistence but this might be riskier. We would not risk it personally unless there was absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable VM in all cases. Never from the Host OS.

If you resort to this, please keep your online time as short as possible (minutes and not hours).

Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:

It is possible to access/connect to remote distant Public Wi-Fis from a distance using a cheap directional Antenna that looks like this:

These antennas are widely available on various online shops for a cheap price (Amazon, AliExpress, Banggood …). The only issue is that they are not discrete, and you might have to find a way to hide it (for instance in a Poster cardboard container in a Backpack). Or in a large enough Bag. Optionally (but riskier) you could even consider using it from your home if you have a nice Window view to various places where some Public Wi-Fi is available.

Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently high power to use them.

Do not forget tho that this will only delay a motivated adversary. Your signal can be triangulated easily by a motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you’re connecting to (for instance using a device such as AirCheck https://www.youtube.com/watch?v=8FV2QZ1BPnw ^[Invidious], also see their other products here https://www.netally.com/products/ ^{[Archive.org]}). These products can easily be deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes.

Ideally, this should “not be an issue” since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security.

Appendix R: Installing a VPN on your VM or Host OS.

Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor):

Important note: Tor does not support UDP, and you should use TCP instead with the VPN client in the Tor over VPN cases (on the VMs).

In all cases, you should set the VPN to start from boot and enable the “kill switch” if you can. This is an extra step since this guide proposes solutions that all fall back on the Tor network in case of VPN failure. Still recommended IMHO.

Appendix S: Check your network for surveillance/censorship using OONI

So, what is OONI? OONI stands for Open Observatory of Network Interference and is a sub-project of the Tor Project⁴⁹¹.

First OONI will allow you to check online for surveillance/censorship in your country just by looking at their Explorer that features test results from other people. This can be done here: https://explorer.ooni.org/

But these tests are limited and could not apply to your personal situation. If that is the case, you could consider running the OONI Probe yourself and running the tests yourself.

The problem is that your network providers will be able to see those tests and your attempts at connecting to various services if the network is monitored. The other issue is that there are solutions to prevent OONI from working properly⁴⁹².

While this might not be important in a normal environment, this could put you at risk in a hostile environment. So, running these tests can be risky.

If you are in such a hostile environment where you suspect network activity is actively monitored and the simple fact of trying to access some resources can put you at risk, you should take some precautions before even attempting this:

Appendix T: Checking files for malware

Integrity (if available):

Usually, integrity checks⁴⁹³ are done using hashes of files (usually stored within checksum files). Older files could use CRC⁴⁹⁴, more recently MD5⁴⁹⁵ but those present several weaknesses (CRC, MD5 ⁴⁹⁶ that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts).

This is because they do not prevent Collision⁴⁹⁷ well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content.

For this reason, it is usually recommended to use SHA-based ⁴⁹⁸ hashes and the most used is probably the SHA-2⁴⁹⁹ based SHA-256 for verifying file integrity. SHA is much more resistant to collisions⁵⁰⁰ than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary.

If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. Note that SHA-1 is not recommended, but is better than not having a hash to compare.

This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone).

In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity.

So how to check checksums? (In this case SHA-256 but you could change to SHA-512

Remember that checksums are just checksums. Having a matching checksum does not mean the file is safe.

Authenticity (if available):

Integrity is one thing. Authenticity is another thing. This is a process where you can verify some information is authentic and from the expected source. This is usually done by signing information (using GPG⁵⁰² for instance) using public-key cryptography⁵⁰³.

Signing can serve both purposes and allow you to check for both integrity and authenticity.

If available, you should always verify the signatures of files to confirm their authenticity.

Security (checking for actual malware):

Every check should ideally happen in sandboxed/hardened Virtual Machines. This is to mitigate the possibilities for malware to access your Host computer.

Anti-Virus Software:

You might be asking yourself, what about Anti-Virus solutions? Well, no … these are not perfect solutions against many modern malware and viruses using polymorphic code⁵⁰⁴. But it does not mean they cannot help against less sophisticated and known attacks. It depends on how to use them as AV software can become an attack vector in itself.

Again, this is all a matter of threat modeling. Can AV software help you against the NSA? Probably not. Can it help you against less resourceful adversaries using known malware? Probably.

Some will just argue against them broadly like Whonix⁵⁰⁵ but this topic is being discussed and disputed even at Whonix⁵⁰⁶ by other members of their community.

Contrary to popular myths perpetuating the idea that only Windows is subject to malware and that detection tools are useless on Linux and macOS:

My take on the matter is on the pragmatic side. There is still room for some AV software for some selective and limited use. But it depends on which one and how you use them:

“When you submit Samples to the Services, if you submit Samples to the Services, You will collect all of the information in the Sample itself and information about the act of submitting it”.

So, remember that any document you submit to them will be kept, shared, and used commercially including the content. So, you should not do that with sensitive information and rely on various local AV scanners (that do not send samples online).

For instance, this guide’s PDF files were submitted to VirusTotal because it is meant to be public knowledge and we see no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check.

Manual Reviews:

You can also try to check various files for malware using various tools. This can be done as an extra measure and is especially useful with documents rather than apps and various executables.

These methods require more tinkering but can be useful if you want to go the extra length.

PDF files:

Now, what if you think the PDF is still suspicious? Fear not … there are more things you can do to ensure it is not malicious:

Other types of files:

Here are some various resources for this purpose where you will find what tool to use for what type:

Even with all those resources, keep in mind you might still get advanced malware if those are not detected by those various tools. Be careful and remember to handle these files within isolated Virtual Machines, if possible, to limit the attack surface and vectors.

Appendix U: How to bypass (some) local restrictions on supervised computers

There might be situations where the only device you have at your disposal is not really yours such as:

The situation might look desperate, but it is not necessarily the case as there are some safe ways to bypass these depending on how well your adversaries did their job securing your computer.

Portable Apps:

There are plenty of methods you could use to bypass those restrictions locally. One of them would be to use portable apps⁵²¹. Those apps do not require installation on your system and can be run from a USB key or anywhere else.

This is because those portable apps will not necessarily hide themselves (or be able to hide themselves) from the usage reports and forensic examination. This method is just too risky and will probably arise issues if noticed if you are in such a hostile environment.

Even the most basic controls (supervision or parental) will send out detailed app usage to your adversary.

Bootable Live Systems:

It is relatively easy for your adversary to prevent this by setting up firmware BIOS/UEFI (see Bios/UEFI/Firmware Settings of your laptop) controls but usually most adversaries will overlook this possibility which requires more technical knowledge than just relying on Software.

This method could even decrease suspicion and increase your plausible deniability as your adversaries think they have things under control and that everything appears normal in their reports.

This method only depends on one security feature (that they probably did not turn on in most cases): Boot Security.

Secure Boot is relatively easy to bypass as there are plenty of Live Systems that are now Secure Boot compliant (meaning they are signed) and will be allowed by your laptop.

The BIOS/UEFI password on the other hand is much harder to bypass without risks. In that case, you are left with two options:

Again, this feature is usually overlooked by most unskilled/lazy adversaries and in my experience left disabled.

The reason is that most of the controls are within your main Operating System software and only monitor what happens within the Operating System. Those measures will not be able to monitor what happened at the Hardware/Firmware level before the Operating System loads.

Precautions:

While you might be able to bypass local restrictions easily using a Live System such as Tails, remember that your network might also be monitored for unusual activities.

Unusual network activities showing up from a computer at the same time your computer is seemingly powered off might raise suspicions.

If you are to resort to this, you should never do so from a monitored/known network but only from a safe different network. Ideally a safe public wi-fi (See Find some safe places with decent public Wi-Fi).

Do not use a live system on a Software supervised/monitored device on a known network.

Appendix V: What browser to use in your Guest VM/Disposable VM

Here is a comparison table of one fingerprinting test of various browsers with their native settings (but Javascript enabled for usability, except for Tor Safest mode).

Disclaimer: these tests while nice are not conclusive of the real fingerprinting resistance. But they can help compare browsers between each other.

Brave:

Browser	https://coveryourtracks.eff.org/ Fingerprinting Test with real Ad
Safari (Normal)*	Fail (Unique)
Safari (Private Window) *	Fail (Unique)
Edge (Normal)**	Fail (Unique)
Edge (Private Window) **	Fail (Unique)
Firefox (Normal)	Fail (Unique)
Firefox (Private Window)	Fail (Unique)
Chrome (Normal)	Fail (Unique)
Chrome (Private Window)	Fail (Unique)
Brave (Normal)	Passed (Randomized)
Brave (Private Window)	Passed (Randomized)
Brave (Tor Window)	Passed (Randomized)
Tor Browser (Normal mode)	Partial
Tor Browser (Safer mode)	Partial
Tor Browser (Safest mode)	Unknown (Result did not load)

This is my recommended/preferred choice for a Browser within your guest VMs. This is not my recommended choice for a Browser within your Host OS where we strictly recommend Tor Browser as they recommend it themselves⁵²².

Ungoogled-Chromium:

This browser is considered a security liability due to their systemic lagging on security patches⁵³⁰.

Edge:

Safari:

Overall, we would not recommend using Safari on a macOS VM but instead, go for another Browser such as Brave or Firefox.

Firefox:

Security (especially sandboxing) of Firefox is arguably weaker than Chromium-based browsers⁵³⁵.

Tor Browser:

If you are extra paranoid and want to use Tor Browser and have “Tor over VPN over Tor”, you could go with Tor Browser within the VM as well. This is IMHO completely pointless/useless.

Appendix V1: Hardening your Browsers:

Brave:

That’s it and you should be pretty much covered. For full paranoia, you can also just “Block Scripts” to disable Javascript. Note that even disabling Javascript might not protect you fully⁵³⁶.

Ungoogled-Chromium:

This browser is considered a security liability due to their systemic lagging on security patches⁵³⁷.

Edge:

Enable Application Guard for Edge (only on Host OS, not possible within a VirtualBox VM):

That’s about it for Edge but you are also free to add extensions from the Chrome Store such as:

Safari:

That’s about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App Store which you cannot do from a macOS VM. Again, we would not recommend sticking to Safari in a macOS VM but instead switching to Brave or Firefox.

Firefox:

Normal settings:

Advanced settings:

Those settings are explained on the following resources in order of recommendation if you want more details about what each setting does:

Here are most of the steps combined from the sources above (some have been omitted due to the extensions recommended later below):

Addons to install/consider:

Bonus resources:

Appendix W: Virtualization

Basically, it is like the Inception movie with computers. You have emulated software computers called Virtual Machines running on a physical computer. And you can even have Virtual Machines running within Virtual machines if you want to (but this will require a more powerful laptop in some cases).

Each Virtual Machine is a sandbox. Remember the reasons for using them are to prevent the following risks:

Appendix X: Using Tor bridges in hostile environments

In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk.

Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension⁵³⁹ while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4⁵⁴⁰.

Here is the definition from the Tor Browser Manual⁵⁴¹: “obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges”.

Some of those are called “Meek” bridges and are using a technique called “Domain Fronting” where your Tor client (Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would appear you are connecting to a normal website such as Microsoft.com. See https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek for more information.

As per their definition from their manual⁵⁴²: “meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site”. This is a type of “domain fronting” ⁵⁴³.

Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See https://snowflake.torproject.org/ ^{[Archive.org]}.

First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges (https://bridges.torproject.org/ ^{[Archive.org]}):

If none of those build-in methods are working, you could try getting a manual bridge either from:

This website obviously could be blocked/monitored too so you could instead (if you have the ability) ask someone to do this for you if you have a trusted contact and some e2e encrypted messaging app.

Finally, you could also request a bridge request by e-mail to bridges@torproject.org with the subject empty and the body being: “get transport obfs4” or “get transport meek”. There is some limitation with this method tho as it is only available from a Gmail e-mail address or Riseup.

Hopefully, these bridges should be enough to get you connected even in a hostile environment.

Appendix Y: Installing and using desktop Tor Browser

Installation:

Usage and Precautions:

We would recommend the “Safest” level by default. The “Safer” level should be enabled if you think you need access to a website not working without JavaScript. The Safest mode will most likely break many websites that rely actively on JavaScript.

If you are extra paranoid, use the “Safest” level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking.

Optional and not recommended by the Tor Project: If you are not using the “Safest” level, we will diverge from some but agree with others (for instance the Tails project and others⁵⁴⁴) and will actually recommend some modifications of the default Tor Browser in the addition of two extensions:

Let’s keep in mind that even 3 letters agencies recommend blocking ads for their internal users in order to improve security⁵⁴⁵.

Now, you are really done, and you can now surf the web anonymously from your desktop device.

Appendix Z: Online anonymous payments using cryptocurrencies

There are many services that you might want to use (VPS hosting, mail hosting, domain names…) but require payment of some kind.

As mentioned before in this guide multiple times, we strongly recommend the use of services accepting cash (that you could send anonymously through the postal services) or Monero which you can buy and use directly and safely.

But what if the service you want does not accept Monero but does accept a more mainstream cryptocurrency such as Bitcoin (BTC) or Ethereum (ETH).

Bitcoin and other “mainstream cryptocurrencies” are not anonymous at all (Remember Your Cryptocurrencies transactions) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.

Reasonably anonymous option:

Despite this, it is possible to safely anonymize Bitcoin through the use of cryptocurrencies with a focus on untraceability such as Monero (XMR) with a few more steps and at a relatively small cost. So, you might be wondering how? Well, it is actually pretty simple:

You should now have an anonymized Bitcoin wallet that can be used for purchasing services that do not accept Monero. You should never access this wallet from a non-anonymized environment and always use well-thought OPSEC with your BTC transactions. Remember those can be traced back to you.

The origin of those BTC cannot be traced back to your real identity due to the use of Monero unless Monero is broken. Please do read Appendix B2: Monero Disclaimer.

Extra-Paranoid anonymous option:

As explained in the disclaimer, If you feel extra paranoid, you could consider using an additional conversion step using a different privacy/anonymity-focused cryptocurrency such as Zcash (https://z.cash/ ^{[Archive.org]}).

These steps should upgrade from “reasonably anonymous” to “extra-paranoid anonymous”. Even if Monero is broken in the future. Zcash will have to be broken as well. Quite unlikely.

When using BTC: bonus step for improving your privacy using obfuscation:

Mixing BTC in this way should prevent any chain analysis on future transactions. This will not hide any past transactions or the fact you purchased BTC from a KYC exchange. Both wallets support Tor and running your own Bitcoin full node.

Wasabi wallet is not recommended due to censorship of transactions⁵⁴⁸ and vulnerabilities in its CoinJoin implementation⁵⁴⁹.

When converting from BTC to Monero:

Now, as part of any process above, if you want to convert BTC back to Monero, we recommend not using a swapping service but instead recommend using the new Monero Atomic Swap Tool: https://unstoppableswap.net/. This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes.

Appendix A1: Recommended VPS hosting providers

We will only recommend providers that accept Monero as payment and here is my personal shortlist:

Appendix A2: Guidelines for passwords and passphrases

My opinion (and the one of many⁵⁵⁰‘⁵⁵¹’⁵⁵²‘⁵⁵³’⁵⁵⁴’⁵⁵⁵) is that passphrases are generally better than passwords. So instead of thinking of better passwords, forget them altogether and use passphrases instead (when possible). Or just use a password manager with very long passwords (such as KeePassXC, the preferred password manager in this guide).

Use a different one for each service/device if possible. Do not make it easy for an adversary to access all your information because you used the same passphrase everywhere.

You might ask how? Simple: use a password manager such as the recommended KeePassXC. Only remember the passphrase to unlock the database and then store everything else in the KeePassXC database. Within KeePassXC you can then create extremely long passwords (30+ random characters) for each different service.

Appendix A3: Search Engines

In the end, we were often not satisfied with the results of both those search engines and still ended up on Bing or Google.

Appendix A4: Counteracting Forensic Linguistics

No plagiarism is intended but some important adaptations and modifications have been made to improve the source post in various ways.

Introduction:

Stylometry is our personal and unique writing style. No matter who you are, you have a unique finger printable, and traceable writing style. This has been understood for a while now, and a branch of forensics is built off of this principle: forensic linguistics. In this field, the particular name for forensic linguistics applied to internet crime is called “Writeprint”. Writeprint primarily aims to determine author identification over the internet by comparing a suspect’s text to a known collection of writer invariant (normally written) texts, and even without comparison texts, this forensic technique can yield personal information about an author such as gender, age, and personality.

What does an adversary look for when examining your writing?

Examples:

You might think that this is not something that an adversary pays attention to? Think again! There have been multiple cases where adversaries such as law enforcement have used Writeprint techniques to help catch and sentence people. Here are some examples:

Do not use the same writing style for your sensitive activities as for your normal activities. In particular, pay close attention to your use of common phrases, and punctuations. Also, as a side note: limit the amount of reference material that an adversary can use as comparison text, you do not want to find yourself in trouble because of your political Twitter post, or that Reddit post you made years ago, do you?

Pay attention to the little things that might add up. If you usually reply with “ok” to people, maybe try to reply with “okay” for your sensitive activities. You should NEVER use words or phrases from your sensitive activities (even if they are not in a public post) for normal purposes, and vice versa. Ross Ulbricht used “frosty” as the name for his Silk Road servers, and for his YouTube account, which helped convince law enforcement that Dread Pirate Roberts was in fact, Ross Ulbricht.

How to counteract the efforts of your adversary:

What different linguistic choices could say about you:

Emoticons:

Structural features:

Spelling slang and symbols:

Techniques to prevent writeprinting:

Spelling and grammar checking:

This helps prevent some fingerprinting done using your spelling and grammar mistakes

Offline using a word processor:

Use a word processor such as LibreWriter and use the spelling and grammar checks features to fix mistakes you might have typed.

Online using an online service:

If you do nothave a word processor available or don’t want to use one, you can also use an online spelling and grammar checker such as Grammarly (this requires an e-mail and an account creation).

Translation technique:

After being done with spelling and grammar fixes. Use a website or software such as Google Translate (or for a more privacy-friendly version, https://simplytranslate.org/) to translate between several different languages before translating back to your original language. These translations back and forth will alter your messages and make fingerprinting more difficult.

Search and replace:

Finally, and optionally, add some salt by purposefully adding some mistakes to your messages.

First decide upon a list of words that you frequently do not misspell, maybe the words “grammatical”, “symbol”, and “pronounced” (this list should include more words). Do not use an AutoCorrect automatic replace option for this as it might correct when it does not make sense. Instead, use Search and Replace and do this manually for each word. Do not use “Replace All” either and review each change. This is just the first step, for providing misinformation against linguistic fingerprinting.

Next, find a list of words that you commonly use in your writing. Let us say that we love to use contractions when wew rite, maybe we always use words such as: “can’t”, “don’t”, “shouldn’t”, “won’t”, or “let’s”. Well, maybe go into LibreWriter and use “Search and Replace” to replace all contractions with the full versions of the words (“can’t” > “cannot”, “don’t” > “do not”, “shouldn’t” > “should not”, “won’t” > “will not”, “let’s” > “let us”). This can make a large difference in your writing and give a difference in how people and most importantly your adversaries perceive you. You can change most words to be different, as an example you can change “huge” to “large”. Just make sure these words fit with your identity.

Now, consider changing your words choices to fit a geographic location. Maybe you live in the US, and you want to give the impression that your identity is from the UK. For example, you can make use of location-based spelling and lexicon. This is risky, and one mistake can give it away.

First off, you need to decide where you want to give the impression of your location. Here is an example to give off the impression that you are from the US, or the UK. First, you will need to understand a thing or two about where your identity is “from”, do not pretend that you are from the UK, yet have no idea about it other than it exists.

After you have decided upon a good location that your identity is from, research the differences in language between the two languages (in this case between UK English and US English). Thanks to the internet, this is quite easy, and you can find Wikipedia pages conveniently highlighting the regional differences of a language between two nations. Pay attention to how certain words are spelled (“metre” > “meter”) and what words are exchanged with each other (“boot” > “trunk”). Now that you have a list of words that can be exchanged with each other, and a list of spelling that are different, use the “Search and Replace” in your editor and change the words such as “colour” into “color”, and “lorry” into “truck”. Again, do not use an AutoCorrect feature or “Replace All” as some changes might not make sense. Review each proposed change. As an example, if you were to use AutoCorrect or “Replace all” on the word “boot” to change into “trunk”, this would make perfect sense in the context of cars. But it would not make any sense in the context of shoes.

Final advice:

Understand that you have to constantly think of what you type and how you type while conducting sensitive activities.

Understand that altering your writing style for such purposes can ultimately change your baseline writing style, ironically making your writing traceable over longer periods.

Proofread yourself at least one time after you are done writing anything to verify you made no mistakes in your process. Trust (yourself) but verify anyway.

Bonus links:

Appendix A5: Additional browser precautions with JavaScript enabled

To avoid Browser and User Fingerprinting through JavaScript but while keeping JavaScript enabled, some additional safety measures should be observed at least on some websites:

These recommendations are similar to the ones at the beginning of the guide and especially valid for certain websites. Mostly, the recommendation is to use privacy-friendly front-end instances and alternative services for a variety of services:

Appendix A6: Mirrors

Appendix A7: Comparing versions

If you want to compare an older version of the PDF with a newer version, consider these online tools (note that we do not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public):

Appendix A8: Crypto Swapping Services without Registration and KYC

General Crypto Swapping:

Skip to next section for BTC to Monero. Do not use swapping services for BTC to Monero.

Here is a small list of non-KYC crypto swapping services, remember they all have a cost and fees:

BTC to Monero only:

Do not use any swapping service, use their Atomic Swap feature. See this Monero Atomic Swap Tool: https://unstoppableswap.net/.

This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes.

Appendix A9: Installing a Zcash wallet:

Remember this should only be done on a secure environment such as VM behind the Whonix Gateway.

Debian 11 VM:

Ubuntu 20.04/21.04/21.10 VM:

Windows 10 VM:

Whonix Workstation 16 VM:

Appendix B1: Checklist of things to verify before sharing information:

After curating the files for anything you want to leave out. Double-check and even Triple check them. Then you could consider sending them to an organization such as a press organization or others.

Appendix B2: Monero Disclaimer

The anonymity of Monero depends on its crypto algorithms. If you do use Monero from a KYC Exchange. You can be almost certain that you are safe today. But you might not be in the long-term future if Monero algorithms are ever broken⁵⁵⁷ (think Quantum Computing). Do keep in mind that KYC regulations might force operators (such as Crypto Exchanges) to keep your financial records for up to 10 years and that you, therefore, need Monero algorithms to not be broken for the next 10 years as well.

Use these at your own risk, sending cash payments to providers accepting cash (through the postal service) is always a better solution if/when possible, IMHO.

Appendix B3: Threat modeling resources

Here are various threat modeling resources if you want to go deeper in threat modeling.

References:

English translation of German Telemedia Act https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf ^{[Archive.org]}. Section 13, Article 6, “The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility.”.↩︎
Wikipedia, Real-Name System Germany https://en.wikipedia.org/wiki/Real-name_system#Germany ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Don’t be evil https://en.wikipedia.org/wiki/Don%27t_be_evil ^[Wikiless] ^{[Archive.org]}↩︎
YouTube, WarGames - “The Only Winning Move” https://www.youtube.com/watch?v=6DGNZnfKYnU ^[Invidious]↩︎
Wikipedia, OSINT https://en.wikipedia.org/wiki/Open-source_intelligence ^[Wikiless] ^{[Archive.org]}↩︎
YouTube Internet Historian Playlist, HWNDU https://www.youtube.com/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY ^[Invidious]↩︎
Wikipedia, 4chan https://en.wikipedia.org/wiki/4chan ^[Wikiless] ^{[Archive.org]}↩︎
PIA, See this good article on the matter https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/ ^{[Archive.org]} (disclaimer: this is not an endorsement or recommendation for this commercial service).↩︎
Medium.com, Privacy, Blockchain and Onion Routing https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841 ^[Scribe.rip] ^{[Archive.org]}↩︎
This World of Ours, James Mickens https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf ^{[Archive.org]}↩︎
XKCD, Security https://xkcd.com/538/ ^{[Archive.org]}↩︎
Wikipedia, Threat Model https://en.wikipedia.org/wiki/Threat_model ^[Wikiless] ^{[Archive.org]}↩︎
Bellingcat https://www.bellingcat.com/ ^{[Archive.org]}↩︎
Wikipedia, Doxing https://en.wikipedia.org/wiki/Doxing ^[Wikiless] ^{[Archive.org]}↩︎
YouTube, Internet Historian, The Bikelock Fugitive of Berkeley https://www.youtube.com/watch?v=muoR8Td44UE ^[Invidious]↩︎
This World of Ours, James Mickens https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf ^{[Archive.org]}↩︎
BBC News, Tor Mirror https://www.bbc.com/news/technology-50150981 ^{[Archive.org]}↩︎
GitHub, Real World Onion websites https://github.com/alecmuffett/real-world-onion-sites ^{[Archive.org]} (updated extremely often)↩︎
Tor Project, Who Uses Tor https://2019.www.torproject.org/about/torusers.html.en ^{[Archive.org]}↩︎
Whonix Documentation, The importance of Anonymity https://www.whonix.org/wiki/Anonymity ^{[Archive.org]}↩︎
Geek Feminism https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F ^{[Archive.org]}↩︎
Tor Project, Tor Users https://2019.www.torproject.org/about/torusers.html.en ^{[Archive.org]}↩︎
PrivacyHub, Internet Privacy in the Age of Surveillance https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/ ^{[Archive.org]}↩︎
PIA Blog, 50 Key Stats About Freedom of the Internet Around the World https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/ ^{[Archive.org]}↩︎
Wikipedia, IANAL https://en.wikipedia.org/wiki/IANAL ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust,_but_verify ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Zero-trust Security Model https://en.wikipedia.org/wiki/Zero_trust_security_model ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, IP Address https://en.wikipedia.org/wiki/IP_address ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia; Data Retention https://en.wikipedia.org/wiki/Data_retention ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Tor Anonymity Network https://en.wikipedia.org/wiki/Tor_(anonymity_network) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, VPN https://en.wikipedia.org/wiki/Virtual_private_network ^[Wikiless] ^{[Archive.org]}↩︎
Ieee.org, Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two https://ieeexplore.ieee.org/document/8418599 ^{[Archive.org]}↩︎
Wikipedia, DNS https://en.wikipedia.org/wiki/Domain_Name_System ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, DNS Blocking https://en.wikipedia.org/wiki/DNS_blocking ^[Wikiless] ^{[Archive.org]}↩︎
CensoredPlanet https://censoredplanet.org/ ^{[Archive.org]}↩︎
Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack ^[Wikiless] ^{[Archive.org]}↩︎
ArXiv, Characterizing Smart Home IoT Traffic in the Wild https://arxiv.org/pdf/2001.08288.pdf ^{[Archive.org]}↩︎
Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole https://labzilla.io/blog/force-dns-pihole ^{[Archive.org]}↩︎
Wikipedia, DNS over HTTPS: https://en.wikipedia.org/wiki/DNS_over_HTTPS ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, DNS over TLS, https://en.wikipedia.org/wiki/DNS_over_TLS ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Pi-Hole https://en.wikipedia.org/wiki/Pi-hole ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, SNI https://en.wikipedia.org/wiki/Server_Name_Indication ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, ECH https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, eSNI https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello ^[Wikiless] ^{[Archive.org]}↩︎
Usenix.org, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention https://www.usenix.org/system/files/foci19-paper_chai_0.pdf ^{[Archive.org]}↩︎
Wikipedia, CDN https://en.wikipedia.org/wiki/Content_delivery_network ^[Wikiless] ^{[Archive.org]}↩︎
Cloudflare, Good-bye ESNI, hello ECH! https://blog.cloudflare.com/encrypted-client-hello/ ^{[Archive.org]}↩︎
ZDNET, Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/ ^{[Archive.org]}↩︎
ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ ^{[Archive.org]}↩︎
Wikipedia, OCSP https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ^[Wikiless] ^{[Archive.org]}↩︎
Madaidans Insecurities, Why encrypted DNS is ineffective https://madaidans-insecurities.github.io/encrypted-dns.html ^{[Archive.org]}↩︎
Wikipedia, OCSP Stapling https://en.wikipedia.org/wiki/OCSP_stapling ^[Wikiless] ^{[Archive.org]}↩︎
Chromium Documentation, CRLSets https://dev.chromium.org/Home/chromium-security/crlsets ^{[Archive.org]}↩︎
ZDNet, Chrome does certificate revocation better https://www.zdnet.com/article/chrome-does-certificate-revocation-better/ ^{[Archive.org]}↩︎
KUL, Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf ^{[Archive.org]}↩︎
ResearchGate, Oblivious DNS: Practical Privacy for DNS Queries https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries ^{[Archive.org]}↩︎
Nymity.ch, The Effect of DNS on Tor’s Anonymity https://nymity.ch/tor-dns/ ^{[Archive.org]}↩︎
Wikipedia, RFID https://en.wikipedia.org/wiki/Radio-frequency_identification ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, NFC https://en.wikipedia.org/wiki/Near-field_communication ^[Wikiless] ^{[Archive.org]}↩︎
Samsonite Online Shop, RFID accessories https://shop.samsonite.com/accessories/rfid-accessories/ ^{[Archive.org]}↩︎
Google Android Help, Android Location Services https://support.google.com/accounts/answer/3467281?hl=en ^{[Archive.org]}↩︎
Apple Support, Location Services and Privacy https://support.apple.com/en-us/HT207056 ^{[Archive.org]}↩︎
2016 International Conference on Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs for crowd localization http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf ^{[Archive.org]}↩︎
Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/ ^{[Archive.org]}↩︎
Medium.com, The Perils of Probe Requests https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5 ^[Scribe.rip] ^{[Archive.org]}↩︎
State University of New York, Towards 3D Human Pose Construction Using Wi-Fi https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf ^{[Archive.org]}↩︎
Digi.Ninja, Jasager https://digi.ninja/jasager/ ^{[Archive.org]}↩︎
Hak5 Shop, Wi-Fi Pineapple https://shop.hak5.org/products/wifi-pineapple ^{[Archive.org]}↩︎
Wikipedia, Deautentication Attack https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Capture Portal https://en.wikipedia.org/wiki/Captive_portal ^[Wikiless] ^{[Archive.org]}↩︎
HackerFactor Blog, Deanonymizing Tor Circuits https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html ^{[Archive.org]}↩︎
KU Leuven, Website Fingerprinting through Deep Learning https://distrinet.cs.kuleuven.be/software/tor-wf-dl/ ^{[Archive.org]}↩︎
KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf ^{[Archive.org]}↩︎
Internet Society, Website Fingerprinting at Internet Scale https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf ^{[Archive.org]}↩︎
KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf ^{[Archive.org]}↩︎
DailyDot, How Tor helped catch the Harvard bomb threat suspect https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/ ^{[Archive.org]}↩︎
ArsTechnica, How the NSA can break trillions of encrypted Web and VPN connections https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ ^{[Archive.org]}↩︎
Wikipedia, Sybil Attack https://en.wikipedia.org/wiki/Sybil_attack ^[Wikiless] ^{[Archive.org]}↩︎
ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/ ^{[Archive.org]}↩︎
ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries https://www.pnas.org/content/early/2020/11/24/2011893117 ^{[Archive.org]}↩︎
CryptoEngineering, How does Apple (privately) find your offline devices? https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ ^{[Archive.org]}↩︎
Apple Support https://support.apple.com/en-us/HT210515 ^{[Archive.org]}↩︎
XDA, Samsung’s Find My Mobile app can locate Galaxy devices even when they’re offline https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/ ^{[Archive.org]}↩︎
Apple Support, If your Mac is lost or stolen https://support.apple.com/en-us/HT204756 ^{[Archive.org]}↩︎
Wikipedia, BLE https://en.wikipedia.org/wiki/Bluetooth_Low_Energy ^[Wikiless] ^{[Archive.org]}↩︎
Cryptography Engineering Blog, How does Apple (privately) find your offline devices? https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ ^{[Archive.org]}↩︎
Wikipedia, IMEI https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, IMSI https://en.wikipedia.org/wiki/International_mobile_subscriber_identity ^[Wikiless] ^{[Archive.org]}↩︎
Android Documentation, Device Identifiers https://source.android.com/devices/tech/config/device-identifiers ^{[Archive.org]}↩︎
Google Privacy Policy, Look for IMEI https://policies.google.com/privacy/embedded?hl=en-US ^{[Archive.org]}↩︎
Wikipedia, IMEI and the Law https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#IMEI_and_the_law ^[Wikiless] ^{[Archive.org]}↩︎
Bellingcat, The GRU Globetrotters: Mission London https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/ ^{[Archive.org]}↩︎
Bellingcat,“V” For “Vympel”: FSB’s Secretive Department “V” Behind Assassination Of Georgian Asylum Seeker In Germany https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/ ^{[Archive.org]}↩︎
Wikipedia, CCTV https://en.wikipedia.org/wiki/Closed-circuit_television ^[Wikiless] ^{[Archive.org]}↩︎
Apple, Transparency Report, Device Requests https://www.apple.com/legal/transparency/device-requests.html ^{[Archive.org]}↩︎
The Intercept, How Cops Can Secretly Track Your Phone https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/ ^{[Tor Mirror]} ^{[Archive.org]}↩︎
Wikipedia, IMSI Catcher https://en.wikipedia.org/wiki/IMSI-catcher ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Stingray https://en.wikipedia.org/wiki/Stingray_phone_tracker ^[Wikiless] ^{[Archive.org]}↩︎
Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous ‘Stingrays’ Become ‘Obsolete’ https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778 ^{[Archive.org]}↩︎
Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack ^[Wikiless] ^{[Archive.org]}↩︎
Purism, Librem 5 https://shop.puri.sm/shop/librem-5/ ^{[Archive.org]}↩︎
Wikipedia, MAC Address https://en.wikipedia.org/wiki/MAC_address ^[Wikiless] ^{[Archive.org]}↩︎
Acyclica Road Trend Product Sheet, https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf ^{[Archive.org]}↩︎
ResearchGate, Tracking Anonymized Bluetooth Devices https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf ^{[Archive.org]}↩︎
Wikipedia, CPU https://en.wikipedia.org/wiki/Central_processing_unit ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Intel Management Engine https://en.wikipedia.org/wiki/Intel_Management_Engine ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, AMD Platform Security Processor https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, IME, Security Vulnerabilities https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, IME, Assertions that ME is a backdoor https://en.wikipedia.org/wiki/Intel_Management_Engine#Assertions_that_ME_is_a_backdoor ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, IME, Disabling the ME https://en.wikipedia.org/wiki/Intel_Management_Engine#Disabling_the_ME ^[Wikiless] ^{[Archive.org]}↩︎
Libreboot, https://libreboot.org/ ^{[Archive.org]} / Coreboot, https://www.coreboot.org/ ^{[Archive.org]}↩︎
Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google https://www.scss.tcd.ie/doug.leith/apple_google.pdf ^{[Archive.org]}↩︎
Apple, Differential Privacy White Paper https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf ^{[Archive.org]}↩︎
Wikipedia, Differential Privacy https://en.wikipedia.org/wiki/Differential_privacy ^[Wikiless] ^{[Archive.org]}↩︎
Continuing Ed, The All-Seeing “i”: Apple Just Declared War on Your Privacy https://edwardsnowden.substack.com/p/all-seeing-i ^{[Archive.org]}↩︎
Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google https://www.scss.tcd.ie/doug.leith/apple_google.pdf ^{[Archive.org]}↩︎
Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT ^{[Archive.org]}↩︎
ZDnet, I asked Apple for all my data. Here’s what was sent back https://www.zdnet.com/article/apple-data-collection-stored-request/ ^{[Archive.org]}↩︎
De Correspondent, Here’s how we found the names and addresses of soldiers and secret agents using a simple fitness app https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27 ^{[Archive.org]}↩︎
Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online https://www.websiteplanet.com/blog/gethealth-leak-report/ ^{[Archive.org]}↩︎
Wired, The Strava Heat Map and the End of Secrets https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/ ^{[Archive.org]}↩︎
Bellingcat, How to Use and Interpret Data from Strava’s Activity Map https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/ ^{[Archive.org]}↩︎
The Guardian, Fitness tracking app Strava gives away location of secret US army bases https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases ^{[Archive.org]}↩︎
Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/ ^{[Archive.org]}↩︎
Washington Post, Alexa has been eavesdropping on you this whole time https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59 ^{[Archive.org]}↩︎
Washington Post, What does your car know about you? We hacked a Chevy to find out https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/ ^{[Archive.org]}↩︎
Using Metadata to find Paul Revere (https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ ^{[Archive.org]})↩︎
Wikipedia, Google SensorVault, https://en.wikipedia.org/wiki/Sensorvault ^[Wikiless] ^{[Archive.org]}↩︎
NRKBeta, My Phone Was Spying on Me, so I Tracked Down the Surveillants https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/ ^{[Archive.org]}↩︎
New York Times https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html ^{[Archive.org]}↩︎
Sophos, Google data puts innocent man at the scene of a crime https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/ ^{[Archive.org]}↩︎
Wikipedia, Geofence Warrant https://en.wikipedia.org/wiki/Geo-fence_warrant ^[Wikiless] ^{[Archive.org]}↩︎
Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard ^{[Archive.org]}↩︎
TechCrunch, Google says geofence warrants make up one-quarter of all US demands https://techcrunch.com/2021/08/19/google-geofence-warrants/ ^{[Archive.org]}↩︎
TechDirt, Google Report Shows ‘Reverse Warrants’ Are Swiftly Becoming Law Enforcement’s Go-To Investigative Tool https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml ^{[Archive.org]}↩︎
Vice.com, Here’s the FBI’s Internal Guide for Getting Data from AT&T, T-Mobile, Verizon https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon ^{[Archive.org]}↩︎
Wikipedia, Room 641A https://en.wikipedia.org/wiki/Room_641A ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Edward Snowden https://en.wikipedia.org/wiki/Edward_Snowden ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Permanent Record https://en.wikipedia.org/wiki/Permanent_Record_(autobiography) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, XKEYSCORE https://en.wikipedia.org/wiki/XKeyscore ^[Wikiless] ^{[Archive.org]}↩︎
ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html ^{[Archive.org]}↩︎
Wikipedia, MUSCULAR https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program) ^{[Archive.org]}↩︎
Wikipedia, SORM https://en.wikipedia.org/wiki/SORM ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Tempora https://en.wikipedia.org/wiki/Tempora ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program) ^[Wikiless] ^{[Archive.org]}↩︎
Justsecurity, General Hayden https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/ ^{[Archive.org]}↩︎
IDMB, The Social Dilemma https://www.imdb.com/title/tt11464826/ ^{[Archive.org]}↩︎
ArsTechnica, How the way you type can shatter anonymity—even on Tor https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/ ^{[Archive.org]}↩︎
Wikipedia, Stylometry https://en.wikipedia.org/wiki/Stylometry ^[Wikiless] ^{[Archive.org]}↩︎
Paul Moore Blog, Behavioral Profiling: The password you can’t change. https://paul.reviews/behavioral-profiling-the-password-you-cant-change/ ^{[Archive.org]}↩︎
Wikipedia, Sentiment Analysis https://en.wikipedia.org/wiki/Sentiment_analysis ^[Wikiless] ^{[Archive.org]}↩︎
EFF, CoverYourTracks https://coveryourtracks.eff.org/ ^{[Archive.org]}↩︎
Berkeley.edu, On the Feasibility of Internet-Scale Author Identification https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf ^{[Archive.org]}↩︎
Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim’s Name, Address And Telephone Number https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users ^{[Archive.org]}↩︎
FingerprintJS, Demo: Disabling JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ ^{[Archive.org]}↩︎
SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics ^{[Archive.org]}↩︎
Wikipedia, Captcha https://en.wikipedia.org/wiki/CAPTCHA ^[Wikiless] ^{[Archive.org]}↩︎
ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/ ^{[Archive.org]}↩︎
Bellingcat MH17 - Russian GRU Commander ‘Orion’ Identified as Oleg Ivannikov https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/ ^{[Archive.org]}↩︎
Facebook Research, Deepface https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/ ^{[Archive.org]}↩︎
Privacy News Online, Putting the “face” in Facebook: how Mark Zuckerberg is building a world without public anonymity https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/ ^{[Archive.org]}↩︎
CNBC, “Facebook has mapped populations in 23 countries as it explores satellites to expand internet” https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html ^{[Archive.org]}↩︎
MIT Technology Review, This is how we lost control of our faces, https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/ ^{[Archive.org]}↩︎
Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/ ^{[Archive.org]}↩︎
Brown Institute, Open-Source Investigation, https://brown.columbia.edu/open-source-investigation/ ^{[Archive.org]}↩︎
NewScientist, Facebook can recognize you in photos even if you’re not looking https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/ ^{[Archive.org]}↩︎
Google Patent, Techniques for emotion detection and content delivery https://patentimages.storage.googleapis.com/2d/e4/fb/6cd2fb81899dcd/US20150242679A1.pdf ^{[Archive.org]}↩︎
APNews, Chinese ‘gait recognition’ tech IDs people by how they walk https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a ^{[Archive.org]}↩︎
The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/ ^{[Archive.org]}↩︎
City Security Magazine, Gait recognition: a useful identification tool https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/ ^{[Archive.org]}↩︎
Vice.com, Tech Companies Are Training AI to Read Your Lips https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips ^{[Archive.org]}↩︎
New Atlas, Eye tracking can reveal an unbelievable amount of information about you https://newatlas.com/science/science/eye-tracking-privacy/ ^{[Archive.org]}↩︎
TechCrunch, Facial recognition reveals political party in troubling new research https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/ ^{[Archive.org]}↩︎
Nature.com, Facial recognition technology can expose political orientation from naturalistic facial images https://www.nature.com/articles/s41598-020-79310-1.pdf ^{[Archive.org]}↩︎
Slate https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html ^{[Archive.org]}↩︎
The Conversation https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804 ^{[Archive.org]}↩︎
The Verge https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy ^{[Archive.org]}↩︎
ZDNET https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/ ^{[Archive.org]}↩︎
CNET https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/ ^{[Archive.org]}↩︎
Oosto https://oosto.com/ ^{[Archive.org]}↩︎
BuzzFeed.news, Surveillance Nation https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition ^{[Archive.org]}↩︎
Wired, Clearview AI Has New Tools to Identify You in Photos https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/ ^{[Archive.org]}↩︎
NEC, Neoface https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html ^{[Archive.org]}↩︎
The Guardian, Met police deploy live facial recognition technology https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology ^{[Archive.org]}↩︎
YouTube, The Economist, China: facial recognition and state control https://www.youtube.com/watch?v=lH2gMNrUuEY ^[Invidious]↩︎
CNN, Want your unemployment benefits? You may have to submit to facial recognition first https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html ^{[Archive.org]}↩︎
Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/ ^{[Archive.org]}↩︎
The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/ ^{[Tor Mirror]} ^{[Archive.org]}↩︎
Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems ^{[Archive.org]}↩︎
BBC, WhatsApp photo drug dealer caught by ‘groundbreaking’ work https://www.bbc.com/news/uk-wales-43711477 ^{[Archive.org]}↩︎
CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html ^{[Archive.org]}↩︎
Vice.com, Cops Got a Drug Dealer’s Fingerprints From Photos of His Hand on WhatsApp https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers ^{[Archive.org]}↩︎
Kraken Blog, https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/ ^{[Archive.org]}↩︎
JUSTIA Patent, Identification of taste attributes from an audio signal https://patents.justia.com/patent/10891948 ^{[Archive.org]}↩︎
PYMNTS, Iris Scan Serves As Traveler ID At Dubai Airport https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/ ^{[Archive.org]}↩︎
IMDB, Gattaca 1997, https://www.imdb.com/title/tt0119177/ ^{[Archive.org]}↩︎
IMDB, Person of Interest 2011 https://www.imdb.com/title/tt1839578 ^{[Archive.org]}↩︎
IMDB, Minority Report 2002, https://www.imdb.com/title/tt0181689 ^{[Archive.org]}↩︎
Wikipedia, Deepfake https://en.wikipedia.org/wiki/Deepfake ^[Wikiless] ^{[Archive.org]}↩︎
Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278 ^{[Archive.org]}↩︎
Wikipedia, Deepfake Events https://en.wikipedia.org/wiki/Deepfake#Example_events ^[Wikiless] ^{[Archive.org]}↩︎
Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/ ^{[Archive.org]}↩︎
Joseph Steinberg, How To Prevent Facial Recognition Technology From Identifying You https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/ ^{[Archive.org]}↩︎
NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf ^{[Archive.org]}↩︎
BBC, Facial recognition identifies people wearing masks https://www.bbc.com/news/technology-55573802 ^{[Archive.org]}↩︎
University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer Vision http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download ^{[Archive.org]}↩︎
Wikipedia, Phishing https://en.wikipedia.org/wiki/Phishing ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Social Engineering https://en.wikipedia.org/wiki/Social_engineering_(security) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, MITM https://en.wikipedia.org/wiki/Man-in-the-middle_attack ^[Wikiless] ^{[Archive.org]}↩︎
BBC, Spy pixels in emails have become endemic https://www.bbc.com/news/technology-56071437 ^{[Archive.org]}↩︎
Vice, Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez ^{[Archive.org]}↩︎
Wikipedia, Exploit https://en.wikipedia.org/wiki/Exploit_(computer_security) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Freedom Hosting https://en.wikipedia.org/wiki/Freedom_Hosting ^[Wikiless] ^{[Archive.org]}↩︎
Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack https://www.wired.com/2013/09/freedom-hosting-fbi/ ^{[Archive.org]}↩︎
Wikipedia, 2020 United States federal government data breach https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach ^[Wikiless] ^{[Archive.org]}↩︎
BBC, China social media: WeChat and the Surveillance State https://www.bbc.com/news/blogs-china-blog-48552907 ^{[Archive.org]}↩︎
The Intercept, Revealed: Massive Chinese Police Database https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/ ^{[Tor Mirror]} ^{[Archive.org]}↩︎
Wikipedia, Sandbox https://en.wikipedia.org/wiki/Sandbox_(computer_security) ^[Wikiless] ^{[Archive.org]}↩︎
Wired, Why the Security of USB Is Fundamentally Broken https://www.wired.com/2014/07/usb-security/ ^{[Archive.org]}↩︎
Wikipedia, Stuxnet https://en.wikipedia.org/wiki/Stuxnet ^[Wikiless] ^{[Archive.org]}↩︎
Superuser.com, How do I safely investigate a USB stick found in the parking lot at work? https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work ^{[Archive.org]}↩︎
The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden ^{[Archive.org]}↩︎
Wikipedia, Rootkit https://en.wikipedia.org/wiki/Rootkit ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Userspace https://en.wikipedia.org/wiki/User_space ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Firmware https://en.wikipedia.org/wiki/Firmware ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, BIOS https://en.wikipedia.org/wiki/BIOS ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, UEFI https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface ^[Wikiless] ^{[Archive.org]}↩︎
Bellingcat, Joseph Mifsud: Rush for the EXIF https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/ ^{[Archive.org]}↩︎
Zoom Support, Adding a watermark https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark ^{[Archive.org]}↩︎
Zoom Support, Audio Watermark https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark ^{[Archive.org]}↩︎
CreativeCloud Extension, IMATAG https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html ^{[Archive.org]}↩︎
NexGuard, https://dtv.nagra.com/nexguard-forensic-watermarking ^{[Archive.org]}↩︎
Vobile Solutions, https://www.vobilegroup.com/ ^{[Archive.org]}↩︎
Cinavia, https://www.cinavia.com/languages/english/pages/technology.html ^{[Archive.org]}↩︎
Imatag, https://www.imatag.com/ ^{[Archive.org]}↩︎
Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography ^[Wikiless] ^{[Archive.org]}↩︎
IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images https://ieeexplore.ieee.org/document/4428921 ^{[Archive.org]}↩︎
ScienceDirect, Robust audio watermarking using perceptual masking https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking ^{[Archive.org]}↩︎
IEEExplore, Spread-spectrum watermarking of audio signals https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio ^{[Archive.org]}↩︎
Google Scholar, source camera identification https://scholar.google.com/scholar?q=source+camera+identification ^{[Archive.org]}↩︎
Wikipedia, Printing Steganography https://en.wikipedia.org/wiki/Machine_Identification_Code ^[Wikiless] ^{[Archive.org]}↩︎
MIT, SeeingYellow, https://web.archive.org/web/20220224174025/http://seeingyellow.com/ ^{[Archive.org]}↩︎
arXiv, An Analysis of Anonymity in the Bitcoin System https://arxiv.org/pdf/1107.4524.pdf ^{[Archive.org]}↩︎
Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/ ^{[Archive.org]}↩︎
CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/ ^{[Archive.org]}↩︎
Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer ^[Wikiless] ^{[Archive.org]}↩︎
arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis https://arxiv.org/pdf/1906.05754.pdf ^{[Archive.org]}↩︎
YouTube, Breaking Monero https://www.youtube.com/watch?v=WOyC6OB6ezA&list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y ^[Invidious]↩︎
Monero, Monero vs Princeton Researchers, https://monero.org/monero-vs-princeton-researchers/ ^{[Archive.org]}↩︎
Wikipedia, Cryptocurrency Tumbler https://en.wikipedia.org/wiki/Cryptocurrency_tumbler ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Security Through Obscurity https://en.wikipedia.org/wiki/Security_through_obscurity ^[Wikiless] ^{[Archive.org]}↩︎
ArXiv, Tracking Mixed Bitcoins https://arxiv.org/pdf/2009.14007.pdf ^{[Archive.org]}↩︎
SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight ^{[Archive.org]}↩︎
Magnet Forensics, Magnet AXIOM https://www.magnetforensics.com/products/magnet-axiom/cloud/ ^{[Archive.org]}↩︎
Cellebrite, Unlock cloud-based evidence to solve the case sooner https://www.cellebrite.com/en/ufed-cloud/ ^{[Archive.org]}↩︎
Property of the People, Lawful Access to Secure Messaging Apps Data, https://propertyofthepeople.org/document-detail/?doc-id=21114562 ^{[Archive.org]}↩︎
Wikipedia, Device Fingerprinting https://en.wikipedia.org/wiki/Device_fingerprint ^[Wikiless] ^{[Archive.org]}↩︎
Chromium Documentation, Technical analysis of client identification mechanisms https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms#TOC-Machine-specific-characteristics ^{[Archive.org]}↩︎
Mozilla Wiki, Fingerprinting https://wiki.mozilla.org/Fingerprinting ^{[Archive.org]}↩︎
Grayshift, https://www.grayshift.com/ ^{[Archive.org]}↩︎
Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions https://securephones.io/main.pdf ^{[Archive.org]}↩︎
Loup-Vaillant.fr, Rolling Your Own Crypto https://loup-vaillant.fr/articles/rolling-your-own-crypto ^{[Archive.org]}↩︎
Dhole Moments, Crackpot Cryptography and Security Theater https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/ ^{[Archive.org]}↩︎
Vice.com, Why You Don’t Roll Your Own Crypto https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto ^{[Archive.org]}↩︎
arXiv, MIT, You Really Shouldn’t Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries https://arxiv.org/pdf/2107.04940.pdf ^{[Archive.org]}↩︎
YouTube, Great Crypto Failures https://www.youtube.com/watch?v=loy84K3AJ5Q ^[Invidious]↩︎
Cryptography Dispatches, The Most Backdoor-Looking Bug I’ve Ever Seen https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/ ^{[Archive.org]}↩︎
Citizenlab.ca, Move Fast and Roll Your Own Crypto https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ ^{[Archive.org]}↩︎
Jack Poon, The myth of military grade encryption https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369 ^[Scribe.rip] ^{[Archive.org]}↩︎
Congruent Labs, Stop calling it “Military-Grade Encryption” https://blog.congruentlabs.co/military-grade-encryption/ ^{[Archive.org]}↩︎
IronCoreLabs Blog, “Military Grade Encryption” https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588 ^{[Archive.org]}↩︎
Wikipedia, BLAKE2, https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2 ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, AES Instruction Set, https://en.wikipedia.org/wiki/AES_instruction_set ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, ChaCha Variants, https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Serpent, https://en.wikipedia.org/wiki/Serpent_(cipher) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, TwoFish, https://en.wikipedia.org/wiki/Twofish ^[Wikiless] ^{[Archive.org]}↩︎
Lacatora, The PGP Problem https://latacora.singles/2019/07/16/the-pgp-problem.html ^{[Archive.org]}↩︎
Wikipedia, Shor’s Algorithm, https://en.wikipedia.org/wiki/Shor%27s_algorithm ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Gag Order, https://en.wikipedia.org/wiki/Gag_order ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, National Security Letter https://en.wikipedia.org/wiki/National_security_letter ^[Wikiless] ^{[Archive.org]}↩︎
ArsTechnica, VPN servers seized by Ukrainian authorities weren’t encrypted https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/ ^{[Archive.org]}↩︎
BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/ ^{[Archive.org]}↩︎
CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/ ^{[Archive.org]}↩︎
Heise Online (German), https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html ^{[Archive.org]}↩︎
PCMag, Did PureVPN Cross a Line When It Disclosed User Information? https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information ^{[Archive.org]}↩︎
Internet Archive, Wipeyourdata, “No logs” EarthVPN user arrested after police finds logs https://archive.is/XNuVw#selection-230.0-230.1 ^{[Archive.org]}↩︎
Wikipedia, Lavabit Suspension and Gag order, https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order ^[Wikiless] ^{[Archive.org]}↩︎
Internet Archive, Invisibler, What Everybody Ought to Know About HideMyAss https://archive.is/ag9w4#selection-136.0-136.1 ↩︎
Wikipedia, Warrant Canary https://en.wikipedia.org/wiki/Warrant_canary ^[Wikiless] ^{[Archive.org]}↩︎
Washington Post, The intelligence coup of the century https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ ^{[Archive.org]}↩︎
Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432 ^{[Archive.org]}↩︎
Wikipedia, Das Leben der Anderen https://en.wikipedia.org/wiki/The_Lives_of_Others ^[Wikiless] ^{[Archive.org]}↩︎
Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets https://www.wired.com/story/air-gap-researcher-mordechai-guri/ ^{[Archive.org]}↩︎
Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They’re Doing https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/ ^{[Archive.org]}↩︎
Scientific American, A Shiny Snack Bag’s Reflections Can Reconstruct the Room around It https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/ ^{[Archive.org]}↩︎
Scientific American, Footstep Sensors Identify People by Gait https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/ ^{[Archive.org]}↩︎
Ben Nassi, Lamphone https://www.nassiben.com/lamphone ^{[Archive.org]}↩︎
The Guardian, Laser spying: is it really practical? https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices ^{[Archive.org]}↩︎
ArsTechnica, Photos of an NSA “upgrade” factory show Cisco router getting implant https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ ^{[Archive.org]}↩︎
Wikipedia, Zero-trust Security Model https://en.wikipedia.org/wiki/Zero_trust_security_model ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Rubber-hose Cryptanalysis https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis ^{[Archive.org]}↩︎
Defuse.ca, TrueCrypt’s Plausible Deniability is Theoretically Useless https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm ^{[Archive.org]}↩︎
Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, OONI, https://en.wikipedia.org/wiki/OONI ^[Wikiless] ^{[Archive.org]}↩︎
Privacy International, Timeline of SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws ^{[Archive.org]}↩︎
NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html ^{[Archive.org]}↩︎
Usenix.org, Shedding too much Light on a Microcontroller’s Firmware Protection https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf ^{[Archive.org]}↩︎
TorProject.org, Can I run Tor Browser on an iOS device? https://support.torproject.org/tormobile/tormobile-3/ ^{[Archive.org]}↩︎
Wikipedia, Tails https://en.wikipedia.org/wiki/Tails_(operating_system) ^[Wikiless] ^{[Archive.org]}↩︎
Vice.com, Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez ^{[Archive.org]}↩︎
XKCD, Security https://xkcd.com/538/ ^{[Archive.org]}↩︎
Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability ^[Wikiless] ^{[Archive.org]}↩︎
Veracrypt Documentation, Trim Operations https://www.veracrypt.fr/en/Trim%20Operation.html ^{[Archive.org]}↩︎
YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s ^[Invidious]↩︎
Qubes OS, Anti-Evil Maid, https://github.com/QubesOS/qubes-antievilmaid ^{[Archive.org]}↩︎
QubesOS FAQ, https://www.qubes-os.org/faq/#is-secure-boot-supported ^{[Archive.org]}↩︎
Wikipedia, Secure Boot https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Booting https://en.wikipedia.org/wiki/Booting ^[Wikiless] ^{[Archive.org]}↩︎
XKCD, Security https://xkcd.com/538/ ^{[Archive.org]}↩︎
Wired, Don’t Want Your Laptop Tampered With? Just Add Glitter Nail Polish https://www.wired.com/2013/12/better-data-security-nail-polish/ ^{[Archive.org]}↩︎
Wikipedia, Virtual Machine https://en.wikipedia.org/wiki/Virtual_machine ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Plausible Deniability https://en.wikipedia.org/wiki/Plausible_deniability ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption ^[Wikiless] ^{[Archive.org]}↩︎
PrivacyGuides.org, Don’t use Windows 10 - It’s a privacy nightmare https://web.archive.org/web/20220313023015/https://www.privacyguides.org/tools/#operating-systems#win10 ^{[Archive.org]}↩︎
Wikipedia, Deniable Encryption https://en.wikipedia.org/wiki/Deniable_encryption ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Key Disclosure Laws https://en.wikipedia.org/wiki/Key_disclosure_law ^[Wikiless] ^{[Archive.org]}↩︎
GP Digital, World map of encryption laws and policies https://www.gp-digital.org/world-map-of-encryption/ ^{[Archive.org]}↩︎
Wikipedia, Bitlocker https://en.wikipedia.org/wiki/BitLocker ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Evil Maid Attack https://en.wikipedia.org/wiki/Evil_maid_attack ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Cold Boot Attack https://en.wikipedia.org/wiki/Cold_boot_attack ^[Wikiless] ^{[Archive.org]}↩︎
CITP 2008 (https://www.youtube.com/watch?v=JDaicPIgn9U) ^[Invidious]↩︎
ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems ^{[Archive.org]}↩︎
SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500 ^{[Archive.org]}↩︎
SourceForge, Veracrypt Forum https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/ ^{[Archive.org]}↩︎
Microsoft, BitLocker Countermeasures https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures ^{[Archive.org]}↩︎
SANS, Windows ShellBag Forensics in-depth https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545 ^{[Archive.org]}↩︎
University of York, Forensic data recovery from the Windows Search Database https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf ^{[Archive.org]}↩︎
A forensic insight into Windows 10 Jump Lists https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf ^{[Archive.org]}↩︎
Wikipedia, Gatekeeper https://en.wikipedia.org/wiki/Gatekeeper_(macOS) ^[Wikiless] ^{[Archive.org]}↩︎
Alpine Linux Wiki, Setting up a laptop https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop ^{[Archive.org]}↩︎
Wikipedia Veracrypt https://en.wikipedia.org/wiki/VeraCrypt ^[Wikiless] ^{[Archive.org]}↩︎
OSTIF Veracrypt Audit, 2016 https://web.archive.org/web/https://ostif.org/the-veracrypt-audit-results/↩︎
Veracrypt Documentation, Unencrypted Data in RAM https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html ^{[Archive.org]}↩︎
Veracrypt Documentation, Data Leaks https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html ^{[Archive.org]}↩︎
Dolos Group, From Stolen Laptop to Inside the Company Network https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network ^{[Archive.org]}↩︎
Trammell Hudson’s Projects, Understanding TPM Sniffing Attacks https://trmm.net/tpm-sniffing/ ^{[Archive.org]}↩︎
Jon Aubrey, attacking laptops that are protected by Microsoft Bitlocker drive encryption https://twitter.com/SecurityJon/status/1445020885472235524 ^[Nitter]↩︎
F-Secure Labs, Sniff, there leaks my BitLocker key https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/ ^{[Archive.org]}↩︎
Microsoft, BitLocker Countermeasures, Attacker countermeasures https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures ^{[Archive.org]}↩︎
Wikipedia, Trim https://en.wikipedia.org/wiki/Trim_(computing) ^[Wikiless] ^{[Archive.org]}↩︎
Veracrypt Documentation, Trim Operations https://www.veracrypt.fr/en/Trim%20Operation.html ^{[Archive.org]}↩︎
Veracrypt Documentation, Rescue Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html ^{[Archive.org]}↩︎
St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds ^{[Archive.org]}↩︎
WindowsCentral, Trim Tutorial https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance ^{[Archive.org]}↩︎
Veracrypt Documentation, Trim Operation https://veracrypt.eu/en/docs/trim-operation/ ^{[Archive.org]}↩︎
Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf ^{[Archive.org]}↩︎
Milan Broz’s Blog, TRIM & dm-crypt … problems? http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html ^{[Archive.org]}↩︎
Veracrypt Documentation, Rescue Disk https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html ^{[Archive.org]}↩︎
Wikipedia, Virtualbox https://en.wikipedia.org/wiki/VirtualBox ^[Wikiless] ^{[Archive.org]}↩︎
VirtualBox Ticket 17987 https://www.virtualbox.org/ticket/17987 ^{[Archive.org]}↩︎
Whonix Documentation, Spectre Meltdown https://www.whonix.org/wiki/Spectre_Meltdown#VirtualBox ^{[Archive.org]}↩︎
Whonix Documentation, Stream Isolation https://www.whonix.org/wiki/Stream_Isolation ^{[Archive.org]}↩︎
Whonix Documentation, Tunnels Comparison Table https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table ^{[Archive.org]}↩︎
Wikipedia, Whonix https://en.wikipedia.org/wiki/Whonix ^[Wikiless] ^{[Archive.org]}↩︎
Oracle Virtualbox Manual, Snapshots https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html ^{[Archive.org]}↩︎
Utica College, Forensic Recovery Of Evidence From Deleted Oracle Virtualbox Virtual Machines https://web.archive.org/web/https://programs.online.utica.edu/sites/default/files/Neal_6_Gonnella_Forensic_Recovery_of_Evidence_from_Deleted_Oracle_VirtualBox_Virtual_Machine.pdf ↩︎
Wikipedia, Spectre https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Meltdown https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) ^[Wikiless] ^{[Archive.org]}↩︎
Whonix Documentation, Stream Isolation, By Settings https://www.whonix.org/wiki/Stream_Isolation#By_Settings ^{[Archive.org]}↩︎
Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Multi-Factor Authentication https://en.wikipedia.org/wiki/Multi-factor_authentication ^[Wikiless] ^{[Archive.org]}↩︎
Whonix Documentation, Bridged Adapters Warning https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking ^{[Archive.org]}↩︎
Qubes OS, FAQ, https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution ^{[Archive.org]}↩︎
Whonix Documentation, Stream Isolation https://www.whonix.org/wiki/Stream_Isolation ^{[Archive.org]}↩︎
Whonix Documentation, Tunnels Comparison Table https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table ^{[Archive.org]}↩︎
Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk (Issue #2414) https://github.com/QubesOS/qubes-issues/issues/2414 ^{[Archive.org]}↩︎
Wikipedia, AppArmor https://en.wikipedia.org/wiki/AppArmor ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, SELinux https://en.wikipedia.org/wiki/Security-Enhanced_Linux ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, TOTP https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Multi-Factor Authentication https://en.wikipedia.org/wiki/Multi-factor_authentication ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Captcha https://en.wikipedia.org/wiki/CAPTCHA ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Turing Test https://en.wikipedia.org/wiki/Turing_test ^[Wikiless] ^{[Archive.org]}↩︎
Google reCAPTCHA https://www.google.com/recaptcha/about/ ^{[Archive.org]}↩︎
hCaptcha https://www.hcaptcha.com/ ^{[Archive.org]}↩︎
hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service ^{[Archive.org]}↩︎
Nearcyan.com, You (probably) don’t need ReCAPTCHA https://nearcyan.com/you-probably-dont-need-recaptcha/ ^{[Archive.org]}↩︎
ArsTechnica, “Google’s reCAPTCHA turns”invisible," will separate bots from people without challenges" https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/ ^{[Archive.org]}↩︎
BlackHat Asia 2016, “I’m not a human: Breaking the Google reCAPTCHA” https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf ^{[Archive.org]}↩︎
Google Blog https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html ^{[Archive.org]}↩︎
Cloudflare Blog, Cloudflare supports Privacy Pass https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ ^{[Archive.org]}↩︎
Privacy International, Timeline of SIM Card Registration Laws https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws ^{[Archive.org]}↩︎
Wikipedia, Device Fingerprinting https://en.wikipedia.org/wiki/Device_fingerprint ^[Wikiless] ^{[Archive.org]}↩︎
Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html ^{[Archive.org]}↩︎
Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer ^[Wikiless] ^{[Archive.org]}↩︎
Google Help, Access age-restricted content & features https://support.google.com/accounts/answer/10071085 ^{[Archive.org]}↩︎
Wikipedia, Dark Pattern https://en.wikipedia.org/wiki/Dark_pattern ^[Wikiless] ^{[Archive.org]}↩︎
The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight ^{[Archive.org]}↩︎
DigitalInformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html ^{[Archive.org]}↩︎
Vice.com, PornHub Announces ‘Biometric Technology’ to Verify Users https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id ^{[Archive.org]}↩︎
Variety, China Launches Hotline to Report Online Comments That ‘Distort’ History or ‘Deny’ Its Cultural Excellence https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/ ^{[Archive.org]}↩︎
Wikipedia, Trust but verify https://en.wikipedia.org/wiki/Trust,_but_verify ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Zero-trust Security Model https://en.wikipedia.org/wiki/Zero_trust_security_model ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Espionage, Organization https://en.wikipedia.org/wiki/Espionage#Organization ^[Wikiless] ^{[Archive.org]}↩︎
Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html ^{[Archive.org]}↩︎
Medium.com, Kyle McDonald, How to recognize fake AI-generated images https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842^[Scribe.rip] ^{[Archive.org]}↩︎
Jayway Blog, Using ML to detect fake face images created by AI https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/ ^{[Archive.org]}↩︎
Wikipedia, Sim Swapping https://en.wikipedia.org/wiki/SIM_swap_scam ^[Wikiless] ^{[Archive.org]}↩︎
Whonix Documentation, Tor Configuration https://www.whonix.org/wiki/Tor#Edit_Tor_Configuration ^{[Archive.org]}↩︎
Tor Browser Documentation, Editing Torrc https://support.torproject.org/tbb/tbb-editing-torrc/ ^{[Archive.org]}↩︎
English translation of German Telemedia Act https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf ^{[Archive.org]}. Section 13, Article 6, “The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility.”.↩︎
Wikipedia, Real-Name System Germany https://en.wikipedia.org/wiki/Real-name_system#Germany ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, KYC https://en.wikipedia.org/wiki/Know_your_customer ^[Wikiless] ^{[Archive.org]}↩︎
Facebook Onion Website http://facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/↩︎
Google Help https://support.google.com/accounts/answer/114129?hl=en ^{[Archive.org]}↩︎
Google Help, Customer Matching Process https://support.google.com/google-ads/answer/7474263?hl=en ^{[Archive.org]}↩︎
Google, Your account is disabled https://support.google.com/accounts/answer/40695 ^{[Archive.org]}↩︎
Google, Request to restore the account https://support.google.com/accounts/contact/disabled2 ^{[Archive.org]}↩︎
Google Help, Update your account to meet age requirements https://support.google.com/accounts/answer/1333913?hl=en ^{[Archive.org]}↩︎
Jumio, ID verification features https://www.jumio.com/features/ ^{[Archive.org]}↩︎
Privacyguides.org recommended E-mail Providers https://www.privacyguides.org/email/ ^{[Archive.org]}↩︎
Proton Registration Human Verification https://proton.me/support/human-verification/ ^{[Archive.org]}↩︎
Twitter Appeal Form https://help.twitter.com/forms/general ↩︎
KnowYourMeme, Good Luck, I’m Behind 7 Proxies https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies ^{[Archive.org]}↩︎
Wikipedia, end-to-end encryption https://en.wikipedia.org/wiki/End-to-end_encryption ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Forward Secrecy https://en.wikipedia.org/wiki/Forward_secrecy ^[Wikiless] ^{[Archive.org]}↩︎
Proton Blog, What is zero-access encryption? https://proton.me/blog/zero-access-encryption/ ^{[Archive.org]}↩︎
Wikipedia, Cambridge Analytica Scandal https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal ^[Wikiless] ^{[Archive.org]}↩︎
Signal Blog, Technology preview: Sealed sender for Signal https://signal.org/blog/sealed-sender/ ^{[Archive.org]}↩︎
Signal Blog, Private Contact Discovery https://signal.org/blog/private-contact-discovery/ ^{[Archive.org]}↩︎
Signal Blog, Private Group System https://signal.org/blog/signal-private-group-system/ ^{[Archive.org]}↩︎
Privacyguides.org, File-Sharing https://www.privacyguides.org/file-sharing/ ^{[Archive.org]}↩︎
Privacyguides.org, Real-Time Communication https://www.privacyguides.org/real-time-communication/ ^{[Archive.org]}↩︎
GetSession.org, The Session Protocol: What’s changing — and why https://getsession.org/session-protocol-explained/ ^{[Archive.org]}↩︎
Quarkslab, Audit of Session Secure Messaging Application https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html ^{[Archive.org]}↩︎
Techlore, Top 5 BEST Messengers For Privacy https://www.youtube.com/watch?v=aVwl892hqb4 ^[Invidious]↩︎
Wikipedia, IPFS https://en.wikipedia.org/wiki/InterPlanetary_File_System ^[Wikiless] ^{[Archive.org]}↩︎
Praxis Films, Open Letter from Laura Poitras https://www.praxisfilms.org/open-letter-from-laura-poitras/ ^{[Archive.org]}↩︎
Wikipedia, SecureDrop https://en.wikipedia.org/wiki/SecureDrop ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, TPM https://en.wikipedia.org/wiki/Trusted_Platform_Module ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Pastebin https://en.wikipedia.org/wiki/Pastebin ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Wear Leveling https://en.wikipedia.org/wiki/Wear_leveling ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Trim https://en.wikipedia.org/wiki/Write_amplification#TRIM ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Write Amplification https://en.wikipedia.org/wiki/Write_amplification ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Trim Disadvantages https://en.wikipedia.org/wiki/Trim_(computing)#Disadvantages ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Garbage Collection https://en.wikipedia.org/wiki/Write_amplification#Garbage_collection ^[Wikiless] ^{[Archive.org]}↩︎
Techgage, Too TRIM? When SSD Data Recovery is Impossible https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/ ^{[Archive.org]}↩︎
ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function ^{[Archive.org]}↩︎
ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/ ^{[Archive.org]}↩︎
Forensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/ ^{[Archive.org]}↩︎
ResearchGate, Solid State Drive Forensics: Where Do We Stand? https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand ^{[Archive.org]}↩︎
BleepingComputer, Firmware attack can drop persistent malware in hidden SSD area https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/ ^{[Archive.org]}↩︎
Wikipedia, Parted Magic https://en.wikipedia.org/wiki/Parted_Magic ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, hdparm https://en.wikipedia.org/wiki/Hdparm ^[Wikiless] ^{[Archive.org]}↩︎
GitHub, nvme-cli https://github.com/linux-nvme/nvme-cli ^{[Archive.org]}↩︎
PartedMagic Secure Erase https://partedmagic.com/secure-erase/ ^{[Archive.org]}↩︎
Partedmagic NVMe Secure Erase https://partedmagic.com/nvme-secure-erase/ ^{[Archive.org]}↩︎
UFSExplorer, Can I recover data from an encrypted storage? https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php ^{[Archive.org]}↩︎
Apple Developer Documentation https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html ^{[Archive.org]}↩︎
EFF, How to: Delete Your Data Securely on macOS https://ssd.eff.org/en/module/how-delete-your-data-securely-macos ^{[Archive.org]}↩︎
Privacyguides.org, Productivity tools https://privacyguides.org/productivity/ ^{[Archive.org]}↩︎
Whonix Documentation, Scrubbing Metadata https://www.whonix.org/wiki/Metadata ^{[Archive.org]}↩︎
Tails documentation, MAT https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/ ^{[Archive.org]}↩︎
GitHub, Disable Gatekeeper on macOS Big Sur (11.x) https://disable-gatekeeper.github.io/ ^{[Archive.org]}↩︎
Veracrypt Documentation, Data Leaks https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html ^{[Archive.org]}↩︎
SANS, Windows ShellBag Forensics in-depth https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545 ^{[Archive.org]}↩︎
St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds ^{[Archive.org]}↩︎
Wikipedia, Trim https://en.wikipedia.org/wiki/Trim_(computing) ^[Wikiless] ^{[Archive.org]}↩︎
DuckDuckGo help, Cache https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/ ^{[Archive.org]}↩︎
DuckDuckGo help, Sources https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/ ^{[Archive.org]}↩︎
Wikipedia, Dead Drop https://en.wikipedia.org/wiki/Dead_drop ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Secure Communication Obfuscation https://en.wikipedia.org/wiki/Obfuscation#Secure_communication ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Steganography https://en.wikipedia.org/wiki/Steganography ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Kleptography https://en.wikipedia.org/wiki/Kleptography ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Koalang https://en.wikipedia.org/wiki/Koalang ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, OPSEC https://en.wikipedia.org/wiki/Operations_security ^[Wikiless] ^{[Archive.org]}↩︎
Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes https://quoteinvestigator.com/2014/07/13/truth/ ^{[Archive.org]}↩︎
Privacyguides.org, Operating Systems https://www.privacyguides.org/tools/#operating-systems ^{[Archive.org]}↩︎
Medium.com, Digging into the System Resource Usage Monitor (SRUM) https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375 ^[Scribe.rip] ^{[Archive.org]}↩︎
SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/ ^{[Archive.org]}↩︎
DBAN, https://dban.org/ ^{[Archive.org]}↩︎
NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html ^{[Archive.org]}↩︎
Wikipedia, Koalang https://en.wikipedia.org/wiki/Koalang ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Faraday Cage, https://en.wikipedia.org/wiki/Faraday_cage ^[Wikiless] ^{[Archive.org]}↩︎
Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness https://web.archive.org/web/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf ^{[Archive.org]}↩︎
arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning https://arxiv.org/pdf/1512.05616.pdf ^{[Archive.org]}↩︎
Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences https://dl.acm.org/doi/pdf/10.1145/3309074.3309076 ^{[Archive.org]}↩︎
YouTube, Fingerprinting Paper - Forensic Education https://www.youtube.com/watch?v=sO98kDLkh-M ^[Invidious]↩︎
Wikipedia, Touch DNA, https://en.wikipedia.org/wiki/Touch_DNA ^[Wikiless] ^{[Archive.org]}↩︎
TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss….. https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps ^{[Archive.org]}↩︎
Wikipedia, OONI, https://en.wikipedia.org/wiki/OONI ^[Wikiless] ^{[Archive.org]}↩︎
GitHub, Mhinkie, OONI-Detection https://github.com/mhinkie/ooni-detection ^{[Archive.org]}↩︎
Wikipedia, File Verification https://en.wikipedia.org/wiki/File_verification ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, CRC https://en.wikipedia.org/wiki/Cyclic_redundancy_check ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, MD5 https://en.wikipedia.org/wiki/MD5 ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, MD5 Security https://en.wikipedia.org/wiki/MD5#Security ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Collisions https://en.wikipedia.org/wiki/Collision_(computer_science) ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, SHA https://en.wikipedia.org/wiki/Secure_Hash_Algorithms ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, SHA-2 https://en.wikipedia.org/wiki/SHA-2 ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Collision Resistance https://en.wikipedia.org/wiki/Collision_resistance ^[Wikiless] ^{[Archive.org]}↩︎
GnuPG Gpg4win Wiki, Check integrity of Gpg4win packages https://wiki.gnupg.org/Gpg4win/CheckIntegrity ^{[Archive.org]}↩︎
Wikipedia, GPG https://en.wikipedia.org/wiki/GNU_Privacy_Guard ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Public-Key Cryptography https://en.wikipedia.org/wiki/Public-key_cryptography ^[Wikiless] ^{[Archive.org]}↩︎
Wikipedia, Polymorphic Code https://en.wikipedia.org/wiki/Polymorphic_code ^[Wikiless] ^{[Archive.org]}↩︎
Whonix Documentation, Use of AV, https://www.whonix.org/wiki/Malware_and_Firmware_Trojans#The_Utility_of_Antivirus_Tools ^{[Archive.org]}↩︎
Whonix Forums, https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8 ^{[Archive.org]}↩︎
AV-Test Security Report 2018-2019, https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf ^{[Archive.org]}↩︎
ZDNet, ESET discovers 21 new Linux malware families https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/ ^{[Archive.org]}↩︎
NakeSecurity, EvilGnome – Linux malware aimed at your desktop, not your servers https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/ ^{[Archive.org]}↩︎
Immunify, HiddenWasp: How to detect malware hidden on Linux & IoT https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot ^{[Archive.org]}↩︎
Wikipedia, Linux Malware https://en.wikipedia.org/wiki/Linux_malware ^[Wikiless] ^{[Archive.org]}↩︎
Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/ ^{[Archive.org]}↩︎
Wikipedia, macOS Malware https://en.wikipedia.org/wiki/macOS_malware ^[Wikiless] ^{[Archive.org]}↩︎
MacWorld, List of Mac viruses, malware and security flaws https://www.macworld.co.uk/feature/mac-viruses-list-3668354/ ^{[Archive.org]}↩︎
JAMF, The Mac Malware of 2020 https://resources.jamf.com/documents/macmalware-2020.pdf ^{[Archive.org]}↩︎
macOS Security and Privacy Guide, https://github.com/drduh/macOS-Security-and-Privacy-Guide#viruses-and-malware ^{[Archive.org]}↩︎
ImageTragick.com, https://imagetragick.com/ ^{[Archive.org]}↩︎
Oracle Virtualbox Documentation, https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html ^{[Archive.org]}↩︎
Oracle Virtualbox Documentation, https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html ^{[Archive.org]}↩︎
Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/ ^{[Archive.org]}↩︎
Wikipedia, Portable Applications https://en.wikipedia.org/wiki/Portable_application ^[Wikiless] ^{[Archive.org]}↩︎
Brave Help, What is a Private Window with Tor Connectivity? https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor ^{[Archive.org]}↩︎
BlackGNU, Brave, the false sensation of privacy https://blackgnu.net/brave-is-shit.html ^{[Archive.org]}↩︎
Brave Help Center, What is “Shields”? https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields ^{[Archive.org]}↩︎
VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/ ^{[Archive.org]}↩︎
Brave.com, Brave, Fingerprinting, and Privacy Budgets https://brave.com/brave-fingerprinting-and-privacy-budgets/ ^{[Archive.org]}↩︎
Madaidan’s Insecurities, Firefox and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html ^{[Archive.org]}↩︎
GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing ^{[Archive.org]}↩︎
ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home ^{[Archive.org]}↩︎
Duck’s pond, Ungoogled-Chromium https://qua3k.github.io/ungoogled/ ^{[Archive.org]}↩︎
Madaidan’s Insecurities, Firefox and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html ^{[Archive.org]}↩︎
GrapheneOS, Web Browsing https://grapheneos.org/usage#web-browsing ^{[Archive.org]}↩︎
Microsoft.com, Microsoft Edge support for Microsoft Defender Application Guard https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard ^{[Archive.org]}↩︎
PcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox ^{[Archive.org]}↩︎
Madaidan’s Insecurities, Firefox and Chromium https://madaidans-insecurities.github.io/firefox-chromium.html ^{[Archive.org]}↩︎
FingerprintJS, Demo: Disabling JavaScript Won’t Save You from Fingerprinting https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ ^{[Archive.org]}↩︎
Duck’s pond, Ungoogled-Chromium https://qua3k.github.io/ungoogled/ ^{[Archive.org]}↩︎
Wikipedia, Virtualization https://en.wikipedia.org/wiki/Virtualization ^[Wikiless] ^{[Archive.org]}↩︎
Tor Project, Project Snowflake https://snowflake.torproject.org/ ^{[Archive.org]}↩︎
GitHub, Obfs4 Repository https://github.com/Yawning/obfs4/ ^{[Archive.org]}↩︎
Tor Browser Manual, Pluggable Transport https://tb-manual.torproject.org/circumvention/ ^{[Archive.org]}↩︎
Tor Browser Manual, Pluggable Transport https://tb-manual.torproject.org/circumvention/ ^{[Archive.org]}↩︎
Wikipedia, Domain Fronting https://en.wikipedia.org/wiki/Domain_fronting ^[Wikiless] ^{[Archive.org]}↩︎
GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569 ^{[Archive.org]}↩︎
Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous ^{[Archive.org]}↩︎
A Comprehensive Bitcoin CoinJoin Guide https://bitcoinmagazine.com/technical/a-comprehensive-bitcoin-coinjoin-guide ^{[Archive.org]}↩︎
Samourai Whirlpool https://docs.samourai.io/whirlpool/start^{[Archive.org]}↩︎
Wasabi Wallet zkSNACKs Blacklisting https://blog.wasabiwallet.io/zksnacks-blacklisting-update ^{[Archive.org]}↩︎
An Analysis and Disclosure Regarding the Deterministic Nature of the Wasabi Wallet CoinJoin Algorithm https://research.oxt.me/alerts/2020/08/21/Wasabi-Wallet ^{[Archive.org]}↩︎
NIST, NIST Has Spoken - Death to Complexity, Long Live the Passphrase! https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/ ^{[Archive.org]}↩︎
ZDnet, FBI recommends passphrases over password complexity https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/ ^{[Archive.org]}↩︎
The Intercept, Passphrases That You Can Memorize — But That Even the NSA Can’t Guess https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ ^{[Tor Mirror]} ^{[Archive.org]}↩︎
Proton Blog, Let’s settle the password vs. passphrase debate once and for all https://proton.me/blog/protonmail-com-blog-password-vs-passphrase/ ^{[Archive.org]}↩︎
YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) https://www.youtube.com/watch?v=yzGzB-yYKcc ^[Invidious]↩︎
YouTube, How to Choose a Password – Computerphile https://www.youtube.com/watch?v=3NjQ9b3pgIg ^[Invidious]↩︎
Wikipedia, Passphrase https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection ^[Wikiless] ^{[Archive.org]}↩︎
Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf ^{[Archive.org]}↩︎

The Hitchhiker’s Guide to Online Anonymity

IMPORTANT RECOMMENDATION FOR UKRAINIANS. ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ УКРАЇНЦІВ

Contents:

Pre-requisites and limitations:

Pre-requisites:

Limitations:

Introduction:

Understanding some basics of how some information can lead back to you and how to mitigate some:

Your Network:

Your IP address:

Your DNS and IP requests:

Your RFID enabled devices:

The Wi-Fi and Bluetooth devices around you:

Malicious/Rogue Wi-Fi Access Points:

Your Anonymized Tor/VPN traffic:

Some Devices can be tracked even when offline:

Your Hardware Identifiers:

Your IMEI and IMSI (and by extension, your phone number):

Your Wi-Fi or Ethernet MAC address:

Your Bluetooth MAC address:

Your CPU:

Your Operating Systems and Apps telemetry services:

Your Smart devices in general:

Yourself:

Your Metadata including your Geo-Location:

Your Digital Fingerprint, Footprint, and Online Behavior:

Your Clues about your Real Life and OSINT:

Your Face, Voice, Biometrics, and Pictures:

Gait Recognition and Other Long-Range Biometrics

Phishing and Social Engineering:

Malware, exploits, and viruses:

Malware in your files/documents/e-mails:

Malware and Exploits in your apps and services:

Malicious USB devices:

Malware and backdoors in your Hardware Firmware and Operating System:

Your files, documents, pictures, and videos:

Properties and Metadata:

Watermarking:

Pictures/Videos/Audio:

Printing Watermarking:

Pixelized or Blurred Information:

Your Cryptocurrencies transactions:

Your Cloud backups/sync services:

Your Browser and Device Fingerprints:

Local Data Leaks and Forensics:

Bad Cryptography:

No logging but logging anyway policies:

Some Advanced targeted techniques:

Some bonus resources:

Notes:

General Preparations:

Picking your route:

Timing limitations:

Budget/Material limitations:

Skills:

Adversarial considerations:

Threats:

Adversaries:

Steps for all routes:

Getting used to using better passwords:

Getting an anonymous Phone number:

Physical Burner Phone and prepaid SIM card:

Get a burner phone:

Getting an anonymous pre-paid SIM card:

Online Phone Number:

Get a USB key:

Find some safe places with decent public Wi-Fi:

The Tor Browser route:

Windows, Linux, and macOS:

Android:

iOS:

Important Warning:

The Tails route:

Tor Browser settings on Tails:

Persistent Plausible Deniability using Whonix within Tails:

First Run:

Subsequent Runs:

Steps for all other routes:

Get a dedicated laptop for your sensitive activities:

Some laptop recommendations: