Git-Mirrors/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2024-07-12 14:11:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
917052c1d3
thgtoa/tex2pdf.-1a34188c73046814/input.tex
nopeitsnothing 917052c1d3
Sign recent changes 
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
2023-06-10 18:38:15 -04:00

25928 lines
1.1 MiB
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

% Enable hyperlinks
\setupinteraction
[state=start,
title={The Hitchhiker's Guide to Online Anonymity},
style=,
color=,
contrastcolor=]
% make chapter, section bookmarks visible when opening document
\placebookmarks[chapter, section, subsection, subsubsection, subsubsubsection, subsubsubsubsection][chapter, section]
\setupinteractionscreen[option=bookmark]
\setuptagging[state=start]
% use microtypography
\definefontfeature[default][default][script=latn, protrusion=quality, expansion=quality, itlc=yes, textitalics=yes, onum=yes, pnum=yes]
\definefontfeature[smallcaps][script=latn, protrusion=quality, expansion=quality, smcp=yes, onum=yes, pnum=yes]
\setupalign[hz,hanging]
\setupitaliccorrection[global, always]
\setupbodyfontenvironment[default][em=italic] % use italic as em, not slanted
\definefallbackfamily[mainface][rm][CMU Serif][preset=range:greek, force=yes]
\definefontfamily[mainface][rm][Latin Modern Roman]
\definefontfamily[mainface][mm][Latin Modern Math]
\definefontfamily[mainface][ss][Latin Modern Sans]
\definefontfamily[mainface][tt][Latin Modern Typewriter][features=none]
\setupbodyfont[mainface]
\setupwhitespace[medium]
\setuphead[chapter] [style=\tfd,header=empty]
\setuphead[section] [style=\tfc]
\setuphead[subsection] [style=\tfb]
\setuphead[subsubsection] [style=\bf]
\setuphead[subsubsubsection] [style=\sc]
\setuphead[subsubsubsubsection][style=\it]
\setuphead[chapter, section, subsection, subsubsection, subsubsubsection, subsubsubsubsection][number=no]
\definedescription
[description]
[headstyle=bold, style=normal, location=hanging, width=broad, margin=1cm, alternative=hanging]
\setupitemize[autointro] % prevent orphan list intro
\setupitemize[indentnext=no]
\setupfloat[figure][default={here,nonumber}]
\setupfloat[table][default={here,nonumber}]
\setupthinrules[width=15em] % width of horizontal rules
\setupxtable[frame=off]
\setupxtable[head][topframe=on,bottomframe=on]
\setupxtable[body][]
\setupxtable[foot][bottomframe=on]
\starttext
\startalignment[middle]
{\tfd The Hitchhiker's Guide to Online Anonymity}
\bigskip
\stopalignment
\section[title={The Hitchhiker's Guide to Online
Anonymity},reference={the-hitchhikers-guide-to-online-anonymity}]
(Or \quotation{How I learned to start worrying and love
\overstrikes{privacy} anonymity})
Version 1.1.7, June 2023 by Anonymous Planet
\subsubsubsection[title={{\bf IMPORTANT RECOMMENDATION FOR UKRAINIANS.
ВАЖЛИВА РЕКОМЕНДАЦІЯ ДЛЯ
УКРАЇНЦІВ}},reference={important-recommendation-for-ukrainians.-важлива-рекомендація-для-українців}]
Це послання до народу України. Ми настійно рекомендуємо вам
використовувати Briar для спілкування. Ви можете знайти його тут:
<https://briarproject.org/ . За допомогою цієї програми ви можете
спілкуватися, навіть коли немає Інтернету. Посібник тут:
\useURL[url1][https://briarproject.org/manual/uk/]\from[url1], Швидкий
початок:
\useURL[url2][https://briarproject.org/quick-start/uk/]\from[url2]
\thinrule
This is a message for the people of Ukraine. We strongly recommend that
you use Briar for communicating. You can find it here:
\useURL[url3][https://briarproject.org/]\from[url3] With this
application, you can communicate even when there is no internet. The
manual is here:
\useURL[url4][https://briarproject.org/manual/]\from[url4], quick-start
guide here:
\useURL[url5][https://briarproject.org/quick-start/]\from[url5]
\thinrule
{\bf This guide is a work in progress}. It will probably never be
\quotation{finished}.
{\bf No affiliation with the}
\useURL[url6][https://en.wikipedia.org/wiki/Anonymous_(hacker_group)][][Anonymous]\from[url6]
\useURL[url7][https://wikiless.org/wiki/Anonymous_(hacker_group)][][{[}Wikiless{]}]\from[url7]
\useURL[url8][https://web.archive.org/web/https://en.wikipedia.org/wiki/Anonymous_(hacker_group)][][{[}Archive.org{]}]\from[url8]
{\bf collective/movement.}
{\bf There might be some wrong or outdated information in this guide
because no one is perfect.}
{\bf Your experience may vary. Remember to check regularly for an
updated version of this guide.}
This guide is a non-profit open-source initiative, licensed under
Creative Commons {\bf Attribution-NonCommercial} 4.0 International
(\useURL[url9][https://creativecommons.org/licenses/by-nc/4.0/][][cc-by-nc-4.0]\from[url9]
\useURL[url10][https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/][][{[}Archive.org{]}]\from[url10]).
\startitemize
\item
For mirrors see \goto{Appendix A6: Mirrors}[appendix-a6-mirrors]
\item
For help in comparing versions see \goto{Appendix A7: Comparing
versions}[appendix-a7-comparing-versions]
\stopitemize
Feel free to submit issues {\bf (please do report anything wrong)} using
GitHub Issues at:
\useURL[url11][https://github.com/Anon-Planet/thgtoa/issues]\from[url11]
Feel free to come to discuss ideas at:
\startitemize
\item
Rules for our chatrooms:
\useURL[url12][https://anonymousplanet.org/chatrooms-rules.html]\from[url12]
\item
Matrix/Element Room: \type{#anonymity:matrix.org}
\useURL[url13][https://matrix.to/\#/\#anonymity:matrix.org]\from[url13]
\item
Matrix Space regrouping several rooms with similar interests:
\type{#privacy-security-anonymity:matrix.org}
\useURL[url14][https://matrix.to/\#/\#privacy-security-anonymity:matrix.org]\from[url14].
\stopitemize
Follow us on:
\startitemize
\item
Twitter at \useURL[url15][https://twitter.com/AnonyPla]\from[url15]
\item
Mastodon at
\useURL[url16][https://mastodon.social/@anonymousplanet]\from[url16]
\stopitemize
To contact me, see the updated information on the website or send an
e-mail to
\useURL[url17][mailto:contact@anonymousplanet.org][][contact@anonymousplanet.org]\from[url17]
{\bf Please consider \goto{donating}[donations] if you enjoy the project
and want to support the hosting fees or support the funding of
initiatives like the hosting of Tor Exit Nodes.}
There are several ways you could read this guide:
\startitemize
\item
You want to understand the current state of online privacy and
anonymity not necessarily get too technical about it: Just read the
\goto{Introduction}[introduction],
\goto{Requirements}[pre-requisites-and-limitations],
\goto{Understanding some basics of how some information can lead back
to you and how to mitigate
those}[understanding-some-basics-of-how-some-information-can-lead-back-to-you-and-how-to-mitigate-some]
and \goto{A final editorial note}[a-small-final-editorial-note]
sections.
\item
You want to do the above but also learn how to remove some online
information about you: Just read the above and add the \goto{Removing
some traces of your identities on search engines and various
platforms.}[removing-some-traces-of-your-identities-on-search-engines-and-various-platforms]
\item
You want to do the above and create online anonymous identities online
safely and securely: Read the whole guide.
\stopitemize
Precautions while reading this guide and accessing the various links:
\startitemize
\item
{\bf Documents/Files} have a {\bf {[}Archive.org{]}} link next to them
for accessing content through Archive.org for increased privacy and in
case the content goes missing. Some links are not yet archived or
outdated on archive.org in which case we encourage you to ask for a
new save if possible.
\item
{\bf YouTube Videos} have a {\bf {[}Invidious{]}} link next to them
for accessing content through an Invidious Instance (in this case
yewtu.be hosted in the Netherlands) for increased privacy. It is
recommended to use these links when possible. See
\useURL[url18][https://github.com/iv-org/invidious]\from[url18]
\useURL[url19][https://web.archive.org/web/https://github.com/iv-org/invidious][][{[}Archive.org{]}]\from[url19]
for more information.
\item
{\bf Twitter} links have a {\bf {[}Nitter{]}} link next to them for
accessing content through a Nitter Instance (in this case nitter.net)
for increased privacy. It is recommended to use these links when
possible. See
\useURL[url20][https://github.com/zedeus/nitter]\from[url20]
\useURL[url21][https://web.archive.org/web/https://github.com/zedeus/nitter][][{[}Archive.org{]}]\from[url21]
for more information.
\item
{\bf Wikipedia} links have a {\bf {[}Wikiless{]}} link next to them
for accessing content through a Wikiless Instance (in this case
Wikiless.org) for increased privacy. It is recommended to use these
links when possible. See
\useURL[url22][https://codeberg.org/orenom/wikiless]\from[url22]
\useURL[url23][https://web.archive.org/web/https://codeberg.org/orenom/wikiless][][{[}Archive.org{]}]\from[url23]
for more information.
\item
{\bf Medium} links have {\bf {[}Scribe.rip{]}} link next to them for
accessing content through a Scribe.rip Instance for increased privacy.
Again, it is recommended to use these links when possible. See
\useURL[url24][https://scribe.rip/]\from[url24]
\useURL[url25][https://web.archive.org/web/https://scribe.rip/][][{[}Archive.org{]}]\from[url25]
for more information.
\item
If you are reading this in PDF or ODT format, you will notice plenty
of ``` in place of double quotes (""). These ``` are there to ease
conversion into Markdown/HTML format for online viewing of code blocks
on the website.
\stopitemize
If you do not want the hassle and use one of the browsers below, you
could also just install the following extension on your browser:
\useURL[url26][https://libredirect.github.io/]\from[url26]
\useURL[url27][https://web.archive.org/web/20220509220021/https://libredirect.github.io/][][{[}Archive.org{]}]\from[url27]:
\startitemize
\item
Firefox:
\useURL[url28][https://addons.mozilla.org/en-US/firefox/addon/libredirect/]\from[url28]
\item
Chromium-based browsers (Chrome, Brave, Edge):
\useURL[url29][https://github.com/libredirect/libredirect/blob/master/chromium.md]\from[url29]
\stopitemize
{\bf If you are having trouble accessing any of the many academic
articles referenced in this guide due to paywalls, feel free to use
Sci-Hub
(\useURL[url30][https://en.wikipedia.org/wiki/Sci-Hub]\from[url30]}
\useURL[url31][https://wikiless.org/wiki/Sci-Hub][][{[}Wikiless{]}]\from[url31]
\useURL[url32][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sci-Hub][][{[}Archive.org{]}]\from[url32]{\bf )
or LibGen
(\useURL[url33][https://en.wikipedia.org/wiki/Library_Genesis]\from[url33]}
\useURL[url34][https://wikiless.org/wiki/Library_Genesis][][{[}Wikiless{]}]\from[url34]
\useURL[url35][https://web.archive.org/web/https://en.wikipedia.org/wiki/Library_Genesis][][{[}Archive.org{]}]\from[url35]{\bf )
for finding and reading them. Because Science should be free. All of it.
If you are faced with a paywall accessing some resources, consider using
\useURL[url36][https://12ft.io/]\from[url36].}
Finally note that this guide does mention and even recommends various
commercial services (such as VPNs, CDNs, e-mail providers, hosting
providers\ldots{}) {\bf but is not endorsed or sponsored by any of them
in any way. There are no referral links and no commercial ties with any
of these providers. This project is 100\letterpercent{} non-profit and
only relying on donations.}
\section[title={Contents:},reference={contents}]
\startitemize[packed]
\item
\goto{Pre-requisites and limitations:}[pre-requisites-and-limitations]
\startitemize[packed]
\item
\goto{Pre-requisites:}[pre-requisites]
\item
\goto{Limitations:}[limitations]
\stopitemize
\item
\goto{Introduction:}[introduction]
\item
\goto{Understanding some basics of how some information can lead back
to you and how to mitigate
some:}[understanding-some-basics-of-how-some-information-can-lead-back-to-you-and-how-to-mitigate-some]
\startitemize[packed]
\item
\goto{Your Network:}[your-network]
\startitemize[packed]
\item
\goto{Your IP address:}[your-ip-address]
\item
\goto{Your DNS and IP requests:}[your-dns-and-ip-requests]
\item
\goto{Your RFID enabled devices:}[your-rfid-enabled-devices]
\item
\goto{The Wi-Fi and Bluetooth devices around
you:}[the-wi-fi-and-bluetooth-devices-around-you]
\item
\goto{Malicious/Rogue Wi-Fi Access
Points:}[maliciousrogue-wi-fi-access-points]
\item
\goto{Your Anonymized Tor/VPN
traffic:}[your-anonymized-torvpn-traffic]
\item
\goto{Some Devices can be tracked even when
offline:}[some-devices-can-be-tracked-even-when-offline]
\stopitemize
\item
\goto{Your Hardware Identifiers:}[your-hardware-identifiers]
\startitemize[packed]
\item
\goto{Your IMEI and IMSI (and by extension, your phone
number):}[your-imei-and-imsi-and-by-extension-your-phone-number]
\item
\goto{Your Wi-Fi or Ethernet MAC
address:}[your-wi-fi-or-ethernet-mac-address]
\item
\goto{Your Bluetooth MAC address:}[your-bluetooth-mac-address]
\stopitemize
\item
\goto{Your CPU:}[your-cpu]
\item
\goto{Your Operating Systems and Apps telemetry
services:}[your-operating-systems-and-apps-telemetry-services]
\item
\goto{Your Smart devices in general:}[your-smart-devices-in-general]
\item
\goto{Yourself:}[yourself]
\startitemize[packed]
\item
\goto{Your Metadata including your
Geo-Location:}[your-metadata-including-your-geo-location]
\item
\goto{Your Digital Fingerprint, Footprint, and Online
Behavior:}[your-digital-fingerprint-footprint-and-online-behavior]
\item
\goto{Your Clues about your Real Life and
OSINT:}[your-clues-about-your-real-life-and-osint]
\item
\goto{Your Face, Voice, Biometrics, and
Pictures:}[your-face-voice-biometrics-and-pictures]
\item
\goto{Gait Recognition and Other Long-Range
Biometrics}[gait-recognition-and-other-long-range-biometrics]
\item
\goto{Phishing and Social
Engineering:}[phishing-and-social-engineering]
\stopitemize
\item
\goto{Malware, exploits, and viruses:}[malware-exploits-and-viruses]
\startitemize[packed]
\item
\goto{Malware in your
files/documents/e-mails:}[malware-in-your-filesdocumentse-mails]
\item
\goto{Malware and Exploits in your apps and
services:}[malware-and-exploits-in-your-apps-and-services]
\item
\goto{Malicious USB devices:}[malicious-usb-devices]
\item
\goto{Malware and backdoors in your Hardware Firmware and
Operating
System:}[malware-and-backdoors-in-your-hardware-firmware-and-operating-system]
\stopitemize
\item
\goto{Your files, documents, pictures, and
videos:}[your-files-documents-pictures-and-videos]
\startitemize[packed]
\item
\goto{Properties and Metadata:}[properties-and-metadata]
\item
\goto{Watermarking:}[watermarking]
\item
\goto{Pixelized or Blurred
Information:}[pixelized-or-blurred-information]
\stopitemize
\item
\goto{Your Cryptocurrencies
transactions:}[your-cryptocurrencies-transactions]
\item
\goto{Your Cloud backups/sync
services:}[your-cloud-backupssync-services]
\item
\goto{Your Browser and Device
Fingerprints:}[your-browser-and-device-fingerprints]
\startitemize[packed]
\item
\goto{Microarchitectural Side-channel Deanonymization
Attacks:}[microarchitectural-side-channel-deanonymization-attacks]
\stopitemize
\item
\goto{Local Data Leaks and
Forensics:}[local-data-leaks-and-forensics]
\item
\goto{Bad Cryptography:}[bad-cryptography]
\item
\goto{No logging but logging anyway
policies:}[no-logging-but-logging-anyway-policies]
\item
\goto{Some Advanced targeted
techniques:}[some-advanced-targeted-techniques]
\item
\goto{Some bonus resources:}[some-bonus-resources]
\item
\goto{Notes:}[notes]
\stopitemize
\item
\goto{General Preparations:}[general-preparations]
\startitemize[packed]
\item
\goto{Picking your route:}[picking-your-route]
\startitemize[packed]
\item
\goto{Timing limitations:}[timing-limitations]
\item
\goto{Budget/Material limitations:}[budgetmaterial-limitations]
\item
\goto{Skills:}[skills]
\item
\goto{Adversarial considerations:}[adversarial-considerations]
\stopitemize
\item
\goto{Steps for all routes:}[steps-for-all-routes]
\startitemize[packed]
\item
\goto{Getting used to using better
passwords:}[getting-used-to-using-better-passwords]
\item
\goto{Getting an anonymous Phone
number:}[getting-an-anonymous-phone-number]
\item
\goto{Get a USB key:}[get-a-usb-key]
\item
\goto{Find some safe places with decent public
Wi-Fi:}[find-some-safe-places-with-decent-public-wi-fi]
\stopitemize
\item
\goto{The Tor Browser route:}[the-tor-browser-route]
\startitemize[packed]
\item
\goto{Windows, Linux, and macOS:}[windows-linux-and-macos]
\item
\goto{Android:}[android]
\item
\goto{iOS:}[ios]
\item
\goto{Important Warning:}[important-warning]
\stopitemize
\item
\goto{The Tails route:}[the-tails-route]
\startitemize[packed]
\item
\goto{Tor Browser settings on
Tails:}[tor-browser-settings-on-tails]
\item
\goto{Persistent Plausible Deniability using Whonix within
Tails:}[persistent-plausible-deniability-using-whonix-within-tails]
\stopitemize
\item
\goto{Steps for all other routes:}[steps-for-all-other-routes]
\startitemize[packed]
\item
\goto{Get a dedicated laptop for your sensitive
activities:}[get-a-dedicated-laptop-for-your-sensitive-activities]
\item
\goto{Some laptop recommendations:}[some-laptop-recommendations]
\item
\goto{Bios/UEFI/Firmware Settings of your
laptop:}[biosuefifirmware-settings-of-your-laptop]
\item
\goto{Physically Tamper protect your
laptop:}[physically-tamper-protect-your-laptop]
\stopitemize
\item
\goto{The Whonix route:}[the-whonix-route]
\startitemize[packed]
\item
\goto{Picking your Host OS (the OS installed on your
laptop):}[picking-your-host-os-the-os-installed-on-your-laptop]
\item
\goto{Linux Host OS:}[linux-host-os]
\item
\goto{macOS Host OS:}[macos-host-os]
\item
\goto{Windows Host OS:}[windows-host-os]
\item
\goto{Virtualbox on your Host OS:}[virtualbox-on-your-host-os]
\item
\goto{Pick your connectivity
method:}[pick-your-connectivity-method]
\item
\goto{Getting an anonymous
VPN/Proxy:}[getting-an-anonymous-vpnproxy]
\item
\goto{Whonix:}[whonix]
\item
\goto{Tor over VPN:}[tor-over-vpn-1]
\item
\goto{Whonix Virtual Machines:}[whonix-virtual-machines]
\item
\goto{Pick your guest workstation Virtual
Machine:}[pick-your-guest-workstation-virtual-machine]
\item
\goto{Linux Virtual Machine (Whonix or
Linux):}[linux-virtual-machine-whonix-or-linux]
\item
\goto{Windows 10/11 Virtual
Machine:}[windows-1011-virtual-machine]
\item
\goto{Android Virtual Machine:}[android-virtual-machine]
\item
\goto{macOS Virtual Machine:}[macos-virtual-machine]
\item
\goto{KeepassXC:}[keepassxc]
\item
\goto{VPN client installation (cash/Monero
paid):}[vpn-client-installation-cashmonero-paid]
\item
\goto{(Optional) VM kill switch:}[optional-vm-kill-switch]
\item
\goto{Final step:}[final-step]
\stopitemize
\item
\goto{The Qubes Route:}[the-qubes-route]
\startitemize[packed]
\item
\goto{Pick your connectivity
method:}[pick-your-connectivity-method-1]
\item
\goto{Getting an anonymous
VPN/Proxy:}[getting-an-anonymous-vpnproxy-1]
\item
\goto{Note about Plausible
Deniability:}[note-about-plausible-deniability]
\item
\goto{Installation:}[installation-3]
\item
\goto{Lid Closure Behavior:}[lid-closure-behavior]
\item
\goto{Anti Evil Maid (AEM):}[anti-evil-maid-aem]
\item
\goto{Connect to a Public Wi-Fi:}[connect-to-a-public-wi-fi]
\item
\goto{Updating Qubes OS:}[updating-qubes-os]
\item
\goto{Updating Whonix from version 15 to version
16:}[updating-whonix-from-version-15-to-version-16]
\item
\goto{Hardening Qubes OS:}[hardening-qubes-os]
\item
\goto{Setup the VPN ProxyVM:}[setup-the-vpn-proxyvm]
\item
\goto{Setup a safe Browser within Qubes OS (optional but
recommended):}[setup-a-safe-browser-within-qubes-os-optional-but-recommended]
\item
\goto{Setup an Android VM:}[setup-an-android-vm]
\item
\goto{KeePassXC:}[keepassxc-1]
\stopitemize
\stopitemize
\item
\goto{Quick note: Correlation vs
Attribution:}[quick-note-correlation-vs-attribution]
\item
\goto{Creating your anonymous online
identities:}[creating-your-anonymous-online-identities]
\startitemize[packed]
\item
\goto{Understanding the methods used to prevent anonymity and verify
identity:}[understanding-the-methods-used-to-prevent-anonymity-and-verify-identity]
\startitemize[packed]
\item
\goto{Captchas:}[captchas]
\item
\goto{Phone verification:}[phone-verification]
\item
\goto{E-Mail verification:}[e-mail-verification]
\item
\goto{User details checking:}[user-details-checking]
\item
\goto{Proof of ID verification:}[proof-of-id-verification]
\item
\goto{IP Filters:}[ip-filters]
\item
\goto{Browser and Device
Fingerprinting:}[browser-and-device-fingerprinting]
\item
\goto{Human interaction:}[human-interaction]
\item
\goto{User Moderation:}[user-moderation]
\item
\goto{Behavioral Analysis:}[behavioral-analysis]
\item
\goto{Financial transactions:}[financial-transactions]
\item
\goto{Sign-in with some platform:}[sign-in-with-some-platform]
\item
\goto{Live Face recognition and biometrics
(again):}[live-face-recognition-and-biometrics-again]
\item
\goto{Manual reviews:}[manual-reviews]
\stopitemize
\item
\goto{Getting Online:}[getting-online]
\startitemize[packed]
\item
\goto{Creating new identities:}[creating-new-identities]
\item
\goto{Checking if your Tor Exit Node is
terrible:}[checking-if-your-tor-exit-node-is-terrible]
\item
\goto{The Real-Name System:}[the-real-name-system]
\item
\goto{About paid services:}[about-paid-services]
\item
\goto{Overview:}[overview]
\item
\goto{How to share files privately and/or chat
anonymously:}[how-to-share-files-privately-andor-chat-anonymously]
\item
\goto{How to share files publicly but
anonymously:}[how-to-share-files-publicly-but-anonymously]
\item
\goto{Redacting Documents/Pictures/Videos/Audio
safely:}[redacting-documentspicturesvideosaudio-safely]
\item
\goto{Communicating sensitive information to various known
organizations:}[communicating-sensitive-information-to-various-known-organizations]
\item
\goto{Maintenance tasks:}[maintenance-tasks]
\stopitemize
\stopitemize
\item
\goto{Backing up your work securely:}[backing-up-your-work-securely]
\startitemize[packed]
\item
\goto{Offline Backups:}[offline-backups]
\startitemize[packed]
\item
\goto{Selected Files Backups:}[selected-files-backups]
\item
\goto{Full Disk/System Backups:}[full-disksystem-backups]
\stopitemize
\item
\goto{Online Backups:}[online-backups]
\startitemize[packed]
\item
\goto{Files:}[files]
\item
\goto{Information:}[information]
\stopitemize
\item
\goto{Synchronizing your files between devices
Online:}[synchronizing-your-files-between-devices-online]
\stopitemize
\item
\goto{Covering your tracks:}[covering-your-tracks]
\startitemize[packed]
\item
\goto{Understanding HDD vs SSD:}[understanding-hdd-vs-ssd]
\startitemize[packed]
\item
\goto{Wear-Leveling.}[wear-leveling.]
\item
\goto{Trim Operations:}[trim-operations]
\item
\goto{Garbage Collection:}[garbage-collection]
\item
\goto{Conclusion:}[conclusion-4]
\stopitemize
\item
\goto{How to securely wipe your whole Laptop/Drives if you want to
erase
everything:}[how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything]
\startitemize[packed]
\item
\goto{Linux (all versions including Qubes
OS):}[linux-all-versions-including-qubes-os]
\item
\goto{Windows:}[windows-2]
\item
\goto{macOS:}[macos-2]
\stopitemize
\item
\goto{How to securely delete specific files/folders/data on your
HDD/SSD and Thumb
drives:}[how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives]
\startitemize[packed]
\item
\goto{Windows:}[windows-3]
\item
\goto{Linux (non-Qubes OS):}[linux-non-qubes-os]
\item
\goto{Linux (Qubes OS):}[linux-qubes-os]
\item
\goto{macOS:}[macos-3]
\stopitemize
\item
\goto{Some additional measures against
forensics:}[some-additional-measures-against-forensics]
\startitemize[packed]
\item
\goto{Removing Metadata from
Files/Documents/Pictures:}[removing-metadata-from-filesdocumentspictures]
\item
\goto{Tails:}[tails]
\item
\goto{Whonix:}[whonix-1]
\item
\goto{macOS:}[macos-4]
\item
\goto{Linux (Qubes OS):}[linux-qubes-os-1]
\item
\goto{Linux (non-Qubes):}[linux-non-qubes]
\item
\goto{Windows:}[windows-4]
\stopitemize
\item
\goto{Removing some traces of your identities on search engines and
various
platforms:}[removing-some-traces-of-your-identities-on-search-engines-and-various-platforms]
\startitemize[packed]
\item
\goto{Google:}[google-1]
\item
\goto{Bing:}[bing]
\item
\goto{DuckDuckGo:}[duckduckgo]
\item
\goto{Yandex:}[yandex]
\item
\goto{Qwant:}[qwant]
\item
\goto{Yahoo Search:}[yahoo-search]
\item
\goto{Baidu:}[baidu]
\item
\goto{Wikipedia:}[wikipedia]
\item
\goto{Archive.today:}[archive.today]
\item
\goto{Internet Archive:}[internet-archive]
\item
\goto{Others:}[others]
\stopitemize
\stopitemize
\item
\goto{Some low-tech old-school
tricks:}[some-low-tech-old-school-tricks]
\startitemize[packed]
\item
\goto{Hidden communications in plain
sight:}[hidden-communications-in-plain-sight]
\item
\goto{How to spot if someone has been searching your
stuff:}[how-to-spot-if-someone-has-been-searching-your-stuff]
\stopitemize
\item
\goto{Some last OPSEC thoughts:}[some-last-opsec-thoughts]
\item
\goto{{\bf If you think you got burned:}}[if-you-think-you-got-burned]
\startitemize[packed]
\item
\goto{If you have some time:}[if-you-have-some-time]
\item
\goto{If you have no time:}[if-you-have-no-time]
\stopitemize
\item
\goto{A small final editorial note:}[a-small-final-editorial-note]
\item
\goto{Donations:}[donations]
\item
\goto{Helping others staying
anonymous:}[helping-others-staying-anonymous]
\item
\goto{Acknowledgments:}[acknowledgments]
\item
\goto{Appendix A: Windows
Installation}[appendix-a-windows-installation]
\startitemize[packed]
\item
\goto{Installation:}[installation-5]
\item
\goto{Privacy Settings:}[privacy-settings]
\stopitemize
\item
\goto{Appendix B: Windows Additional Privacy
Settings}[appendix-b-windows-additional-privacy-settings]
\item
\goto{Appendix C: Windows Installation Media
Creation}[appendix-c-windows-installation-media-creation]
\item
\goto{Appendix D: Using System Rescue to securely wipe an SSD
drive.}[appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive.]
\item
\goto{Appendix E: Clonezilla}[appendix-e-clonezilla]
\item
\goto{Appendix F: Diskpart}[appendix-f-diskpart]
\item
\goto{Appendix G: Safe Browser on the Host
OS}[appendix-g-safe-browser-on-the-host-os]
\startitemize[packed]
\item
\goto{If you can use Tor:}[if-you-can-use-tor-2]
\item
\goto{If you cannot use Tor:}[if-you-cannot-use-tor-7]
\stopitemize
\item
\goto{Appendix H: Windows Cleaning
Tools}[appendix-h-windows-cleaning-tools]
\item
\goto{Appendix I: Using ShredOS to securely wipe an HDD
drive:}[appendix-i-using-shredos-to-securely-wipe-an-hdd-drive]
\startitemize[packed]
\item
\goto{Windows:}[windows-5]
\item
\goto{Linux:}[linux-2]
\stopitemize
\item
\goto{Appendix J: Manufacturer tools for Wiping HDD and SSD
drives:}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives]
\startitemize[packed]
\item
\goto{Tools that provide a boot disk for wiping from
boot:}[tools-that-provide-a-boot-disk-for-wiping-from-boot]
\item
\goto{Tools that provide only support from running OS (for external
drives).}[tools-that-provide-only-support-from-running-os-for-external-drives.]
\stopitemize
\item
\goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
\startitemize[packed]
\item
\goto{Windows:}[windows-6]
\startitemize[packed]
\item
\goto{Trim Support:}[trim-support]
\item
\goto{ATA/NVMe Operations (Secure
Erase/Sanitize):}[atanvme-operations-secure-erasesanitize]
\stopitemize
\item
\goto{Linux:}[linux-3]
\startitemize[packed]
\item
\goto{Trim Support:}[trim-support-1]
\item
\goto{ATA/NVMe Operations (Secure
Erase/Sanitize):}[atanvme-operations-secure-erasesanitize-1]
\stopitemize
\item
\goto{macOS:}[macos-5]
\startitemize[packed]
\item
\goto{Trim Support:}[trim-support-2]
\item
\goto{ATA/NVMe Operations (Secure
Erase/Sanitize):}[atanvme-operations-secure-erasesanitize-2]
\stopitemize
\stopitemize
\item
\goto{Appendix L: Creating a mat2-web guest VM for removing metadata
from
files}[appendix-l-creating-a-mat2-web-guest-vm-for-removing-metadata-from-files]
\item
\goto{Appendix M: BIOS/UEFI options to wipe disks in various
Brands}[appendix-m-biosuefi-options-to-wipe-disks-in-various-brands]
\item
\goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\item
\goto{Appendix O: Getting an anonymous
VPN/Proxy}[appendix-o-getting-an-anonymous-vpnproxy]
\startitemize[packed]
\item
\goto{Cash/Monero-Paid VPN:}[cashmonero-paid-vpn]
\item
\goto{Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users
more familiar with
Linux):}[self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux]
\startitemize[packed]
\item
\goto{VPN VPS:}[vpn-vps]
\item
\goto{Socks Proxy VPS:}[socks-proxy-vps]
\stopitemize
\stopitemize
\item
\goto{Appendix P: Accessing the internet as safely as possible when
Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\item
\goto{Appendix Q: Using long-range Antenna to connect to Public Wi-Fis
from a safe
distance:}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance]
\item
\goto{Appendix R: Installing a VPN on your VM or Host
OS}[appendix-r-installing-a-vpn-on-your-vm-or-host-os]
\item
\goto{Appendix S: Check your network for surveillance/censorship using
OONI}[appendix-s-check-your-network-for-surveillancecensorship-using-ooni]
\item
\goto{Appendix T: Checking files for
malware}[appendix-t-checking-files-for-malware]
\startitemize[packed]
\item
\goto{Integrity (if available):}[integrity-if-available]
\item
\goto{Authenticity (if available):}[authenticity-if-available]
\item
\goto{Security (checking for actual
malware):}[security-checking-for-actual-malware]
\startitemize[packed]
\item
\goto{Anti-Virus Software:}[anti-virus-software]
\item
\goto{Manual Reviews:}[manual-reviews-1]
\stopitemize
\stopitemize
\item
\goto{Appendix U: How to bypass (some) local restrictions on
supervised
computers}[appendix-u-how-to-bypass-some-local-restrictions-on-supervised-computers]
\startitemize[packed]
\item
\goto{Portable Apps:}[portable-apps]
\item
\goto{Bootable Live Systems:}[bootable-live-systems]
\item
\goto{Precautions:}[precautions]
\stopitemize
\item
\goto{Appendix V: What browser to use in your Guest VM/Disposable
VM}[appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm]
\startitemize[packed]
\item
\goto{Brave:}[brave]
\item
\goto{Ungoogled-Chromium:}[ungoogled-chromium]
\item
\goto{Edge:}[edge]
\item
\goto{Safari:}[safari]
\item
\goto{Firefox:}[firefox]
\item
\goto{Tor Browser:}[tor-browser]
\stopitemize
\item
\goto{Appendix V1: Hardening your
Browsers:}[appendix-v1-hardening-your-browsers]
\startitemize[packed]
\item
\goto{Brave:}[brave-1]
\item
\goto{Ungoogled-Chromium:}[ungoogled-chromium-1]
\item
\goto{Edge:}[edge-1]
\item
\goto{Safari:}[safari-1]
\item
\goto{Firefox:}[firefox-1]
\startitemize[packed]
\item
\goto{Normal settings:}[normal-settings]
\item
\goto{Advanced settings:}[advanced-settings]
\item
\goto{Addons to install/consider:}[addons-to-installconsider]
\item
\goto{Bonus resources:}[bonus-resources]
\stopitemize
\stopitemize
\item
\goto{Appendix W: Virtualization}[appendix-w-virtualization]
\startitemize[packed]
\item
\goto{Nested virtualization risks}[nested-virtualization-risks]
\stopitemize
\item
\goto{Appendix X: Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments]
\item
\goto{Appendix Y: Installing and using desktop Tor
Browser}[appendix-y-installing-and-using-desktop-tor-browser]
\startitemize[packed]
\item
\goto{Installation:}[installation-6]
\item
\goto{Usage and Precautions:}[usage-and-precautions]
\stopitemize
\item
\goto{Appendix Z: Online anonymous payments using
cryptocurrencies}[appendix-z-online-anonymous-payments-using-cryptocurrencies]
\startitemize[packed]
\item
\goto{Using Bitcoin anonymously
option:}[using-bitcoin-anonymously-option]
\item
\goto{Using Monero anonymously
option:}[using-monero-anonymously-option]
\item
\goto{Warning about special tumbling, mixing, coinjoining privacy
wallets and
services}[warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg]
\item
\goto{When converting from BTC to
Monero:}[when-converting-from-btc-to-monero]
\stopitemize
\item
\goto{Appendix A1: Recommended VPS hosting
providers}[appendix-a1-recommended-vps-hosting-providers]
\item
\goto{Appendix A2: Guidelines for passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases]
\item
\goto{Appendix A3: Search Engines}[appendix-a3-search-engines]
\item
\goto{Appendix A4: Counteracting Forensic
Linguistics}[appendix-a4-counteracting-forensic-linguistics]
\startitemize[packed]
\item
\goto{Introduction:}[introduction-1]
\item
\goto{What does an adversary look for when examining your
writing?}[what-does-an-adversary-look-for-when-examining-your-writing]
\item
\goto{Examples:}[examples]
\item
\goto{How to counteract the efforts of your
adversary:}[how-to-counteract-the-efforts-of-your-adversary]
\item
\goto{What different linguistic choices could say about
you:}[what-different-linguistic-choices-could-say-about-you]
\startitemize[packed]
\item
\goto{Emoticons:}[emoticons]
\item
\goto{Structural features:}[structural-features]
\item
\goto{Spelling slang and symbols:}[spelling-slang-and-symbols]
\stopitemize
\item
\goto{Techniques to prevent
writeprinting:}[techniques-to-prevent-writeprinting]
\startitemize[packed]
\item
\goto{Spelling and grammar
checking:}[spelling-and-grammar-checking]
\item
\goto{Translation technique:}[translation-technique]
\item
\goto{Search and replace:}[search-and-replace]
\item
\goto{Final advice:}[final-advice]
\stopitemize
\item
\goto{Bonus links:}[bonus-links]
\stopitemize
\item
\goto{Appendix A5: Additional browser precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled]
\item
\goto{Appendix A6: Mirrors}[appendix-a6-mirrors]
\item
\goto{Appendix A7: Comparing versions}[appendix-a7-comparing-versions]
\item
\goto{Appendix A8: Crypto Swapping Services without Registration and
KYC}[appendix-a8-crypto-swapping-services-without-registration-and-kyc]
\startitemize[packed]
\item
\goto{General Crypto Swapping:}[general-crypto-swapping]
\item
\goto{BTC to Monero only:}[btc-to-monero-only]
\stopitemize
\item
\goto{Appendix A9: Installing a Zcash
wallet:}[appendix-a9-installing-a-zcash-wallet]
\startitemize[packed]
\item
\goto{Debian 11 VM:}[debian-11-vm]
\item
\goto{Ubuntu 20.04/21.04/21.10 VM:}[ubuntu-20.0421.0421.10-vm]
\item
\goto{Windows 10/11 VM:}[windows-1011-vm]
\item
\goto{Whonix Workstation 16 VM:}[whonix-workstation-16-vm]
\stopitemize
\item
\goto{Appendix B1: Checklist of things to verify before sharing
information:}[appendix-b1-checklist-of-things-to-verify-before-sharing-information]
\item
\goto{Appendix B2: Monero Disclaimer}[appendix-b2-monero-disclaimer]
\item
\goto{Appendix B3: Threat modeling
resources}[appendix-b3-threat-modeling-resources]
\item
\goto{Appendix B4: Important notes about evil-maid and
tampering}[appendix-b4-important-notes-about-evil-maid-and-tampering]
\item
\goto{Appendix B5: Types of CPU
attacks:}[appendix-b5-types-of-cpu-attacks]
\item
\goto{Appendix B6: Warning for using Orbot on
Android}[appendix-b6-warning-for-using-orbot-on-android]
\item
\goto{Appendix B7: Caution about Session
messenger}[appendix-b7-caution-about-session-messenger]
\item
\goto{References:}[references]
\stopitemize
\section[title={Pre-requisites and
limitations:},reference={pre-requisites-and-limitations}]
\subsection[title={Pre-requisites:},reference={pre-requisites}]
\startitemize
\item
Understanding of the English language (in this case American English).
\item
Be a permanent resident in Germany where the courts have upheld the
legality of not using real names on online platforms (§13 VI of the
German Telemedia Act of 2007\footnote{English translation of German
Telemedia Act
\useURL[url37][https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf]\from[url37]
\useURL[url38][https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf][][{[}Archive.org{]}]\from[url38].
Section 13, Article 6, \quotation{The service provider must enable
the use of Telemedia and payment for them to occur anonymously or
via a pseudonym where this is technically possible and reasonable.
The recipient of the service is to be informed about this
possibility.}.}'\footnote{Wikipedia, Real-Name System Germany
\useURL[url39][https://en.wikipedia.org/wiki/Real-name_system\#Germany]\from[url39]
\useURL[url40][https://wikiless.org/wiki/Real-name_system][][{[}Wikiless{]}]\from[url40]
\useURL[url41][https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system][][{[}Archive.org{]}]\from[url41]}).
{\bf Alternatively, be a resident of any other country where you can
confirm and verify the legality of this guide yourself.}
\item
This guide will assume you already have access to some
(Windows/Linux/macOS) laptop computer - ideally not a work/shared
device - and a basic understanding of how computers work.
\item
Have patience, as this process could take several weeks to complete if
you want to go through all the content.
\item
Have some free time on your hands to dedicate to this process
(depending on which route you pick).
\item
Be prepared to read a lot of references (do read them), guides (do not
skip them), and tutorials thoroughly (do not skip them either).
\item
Don't be evil (for real this time)\footnote{Wikipedia, Don't be evil
\useURL[url42][https://en.wikipedia.org/wiki/Don\%27t_be_evil][][https://en.wikipedia.org/wiki/Don\letterpercent{}27t_be_evil]\from[url42]
\useURL[url43][https://wikiless.org/wiki/Don\%27t_be_evil][][{[}Wikiless{]}]\from[url43]
\useURL[url44][https://web.archive.org/web/https://en.wikipedia.org/wiki/Don\%27t_be_evil][][{[}Archive.org{]}]\from[url44]}.
\item
Understand that there is no common path that will be both quick and
easy.
\stopitemize
\subsection[title={Limitations:},reference={limitations}]
This guide is not intended for:
\startitemize
\item
Creating bot accounts of any kind.
\item
Creating impersonation accounts of existing people (such as identity
theft).
\item
Helping malicious actors conduct unethical, criminal, or illicit
activities (such as trolling, stalking, disinformation,
misinformation, harassment, bullying, or fraud).
\item
Use by minors.
\stopitemize
\section[title={Introduction:},reference={introduction}]
{\bf TLDR for the whole guide: \quotation{A strange game. The only
winning move is not to play}} \footnote{YouTube, WarGames -
\quotation{The Only Winning Move}
\useURL[url45][https://www.youtube.com/watch?v=6DGNZnfKYnU]\from[url45]
\useURL[url46][https://yewtu.be/watch?v=6DGNZnfKYnU][][{[}Invidious{]}]\from[url46]}{\bf .}
Making a social media account with a pseudonym or artist/brand name is
easy. And it is enough in most use cases to protect your identity as the
next George Orwell. There are plenty of people using pseudonyms all over
Facebook/Instagram/Twitter/LinkedIn/TikTok/Snapchat/Reddit/\ldots{} But
the vast majority of those are anything but anonymous and can easily be
traced to their real identity by your local police officers, random
people within the OSINT\footnote{Wikipedia, OSINT
\useURL[url47][https://en.wikipedia.org/wiki/Open-source_intelligence]\from[url47]
\useURL[url48][https://wikiless.org/wiki/Open-source_intelligence][][{[}Wikiless{]}]\from[url48]
\useURL[url49][https://web.archive.org/web/https://en.wikipedia.org/wiki/Open-source_intelligence][][{[}Archive.org{]}]\from[url49]}
(Open-Source Intelligence) community, and trolls\footnote{YouTube
Internet Historian Playlist, HWNDU
\useURL[url50][https://www.youtube.com/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY]\from[url50]
\useURL[url51][https://yewtu.be/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY][][{[}Invidious{]}]\from[url51]}
on 4chan\footnote{Wikipedia, 4chan
\useURL[url52][https://en.wikipedia.org/wiki/4chan]\from[url52]
\useURL[url53][https://wikiless.org/wiki/4chan][][{[}Wikiless{]}]\from[url53]
\useURL[url54][https://web.archive.org/web/https://en.wikipedia.org/wiki/4chan][][{[}Archive.org{]}]\from[url54]}.
This is a good thing as most criminals/trolls are not tech-savvy and
will usually be identified with ease. But this is also a terrible thing
as most political dissidents, human rights activists and whistleblowers
can also be tracked rather easily.
This guide aims to provide an introduction to various de-anonymization
techniques, tracking techniques, ID verification techniques, and
optional guidance to creating and maintaining {\bf reasonably and truly}
online anonymous identities including social media accounts safely. This
includes mainstream platforms and not only the privacy-friendly ones.
It is important to understand that the purpose of this guide is
anonymity and not just privacy but much of the guidance you will find
here will also help you improve your privacy and security even if you
are not interested in anonymity. There is an important overlap in
techniques and tools used for privacy, security, and anonymity but they
differ at some point:
\startitemize
\item
{\bf Privacy is about people knowing who you are but not knowing what
you are doing.}
\item
{\bf Anonymity is about people knowing what you are doing but not
knowing who you are} \footnote{PIA, See this good article on the
matter
\useURL[url55][https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/]\from[url55]
\useURL[url56][https://web.archive.org/web/https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/][][{[}Archive.org{]}]\from[url56]
(disclaimer: this is not an endorsement or recommendation for this
commercial service).}{\bf .}
\stopitemize
\placefigure{image01}{\externalfigure[./tex2pdf.-1a34188c73046814/6c1f5a9deb304a3afd443e665a7e61c8ae88ebb1.png]}
(Illustration from\footnote{Medium.com, Privacy, Blockchain and Onion
Routing
\useURL[url57][https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841]\from[url57]
\useURL[url58][https://scribe.rip/unitychain/privacy-blockchain-and-onion-routing-d5609c611841][][{[}Scribe.rip{]}]\from[url58]
\useURL[url59][https://web.archive.org/web/https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841][][{[}Archive.org{]}]\from[url59]})
Will this guide help you protect yourself from the NSA, the FSB, Mark
Zuckerberg, or the Mossad if they are out to find you? Probably not
\ldots{} Mossad will be doing \quotation{Mossad things} \footnote{This
World of Ours, James Mickens
\useURL[url60][https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf]\from[url60]
\useURL[url61][https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf][][{[}Archive.org{]}]\from[url61]}
and will probably find you no matter how hard you try to hide\footnote{XKCD,
Security \useURL[url62][https://xkcd.com/538/]\from[url62]
\useURL[url63][https://web.archive.org/web/https://xkcd.com/538/][][{[}Archive.org{]}]\from[url63]}.
You must consider your threat model\footnote{Wikipedia, Threat Model
\useURL[url64][https://en.wikipedia.org/wiki/Threat_model]\from[url64]
\useURL[url65][https://wikiless.org/wiki/Threat_model][][{[}Wikiless{]}]\from[url65]
\useURL[url66][https://web.archive.org/web/https://en.wikipedia.org/wiki/Threat_model][][{[}Archive.org{]}]\from[url66]}
before going further.
\placefigure{image02}{\externalfigure[./tex2pdf.-1a34188c73046814/f96c08d2009e512bde929817a9db4a77225c85d3.png]}
(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5)
Will this guide help you protect your privacy from OSINT researchers
like Bellingcat\footnote{Bellingcat
\useURL[url67][https://www.bellingcat.com/]\from[url67]
\useURL[url68][https://web.archive.org/web/https://www.bellingcat.com/][][{[}Archive.org{]}]\from[url68]},
Doxing\footnote{Wikipedia, Doxing
\useURL[url69][https://en.wikipedia.org/wiki/Doxing]\from[url69]
\useURL[url70][https://wikiless.org/wiki/Doxing][][{[}Wikiless{]}]\from[url70]
\useURL[url71][https://web.archive.org/web/https://en.wikipedia.org/wiki/Doxing][][{[}Archive.org{]}]\from[url71]}
trolls on 4chan\footnote{YouTube, Internet Historian, The Bikelock
Fugitive of Berkeley
\useURL[url72][https://www.youtube.com/watch?v=muoR8Td44UE]\from[url72]
\useURL[url73][https://yewtu.be/watch?v=muoR8Td44UE][][{[}Invidious{]}]\from[url73]},
and others that have no access to the NSA toolbox? More likely. Tho we
would not be so sure about 4chan.
Here is a basic simplified threat model for this guide:
\placefigure{image40}{\externalfigure[./tex2pdf.-1a34188c73046814/209a5add37a22e27eb7b941aaaffd5a9933f6d07.png]}
(Note that the \quotation{magical amulets/submarine/fake your own death}
jokes are quoted from the excellent article \quotation{This World of
Ours} by James Mickens, 2014.\footnote{This World of Ours, James Mickens
\useURL[url74][https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf]\from[url74]
\useURL[url75][https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf][][{[}Archive.org{]}]\from[url75]})
Disclaimer: Jokes aside (magical amulet\ldots{}). Of course, there are
also advanced ways to mitigate attacks against such advanced and skilled
adversaries but those are just out of the scope of this guide. It is
crucially important that you understand the limits of the threat model
of this guide. And therefore, this guide will not double in size to help
with those advanced mitigations as this is just too complex and will
require an exceedingly high knowledge and skill level that is not
expected from the targeted audience of this guide.
The EFF provides a few security scenarios of what you should consider
depending on your activity. While some of those tips might not be within
the scope of this guide (more about Privacy than Anonymity), they are
still worth reading as examples. See
\useURL[url76][https://ssd.eff.org/en/module-categories/security-scenarios]\from[url76]
\useURL[url77][https://web.archive.org/web/https://ssd.eff.org/en/module-categories/security-scenarios][][{[}Archive.org{]}]\from[url77].
If you want to go deeper into threat modeling, see \goto{Appendix B3:
Threat modeling resources}[appendix-b3-threat-modeling-resources].
You might think this guide has no legitimate use but there are
many\footnote{BBC News, Tor Mirror
\useURL[url78][https://www.bbc.com/news/technology-50150981]\from[url78]
\useURL[url79][https://web.archive.org/web/https://www.bbc.com/news/technology-50150981][][{[}Archive.org{]}]\from[url79]}\quote{\footnote{GitHub,
Real World Onion websites
\useURL[url80][https://github.com/alecmuffett/real-world-onion-sites]\from[url80]
\useURL[url81][https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites][][{[}Archive.org{]}]\from[url81]
(updated extremely often)}}\footnote{Tor Project, Who Uses Tor
\useURL[url82][https://2019.www.torproject.org/about/torusers.html.en]\from[url82]
\useURL[url83][https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en][][{[}Archive.org{]}]\from[url83]}\quote{\footnote{Whonix
Documentation, The importance of Anonymity
\useURL[url84][https://www.whonix.org/wiki/Anonymity]\from[url84]
\useURL[url85][https://web.archive.org/web/https://www.whonix.org/wiki/Anonymity][][{[}Archive.org{]}]\from[url85]}}\footnote{Geek
Feminism
\useURL[url86][https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_\%22Real_Names\%22_policy\%3F][][https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_\letterpercent{}22Real_Names\letterpercent{}22_policy\letterpercent{}3F]\from[url86]
\useURL[url87][https://web.archive.org/web/https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_\%22Real_Names\%22_policy\%3F][][{[}Archive.org{]}]\from[url87]}\quote{\footnote{Tor
Project, Tor Users
\useURL[url88][https://2019.www.torproject.org/about/torusers.html.en]\from[url88]
\useURL[url89][https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en][][{[}Archive.org{]}]\from[url89]}}\footnote{PrivacyHub,
Internet Privacy in the Age of Surveillance
\useURL[url90][https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/]\from[url90]
\useURL[url91][https://web.archive.org/web/https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/][][{[}Archive.org{]}]\from[url91]}
such as:
\startitemize
\item
Evading Online Censorship\footnote{PIA Blog, 50 Key Stats About
Freedom of the Internet Around the World
\useURL[url92][https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/]\from[url92]
\useURL[url93][https://web.archive.org/web/https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/][][{[}Archive.org{]}]\from[url93]}
\item
Evading Online Oppression
\item
Evading Online Stalking, Doxxing, and Harassment
\item
Evading Online Unlawful Government Surveillance
\item
Anonymous Online Whistle Blowing
\item
Anonymous Online Activism
\item
Anonymous Online Journalism
\item
Anonymous Online Legal Practice
\item
Anonymous Online Academic Activities (For instance accessing
scientific research where such resources are blocked). See note below.
\item
\ldots{}
\stopitemize
This guide is written with hope for those {\bf good-intended
individuals} who might not be knowledgeable enough to consider the big
picture of online anonymity and privacy.
{\bf Lastly, use it at your own risk. Anything in here is not legal
advice and you should verify compliance with your local law before use
(IANAL}\footnote{Wikipedia, IANAL
\useURL[url94][https://en.wikipedia.org/wiki/IANAL]\from[url94]
\useURL[url95][https://wikiless.org/wiki/IANAL][][{[}Wikiless{]}]\from[url95]
\useURL[url96][https://web.archive.org/web/https://en.wikipedia.org/wiki/IANAL][][{[}Archive.org{]}]\from[url96]}{\bf ).
\quotation{Trust but verify}}\footnote{Wikipedia, Trust but verify
\useURL[url97][https://en.wikipedia.org/wiki/Trust,_but_verify]\from[url97]
\useURL[url98][https://wikiless.org/wiki/Trust,_but_verify][][{[}Wikiless{]}]\from[url98]
\useURL[url99][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify][][{[}Archive.org{]}]\from[url99]}
{\bf all the information yourself (or even better, \quotation{Never
Trust, always verify}}\footnote{Wikipedia, Zero-trust Security Model
\useURL[url100][https://en.wikipedia.org/wiki/Zero_trust_security_model]\from[url100]
\useURL[url101][https://wikiless.org/wiki/Zero_trust_security_model][][{[}Wikiless{]}]\from[url101]
\useURL[url102][https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model][][{[}Archive.org{]}]\from[url102]}{\bf ).
We strongly encourage you to inform yourself and do not hesitate to
check any information in this guide with outside sources in case of
doubt. Please do report any mistake you spot to us as we welcome
criticism. Even harsh but sound criticism is welcome and will result in
having the necessary corrections made as quickly as possible.}
\section[title={Understanding some basics of how some information can
lead back to you and how to mitigate
some:},reference={understanding-some-basics-of-how-some-information-can-lead-back-to-you-and-how-to-mitigate-some}]
There are many ways you can be tracked besides browser cookies and ads,
your e-mail, and your phone number. And if you think only the Mossad or
the NSA/FSB can find you, you would be wrong.
First, you could also consider these more general resources on privacy
and security to learn more basics:
\startitemize
\item
The New Oil*: \useURL[url103][https://thenewoil.org/]\from[url103]
\useURL[url104][https://web.archive.org/web/https://thenewoil.org/][][{[}Archive.org{]}]\from[url104]
\item
Techlore videos*:
\useURL[url105][https://www.youtube.com/c/Techlore]\from[url105]
\useURL[url106][https://yewtu.be/c/Techlore][][{[}Invidious{]}]\from[url106]
\item
Privacy Guides:
\useURL[url107][https://privacyguides.org/]\from[url107]
\useURL[url108][https://web.archive.org/web/https://privacyguides.org/][][{[}Archive.org{]}]\from[url108]
\item
Privacy Tools*: \useURL[url109][https://privacytools.io]\from[url109]
\useURL[url110][https://web.archive.org/web/https://privacytools.io/][][{[}Archive.org{]}]\from[url110]
\stopitemize
{\em Note that these websites could contain affiliate/sponsored content
and/or merchandising. This guide does not endorse and is not sponsored
by any commercial entity in any way.}
If you skipped those, you should really still consider viewing this
YouTube playlist from the Techlore Go Incognito project
(\useURL[url111][https://github.com/techlore-official/go-incognito]\from[url111]
\useURL[url112][https://web.archive.org/web/https://github.com/techlore-official/go-incognito][][{[}Archive.org{]}]\from[url112])
as an introduction before going further:
\useURL[url113][https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO]\from[url113]
\useURL[url114][https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO][][{[}Invidious{]}]\from[url114].
This guide will cover many of the topics in the videos of this playlist
with more details and references as well as some added topics not
covered within that series. This will just take you 2 or 3 hours to
watch it all.
{\bf Now, here is a non-exhaustive list of some of the many ways you
could be tracked and de-anonymized:}
\subsection[title={Your Network:},reference={your-network}]
\subsubsection[title={Your IP address:},reference={your-ip-address}]
{\bf Disclaimer: this whole paragraph is about your public-facing
Internet IP and not your local network IP.}
Your IP address\footnote{Wikipedia, IP Address
\useURL[url115][https://en.wikipedia.org/wiki/IP_address]\from[url115]
\useURL[url116][https://wikiless.org/wiki/IP_address][][{[}Wikiless{]}]\from[url116]
\useURL[url117][https://web.archive.org/web/https://en.wikipedia.org/wiki/IP_address][][{[}Archive.org{]}]\from[url117]}
is the most known and obvious way you can be tracked. That IP is the IP
you are using at the source. This is where you connect to the internet.
That IP is usually provided by your ISP (Internet Service Provider)
(xDSL, Mobile, Cable, Fiber, Cafe, Bar, Friend, Neighbor). Most
countries have data retention regulations\footnote{Wikipedia; Data
Retention
\useURL[url118][https://en.wikipedia.org/wiki/Data_retention]\from[url118]
\useURL[url119][https://wikiless.org/wiki/Data_retention][][{[}Wikiless{]}]\from[url119]
\useURL[url120][https://web.archive.org/web/https://en.wikipedia.org/wiki/Data_retention][][{[}Archive.org{]}]\from[url120]}
that mandate keeping logs of who is using what IP at a certain time/date
for up to several years or indefinitely. Your ISP can tell a third party
that you were using a specific IP at a specific date and time, years
after the fact. If that IP (the original one) leaks at any point for any
reason, it can be used to track down you directly. In many countries,
you will not be able to have internet access without providing some form
of identification to the provider (address, ID, real name, e-mail
\ldots{}).
Needless to say, that most platforms (such as social networks) will also
keep (sometimes indefinitely) the IP addresses you used to sign-up and
sign into their services.
Here are some online resources you can use to find some information
about your current {\bf public IP} right now:
\startitemize
\item
Find your IP:
\startitemize
\item
\useURL[url121][https://resolve.rs/]\from[url121]
\item
\useURL[url122][https://www.dnsleaktest.com/]\from[url122] (Bonus,
check your IP for DNS leaks)
\stopitemize
\item
Find your IP location or the location of any IP:
\startitemize[packed]
\item
\useURL[url123][https://resolve.rs/ip/geolocation.html]\from[url123]
\stopitemize
\item
Find if an IP is \quotation{suspicious} (in blacklists) or has
downloaded \quotation{things} on some public resources:
\startitemize
\item
\useURL[url124][https://mxtoolbox.com/blacklists.aspx]\from[url124]
\item
\useURL[url125][https://www.virustotal.com/gui/home/search]\from[url125]
\item
\useURL[url126][https://iknowwhatyoudownload.com]\from[url126] (Take
this with a grain of salt, it might not show anything interesting
and has limited data sources. This is more for fun than anything
serious.)
\stopitemize
\item
Registration information of an IP (most likely your ISP or the ISP of
your connection who most likely know who is using that IP at any
time):
\startitemize[packed]
\item
\useURL[url127][https://whois.domaintools.com/]\from[url127]
\stopitemize
\item
Check for open-services or open devices on an IP (especially if there
are leaky Smart Devices on it):
\startitemize[packed]
\item
\useURL[url128][https://www.shodan.io/host/185.220.101.134]\from[url128]
(replace the IP by your IP or any other, or change in the search
box, this example IP is a Tor Exit node)
\stopitemize
\item
Various tools to check your IP such as block-lists checkers and more:
\startitemize
\item
\useURL[url129][https://browserleaks.com/ip]\from[url129]
\item
\useURL[url130][https://www.whatismyip.com]\from[url130]
\stopitemize
\item
Would you like to know if you are connected through Tor?
\startitemize[packed]
\item
\useURL[url131][https://check.torproject.org]\from[url131]
\stopitemize
\stopitemize
For those reasons, you will need to obfuscate and hide that origin IP
(the one tied to your identification) or hide it through a combination
of various means:
\startitemize
\item
Using a public Wi-Fi service (free).
\item
Using the Tor Anonymity Network\footnote{Wikipedia, Tor Anonymity
Network
\useURL[url132][https://en.wikipedia.org/wiki/Tor_(anonymity_network)]\from[url132]
\useURL[url133][https://wikiless.org/wiki/Tor_(anonymity_network)][][{[}Wikiless{]}]\from[url133]
\useURL[url134][https://web.archive.org/web/https://en.wikipedia.org/wiki/Tor_(anonymity_network)][][{[}Archive.org{]}]\from[url134]}
(free).
\item
Using VPN\footnote{Wikipedia, VPN
\useURL[url135][https://en.wikipedia.org/wiki/Virtual_private_network]\from[url135]
\useURL[url136][https://wikiless.org/wiki/Virtual_private_network][][{[}Wikiless{]}]\from[url136]
\useURL[url137][https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_private_network][][{[}Archive.org{]}]\from[url137]}
services anonymously (anonymously paid with cash or Monero).
\stopitemize
Do note that, unfortunately, these solutions are not perfect, and you
will experience performance issues\footnote{Ieee.org, Anonymity
Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency -
Choose Two
\useURL[url138][https://ieeexplore.ieee.org/document/8418599]\from[url138]
\useURL[url139][https://web.archive.org/web/https://ieeexplore.ieee.org/document/8418599][][{[}Archive.org{]}]\from[url139]}.
All those will be explained later in this guide.
\subsubsection[title={Your DNS and IP
requests:},reference={your-dns-and-ip-requests}]
DNS stands for \quotation{Domain Name System}\footnote{Wikipedia, DNS
\useURL[url140][https://en.wikipedia.org/wiki/Domain_Name_System]\from[url140]
\useURL[url141][https://wikiless.org/wiki/Domain_Name_System][][{[}Wikiless{]}]\from[url141]
\useURL[url142][https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_Name_System][][{[}Archive.org{]}]\from[url142]}
and is a service used by your browser (and other apps) to find the IP
addresses of a service. It is a huge \quotation{contact list} (phone
book for older people) that works like asking it a name and it returns
the number to call. Except it returns an IP instead.
Every time your browser wants to access a certain service such as Google
through www.google.com. Your Browser (Chrome or Firefox) will query a
DNS service to find the IP addresses of the Google web servers.
Here is a video explaining DNS visually if you are already lost:
\useURL[url143][https://www.youtube.com/watch?v=vrxwXXytEuI]\from[url143]
\useURL[url144][https://yewtu.be/watch?v=vrxwXXytEuI][][{[}Invidious{]}]\from[url144]
Usually, the DNS service is provided by your ISP and automatically
configured by the network you are connecting to. This DNS service could
also be subject to data retention regulations or will just keep logs for
other reasons (data collection for advertising purposes for instance).
Therefore, this ISP will be capable of telling everything you did online
just by looking at those logs which can, in turn, be provided to an
adversary. Conveniently this is also the easiest way for many
adversaries to apply censoring or parental control by using DNS
blocking\footnote{Wikipedia, DNS Blocking
\useURL[url145][https://en.wikipedia.org/wiki/DNS_blocking]\from[url145]
\useURL[url146][https://wikiless.org/wiki/DNS_blocking][][{[}Wikiless{]}]\from[url146]
\useURL[url147][https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_blocking][][{[}Archive.org{]}]\from[url147]}.
The provided DNS servers will give you a different address (than their
real one) for some websites (like redirecting thepiratebay.org to some
government website). Such blocking is widely applied worldwide for
certain sites\footnote{CensoredPlanet
\useURL[url148][https://censoredplanet.org/]\from[url148]
\useURL[url149][https://web.archive.org/web/https://censoredplanet.org/][][{[}Archive.org{]}]\from[url149]}.
Using a private DNS service or your own DNS service would mitigate these
issues, but the other problem is that most of those DNS requests are by
default still sent in clear text (unencrypted) over the network. Even if
you browse PornHub in an incognito Window, using HTTPS and using a
private DNS service, chances are exceedingly high that your browser will
send a clear text unencrypted DNS request to some DNS servers asking
basically \quotation{So what's the IP address of www.pornhub.com?}.
Because it is not encrypted, your ISP and/or any other adversary could
still intercept (using a Man-in-the-middle attack\footnote{Wikipedia,
MITM
\useURL[url150][https://en.wikipedia.org/wiki/Man-in-the-middle_attack]\from[url150]
\useURL[url151][https://wikiless.org/wiki/Man-in-the-middle_attack][][{[}Wikiless{]}]\from[url151]
\useURL[url152][https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack][][{[}Archive.org{]}]\from[url152]})
your request will know and possibly log what your IP was looking for.
The same ISP can also tamper with the DNS responses even if you are
using a private DNS. Rendering the use of a private DNS service useless.
As a bonus, many devices and apps will use hardcoded DNS servers
bypassing any system setting you could set. This is for example the case
with most (70\letterpercent{}) Smart TVs and a large part
(46\letterpercent{}) of Game Consoles\footnote{ArXiv, Characterizing
Smart Home IoT Traffic in the Wild
\useURL[url153][https://arxiv.org/pdf/2001.08288.pdf]\from[url153]
\useURL[url154][https://web.archive.org/web/https://arxiv.org/pdf/2001.08288.pdf][][{[}Archive.org{]}]\from[url154]}.
For these devices, you will have to force them\footnote{Labzilla.io,
Your Smart TV is probably ignoring your Pi-Hole
\useURL[url155][https://labzilla.io/blog/force-dns-pihole]\from[url155]
\useURL[url156][https://web.archive.org/web/https://labzilla.io/blog/force-dns-pihole][][{[}Archive.org{]}]\from[url156]}
to stop using their hardcoded DNS service which could make them stop
working properly.
A solution to this is to use encrypted DNS using DoH (DNS over
HTTPS\footnote{Wikipedia, DNS over HTTPS:
\useURL[url157][https://en.wikipedia.org/wiki/DNS_over_HTTPS]\from[url157]
\useURL[url158][https://wikiless.org/wiki/DNS_over_HTTPS][][{[}Wikiless{]}]\from[url158]
\useURL[url159][https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_HTTPS][][{[}Archive.org{]}]\from[url159]}),
DoT (DNS over TLS\footnote{Wikipedia, DNS over TLS,
\useURL[url160][https://en.wikipedia.org/wiki/DNS_over_TLS]\from[url160]
\useURL[url161][https://wikiless.org/wiki/DNS_over_TLS][][{[}Wikiless{]}]\from[url161]
\useURL[url162][https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_TLS][][{[}Archive.org{]}]\from[url162]})
with a private DNS server (this can be self-hosted locally with a
solution like pi-hole\footnote{Wikipedia, Pi-Hole
\useURL[url163][https://en.wikipedia.org/wiki/Pi-hole]\from[url163]
\useURL[url164][https://wikiless.org/wiki/Pi-hole][][{[}Wikiless{]}]\from[url164]
\useURL[url165][https://web.archive.org/web/https://en.wikipedia.org/wiki/Pi-hole][][{[}Archive.org{]}]\from[url165]},
remotely hosted with a solution like nextdns.io or using the solutions
provided by your VPN provider or the Tor network). This should prevent
your ISP or some go-between from snooping on your requests \ldots{}
except it might not.
Small in-between Disclaimer: {\bf This guide does not necessarily
endorse or recommend Cloudflare services even if it is mentioned several
times in this section for technical understanding.}
Unfortunately, the TLS protocol used in most HTTPS connections in most
Browsers (Chrome/Brave among them) will leak the Domain Name again
through SNI\footnote{Wikipedia, SNI
\useURL[url166][https://en.wikipedia.org/wiki/Server_Name_Indication]\from[url166]
\useURL[url167][https://wikiless.org/wiki/Server_Name_Indication][][{[}Wikiless{]}]\from[url167]
\useURL[url168][https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication][][{[}Archive.org{]}]\from[url168]}
handshakes (this can be checked here at Cloudflare:
\useURL[url169][https://www.cloudflare.com/ssl/encrypted-sni/]\from[url169]
\useURL[url170][https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/][][{[}Archive.org{]}]\from[url170]
). {\bf As of the writing of this guide, only Firefox-based browsers
supports ECH (Encrypted Client Hello}\footnote{Wikipedia, ECH
\useURL[url171][https://en.wikipedia.org/wiki/Server_Name_Indication\#Encrypted_Client_Hello]\from[url171]
\useURL[url172][https://wikiless.org/wiki/Server_Name_Indication][][{[}Wikiless{]}]\from[url172]
\useURL[url173][https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication][][{[}Archive.org{]}]\from[url173]}
{\bf previously known as eSNI}\footnote{Wikipedia, eSNI
\useURL[url174][https://en.wikipedia.org/wiki/Server_Name_Indication\#Encrypted_Client_Hello]\from[url174]
\useURL[url175][https://wikiless.org/wiki/Server_Name_Indication][][{[}Wikiless{]}]\from[url175]
\useURL[url176][https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication][][{[}Archive.org{]}]\from[url176]}{\bf )
on some websites which will encrypt everything end to end (in addition
to using a secure private DNS over TLS/HTTPS) and will allow you to hide
your DNS requests from a third party}\footnote{Usenix.org, On the
Importance of Encrypted-SNI (ESNI) to Censorship Circumvention
\useURL[url177][https://www.usenix.org/system/files/foci19-paper_chai_0.pdf]\from[url177]
\useURL[url178][https://web.archive.org/web/https://www.usenix.org/system/files/foci19-paper_chai_0.pdf][][{[}Archive.org{]}]\from[url178]}{\bf .}
And this option is not enabled by default either so you will have to
enable it yourself.
{[}{]}{[}50{]}
In addition to limited browser support, only web Services and
CDNs\footnote{Wikipedia, CDN
\useURL[url179][https://en.wikipedia.org/wiki/Content_delivery_network]\from[url179]
\useURL[url180][https://wikiless.org/wiki/Content_delivery_network][][{[}Wikiless{]}]\from[url180]
\useURL[url181][https://web.archive.org/web/https://en.wikipedia.org/wiki/Content_delivery_network][][{[}Archive.org{]}]\from[url181]}
behind Cloudflare CDN support ECH/eSNI at this stage\footnote{Cloudflare,
Good-bye ESNI, hello ECH!
\useURL[url182][https://blog.cloudflare.com/encrypted-client-hello/]\from[url182]
\useURL[url183][https://web.archive.org/web/https://blog.cloudflare.com/encrypted-client-hello/][][{[}Archive.org{]}]\from[url183]}.
This means that ECH and eSNI are not supported (as of the writing of
this guide) by most mainstream platforms such as:
\startitemize
\item
Amazon (including AWS, Twitch\ldots{})
\item
Microsoft (including Azure, OneDrive, Outlook, Office 365\ldots{})
\item
Google (including Gmail, Google Cloud\ldots{})
\item
Apple (including iCloud, iMessage\ldots{})
\item
Reddit
\item
YouTube
\item
Facebook
\item
Instagram
\item
Twitter
\item
GitHub
\item
\ldots{}
\stopitemize
Some countries like Russia\footnote{ZDNET, Russia wants to ban the use
of secure protocols such as TLS 1.3, DoH, DoT, ESNI
\useURL[url184][https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/]\from[url184]
\useURL[url185][https://web.archive.org/web/https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/][][{[}Archive.org{]}]\from[url185]}
and China\footnote{ZDNET, China is now blocking all encrypted HTTPS
traffic that uses TLS 1.3 and ESNI
\useURL[url186][https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/]\from[url186]
\useURL[url187][https://web.archive.org/web/https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/][][{[}Archive.org{]}]\from[url187]}
might (unverified despite the articles) block ECH/eSNI handshakes at the
network level to allow snooping and prevent bypassing censorship.
Meaning you will not be able to establish an HTTPS connection with a
service if you do not allow them to see what it was.
The issues do not end here. Part of the HTTPS TLS validation is called
OCSP\footnote{Wikipedia, OCSP
\useURL[url188][https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol]\from[url188]
\useURL[url189][https://wikiless.org/wiki/Online_Certificate_Status_Protocol][][{[}Wikiless{]}]\from[url189]
\useURL[url190][https://web.archive.org/web/https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol][][{[}Archive.org{]}]\from[url190]}
and this protocol used by Firefox-based browsers will leak metadata in
the form of the serial number of the certificate of the website you are
visiting. An adversary can then easily find which website you are
visiting by matching the certificate number\footnote{Madaidans
Insecurities, Why encrypted DNS is ineffective
\useURL[url191][https://madaidans-insecurities.github.io/encrypted-dns.html]\from[url191]
\useURL[url192][https://web.archive.org/web/https://madaidans-insecurities.github.io/encrypted-dns.html][][{[}Archive.org{]}]\from[url192]}.
This issue can be mitigated by using OCSP stapling\footnote{Wikipedia,
OCSP Stapling
\useURL[url193][https://en.wikipedia.org/wiki/OCSP_stapling]\from[url193]
\useURL[url194][https://wikiless.org/wiki/OCSP_stapling][][{[}Wikiless{]}]\from[url194]
\useURL[url195][https://web.archive.org/web/https://en.wikipedia.org/wiki/OCSP_stapling][][{[}Archive.org{]}]\from[url195]}.
Unfortunately, this is enabled but not enforced by default in
Firefox/Tor Browser. But the website you are visiting must also be
supporting it and not all do. Chromium-based browsers on the other hand
use a different system called CRLSets\footnote{Chromium Documentation,
CRLSets
\useURL[url196][https://dev.chromium.org/Home/chromium-security/crlsets]\from[url196]
\useURL[url197][https://web.archive.org/web/https://dev.chromium.org/Home/chromium-security/crlsets][][{[}Archive.org{]}]\from[url197]}'\footnote{ZDNet,
Chrome does certificate revocation better
\useURL[url198][https://www.zdnet.com/article/chrome-does-certificate-revocation-better/]\from[url198]
\useURL[url199][https://web.archive.org/web/https://www.zdnet.com/article/chrome-does-certificate-revocation-better/][][{[}Archive.org{]}]\from[url199]}
which is arguably better.
Here is a list of how various browsers behave with OCSP:
\useURL[url200][https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/]\from[url200]
\useURL[url201][https://web.archive.org/web/https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/][][{[}Archive.org{]}]\from[url201]
Here is an illustration of the issue you could encounter on
Firefox-based browsers:
{[}{]}{[}52{]}
Finally, even if you use a custom encrypted DNS server (DoH or DoT) with
ECH/eSNI support and OCSP stapling, it might still not be enough as
traffic analysis studies\footnote{KUL, Encrypted DNS=⇒Privacy? A Traffic
Analysis Perspective
\useURL[url202][https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf]\from[url202]
\useURL[url203][https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf][][{[}Archive.org{]}]\from[url203]}
have shown it is still possible to reliably fingerprint and block
unwanted requests. Only DNS over Tor was able to show efficient DNS
Privacy in recent studies but even that can still be defeated by other
means (see \goto{Your Anonymized Tor/VPN
traffic}[your-anonymized-torvpn-traffic]).
One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious
DNS over HTTPS\footnote{ResearchGate, Oblivious DNS: Practical Privacy
for DNS Queries
\useURL[url204][https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries]\from[url204]
\useURL[url205][https://web.archive.org/web/https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries][][{[}Archive.org{]}]\from[url205]})
to further increase privacy/anonymity but {\bf unfortunately}, as far as
we know, these methods are only provided by Cloudflare as of this
writing
(\useURL[url206][https://blog.cloudflare.com/welcome-hidden-resolver/]\from[url206]
\useURL[url207][https://web.archive.org/web/https://blog.cloudflare.com/welcome-hidden-resolver/][][{[}Archive.org{]}]\from[url207],
\useURL[url208][https://blog.cloudflare.com/oblivious-dns/]\from[url208]
\useURL[url209][https://web.archive.org/web/https://blog.cloudflare.com/oblivious-dns/][][{[}Archive.org{]}]\from[url209]).
These are workable and reasonably secure technical options but there is
also a moral choice if you want to use Cloudflare or not (despite the
risk posed by some researchers\footnote{Nymity.ch, The Effect of DNS on
Tor's Anonymity
\useURL[url210][https://nymity.ch/tor-dns/]\from[url210]
\useURL[url211][https://web.archive.org/web/https://nymity.ch/tor-dns/][][{[}Archive.org{]}]\from[url211]}).
{\bf Note that Oblivious DNS addresses an adversary that eavesdrops on
one of the connections listed here but not all. It does not address a
global passive adversary (GPA) who can eavesdrop on many or all of these
connections}: - traffic between the client resolver and the recursive
resolver - the recursive resolver and the ODNS resolver - the ODNS
resolver and an authoritative server.
Lastly, there is also this new possibility called DoHoT which stands for
DNS over HTTPS over Tor which could also further increase your
privacy/anonymity and which you could consider if you are more skilled
with Linux. See
\useURL[url212][https://github.com/alecmuffett/dohot]\from[url212]
\useURL[url213][https://web.archive.org/web/https://github.com/alecmuffett/dohot][][{[}Archive.org{]}]\from[url213].
This guide will not help you with this one at this stage, but it might
be coming soon.
Here is an illustration showing the current state of DNS and HTTPS
privacy based on our current knowledge.
{[}{]}{[}56{]}
As for your normal daily use (non-sensitive), remember that only
Firefox-based browsers support ECH (formerly eSNI) so far and that it is
only useful with websites hosted behind Cloudflare CDN at this stage. If
you prefer a Chrome-based version (which is understandable for some due
to some better-integrated features like on-the-fly Translation), then we
would recommend the use of Brave instead which supports all Chrome
extensions and offers much better privacy than Chrome.
But the story does not stop there right. Now because after all this,
even if you encrypt your DNS and use all possible mitigations. Simple IP
requests to any server will probably allow an adversary to still detect
which site you are visiting. And this is simply because the majority of
websites have unique IPs tied to them as explained here:
\useURL[url214][https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/]\from[url214]
\useURL[url215][https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/][][{[}Archive.org{]}]\from[url215].
This means that an adversary can create a dataset of known websites for
instance including their IPs and then match this dataset against the IP
you ask for. In most cases, this will result in a correct guess of the
website you are visiting. This means that despite OCSP stapling, despite
ECH/eSNI, despite using Encrypted DNS \ldots{} An adversary can still
guess the website you are visiting anyway.
Therefore, to mitigate all these issues (as much as possible and as best
as we can), this guide will later recommend two solutions: Using Tor and
a virtualized (See \goto{Appendix W:
Virtualization}[appendix-v1-hardening-your-browsers]) multi-layered
solution of VPN over Tor solution (DNS over VPN over Tor or DNS over
TOR). Other options will also be explained (Tor over VPN, VPN only, No
Tor/VPN) but are less recommended.
\subsubsection[title={Your RFID enabled
devices:},reference={your-rfid-enabled-devices}]
RFID stands for Radio-frequency identification\footnote{Wikipedia, RFID
\useURL[url216][https://en.wikipedia.org/wiki/Radio-frequency_identification]\from[url216]
\useURL[url217][https://wikiless.org/wiki/Radio-frequency_identification][][{[}Wikiless{]}]\from[url217]
\useURL[url218][https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification][][{[}Archive.org{]}]\from[url218]},
it is the technology used for instance for contactless payments and
various identification systems. Of course, your smartphone is among
those devices and has RFID contactless payment capabilities through
NFC\footnote{Wikipedia, NFC
\useURL[url219][https://en.wikipedia.org/wiki/Near-field_communication]\from[url219]
\useURL[url220][https://wikiless.org/wiki/Near-field_communication][][{[}Wikiless{]}]\from[url220]
\useURL[url221][https://web.archive.org/web/https://en.wikipedia.org/wiki/Near-field_communication][][{[}Archive.org{]}]\from[url221]}.
As with everything else, such capabilities can be used for tracking by
various actors.
But unfortunately, this is not limited to your smartphone, and you also
probably carry some amount of RFID enabled device with you all the time
such as:
\startitemize
\item
Your contactless-enabled credit/debit cards
\item
Your store loyalty cards
\item
Your transportation payment cards
\item
Your work-related access cards
\item
Your car keys
\item
Your national ID or driver license
\item
Your passport
\item
The price/anti-theft tags on object/clothing
\item
\ldots{}
\stopitemize
While all these cannot be used to de-anonymize you from a remote online
adversary, they can be used to narrow down a search if your approximate
location at a certain time is known. For instance, you cannot rule out
that some stores will effectively scan (and log) all RFID chips passing
through the door. They might be looking for their loyalty cards but are
also logging others along the way. Such RFID tags could be traced to
your identity and allow for de-anonymization.
More information over at Wikipedia:
\useURL[url222][https://en.wikipedia.org/wiki/Radio-frequency_identification\#Security_concerns]\from[url222]
\useURL[url223][https://wikiless.org/wiki/Radio-frequency_identification][][{[}Wikiless{]}]\from[url223]
\useURL[url224][https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification][][{[}Archive.org{]}]\from[url224]
and
\useURL[url225][https://en.wikipedia.org/wiki/Radio-frequency_identification\#Privacy]\from[url225]
\useURL[url226][https://wikiless.org/wiki/Radio-frequency_identification][][{[}Wikiless{]}]\from[url226]
\useURL[url227][https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification][][{[}Archive.org{]}]\from[url227]
The only way to mitigate this problem is to have no RFID tags on you or
to shield them again using a type of Faraday cage. You could also use
specialized wallets/pouches that specifically block RFID communications.
Many of those are now made by well-known brands such as
Samsonite\footnote{Samsonite Online Shop, RFID accessories
\useURL[url228][https://shop.samsonite.com/accessories/rfid-accessories/]\from[url228]
\useURL[url229][https://web.archive.org/web/https://shop.samsonite.com/accessories/rfid-accessories/][][{[}Archive.org{]}]\from[url229]}.
You should just not carry such RFID devices while conducting sensitive
activities.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsubsection[title={The Wi-Fi and Bluetooth devices around
you:},reference={the-wi-fi-and-bluetooth-devices-around-you}]
Geolocation is not only done by using mobile antennas triangulation. It
is also done using the Wi-Fi and Bluetooth devices around you. Operating
systems makers like Google (Android\footnote{Google Android Help,
Android Location Services
\useURL[url230][https://support.google.com/accounts/answer/3467281?hl=en]\from[url230]
\useURL[url231][https://web.archive.org/web/https://support.google.com/accounts/answer/3467281?hl=en][][{[}Archive.org{]}]\from[url231]})
and Apple (IOS\footnote{Apple Support, Location Services and Privacy
\useURL[url232][https://support.apple.com/en-us/HT207056]\from[url232]
\useURL[url233][https://web.archive.org/web/https://support.apple.com/en-us/HT207056][][{[}Archive.org{]}]\from[url233]})
maintain a convenient database of most Wi-Fi access points, Bluetooth
devices, and their location. When your Android smartphone or iPhone is
on (and not in Plane mode), it will scan actively (unless you
specifically disable this feature in the settings) Wi-Fi access points,
and Bluetooth devices around you and will be able to geolocate you with
more precision than when using a GPS.
This active and continuous probing can then be sent back to
Google/Apple/Microsoft as part of their Telemetry. The issue is that
this probing is unique and can be used to uniquely identify a user and
track such user. Shops, for example, can use this technique to
fingerprint customers including when they return, where they go in the
shop and how long they stay at a particular place. There are several
papers\footnote{2016 International Conference on Indoor Positioning and
Indoor Navigation, Wi-Fi probes as digital crumbs for crowd
localization
\useURL[url234][http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf]\from[url234]
\useURL[url235][https://web.archive.org/web/http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf][][{[}Archive.org{]}]\from[url235]}'\footnote{Southeast
University of Nanjing, Probe Request Based Device Identification
Attack and Defense
\useURL[url236][https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/]\from[url236]
\useURL[url237][https://web.archive.org/web/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/][][{[}Archive.org{]}]\from[url237]}
and articles\footnote{Medium.com, The Perils of Probe Requests
\useURL[url238][https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5]\from[url238]
\useURL[url239][https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5][][{[}Scribe.rip{]}]\from[url239]
\useURL[url240][https://web.archive.org/web/https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5][][{[}Archive.org{]}]\from[url240]}
describing this issue in depth.
This allows them to provide accurate locations even when GPS is off, but
it also allows them to keep a convenient record of all Wi-Fi Bluetooth
devices all over the world. Which can then be accessed by them or third
parties for tracking.
Note: If you have an Android smartphone, Google probably knows where it
is no matter what you do. You cannot really trust the settings. The
whole operating system is built by a company that wants your data.
Remember that if it is free then you are the product.
But that is not what all those Wi-Fi access points can do. Recently
developed techs could even allow someone to track your movements
accurately just based on radio interferences. What this means is that it
is possible to track your movement inside a room/building based on the
radio signals passing through. This might seem like a tinfoil hat
conspiracy theory claim but here are the references\footnote{State
University of New York, Towards 3D Human Pose Construction Using Wi-Fi
\useURL[url241][https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf]\from[url241]
\useURL[url242][https://web.archive.org/web/https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf][][{[}Archive.org{]}]\from[url242]}
with demonstrations showing this tech in action:
\useURL[url243][http://rfpose.csail.mit.edu/]\from[url243]
\useURL[url244][https://web.archive.org/web/http://rfpose.csail.mit.edu/][][{[}Archive.org{]}]\from[url244]
and the video here:
\useURL[url245][https://www.youtube.com/watch?v=HgDdaMy8KNE]\from[url245]
\useURL[url246][https://yewtu.be/watch?v=HgDdaMy8KNE][][{[}Invidious{]}]\from[url246]
Other researchers have found a way to count the people in a defined
space using only Wi-Fi, see
\useURL[url247][https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you]\from[url247]
\useURL[url248][https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you][][{[}Archive.org{]}]\from[url248]
You could therefore imagine many use cases for such technologies like
recording who enters specific buildings/offices (hotels, hospitals, or
embassies for instance) and then discover who meets who and thereby
tracking them from outside. Even if they have no smartphone on them.
{[}{]}{[}63{]}
Again, such an issue could only be mitigated by being in a room/building
that would act as a Faraday cage.
Here is another video of the same kind of tech in action:
\useURL[url249][https://www.youtube.com/watch?v=FDZ39h-kCS8]\from[url249]
\useURL[url250][https://yewtu.be/watch?v=FDZ39h-kCS8][][{[}Invidious{]}]\from[url250]
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
There is not much you can do about these. Besides being non-identifiable
in the first place.
\subsubsection[title={Malicious/Rogue Wi-Fi Access
Points:},reference={maliciousrogue-wi-fi-access-points}]
These have been used at least since 2008 using an attack called
\quotation{Jasager}\footnote{Digi.Ninja, Jasager
\useURL[url251][https://digi.ninja/jasager/]\from[url251]
\useURL[url252][https://web.archive.org/web/https://digi.ninja/jasager/][][{[}Archive.org{]}]\from[url252]}
and can be done by anyone using self-built tools or using commercially
available devices such as Wi-Fi Pineapple\footnote{Hak5 Shop, Wi-Fi
Pineapple
\useURL[url253][https://shop.hak5.org/products/wifi-pineapple]\from[url253]
\useURL[url254][https://web.archive.org/web/https://shop.hak5.org/products/wifi-pineapple][][{[}Archive.org{]}]\from[url254]}.
Here are some videos explaining more about the topic:
\startitemize
\item
HOPE 2020,
\useURL[url255][https://archive.org/details/hopeconf2020/20200725_1800_Advanced_Wi-Fi_Hacking_With_\%245_Microcontrollers.mp4][][https://archive.org/details/hopeconf2020/20200725_1800_Advanced_Wi-Fi_Hacking_With_\letterpercent{}245_Microcontrollers.mp4]\from[url255]
\item
YouTube, Hak5, Wi-Fi Pineapple Mark VII
\useURL[url256][https://www.youtube.com/watch?v=7v3JR4Wlw4Q]\from[url256]
\useURL[url257][https://yewtu.be/watch?v=7v3JR4Wlw4Q][][{[}Invidious{]}]\from[url257]
\stopitemize
These devices can fit in a small bag and can take over the Wi-Fi
environment of any place within their range. For instance, a
Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients
to disconnect from their current Wi-Fi (using de-authentication,
disassociation attacks\footnote{Wikipedia, Deautentication Attack
\useURL[url258][https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack]\from[url258]
\useURL[url259][https://wikiless.org/wiki/Wi-Fi_deauthentication_attack][][{[}Wikiless{]}]\from[url259]
\useURL[url260][https://web.archive.org/web/https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack][][{[}Archive.org{]}]\from[url260]})
while spoofing the normal Wi-Fi networks at the same location. They will
continue to perform this attack until your computer, or you decide to
try to connect to the rogue AP.
These devices can then mimic a captive portal\footnote{Wikipedia,
Capture Portal
\useURL[url261][https://en.wikipedia.org/wiki/Captive_portal]\from[url261]
\useURL[url262][https://wikiless.org/wiki/Captive_portal][][{[}Wikiless{]}]\from[url262]
\useURL[url263][https://web.archive.org/web/https://en.wikipedia.org/wiki/Captive_portal][][{[}Archive.org{]}]\from[url263]}
with the exact same layout as the Wi-Fi you are trying to access (for
instance an Airport Wi-Fi registration portal). Or they could just give
you unrestricted access internet that they will themselves get from the
same place.
Once you are connected through the Rogue AP, this AP will be able to
execute various man-in-the-middle attacks to perform analysis on your
traffic. These could be malicious redirections or simple traffic
sniffing. These can then easily identify any client that would for
instance try to connect to a VPN server or the Tor Network.
This can be useful when you know someone you want to de-anonymize is in
a crowded place, but you do not know who. This would allow such an
adversary to possibly fingerprint any website you visit despite the use
of HTTPS, DoT, DoH, ODoH, VPN, or Tor using traffic analysis as pointed
above in the DNS section.
These can also be used to carefully craft and serve you advanced
phishing webpages that would harvest your credentials or try to make you
install a malicious certificate allowing them to see your encrypted
traffic.
How to mitigate those? If you do connect to a public wi-fi access point,
use Tor, or use a VPN and then Tor (Tor over VPN) or even (VPN over Tor)
to obfuscate your traffic from the rogue AP while still using it.
\subsubsection[title={Your Anonymized Tor/VPN
traffic:},reference={your-anonymized-torvpn-traffic}]
Tor and VPNs are not silver bullets. Many advanced techniques have been
developed and studied to de-anonymize encrypted Tor traffic over the
years\footnote{HackerFactor Blog, Deanonymizing Tor Circuits
\useURL[url264][https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html]\from[url264]
\useURL[url265][https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html][][{[}Archive.org{]}]\from[url265]}.
Most of those techniques are Correlation attacks that will correlate
your network traffic in one way or another to logs or datasets. Here are
some examples:
\startitemize[packed]
\item
{\bf Correlation Fingerprinting Attack:} As illustrated (simplified)
below, this attack will fingerprint your encrypted Tor traffic (like
the websites you visited) based on the analysis of your encrypted
traffic without decrypting it. Some of those methods can do so with a
96\letterpercent{} success rate {\bf in a closed-world setting}.
{\bf The efficacy of those methods in a real open-world setting}
{\bf has not been demonstrated yet and would probably require
tremendous resources computing power making it very unlikely that such
techniques would be used by a local adversary in the near future.}
Such techniques could however hypothetically be used by an advanced
and probably global adversary with access to your source network to
determine some of your activity. Examples of those attacks are
described in several research papers\footnote{KU Leuven, Website
Fingerprinting through Deep Learning
\useURL[url266][https://distrinet.cs.kuleuven.be/software/tor-wf-dl/]\from[url266]
\useURL[url267][https://web.archive.org/web/https://distrinet.cs.kuleuven.be/software/tor-wf-dl/][][{[}Archive.org{]}]\from[url267]}\quote{\footnote{KU
Leuven, Deep Fingerprinting: Undermining Website Fingerprinting
Defenses with Deep Learning
\useURL[url268][https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf]\from[url268]
\useURL[url269][https://web.archive.org/web/https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf][][{[}Archive.org{]}]\from[url269]}}\footnote{Internet
Society, Website Fingerprinting at Internet Scale
\useURL[url270][https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf]\from[url270]
\useURL[url271][https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf][][{[}Archive.org{]}]\from[url271]}
as well as their limitations\footnote{KU Leuven, A Critical Evaluation
of Website Fingerprinting Attacks
\useURL[url272][https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf]\from[url272]
\useURL[url273][https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf][][{[}Archive.org{]}]\from[url273]}.
The Tor Project itself published an article about these attacks with
some mitigations:
\useURL[url274][https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations]\from[url274]
\useURL[url275][https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations][][{[}Archive.org{]}]\from[url275].
\stopitemize
{[}{]}{[}67{]}
\startitemize[packed]
\item
{\bf Correlation Timing Attacks:} As illustrated (simplified) below,
an adversary that has access to network connection logs (IP or DNS for
instance, remember that most VPN servers and most Tor nodes are known
and publicly listed) at the source and the destination could correlate
the timings to de-anonymize you without requiring any access to the
Tor or VPN network in between. A real use case of this technique was
done by the FBI in 2013 to de-anonymize\footnote{DailyDot, How Tor
helped catch the Harvard bomb threat suspect
\useURL[url276][https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/]\from[url276]
\useURL[url277][https://web.archive.org/web/https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/][][{[}Archive.org{]}]\from[url277]}
a bomb threat hoax at Harvard University.
\stopitemize
{[}{]}{[}68{]}
\startitemize[packed]
\item
{\bf Correlation Counting Attacks:} As illustrated (simplified) below,
an adversary that has no access to detailed connection logs (cannot
see that you used Tor or Netflix) but has access to data counting logs
could see that you have downloaded 600MB on a specific time/date that
matches the 600MB upload at the destination. This correlation can then
be used to de-anonymize you over time.
\stopitemize
{[}{]}{[}69{]}
There are ways to mitigate these such as:
\startitemize
\item
Do not use Tor/VPNs to access services that are on the same network
(ISP) as the destination service. For example, do not connect to Tor
from your University Network to access a University Service
anonymously. Instead, use a different source point (such as a public
Wi-Fi) that cannot be correlated easily by an adversary.
\item
Do not use Tor/VPN from an obviously heavily monitored network (such
as a corporate/governmental network) but instead try to find an
unmonitored network such as a public Wi-Fi or a residential Wi-Fi.
\item
Consider the use of multiple layers (such as what will be recommended
in this guide later: VPN over Tor) so that an adversary might be able
to see that someone connected to the service through Tor but will not
be able to see that it was you because you were connected to a VPN and
not the Tor Network.
\stopitemize
Be aware again that this might not be enough against a motivated global
adversary\footnote{ArsTechnica, How the NSA can break trillions of
encrypted Web and VPN connections
\useURL[url278][https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/]\from[url278]
\useURL[url279][https://web.archive.org/web/https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/][][{[}Archive.org{]}]\from[url279]}
with wide access to global mass surveillance. Such an adversary might
have access to logs no matter where you are and could use those to
de-anonymize you. Usually, these attacks are part of what is called a
Sybil Attack\footnote{Wikipedia, Sybil Attack
\useURL[url280][https://en.wikipedia.org/wiki/Sybil_attack]\from[url280]
\useURL[url281][https://wikiless.org/wiki/Sybil_attack][][{[}Wikiless{]}]\from[url281]
\useURL[url282][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sybil_attack][][{[}Archive.org{]}]\from[url282]}.
{\bf These adversaries are out of the scope of this guide.}
Be also aware that all the other methods described in this guide such as
Behavioral analysis can also be used to deanonymize Tor users indirectly
(see further \goto{Your Digital Fingerprint, Footprint, and Online
Behavior}[your-digital-fingerprint-footprint-and-online-behavior]).
I also strongly recommend reading this very good, complete, and thorough
(and more detailed) guide on most known Attack Vectors on Tor:
\useURL[url283][https://github.com/Attacks-on-Tor/Attacks-on-Tor]\from[url283]
\useURL[url284][https://web.archive.org/web/https://github.com/Attacks-on-Tor/Attacks-on-Tor][][{[}Archive.org{]}]\from[url284]
as well as this recent research publication
\useURL[url285][https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research]\from[url285]
\useURL[url286][https://web.archive.org/web/https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research][][{[}Archive.org{]}]\from[url286]
As well as this great series of blog posts:
\useURL[url287][https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html]\from[url287]
\useURL[url288][https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html][][{[}Archive.org{]}]\from[url288]
Recently, one of these attacks was attempted on the Tor Network with
more information here:
\useURL[url289][https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/]\from[url289]
\useURL[url290][https://web.archive.org/web/https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/][][{[}Archive.org{]}]\from[url290]
Lastly, do remember that using Tor can already be considered suspicious
activity\footnote{ArsTechnica, Does Tor provide more benefit or harm?
New paper says it depends
\useURL[url291][https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/]\from[url291]
\useURL[url292][https://web.archive.org/web/https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/][][{[}Archive.org{]}]\from[url292]},
and its use could be considered malicious by some\footnote{ResearchGate,
The potential harms of the Tor anonymity network cluster
disproportionately in free countries
\useURL[url293][https://www.pnas.org/content/early/2020/11/24/2011893117]\from[url293]
\useURL[url294][https://web.archive.org/web/https://www.pnas.org/content/early/2020/11/24/2011893117][][{[}Archive.org{]}]\from[url294]}.
This guide will later propose some mitigations to such attacks by
changing your origin from the start (using public wi-fi's for instance).
Remember that such attacks are usually carried by highly skilled, highly
resourceful, and motivated adversaries and are out of scope from this
guide. It is also recommended that you learn about practical correlation
attacks, as performed by intelligence agencies:
\useURL[url295][https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo]\from[url295]
\useURL[url296][https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo][][{[}Archive.org{]}]\from[url296]
{\bf Disclaimer: it should also be noted that Tor is not designed to
protect against a global adversary. For more information see
\useURL[url297][https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf]\from[url297]
\useURL[url298][https://web.archive.org/web/https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf][][{[}Archive.org{]}]\from[url298]
and specifically, \quotation{Part 3. Design goals and assumptions.}.}
\subsubsection[title={Some Devices can be tracked even when
offline:},reference={some-devices-can-be-tracked-even-when-offline}]
You have seen this in action/spy/Sci-Fi movies and shows, the
protagonists always remove the battery of their phones to make sure it
cannot be used. Most people would think that's overkill. Well,
unfortunately, no, this is now becoming true at least for some devices:
\startitemize
\item
iPhones and iPads (IOS 13 and above)\footnote{CryptoEngineering, How
does Apple (privately) find your offline devices?
\useURL[url299][https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/]\from[url299]
\useURL[url300][https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/][][{[}Archive.org{]}]\from[url300]}'\footnote{Apple
Support
\useURL[url301][https://support.apple.com/en-us/HT210515]\from[url301]
\useURL[url302][https://web.archive.org/web/https://support.apple.com/en-us/HT210515][][{[}Archive.org{]}]\from[url302]}
\item
Samsung Phones (Android 10 and above)\footnote{XDA, Samsung's Find My
Mobile app can locate Galaxy devices even when they're offline
\useURL[url303][https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/]\from[url303]
\useURL[url304][https://web.archive.org/web/https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/][][{[}Archive.org{]}]\from[url304]}
\item
MacBooks (macOS 10.15 and above)\footnote{Apple Support, If your Mac
is lost or stolen
\useURL[url305][https://support.apple.com/en-us/HT204756]\from[url305]
\useURL[url306][https://web.archive.org/web/https://support.apple.com/en-us/HT204756][][{[}Archive.org{]}]\from[url306]}
\stopitemize
Such devices will continue to broadcast identity information to nearby
devices even when offline using Bluetooth Low-Energy\footnote{Wikipedia,
BLE
\useURL[url307][https://en.wikipedia.org/wiki/Bluetooth_Low_Energy]\from[url307]
\useURL[url308][https://wikiless.org/wiki/Bluetooth_Low_Energy][][{[}Wikiless{]}]\from[url308]
\useURL[url309][https://web.archive.org/web/https://en.wikipedia.org/wiki/Bluetooth_Low_Energy][][{[}Archive.org{]}]\from[url309]}.
They do not have access to the devices directly (which are not connected
to the internet) but instead use BLE to find them through other nearby
devices\footnote{Cryptography Engineering Blog, How does Apple
(privately) find your offline devices?
\useURL[url310][https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/]\from[url310]
\useURL[url311][https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/][][{[}Archive.org{]}]\from[url311]}.
They are using peer-to-peer short-range Bluetooth communication to
broadcast their status through nearby online devices.
They could now find such devices and keep the location in some database
that could then be used by third parties or themselves for various
purposes (including analytics, advertising, or evidence/intelligence
gathering).
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
TLDR: Do not take such devices with you when conducting sensitive
activities.
\subsection[title={Your Hardware
Identifiers:},reference={your-hardware-identifiers}]
\subsubsection[title={Your IMEI and IMSI (and by extension, your phone
number):},reference={your-imei-and-imsi-and-by-extension-your-phone-number}]
The IMEI (International Mobile Equipment Identity\footnote{Wikipedia,
IMEI
\useURL[url312][https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity]\from[url312]
\useURL[url313][https://wikiless.org/wiki/International_Mobile_Equipment_Identity][][{[}Wikiless{]}]\from[url313]
\useURL[url314][https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity][][{[}Archive.org{]}]\from[url314]})
and the IMSI (International Mobile Subscriber Identity\footnote{Wikipedia,
IMSI
\useURL[url315][https://en.wikipedia.org/wiki/International_mobile_subscriber_identity]\from[url315]
\useURL[url316][https://wikiless.org/wiki/International_mobile_subscriber_identity][][{[}Wikiless{]}]\from[url316]
\useURL[url317][https://web.archive.org/web/https://en.wikipedia.org/wiki/International_mobile_subscriber_identity][][{[}Archive.org{]}]\from[url317]})
are unique numbers created by cell phone manufacturers and cell phone
operators.
The IMEI is tied directly to the phone you are using. This number is
known and tracked by the cell phone operators and known by the
manufacturers. Every time your phone connects to the mobile network, it
will register the IMEI on the network along with the IMSI (if a SIM card
is inserted but that is not even needed). It is also used by many
applications (Banking apps abusing the phone permission on Android for
instance\footnote{Android Documentation, Device Identifiers
\useURL[url318][https://source.android.com/devices/tech/config/device-identifiers]\from[url318]
\useURL[url319][https://web.archive.org/web/https://source.android.com/devices/tech/config/device-identifiers][][{[}Archive.org{]}]\from[url319]})
and smartphone Operating Systems (Android/IOS) for identification of the
device\footnote{Google Privacy Policy, Look for IMEI
\useURL[url320][https://policies.google.com/privacy/embedded?hl=en-US]\from[url320]
\useURL[url321][https://web.archive.org/web/https://policies.google.com/privacy/embedded?hl=en-US][][{[}Archive.org{]}]\from[url321]}.
It is possible but difficult (and not illegal in many
jurisdictions\footnote{Wikipedia, IMEI and the Law
\useURL[url322][https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity\#IMEI_and_the_law]\from[url322]
\useURL[url323][https://wikiless.org/wiki/International_Mobile_Equipment_Identity][][{[}Wikiless{]}]\from[url323]
\useURL[url324][https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity][][{[}Archive.org{]}]\from[url324]})
to change the IMEI on a phone but it is probably easier and cheaper to
just find and buy some old (working) Burner phone for a few Euros (this
guide is for Germany remember) at a flea market or some random small
shop.
The IMSI is tied directly to the mobile subscription or pre-paid plan
you are using and is tied to your phone number by your mobile provider.
The IMSI is hardcoded directly on the SIM card and cannot be changed.
Remember that every time your phone connects to the mobile network, it
will also register the IMSI on the network along with the IMEI. Like the
IMEI, the IMSI is also being used by some applications and smartphone
Operating systems for identification and is being tracked. Some
countries in the EU for instance maintain a database of IMEI/IMSI
associations for easy querying by Law Enforcement.
Today, giving away your (real) phone number is the same or better than
giving away your Social Security number/Passport ID/National ID.
The IMEI and IMSI can be traced back to you in at least six ways:
\startitemize
\item
The mobile operator subscriber logs will usually store the IMEI along
with the IMSI and their subscriber information database. If you use a
prepaid anonymous SIM (anonymous IMSI but with a known IMEI), they
could see this cell belongs to you if you used that cell phone before
with a different SIM card (different anonymous IMSI but same known
IMEI).
\item
The mobile operator antenna logs will conveniently keep a log of which
IMEI. IMSI also keep some connection data. They know and log for
instance that a phone with this IMEI/IMSI combination connected to a
set of mobile antennas and how powerful the signal to each of those
antennas were, allowing easy triangulation/geolocation of the signal.
They also know which other phones (your real one for instance)
connected at the same time to the same antennas with the same signal.
This makes it possible to know precisely that this \quotation{burner
phone} was always connected at the same place/time than this other
\quotation{known phone} which shows up every time the burner phone is
being used. This information can/is used by various third parties to
geolocate/track you quite precisely\footnote{Bellingcat, The GRU
Globetrotters: Mission London
\useURL[url325][https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/]\from[url325]
\useURL[url326][https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/][][{[}Archive.org{]}]\from[url326]}'\footnote{Bellingcat,\quotation{V}
For \quotation{Vympel}: FSB's Secretive Department \quotation{V}
Behind Assassination Of Georgian Asylum Seeker In Germany
\useURL[url327][https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/]\from[url327]
\useURL[url328][https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/][][{[}Archive.org{]}]\from[url328]}.
\item
The manufacturer of the Phone can trace back the sale of the phone
using the IMEI if that phone was bought in a non-anonymous way.
Indeed, they will have logs of each phone sale (including serial
number and IMEI), to which shop/person to whom it was sold. And if you
are using a phone that you bought online (or from someone that knows
you). It can be traced to you using that information. Even if they do
not find you on CCTV\footnote{Wikipedia, CCTV
\useURL[url329][https://en.wikipedia.org/wiki/Closed-circuit_television]\from[url329]
\useURL[url330][https://wikiless.org/wiki/Closed-circuit_television][][{[}Wikiless{]}]\from[url330]
\useURL[url331][https://web.archive.org/web/https://en.wikipedia.org/wiki/Closed-circuit_television][][{[}Archive.org{]}]\from[url331]}
and you bought the phone using cash, they can still find what other
phone (your real one in your pocket) was there (in that shop) at that
time/date by using the antenna logs.
\item
The IMSI alone can be used to find you as well because most countries
now require customers to provide an ID when buying a SIM card
(subscription or pre-paid). The IMSI is then tied to the identity of
the buyer of the card. In the countries where the SIM can still be
bought with cash (like the UK), they still know where (which shop) it
was bought and when. This information can then be used to retrieve
information from the shop itself (such as CCTV footage as for the IMEI
case). Or again the antenna logs can also be used to figure out which
other phone was there at the moment of the sale.
\item
The smartphone OS makers (Google/Apple for Android/IOs) also keep logs
of IMEI/IMSI identifications tied to Google/Apple accounts and which
user has been using them. They too can trace back the history of the
phone and to which accounts it was tied in the past\footnote{Apple,
Transparency Report, Device Requests
\useURL[url332][https://www.apple.com/legal/transparency/device-requests.html]\from[url332]
\useURL[url333][https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html][][{[}Archive.org{]}]\from[url333]}.
\item
Government agencies around the world interested in your phone number
can and do use\footnote{The Intercept, How Cops Can Secretly Track
Your Phone
\useURL[url334][https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/]\from[url334]
\useURL[url335][http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/][][{[}Tor
Mirror{]}]\from[url335]
\useURL[url336][https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/][][{[}Archive.org{]}]\from[url336]}
special devices called \quotation{IMSI catchers}\footnote{Wikipedia,
IMSI Catcher
\useURL[url337][https://en.wikipedia.org/wiki/IMSI-catcher]\from[url337]
\useURL[url338][https://wikiless.org/wiki/IMSI-catcher][][{[}Wikiless{]}]\from[url338]
\useURL[url339][https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher][][{[}Archive.org{]}]\from[url339]}
like the Stingray\footnote{Wikipedia, Stingray
\useURL[url340][https://en.wikipedia.org/wiki/Stingray_phone_tracker]\from[url340]
\useURL[url341][https://wikiless.org/wiki/Stingray_phone_tracker][][{[}Wikiless{]}]\from[url341]
\useURL[url342][https://web.archive.org/web/https://en.wikipedia.org/wiki/Stingray_phone_tracker][][{[}Archive.org{]}]\from[url342]}
or more recently the Nyxcell\footnote{Gizmodo, Cops Turn to Canadian
Phone-Tracking Firm After Infamous \quote{Stingrays} Become
\quote{Obsolete}
\useURL[url343][https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778]\from[url343]
\useURL[url344][https://web.archive.org/web/https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778][][{[}Archive.org{]}]\from[url344]}.
These devices can impersonate (to spoof) a cell phone Antenna and
force a specific IMSI (your phone) to connect to it to access the cell
network. Once they do, they will be able to use various MITM\footnote{Wikipedia,
MITM
\useURL[url345][https://en.wikipedia.org/wiki/Man-in-the-middle_attack]\from[url345]
\useURL[url346][https://wikiless.org/wiki/Man-in-the-middle_attack][][{[}Wikiless{]}]\from[url346]
\useURL[url347][https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack][][{[}Archive.org{]}]\from[url347]}
(Man-In-The-Middle Attacks) that will allow them to:
\startitemize
\item
Tap your phone (voice calls and SMS).
\item
Sniff and examine your data traffic.
\item
Impersonate your phone number without controlling your phone.
\item
\ldots{}
\stopitemize
\stopitemize
Here is also a good YouTube video on this topic: DEFCON Safe Mode -
Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time
\useURL[url348][https://www.youtube.com/watch?v=siCk4pGGcqA]\from[url348]
\useURL[url349][https://yewtu.be/watch?v=siCk4pGGcqA][][{[}Invidious{]}]\from[url349]
{\bf For these reasons, it is crucial to get a dedicated anonymous phone
number and/or an anonymous burner phone with a cash-bought pre-paid sim
card that is not tied to you in any way (past or present) for conducting
sensitive activities. It is also possible to get an anonymous pre-paid
but preferably dedicated number from free and paid online services
accepting anonymous cryptocurrencies like Monero. Get more practical
guidance here: \goto{Getting an anonymous Phone
number}[getting-an-anonymous-phone-number].}
While there are some smartphones manufacturers like Purism with their
Librem series\footnote{Purism, Librem 5
\useURL[url350][https://shop.puri.sm/shop/librem-5/]\from[url350]
\useURL[url351][https://web.archive.org/web/https://shop.puri.sm/shop/librem-5/][][{[}Archive.org{]}]\from[url351]}
who claim to have your privacy in mind, they still do not allow IMEI
randomization which we believe is a key anti-tracking feature that
should be provided by such manufacturers. While this measure will not
prevent IMSI tracking within the SIM card, it would at least allow you
to keep the same \quotation{burner phone} and only switch SIM cards
instead of having to switch both for privacy.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsubsection[title={Your Wi-Fi or Ethernet MAC
address:},reference={your-wi-fi-or-ethernet-mac-address}]
The MAC address\footnote{Wikipedia, MAC Address
\useURL[url352][https://en.wikipedia.org/wiki/MAC_address]\from[url352]
\useURL[url353][https://wikiless.org/wiki/MAC_address][][{[}Wikiless{]}]\from[url353]
\useURL[url354][https://web.archive.org/web/https://en.wikipedia.org/wiki/MAC_address][][{[}Archive.org{]}]\from[url354]}
is a unique identifier tied to your physical Network Interface (Wired
Ethernet or Wi-Fi) and could of course be used to track you if it is not
randomized. As it was the case with the IMEI, manufacturers of computers
and network cards usually keep logs of their sales (usually including
things like serial number, IMEI, Mac Addresses, \ldots{}) and it is
possible again for them to track where and when the computer with the
MAC address in question was sold and to whom. Even if you bought it with
cash in a supermarket, the supermarket might still have CCTV (or a CCTV
just outside that shop) and again the time/date of sale could be used to
find out who was there using the Mobile Provider antenna logs at that
time (IMEI/IMSI).
Operating Systems makers (Google/Microsoft/Apple) will also keep logs of
devices and their MAC addresses in their logs for device identification
(Find my device type services for example). Apple can tell that the
MacBook with this specific MAC address was tied to a specific Apple
Account before. Maybe yours before you decided to use the MacBook for
sensitive activities. Maybe to a different user who sold it to you but
remembers your e-mail/number from when the sale happened.
Your home router/Wi-Fi access point keeps logs of devices that are
registered on the Wi-Fi, and these can be accessed too to find out who
has been using your Wi-Fi. Sometimes this can be done remotely (and
silently) by the ISP depending on if that router/Wi-Fi access point is
being \quotation{managed} remotely by the ISP (which is often the case
when they provide the router to their customers).
Some commercial devices will keep a record of MAC addresses roaming
around for various purposes such as road congestion\footnote{Acyclica
Road Trend Product Sheet,
\useURL[url355][https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf]\from[url355]
\useURL[url356][https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf][][{[}Archive.org{]}]\from[url356]}.
{\bf So, it is important again not to bring your phone along when/where
you conduct sensitive activities. If you use your own laptop, then it is
crucial to hide that MAC address (and Bluetooth address) anywhere you
use it and be extra careful not to leak any information. Thankfully many
recent OSes now feature or allow the possibility to randomize MAC
addresses (Android, IOS, Linux, and Windows 10/11)} with the notable
exception of macOS which does not support this feature even in its
latest Big Sur version.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsubsection[title={Your Bluetooth MAC
address:},reference={your-bluetooth-mac-address}]
Your Bluetooth MAC is like the earlier MAC address except it is for
Bluetooth. Again, it can be used to track you as manufacturers and
operating system makers keep logs of such information. It could be tied
to a sale place/time/date or accounts and then could be used to track
you with such information, the shop billing information, the CCTV, or
the mobile antenna logs in correlation.
Operating systems have protections in place to randomize those addresses
but are still subject to vulnerabilities\footnote{ResearchGate, Tracking
Anonymized Bluetooth Devices
\useURL[url357][https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf]\from[url357]
\useURL[url358][https://web.archive.org/web/https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf][][{[}Archive.org{]}]\from[url358]}.
For this reason, and unless you really need those, you should just
disable Bluetooth completely in the BIOS/UEFI settings if possible or in
the Operating System otherwise.
On Windows 10, you will need to disable and enable the Bluetooth device
in the device manager itself to force randomization of the address for
next use and prevent tracking.
In general, this should not be too much of a concern compared to MAC
Addresses. BT Addresses are randomized quite often.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsection[title={Your CPU:},reference={your-cpu}]
All modern CPUs\footnote{Wikipedia, CPU
\useURL[url359][https://en.wikipedia.org/wiki/Central_processing_unit]\from[url359]
\useURL[url360][https://wikiless.org/wiki/Central_processing_unit][][{[}Wikiless{]}]\from[url360]
\useURL[url361][https://web.archive.org/web/https://en.wikipedia.org/wiki/Central_processing_unit][][{[}Archive.org{]}]\from[url361]}
are now integrating hidden management platforms such as the now infamous
Intel Management Engine\footnote{Wikipedia, Intel Management Engine
\useURL[url362][https://en.wikipedia.org/wiki/Intel_Management_Engine]\from[url362]
\useURL[url363][https://wikiless.org/wiki/Intel_Management_Engine][][{[}Wikiless{]}]\from[url363]
\useURL[url364][https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine][][{[}Archive.org{]}]\from[url364]}
and the AMD Platform Security Processor\footnote{Wikipedia, AMD Platform
Security Processor
\useURL[url365][https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor]\from[url365]
\useURL[url366][https://wikiless.org/wiki/AMD_Platform_Security_Processor][][{[}Wikiless{]}]\from[url366]
\useURL[url367][https://web.archive.org/web/https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor][][{[}Archive.org{]}]\from[url367]}.
Those management platforms are small operating systems running directly
on your CPU as long as they have power. These systems have full access
to your computer's network and could be accessed by an adversary to
de-anonymize you in various ways (using direct access or using malware
for instance) as shown in this enlightening video: BlackHat, How to Hack
a Turned-Off Computer, or Running Unsigned Code in Intel Management
Engine
\useURL[url368][https://www.youtube.com/watch?v=9fhNokIgBMU]\from[url368]
\useURL[url369][https://yewtu.be/watch?v=mYsTBPqbya8][][{[}Invidious{]}]\from[url369].
These have already been affected by several security vulnerabilities in
the past\footnote{Wikipedia, IME, Security Vulnerabilities
\useURL[url370][https://en.wikipedia.org/wiki/Intel_Management_Engine\#Security_vulnerabilities]\from[url370]
\useURL[url371][https://wikiless.org/wiki/Intel_Management_Engine][][{[}Wikiless{]}]\from[url371]
\useURL[url372][https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine][][{[}Archive.org{]}]\from[url372]}
that allowed malware to gain control of target systems. These are also
accused by many privacy actors including the EFF and Libreboot of being
a backdoor into any system\footnote{Wikipedia, IME, Assertions that ME
is a backdoor
\useURL[url373][https://en.wikipedia.org/wiki/Intel_Management_Engine\#Assertions_that_ME_is_a_backdoor]\from[url373]
\useURL[url374][https://wikiless.org/wiki/Intel_Management_Engine][][{[}Wikiless{]}]\from[url374]
\useURL[url375][https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine][][{[}Archive.org{]}]\from[url375]}.
There are some not so straightforward ways\footnote{Wikipedia, IME,
Disabling the ME
\useURL[url376][https://en.wikipedia.org/wiki/Intel_Management_Engine\#Disabling_the_ME]\from[url376]
\useURL[url377][https://wikiless.org/wiki/Intel_Management_Engine][][{[}Wikiless{]}]\from[url377]
\useURL[url378][https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine][][{[}Archive.org{]}]\from[url378]}
to disable the Intel IME on some CPUs and you should do so if you can.
For some AMD laptops, you can disable it within the BIOS settings by
disabling PSP.
Note that, to AMD's defense, there were no security vulnerabilities
found for ASP and no backdoors either. See
\useURL[url379][https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s]\from[url379]
\useURL[url380][https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s][][{[}Invidious{]}]\from[url380].
In addition, AMD PSP does not provide any remote management capabilities
contrary to Intel IME.
If you are feeling a bit more adventurous, you could install your own
BIOS using Coreboot \footnote{Libreboot,
\useURL[url381][https://libreboot.org/]\from[url381]
\useURL[url382][https://web.archive.org/web/https://libreboot.org/][][{[}Archive.org{]}]\from[url382]
/ Coreboot, \useURL[url383][https://www.coreboot.org/]\from[url383]
\useURL[url384][https://web.archive.org/web/20220501042320/https://www.coreboot.org/][][{[}Archive.org{]}]\from[url384]}
or Libreboot (a distribution of Coreboot) if your laptop supports it.
Coreboot allows users to add their own microcode or other firmware blobs
in order for the machine to function, but this is based upon user
choice, and as of Dec 2022, Libreboot has adopted a similar pragmatic
approach in order to support newer devices in the Coreboot tree.
(Thanks, kind Anon who corrected previous information in this
paragraph.)
Check yourself:
\startitemize
\item
If you are using Linux you can check the vulnerability status of your
CPU to Spectre/Meltdown attacks by using
\useURL[url385][https://github.com/speed47/spectre-meltdown-checker]\from[url385]
\useURL[url386][https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker][][{[}Archive.org{]}]\from[url386]
which is available as a package for most Linux distros including
Whonix. Spectre is a transient execution attack. There is also PoC
code for Spectre v1 and v2 on iPhone devices here:
\useURL[url387][https://github.com/cispa/BranchDifferent]\from[url387]
\useURL[url388][https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent][][{[}Archive.org{]}]\from[url388]
and here
\useURL[url389][https://misc0110.net/files/applespectre_dimva22.pdf]\from[url389]
\useURL[url390][https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf][][{[}Archive.org{]}]\from[url390]
\item
If you are using Windows, you can check the vulnerability status of
your CPU using inSpectre
\useURL[url391][https://www.grc.com/inspectre.htm]\from[url391]
\useURL[url392][https://web.archive.org/web/https://www.grc.com/inspectre.htm][][{[}Archive.org{]}]\from[url392]
\stopitemize
Some CPUs have unfixable flaws (especially Intel CPUs) that could be
exploited by various malware. Here is a good current list of such
vulnerabilities affecting recent widespread CPUs:
\useURL[url393][https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability]\from[url393]
\useURL[url394][https://wikiless.org/wiki/Transient_execution_CPU_vulnerability][][{[}Wikiless{]}]\from[url394]
\useURL[url395][https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability][][{[}Archive.org{]}]\from[url395]
Some of these can be avoided using Virtualization Software settings that
can mitigate such exploits. See this guide for more information
\useURL[url396][https://www.whonix.org/wiki/Spectre_Meltdown]\from[url396]
\useURL[url397][https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown][][{[}Archive.org{]}]\from[url397]
(warning: these can severely impact the performance of your VMs).
This guide won't go too deep into side-channel and microarchitecture
attacks but we will highlight some issues with both Intel and AMD CPU
architectures that will be mitigated throughout. It's important to
recognize hardware is just as susceptible to bugs, and therefore
exploitation, regardless of manufacturer.
We will mitigate some of these issues in this guide by recommending the
use of virtual machines on a dedicated anonymous laptop for your
sensitive activities that will only be used from an anonymous public
network.
{\bf In addition, we recommend the use of AMD CPUs instead of Intel
CPUs.}
\subsection[title={Your Operating Systems and Apps telemetry
services:},reference={your-operating-systems-and-apps-telemetry-services}]
Whether it is Android, iOS, Windows, macOS, or even Ubuntu. Most popular
Operating Systems now collect telemetry information by default even if
you never opt-in or opted-out\footnote{Trinity College Dublin, Mobile
Handset Privacy: Measuring The Data iOS and Android Send to Apple And
Google
\useURL[url398][https://www.scss.tcd.ie/doug.leith/apple_google.pdf]\from[url398]
\useURL[url399][https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf][][{[}Archive.org{]}]\from[url399]}
from the start. Some like Windows will not even allow disabling
telemetry completely without some technical tweaks. This information
collection can be extensive and include a staggering number of details
(metadata and data) on your devices and their usage.
Here are good overviews of what is being collected by those five popular
OSes in their last versions:
\startitemize
\item
Android/Google:
\startitemize
\item
Just have a read at their privacy policy
\useURL[url400][https://policies.google.com/privacy]\from[url400]
\useURL[url401][https://web.archive.org/web/https://policies.google.com/privacy][][{[}Archive.org{]}]\from[url401]
\item
School of Computer Science & Statistics, Trinity College Dublin,
Ireland Mobile Handset Privacy: Measuring The Data iOS and Android
Send to Apple And Google
\useURL[url402][https://www.scss.tcd.ie/doug.leith/apple_google.pdf]\from[url402]
\useURL[url403][https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf][][{[}Archive.org{]}]\from[url403]
\stopitemize
\item
IOS/Apple:
\startitemize
\item
More information at
\useURL[url404][https://www.apple.com/legal/privacy/en-ww/]\from[url404]
\useURL[url405][https://web.archive.org/web/https://www.apple.com/legal/privacy/en-ww/][][{[}Archive.org{]}]\from[url405]
and
\useURL[url406][https://support.apple.com/en-us/HT202100]\from[url406]
\useURL[url407][https://web.archive.org/web/https://support.apple.com/en-us/HT202100][][{[}Archive.org{]}]\from[url407]
\item
School of Computer Science & Statistics, Trinity College Dublin,
Ireland Mobile Handset Privacy: Measuring The Data iOS and Android
Send to Apple And Google
\useURL[url408][https://www.scss.tcd.ie/doug.leith/apple_google.pdf]\from[url408]
\useURL[url409][https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf][][{[}Archive.org{]}]\from[url409]
\item
Apple does claim\footnote{Apple, Differential Privacy White Paper
\useURL[url410][https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf]\from[url410]
\useURL[url411][https://web.archive.org/web/https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf][][{[}Archive.org{]}]\from[url411]}
that they anonymize this data using differential privacy\footnote{Wikipedia,
Differential Privacy
\useURL[url412][https://en.wikipedia.org/wiki/Differential_privacy]\from[url412]
\useURL[url413][https://wikiless.org/wiki/Differential_privacy][][{[}Wikiless{]}]\from[url413]
\useURL[url414][https://web.archive.org/web/https://en.wikipedia.org/wiki/Differential_privacy][][{[}Archive.org{]}]\from[url414]}
but you will have to trust them on that.
\stopitemize
\item
Windows/Microsoft:
\startitemize
\item
Full list of required diagnostic data:
\useURL[url415][https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004]\from[url415]
\useURL[url416][https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004][][{[}Archive.org{]}]\from[url416]
\item
Full list of optional diagnostic data:
\useURL[url417][https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data]\from[url417]
\useURL[url418][https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data][][{[}Archive.org{]}]\from[url418]
\stopitemize
\item
macOS:
\startitemize[packed]
\item
More details on
\useURL[url419][https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac]\from[url419]
\useURL[url420][https://web.archive.org/web/https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac][][{[}Archive.org{]}]\from[url420]
\stopitemize
\item
Ubuntu:
\startitemize[packed]
\item
Ubuntu despite being a Linux distribution also collects Telemetry
Data nowadays. This data however is quite limited compared to the
others. More details on
\useURL[url421][https://ubuntu.com/desktop/statistics]\from[url421]
\useURL[url422][https://web.archive.org/web/https://ubuntu.com/desktop/statistics][][{[}Archive.org{]}]\from[url422]
\stopitemize
\stopitemize
Not only are Operating Systems gathering telemetry services but so are
Apps themselves like Browsers, Mail Clients, and Social Networking Apps
installed on your system.
It is important to understand that this telemetry data can be tied to
your device and help de-anonymizing you and later can be used against
you by an adversary that would get access to this data.
This does not mean for example that Apple devices are terrible choices
for good Privacy (tho this might be changing\footnote{Continuing Ed, The
All-Seeing \quotation{i}: Apple Just Declared War on Your Privacy
\useURL[url423][https://edwardsnowden.substack.com/p/all-seeing-i]\from[url423]
\useURL[url424][https://web.archive.org/web/https://edwardsnowden.substack.com/p/all-seeing-i][][{[}Archive.org{]}]\from[url424]}),
but they are certainly not the best choices for (relative) Anonymity.
They might protect you from third parties knowing what you are doing but
not from themselves. In all likelihood, they certainly know who you are.
Later in this guide, we will use all the means at our disposal to
disable and block as much telemetry as possible to mitigate this attack
vector in the Operating Systems supported in this guide. These will
include Windows, macOS, and even Linux in some regard.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsection[title={Your Smart devices in
general:},reference={your-smart-devices-in-general}]
You got it; your smartphone is an advanced spying/tracking device that:
\startitemize
\item
Records everything you say at any time (\quotation{Hey Siri},
\quotation{Hey Google}).
\item
Records your location everywhere you go.
\item
Always records other devices around you (Bluetooth devices, Wi-Fi
Access points).
\item
Records your habits and health data (steps, screen time, exposure to
diseases, connected devices data)
\item
Records all your network locations.
\item
Records all your pictures and videos (and most likely where they were
taken).
\item
Has most likely access to most of your known accounts including social
media, messaging, and financial accounts.
\stopitemize
Data is being transmitted even if you opt-out\footnote{Trinity College
Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android
Send to Apple And Google
\useURL[url425][https://www.scss.tcd.ie/doug.leith/apple_google.pdf]\from[url425]
\useURL[url426][https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf][][{[}Archive.org{]}]\from[url426]},
processed, and stored indefinitely (most likely unencrypted\footnote{Reuters,
Exclusive: Apple dropped plan for encrypting backups after FBI
complained -- sources
\useURL[url427][https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT]\from[url427]
\useURL[url428][https://web.archive.org/web/https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT][][{[}Archive.org{]}]\from[url428]})
by various third parties\footnote{ZDnet, I asked Apple for all my data.
Here's what was sent back
\useURL[url429][https://www.zdnet.com/article/apple-data-collection-stored-request/]\from[url429]
\useURL[url430][https://web.archive.org/web/https://www.zdnet.com/article/apple-data-collection-stored-request/][][{[}Archive.org{]}]\from[url430]}.
But that is not all, this section is not called \quotation{Smartphones}
but \quotation{Smart devices} because it is not only your smartphone
spying on you. It is also every other smart device you could have:
\startitemize
\item
Your Smart Watch? (Apple Watch, Android Smartwatch \ldots{})
\item
Your Fitness Devices and Apps\footnote{De Correspondent, Here's how we
found the names and addresses of soldiers and secret agents using a
simple fitness app
\useURL[url431][https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27]\from[url431]
\useURL[url432][https://web.archive.org/web/https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27][][{[}Archive.org{]}]\from[url432]}\quote{\footnote{Website
Planet, Report: Fitness Tracker Data Breach Exposed 61 Million
Records and User Data Online
\useURL[url433][https://www.websiteplanet.com/blog/gethealth-leak-report/]\from[url433]
\useURL[url434][https://web.archive.org/web/https://www.websiteplanet.com/blog/gethealth-leak-report/][][{[}Archive.org{]}]\from[url434]}?
(Strava\footnote{Wired, The Strava Heat Map and the End of Secrets
\useURL[url435][https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/]\from[url435]
\useURL[url436][https://web.archive.org/web/https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/][][{[}Archive.org{]}]\from[url436]}}\footnote{Bellingcat,
How to Use and Interpret Data from Strava's Activity Map
\useURL[url437][https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/]\from[url437]
\useURL[url438][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/][][{[}Archive.org{]}]\from[url438]},
Fitbit\footnote{The Guardian, Fitness tracking app Strava gives away
location of secret US army bases
\useURL[url439][https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases]\from[url439]
\useURL[url440][https://web.archive.org/web/https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases][][{[}Archive.org{]}]\from[url440]},
Garmin, Polar\footnote{Telegraph, Running app reveals locations of
secret service agents in MI6 and GCHQ
\useURL[url441][https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/]\from[url441]
\useURL[url442][https://web.archive.org/web/https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/][][{[}Archive.org{]}]\from[url442]},
\ldots{})
\item
Your Smart Speaker? (Amazon Alexa\footnote{Washington Post, Alexa has
been eavesdropping on you this whole time
\useURL[url443][https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59]\from[url443]
\useURL[url444][https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59][][{[}Archive.org{]}]\from[url444]},
Google Echo, Apple Homepod \ldots{})
\item
Your Smart Transportation? (Car? Scooter?)
\item
Your Smart Tags? (Apple AirTag, Galaxy SmartTag, Tile\ldots{})
\item
Your Car? (Yes, most modern cars have advanced logging/tracking
features these days\footnote{Washington Post, What does your car know
about you? We hacked a Chevy to find out
\useURL[url445][https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/]\from[url445]
\useURL[url446][https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/][][{[}Archive.org{]}]\from[url446]})
\item
Any other Smart device? There are even convenient search engines
dedicated to finding them online:
\startitemize
\item
\useURL[url447][https://www.shodan.io/]\from[url447]
\item
\useURL[url448][https://censys.io/]\from[url448]
\item
\useURL[url449][https://www.zoomeye.org/]\from[url449]
\stopitemize
\stopitemize
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
Conclusion: Do not bring your smart devices with you when conducting
sensitive activities.
\subsection[title={Yourself:},reference={yourself}]
\subsubsection[title={Your Metadata including your
Geo-Location:},reference={your-metadata-including-your-geo-location}]
Your metadata is all the information about your activities without the
actual content of those activities. For instance, it is like knowing you
had a call from an oncologist before then calling your family and
friends successively. You do not know what was said during the
conversation, but you can guess what it was just from the
metadata\footnote{Using Metadata to find Paul Revere
(\useURL[url450][https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/]\from[url450]
\useURL[url451][https://web.archive.org/web/https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/][][{[}Archive.org{]}]\from[url451])}.
This metadata will also often include your location that is being
harvested by Smartphones, Operating Systems (Android\footnote{Wikipedia,
Google SensorVault,
\useURL[url452][https://en.wikipedia.org/wiki/Sensorvault]\from[url452]
\useURL[url453][https://wikiless.org/wiki/Sensorvault][][{[}Wikiless{]}]\from[url453]
\useURL[url454][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sensorvault][][{[}Archive.org{]}]\from[url454]}/IOS),
Browsers, Apps, Websites. Odds are several companies are knowing exactly
where you are at any time\footnote{NRKBeta, My Phone Was Spying on Me,
so I Tracked Down the Surveillants
\useURL[url455][https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/]\from[url455]
\useURL[url456][https://web.archive.org/web/https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/][][{[}Archive.org{]}]\from[url456]}
because of your smartphone\footnote{New York Times
\useURL[url457][https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html]\from[url457]
\useURL[url458][https://web.archive.org/web/https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html][][{[}Archive.org{]}]\from[url458]}.
This location data has been used in many judicial cases\footnote{Sophos,
Google data puts innocent man at the scene of a crime
\useURL[url459][https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/]\from[url459]
\useURL[url460][https://web.archive.org/web/https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/][][{[}Archive.org{]}]\from[url460]}
already as part of \quotation{geofencing warrants} \footnote{Wikipedia,
Geofence Warrant
\useURL[url461][https://en.wikipedia.org/wiki/Geo-fence_warrant]\from[url461]
\useURL[url462][https://wikiless.org/wiki/Geo-fence_warrant][][{[}Wikiless{]}]\from[url462]
\useURL[url463][https://web.archive.org/web/https://en.wikipedia.org/wiki/Geo-fence_warrant][][{[}Archive.org{]}]\from[url463]}
that allow law enforcement to ask companies (such as Google/Apple) a
list of all devices present at a certain location at a certain time. In
addition, this location data is even sold by private companies to the
military who can then use it conveniently\footnote{Vice.com, Military
Unit That Conducts Drone Strikes Bought Location Data From Ordinary
Apps
\useURL[url464][https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard]\from[url464]
\useURL[url465][https://web.archive.org/web/https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard][][{[}Archive.org{]}]\from[url465]}.
These warrants are becoming widely used by law enforcement\footnote{TechCrunch,
Google says geofence warrants make up one-quarter of all US demands
\useURL[url466][https://techcrunch.com/2021/08/19/google-geofence-warrants/]\from[url466]
\useURL[url467][https://web.archive.org/web/https://techcrunch.com/2021/08/19/google-geofence-warrants/][][{[}Archive.org{]}]\from[url467]}\quote{\footnote{TechDirt,
Google Report Shows \quote{Reverse Warrants} Are Swiftly Becoming Law
Enforcement's Go-To Investigative Tool
\useURL[url468][https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml]\from[url468]
\useURL[url469][https://web.archive.org/web/https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml][][{[}Archive.org{]}]\from[url469]}}\footnote{Vice.com,
Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile,
Verizon
\useURL[url470][https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon]\from[url470]
\useURL[url471][https://web.archive.org/web/https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon][][{[}Archive.org{]}]\from[url471]}.
If you want to experience yourself what a \quotation{geofencing warrant}
would look like, here is an example:
\useURL[url472][https://wigle.net/]\from[url472].
Now let us say you are using a VPN to hide your IP. The social media
platform knows you were active on that account on November 4th from 8 am
to 1 pm with that VPN IP. The VPN allegedly keeps no logs and cannot
trace back that VPN IP to your IP. Your ISP however knows (or at least
can know) you were connected to that same VPN provider on November 4th
from 7:30 am to 2 pm but does not know what you were doing with it.
The question is: Is there someone somewhere that would have both pieces
of information available\footnote{Wikipedia, Room 641A
\useURL[url473][https://en.wikipedia.org/wiki/Room_641A]\from[url473]
\useURL[url474][https://wikiless.org/wiki/Room_641A][][{[}Wikiless{]}]\from[url474]
\useURL[url475][https://web.archive.org/web/https://en.wikipedia.org/wiki/Room_641A][][{[}Archive.org{]}]\from[url475]}
for correlation in a convenient database?
Have you heard of Edward Snowden\footnote{Wikipedia, Edward Snowden
\useURL[url476][https://en.wikipedia.org/wiki/Edward_Snowden]\from[url476]
\useURL[url477][https://wikiless.org/wiki/Edward_Snowden][][{[}Wikiless{]}]\from[url477]
\useURL[url478][https://web.archive.org/web/https://en.wikipedia.org/wiki/Edward_Snowden][][{[}Archive.org{]}]\from[url478]}?
Now is the time to google him and read his book\footnote{Wikipedia,
Permanent Record
\useURL[url479][https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)]\from[url479]
\useURL[url480][https://wikiless.org/wiki/Permanent_Record_(autobiography)][][{[}Wikiless{]}]\from[url480]
\useURL[url481][https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)][][{[}Archive.org{]}]\from[url481]}.
Also read about XKEYSCORE\footnote{Wikipedia, XKEYSCORE
\useURL[url482][https://en.wikipedia.org/wiki/XKeyscore]\from[url482]
\useURL[url483][https://wikiless.org/wiki/XKeyscore][][{[}Wikiless{]}]\from[url483]
\useURL[url484][https://web.archive.org/web/https://en.wikipedia.org/wiki/XKeyscore][][{[}Archive.org{]}]\from[url484]}'\footnote{ElectroSpaces,
Danish military intelligence uses XKEYSCORE to tap cables in
cooperation with the NSA
\useURL[url485][https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html]\from[url485]
\useURL[url486][https://web.archive.org/web/https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html][][{[}Archive.org{]}]\from[url486]},
MUSCULAR\footnote{Wikipedia, MUSCULAR
\useURL[url487][https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)]\from[url487]
\useURL[url488][https://web.archive.org/web/https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)][][{[}Archive.org{]}]\from[url488]},
SORM\footnote{Wikipedia, SORM
\useURL[url489][https://en.wikipedia.org/wiki/SORM]\from[url489]
\useURL[url490][https://wikiless.org/wiki/SORM][][{[}Wikiless{]}]\from[url490]
\useURL[url491][https://web.archive.org/web/https://en.wikipedia.org/wiki/SORM][][{[}Archive.org{]}]\from[url491]},
Tempora\footnote{Wikipedia, Tempora
\useURL[url492][https://en.wikipedia.org/wiki/Tempora]\from[url492]
\useURL[url493][https://wikiless.org/wiki/Tempora][][{[}Wikiless{]}]\from[url493]
\useURL[url494][https://web.archive.org/web/https://en.wikipedia.org/wiki/Tempora][][{[}Archive.org{]}]\from[url494]}
, and PRISM\footnote{Wikipedia, PRISM
\useURL[url495][https://en.wikipedia.org/wiki/PRISM_(surveillance_program)]\from[url495]
\useURL[url496][https://wikiless.org/wiki/PRISM_(surveillance_program)][][{[}Wikiless{]}]\from[url496]
\useURL[url497][https://web.archive.org/web/https://en.wikipedia.org/wiki/PRISM_(surveillance_program)][][{[}Archive.org{]}]\from[url497]}.
See \quotation{We kill people based on Metadata}\footnote{Justsecurity,
General Hayden
\useURL[url498][https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/]\from[url498]
\useURL[url499][https://web.archive.org/web/https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/][][{[}Archive.org{]}]\from[url499]}
or this famous tweet from the IDF
\useURL[url500][https://twitter.com/idf/status/1125066395010699264]\from[url500]
\useURL[url501][https://web.archive.org/web/https://twitter.com/idf/status/1125066395010699264][][{[}Archive.org{]}]\from[url501]
\useURL[url502][https://nitter.net/idf/status/1125066395010699264][][{[}Nitter{]}]\from[url502].
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
\subsubsection[title={Your Digital Fingerprint, Footprint, and Online
Behavior:},reference={your-digital-fingerprint-footprint-and-online-behavior}]
This is the part where you should watch the documentary \quotation{The
Social Dilemma}\footnote{IDMB, The Social Dilemma
\useURL[url503][https://www.imdb.com/title/tt11464826/]\from[url503]
\useURL[url504][https://web.archive.org/web/https://www.imdb.com/title/tt11464826/][][{[}Archive.org{]}]\from[url504]}
on Netflix as they cover this topic much better than anyone else.
This includes is the way you write (stylometry) \footnote{ArsTechnica,
How the way you type can shatter anonymity---even on Tor
\useURL[url505][https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/]\from[url505]
\useURL[url506][https://web.archive.org/web/https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/][][{[}Archive.org{]}]\from[url506]}\quote{\footnote{Wikipedia,
Stylometry
\useURL[url507][https://en.wikipedia.org/wiki/Stylometry]\from[url507]
\useURL[url508][https://wikiless.org/wiki/Stylometry][][{[}Wikiless{]}]\from[url508]
\useURL[url509][https://web.archive.org/web/https://en.wikipedia.org/wiki/Stylometry][][{[}Archive.org{]}]\from[url509]},
the way you behave\footnote{Paul Moore Blog, Behavioral Profiling: The
password you can't change.
\useURL[url510][https://paul.reviews/behavioral-profiling-the-password-you-cant-change/]\from[url510]
\useURL[url511][https://web.archive.org/web/https://paul.reviews/behavioral-profiling-the-password-you-cant-change/][][{[}Archive.org{]}]\from[url511]}}\footnote{Wikipedia,
Sentiment Analysis
\useURL[url512][https://en.wikipedia.org/wiki/Sentiment_analysis]\from[url512]
\useURL[url513][https://wikiless.org/wiki/Sentiment_analysis][][{[}Wikiless{]}]\from[url513]
\useURL[url514][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sentiment_analysis][][{[}Archive.org{]}]\from[url514]}.
The way you click. The way you browse. The fonts you use on your
browser\footnote{EFF, CoverYourTracks
\useURL[url515][https://coveryourtracks.eff.org/]\from[url515]
\useURL[url516][https://web.archive.org/web/https://coveryourtracks.eff.org/][][{[}Archive.org{]}]\from[url516]}.
Fingerprinting is being used to guess who someone is by the way that
user is behaving. You might be using specific pedantic words or making
specific spelling mistakes that could give you away using a simple
Google search for similar features because you typed comparably on some
Reddit post 5 years ago using a not so anonymous Reddit
account\footnote{Berkeley.edu, On the Feasibility of Internet-Scale
Author Identification
\useURL[url517][https://people.eecs.berkeley.edu/~dawnsong/papers/2012\%20On\%20the\%20Feasibility\%20of\%20Internet-Scale\%20Author\%20Identification.pdf][][https://people.eecs.berkeley.edu/\lettertilde{}dawnsong/papers/2012\letterpercent{}20On\letterpercent{}20the\letterpercent{}20Feasibility\letterpercent{}20of\letterpercent{}20Internet-Scale\letterpercent{}20Author\letterpercent{}20Identification.pdf]\from[url517]
\useURL[url518][https://web.archive.org/web/https://people.eecs.berkeley.edu/~dawnsong/papers/2012\%20On\%20the\%20Feasibility\%20of\%20Internet-Scale\%20Author\%20Identification.pdf][][{[}Archive.org{]}]\from[url518]}.
The words you type in a search engine alone can be used against you as
the authorities now have warrants to find users who used specific
keywords in search engines\footnote{Forbes, Exclusive: Government
Secretly Orders Google To Identify Anyone Who Searched A Sexual
Assault Victim's Name, Address And Telephone Number
\useURL[url519][https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users]\from[url519]
\useURL[url520][https://web.archive.org/web/https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users][][{[}Archive.org{]}]\from[url520]}.
Social Media platforms such as Facebook/Google can go a step further and
can register your behavior in the browser itself. For instance, they can
register everything you type even if you do not send it / save it. Think
of when you draft an e-mail in Gmail. It is saved automatically as you
type. They can register your clicks and cursor movements as well.
All they need to achieve this in most cases is Javascript enabled in
your browser (which is the case in most Browsers including Tor Browser
by default). Even with Javascript disabled, there are still ways to
fingerprint you\footnote{FingerprintJS, Demo: Disabling JavaScript Won't
Save You from Fingerprinting
\useURL[url521][https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/]\from[url521]
\useURL[url522][https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/][][{[}Archive.org{]}]\from[url522]}.
While these methods are usually used for marketing purposes and
advertising, they can also be a useful tool for fingerprinting users.
This is because your behavior is unique or unique enough that over time,
you could be de-anonymized.
Here are some examples:
\startitemize
\item
Specialized companies are selling to, for example, law enforcement
agencies products for analyzing social network activities such as
\useURL[url523][https://mediasonar.com/]\from[url523]
\useURL[url524][https://web.archive.org/web/https://mediasonar.com/][][{[}Archive.org{]}]\from[url524]
\item
For example, as a basis of authentication, a user's typing speed,
keystroke depressions, patterns of error (say accidentally hitting an
\quotation{l} instead of a \quotation{k} on three out of every seven
transactions) and mouse movements establish that person's unique
pattern of behavior\footnote{SecuredTouch Blog, Behavioral Biometrics
101: Behavioral Biometrics vs.~Behavioral Analytics
\useURL[url525][https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics]\from[url525]
\useURL[url526][https://web.archive.org/web/https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics][][{[}Archive.org{]}]\from[url526]}.
Some commercial services such as TypingDNA
(\useURL[url527][https://www.typingdna.com/]\from[url527]
\useURL[url528][https://web.archive.org/web/https://www.typingdna.com/][][{[}Archive.org{]}]\from[url528])
even offer such analysis as a replacement for two-factor
authentications.
\item
This technology is also widely used in CAPTCHAS\footnote{Wikipedia,
Captcha
\useURL[url529][https://en.wikipedia.org/wiki/CAPTCHA]\from[url529]
\useURL[url530][https://wikiless.org/wiki/CAPTCHA][][{[}Wikiless{]}]\from[url530]
\useURL[url531][https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA][][{[}Archive.org{]}]\from[url531]}
services to verify that you are \quotation{human} and can be used to
fingerprint a user.
\item
See \goto{Appendix A4: Counteracting Forensic
Linguistics}[appendix-a4-counteracting-forensic-linguistics].
\stopitemize
Analysis algorithms could then be used to match these patterns with
other users and match you to a different known user. It is unclear
whether such data is already used or not by Governments and Law
Enforcement agencies, but it might be in the future. And while this is
mostly used for advertising/marketing/captchas purposes now. It could
and probably will be used for investigations in the short or mid-term
future to deanonymize users.
Here is a fun example you try yourself to see some of those things in
action: \useURL[url532][https://clickclickclick.click]\from[url532] (no
archive links for this one sorry). You will see it becoming interesting
over time (this requires Javascript enabled).
Here is also a recent example just showing what Google Chrome collects
on you:
\useURL[url533][https://web.archive.org/web/https://pbs.twimg.com/media/EwiUNH0UYAgLY7V?format=jpg&name=4096x4096]\from[url533]
Here are some other resources on the topic if you cannot see this
documentary:
\startitemize
\item
2017, Behavior Analysis in Social Networks,
\useURL[url534][https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1]\from[url534]
\useURL[url535][https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1][][{[}Archive.org{]}]\from[url535]
\item
2017, Social Networks and Positive and Negative Affect
\useURL[url536][https://www.sciencedirect.com/science/article/pii/S1877042811013747/pdf?md5=253d8f1bb615d5dee195d353dc077d46&pid=1-s2.0-S1877042811013747-main.pdf]\from[url536]
\useURL[url537][https://archive.ph/iuowI][][{[}Archive.today{]}]\from[url537]
\item
2015, Using Social Networks Data for Behavior and Sentiment Analysis
\useURL[url538][https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis]\from[url538]
\useURL[url539][https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis][][{[}Archive.org{]}]\from[url539]
\item
2016, A Survey on User Behavior Analysis in Social Networks
\useURL[url540][https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks]\from[url540]
\useURL[url541][https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks][][{[}Archive.org{]}]\from[url541]
\item
2017, DEF CON 25 presentation:
\useURL[url542][https://www.youtube.com/watch?v=1nvYGi7-Lxo][][DEF CON
25 - Svea Eckert, Andreas Dewes - Dark Data]\from[url542]
\useURL[url543][https://yewtu.be/watch?v=1nvYGi7-Lxo][][{[}Invidious{]}]\from[url543]
\item
2019, Influence and Behavior Analysis in Social Networks and Social
Media
\useURL[url544][https://sci-hub.se/10.1007/978-3-030-02592-2]\from[url544]
\useURL[url545][https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2][][{[}Archive.org{]}]\from[url545]
\stopitemize
So, how can you mitigate these?
\startitemize
\item
This guide will provide some technical mitigations using
Fingerprinting resistant tools but those might not be sufficient.
\item
You should apply common sense and try to find your own patterns in
your behavior and behave differently when using anonymous identities.
This includes:
\startitemize
\item
The way you type (speed, accuracy\ldots{}).
\item
The words you use (be careful with your usual expressions).
\item
The type of response you use (if you are sarcastic by default, try
to have a different approach with your identities).
\item
The way you use your mouse and click (try to solve the Captchas
differently than your usual way)
\item
The habits you have when using some Apps or visiting some Websites
(do not always use the same menus/buttons/links to reach your
content).
\item
\ldots{}
\stopitemize
\stopitemize
You need to act and fully adopt a role as an actor would do for a
performance. You need to become a different person, think, and act like
that person. This is not a technical mitigation but a human one. You can
only rely on yourself for that.
Ultimately, it is mostly up to you to fool those algorithms by adopting
new habits and not revealing real information when using your anonymous
identities. See \goto{Appendix A4: Counteracting Forensic
Linguistics}[appendix-a4-counteracting-forensic-linguistics].
\subsubsection[title={Your Clues about your Real Life and
OSINT:},reference={your-clues-about-your-real-life-and-osint}]
These are clues you might give over time that could point to your real
identity. You might be talking to someone or posting on some
board/forum/Reddit. In those posts, you might over time leak some
information about your real life. These might be memories, experiences,
or clues you shared that could then allow a motivated adversary to build
a profile to narrow their search.
A real use and well-documented case of this was the arrest of the hacker
Jeremy Hammond\footnote{ArsTechnica, Stakeout: how the FBI tracked and
busted a Chicago Anon
\useURL[url546][https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/]\from[url546]
\useURL[url547][https://web.archive.org/web/https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/][][{[}Archive.org{]}]\from[url547]}
who shared over time several details about his past and was later
discovered.
There are also a few cases involving OSINT at Bellingcat\footnote{Bellingcat
MH17 - Russian GRU Commander \quote{Orion} Identified as Oleg
Ivannikov
\useURL[url548][https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/]\from[url548]
\useURL[url549][https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/][][{[}Archive.org{]}]\from[url549]}.
Have a look at their very informative (but slightly outdated) toolkit
here:
\useURL[url550][https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit\#gid=930747607]\from[url550]
\useURL[url551][https://web.archive.org/web/https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit][][{[}Archive.org{]}]\from[url551]
{\bf We have an OSINT discussion room in our Matrix community. Feel free
to join at \type{#OSINT:matrix.org}.}
You can also view some convenient lists of some available OSINT tools
here if you want to try them on yourself for example:
\startitemize
\item
\useURL[url552][https://github.com/jivoi/awesome-osint]\from[url552]
\useURL[url553][https://web.archive.org/web/https://github.com/jivoi/awesome-osint][][{[}Archive.org{]}]\from[url553]
\item
\useURL[url554][https://web.archive.org/web/20210426041234/https://jakecreps.com/tag/osint-tools/]\from[url554]
\item
\useURL[url555][https://osintframework.com/]\from[url555]
\item
\useURL[url556][https://recontool.org]\from[url556]
\stopitemize
As well as this interesting Playlist on YouTube:
\useURL[url557][https://www.youtube.com/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy]\from[url557]
\useURL[url558][https://yewtu.be/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy][][{[}Invidious{]}]\from[url558]
As well as those interesting podcasts:
\useURL[url559][https://www.inteltechniques.com/podcast.html]\from[url559]
You should never share real individual experiences/details using your
anonymous identities that could later lead to finding your real
identity. You will see more details about this in the \goto{Creating new
identities}[creating-new-identities] section.
\subsubsection[title={Your Face, Voice, Biometrics, and
Pictures:},reference={your-face-voice-biometrics-and-pictures}]
\quotation{Hell is other people}, even if you evade every method listed
above, you are not out of the woods yet thanks to the widespread use of
advanced Face recognition by everyone.
Companies like Facebook have used advanced face recognition for
years\footnote{Facebook Research, Deepface
\useURL[url560][https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/]\from[url560]
\useURL[url561][https://web.archive.org/web/https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/][][{[}Archive.org{]}]\from[url561]}'\footnote{Privacy
News Online, Putting the \quotation{face} in Facebook: how Mark
Zuckerberg is building a world without public anonymity
\useURL[url562][https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/]\from[url562]
\useURL[url563][https://web.archive.org/web/https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/][][{[}Archive.org{]}]\from[url563]}
and have been using other means (Satellite imagery) to create maps of
\quotation{people} around the world\footnote{CNBC, \quotation{Facebook
has mapped populations in 23 countries as it explores satellites to
expand internet}
\useURL[url564][https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html]\from[url564]
\useURL[url565][https://web.archive.org/web/https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html][][{[}Archive.org{]}]\from[url565]}.
This evolution has been going on for years to the point we can now say
\quotation{we lost control of our faces}\footnote{MIT Technology Review,
This is how we lost control of our faces,
\useURL[url566][https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/]\from[url566]
\useURL[url567][https://web.archive.org/web/https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/][][{[}Archive.org{]}]\from[url567]}.
If you are walking in a touristy place, you will most likely appear in
someone's selfie within minutes without knowing it. That person could
then go ahead and upload that selfie to various platforms (Twitter,
Google Photos, Instagram, Facebook, Snapchat \ldots{}). Those platforms
will then apply face recognition algorithms to those pictures under the
pretext of allowing better/easier tagging or to better organize your
photo library. In addition to this, the same picture will provide a
precise timestamp and in most cases geolocation of where it was taken.
Even if the person does not provide a timestamp and geolocation, it can
still be guessed with other means\footnote{Bellingcat, Shadow of a
Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch
Photo
\useURL[url568][https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/]\from[url568]
\useURL[url569][https://web.archive.org/web/https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/][][{[}Archive.org{]}]\from[url569]}'\footnote{Brown
Institute, Open-Source Investigation,
\useURL[url570][https://brown.columbia.edu/open-source-investigation/]\from[url570]
\useURL[url571][https://web.archive.org/web/https://brown.columbia.edu/open-source-investigation/][][{[}Archive.org{]}]\from[url571]}.
Here are a few resources for even trying this yourself:
\startitemize
\item
Bellingcat, Guide To Using Reverse Image Search For Investigations:
\useURL[url572][https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/]\from[url572]
\useURL[url573][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/][][{[}Archive.org{]}]\from[url573]
\item
Bellingcat, Using the New Russian Facial Recognition Site SearchFace
\useURL[url574][https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/]\from[url574]
\useURL[url575][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/][][{[}Archive.org{]}]\from[url575]
\item
Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged
Photograph from Skripal Suspect Chepiga
\useURL[url576][https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/]\from[url576]
\useURL[url577][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/][][{[}Archive.org{]}]\from[url577]
\item
Bellingcat, Advanced Guide on Verifying Video Content
\useURL[url578][https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/]\from[url578]
\useURL[url579][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/][][{[}Archive.org{]}]\from[url579]
\item
Bellingcat, Using the Sun and the Shadows for Geolocation
\useURL[url580][https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/]\from[url580]
\useURL[url581][https://web.archive.org/web/https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/][][{[}Archive.org{]}]\from[url581]
\item
Bellingcat, Navalny Poison Squad Implicated in Murders of Three
Russian Activists
\useURL[url582][https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/]\from[url582]
\useURL[url583][https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/][][{[}Archive.org{]}]\from[url583]
\item
Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman
Passed to German Investigators
\useURL[url584][https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/]\from[url584]
\useURL[url585][https://web.archive.org/web/https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/][][{[}Archive.org{]}]\from[url585]
\item
Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led
Coalition Bombing of a Yemen Hospital
\useURL[url586][https://www.youtube.com/watch?v=cAVZaPiVArA]\from[url586]
\useURL[url587][https://yewtu.be/watch?v=cAVZaPiVArA][][{[}Invidious{]}]\from[url587]
\item
Bellingcat, Digital Research Tutorial: Using Facial Recognition in
Investigations
\useURL[url588][https://www.youtube.com/watch?v=awY87q2Mr0E]\from[url588]
\useURL[url589][https://yewtu.be/watch?v=awY87q2Mr0E][][{[}Invidious{]}]\from[url589]
\item
Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt
Venezuelan Officials in Europe
\useURL[url590][https://www.youtube.com/watch?v=bS6gYWM4kzY]\from[url590]
\useURL[url591][https://yewtu.be/watch?v=bS6gYWM4kzY][][{[}Invidious{]}]\from[url591]
\stopitemize
\subsubsection[title={Gait Recognition and Other Long-Range
Biometrics},reference={gait-recognition-and-other-long-range-biometrics}]
Even if you are not looking at the camera, they can still figure out who
you are\footnote{NewScientist, Facebook can recognize you in photos even
if you're not looking
\useURL[url592][https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/]\from[url592]
\useURL[url593][https://web.archive.org/web/https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/][][{[}Archive.org{]}]\from[url593]},
make out your emotions\footnote{Google Patent, Techniques for emotion
detection and content delivery
\useURL[url594][https://patentimages.storage.googleapis.com/2d/e4/fb/6cd2fb81899dcd/US20150242679A1.pdf]\from[url594]
\useURL[url595][https://web.archive.org/web/https://patents.google.com/patent/US20150242679][][{[}Archive.org{]}]\from[url595]},
analyze your gait\footnote{APNews, Chinese \quote{gait recognition} tech
IDs people by how they walk
\useURL[url596][https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a]\from[url596]
\useURL[url597][https://web.archive.org/web/https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a][][{[}Archive.org{]}]\from[url597]}\quote{\footnote{The
Sun, New CCTV technology could now identify you just by the WAY you
walk and your body shape
\useURL[url598][https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/]\from[url598]
\useURL[url599][https://web.archive.org/web/https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/][][{[}Archive.org{]}]\from[url599]}}\footnote{City
Security Magazine, Gait recognition: a useful identification tool
\useURL[url600][https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/]\from[url600]
\useURL[url601][https://web.archive.org/web/https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/][][{[}Archive.org{]}]\from[url601]},
read your lips\footnote{Vice.com, Tech Companies Are Training AI to Read
Your Lips
\useURL[url602][https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips]\from[url602]
\useURL[url603][https://web.archive.org/web/https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips][][{[}Archive.org{]}]\from[url603]},
analyze the behavior of your eyes\footnote{New Atlas, Eye tracking can
reveal an unbelievable amount of information about you
\useURL[url604][https://newatlas.com/science/science/eye-tracking-privacy/]\from[url604]
\useURL[url605][https://web.archive.org/web/https://newatlas.com/science/science/eye-tracking-privacy/][][{[}Archive.org{]}]\from[url605]},
and probably guess your political affiliation\footnote{TechCrunch,
Facial recognition reveals political party in troubling new research
\useURL[url606][https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/]\from[url606]
\useURL[url607][https://web.archive.org/web/https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/][][{[}Archive.org{]}]\from[url607]}'\footnote{Nature.com,
Facial recognition technology can expose political orientation from
naturalistic facial images
\useURL[url608][https://www.nature.com/articles/s41598-020-79310-1.pdf]\from[url608]
\useURL[url609][https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf][][{[}Archive.org{]}]\from[url609]}.
Contrary to popular belief and pop culture, modern gait recognition
systems aren't fooled by simply changing how you walk (ex. with
something uncomfortable in your shoe), as they analyze the way your
body's muscles move across your entire body, as you perform certain
actions. The best way to fool modern gait recognition is to wear loose
clothes that obscure the way your muscles move as you perform actions.
Other things than can be used to identify you include your earlobes,
which are actually more identifiable than fingerprints, or even the
shape of your skull. As such, soft headcoverings such as balaclavas are
not recommendable for obscuring your identity - they make you look
incredibly suspicious, while also conforming to the shape of your skull.
{[}{]}{[}113{]}
(Illustration from
\useURL[url610][https://www.nature.com/articles/s41598-020-79310-1]\from[url610]
\useURL[url611][https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf][][{[}Archive.org{]}]\from[url611])
{[}{]}{[}115{]}
(illustration from
\useURL[url612][https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15]\from[url612]
\useURL[url613][https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15][][{[}Archive.org{]}]\from[url613])
Those platforms (Google/Facebook) already know who you are for a few
reasons:
\startitemize
\item
Because you have or had a profile with them, and you identified
yourself.
\item
Even if you never made a profile on those platforms, you still have
one without even knowing it\footnote{Slate
\useURL[url614][https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html]\from[url614]
\useURL[url615][https://web.archive.org/web/https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html][][{[}Archive.org{]}]\from[url615]}\quote{\footnote{The
Conversation
\useURL[url616][https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804]\from[url616]
\useURL[url617][https://web.archive.org/web/https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804][][{[}Archive.org{]}]\from[url617]}}\footnote{The
Verge
\useURL[url618][https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy]\from[url618]
\useURL[url619][https://web.archive.org/web/https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy][][{[}Archive.org{]}]\from[url619]}\quote{\footnote{ZDNET
\useURL[url620][https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/]\from[url620]
\useURL[url621][https://web.archive.org/web/https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/][][{[}Archive.org{]}]\from[url621]}}\footnote{CNET
\useURL[url622][https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/]\from[url622]
\useURL[url623][https://web.archive.org/web/https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/][][{[}Archive.org{]}]\from[url623]}.
\item
Because other people have tagged you or identified you in their
holidays/party pictures.
\item
Because other people have put a picture of you in their contact list
which they then shared with them.
\stopitemize
Here is also an insightful demo of Microsoft Azure you can try for
yourself at
\useURL[url624][https://azure.microsoft.com/en-us/services/cognitive-services/face/\#demo]\from[url624]
where you can detect emotions and compare faces from different pictures.
Governments already know who you are because they have your
ID/Passport/Driving License pictures and often added biometrics
(Fingerprints) in their database. Those same governments are integrating
those technologies (often provided by private companies such as the
Israeli Oosto\footnote{Oosto
\useURL[url625][https://oosto.com/]\from[url625]
\useURL[url626][https://web.archive.org/web/https://oosto.com/][][{[}Archive.org{]}]\from[url626]},
Clearview AI\footnote{BuzzFeed.news, Surveillance Nation
\useURL[url627][https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition]\from[url627]
\useURL[url628][https://web.archive.org/web/https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition][][{[}Archive.org{]}]\from[url628]}\quote{\footnote{Wired,
Clearview AI Has New Tools to Identify You in Photos
\useURL[url629][https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/]\from[url629]
\useURL[url630][https://web.archive.org/web/https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/][][{[}Archive.org{]}]\from[url630]},
or NEC\footnote{NEC, Neoface
\useURL[url631][https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html]\from[url631]
\useURL[url632][https://web.archive.org/web/https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html][][{[}Archive.org{]}]\from[url632]})
in their CCTV networks to look for \quotation{persons of
interest}\footnote{The Guardian, Met police deploy live facial
recognition technology
\useURL[url633][https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology]\from[url633]
\useURL[url634][https://web.archive.org/web/https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology][][{[}Archive.org{]}]\from[url634]}.
And some heavily surveilled states like China have implemented
widespread use of Facial Recognition for various purposes\footnote{YouTube,
The Economist, China: facial recognition and state control
\useURL[url635][https://www.youtube.com/watch?v=lH2gMNrUuEY]\from[url635]
\useURL[url636][https://yewtu.be/watch?v=lH2gMNrUuEY][][{[}Invidious{]}]\from[url636]}}\footnote{CNN,
Want your unemployment benefits? You may have to submit to facial
recognition first
\useURL[url637][https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html]\from[url637]
\useURL[url638][https://web.archive.org/web/https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html][][{[}Archive.org{]}]\from[url638]}
including possibly identifying ethnic minorities\footnote{Washington
Post, Huawei tested AI software that could recognize Uighur minorities
and alert police, report says
\useURL[url639][https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/]\from[url639]
\useURL[url640][https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/][][{[}Archive.org{]}]\from[url640]}.
A simple face recognition error by some algorithm can ruin your
life\footnote{The Intercept, How a Facial Recognition Mismatch Can Ruin
Your Life
\useURL[url641][https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/]\from[url641]
\useURL[url642][http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/][][{[}Tor
Mirror{]}]\from[url642]
\useURL[url643][https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/][][{[}Archive.org{]}]\from[url643]}'\footnote{Vice,
Facial Recognition Failures Are Locking People Out of Unemployment
Systems
\useURL[url644][https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems]\from[url644]
\useURL[url645][https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems][][{[}Archive.org{]}]\from[url645]}.
Here are some resources detailing some techniques used by Law
Enforcement today:
\startitemize
\item
CCC video explaining current Law Enforcement surveillance
capabilities:
\useURL[url646][https://media.ccc.de/v/rc3-11406-spot_the_surveillance\#t=761]\from[url646]
\useURL[url647][https://web.archive.org/web/https://media.ccc.de/v/rc3-11406-spot_the_surveillance][][{[}Archive.org{]}]\from[url647]
\item
EFF SLS: \useURL[url648][https://www.eff.org/sls]\from[url648]
\useURL[url649][https://web.archive.org/web/https://www.eff.org/sls][][{[}Archive.org{]}]\from[url649]
\stopitemize
Apple is making FaceID mainstream and pushing its use to log you into
many services including the Banking systems.
The same goes with fingerprint authentication being mainstreamed by many
smartphone makers to authenticate yourself. A simple picture where your
fingers appear can be used to de-anonymize you\footnote{BBC, WhatsApp
photo drug dealer caught by \quote{groundbreaking} work
\useURL[url650][https://www.bbc.com/news/uk-wales-43711477]\from[url650]
\useURL[url651][https://web.archive.org/web/https://www.bbc.com/news/uk-wales-43711477][][{[}Archive.org{]}]\from[url651]}\quote{\footnote{CNN,
Drug dealer jailed after sharing a photo of cheese that included his
fingerprints
\useURL[url652][https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html]\from[url652]
\useURL[url653][https://web.archive.org/web/https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html][][{[}Archive.org{]}]\from[url653]}}\footnote{Vice.com,
Cops Got a Drug Dealer's Fingerprints From Photos of His Hand on
WhatsApp
\useURL[url654][https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers]\from[url654]
\useURL[url655][https://web.archive.org/web/https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers][][{[}Archive.org{]}]\from[url655]}'\footnote{Kraken
Blog,
\useURL[url656][https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/]\from[url656]
\useURL[url657][https://web.archive.org/web/https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/][][{[}Archive.org{]}]\from[url657]}.
The same goes with your voice which can be analyzed for various purposes
as shown in the recent Spotify patent\footnote{JUSTIA Patent,
Identification of taste attributes from an audio signal
\useURL[url658][https://patents.justia.com/patent/10891948]\from[url658]
\useURL[url659][https://web.archive.org/web/https://patents.justia.com/patent/10891948][][{[}Archive.org{]}]\from[url659]}.
Even your iris can be used for identification in some places\footnote{PYMNTS,
Iris Scan Serves As Traveler ID At Dubai Airport
\useURL[url660][https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/]\from[url660]
\useURL[url661][https://web.archive.org/web/https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/][][{[}Archive.org{]}]\from[url661]}.
We can safely imagine a near future where you will not be able to create
accounts or sign in anywhere without providing unique biometrics (A
suitable time to re-watch Gattaca\footnote{IMDB, Gattaca 1997,
\useURL[url662][https://www.imdb.com/title/tt0119177/]\from[url662]
\useURL[url663][https://web.archive.org/web/https://www.imdb.com/title/tt0119177/][][{[}Archive.org{]}]\from[url663]},
Person of Interest\footnote{IMDB, Person of Interest 2011
\useURL[url664][https://www.imdb.com/title/tt1839578]\from[url664]
\useURL[url665][https://web.archive.org/web/https://www.imdb.com/title/tt1839578][][{[}Archive.org{]}]\from[url665]}
, and Minority Report\footnote{IMDB, Minority Report 2002,
\useURL[url666][https://www.imdb.com/title/tt0181689]\from[url666]
\useURL[url667][https://web.archive.org/web/https://www.imdb.com/title/tt0181689][][{[}Archive.org{]}]\from[url667]}).
And you can safely imagine how useful these large biometrics databases
could be to some interested third parties.
In addition, all this information can also be used against you (if you
are already de-anonymized) using deepfake\footnote{Wikipedia, Deepfake
\useURL[url668][https://en.wikipedia.org/wiki/Deepfake]\from[url668]
\useURL[url669][https://wikiless.org/wiki/Deepfake][][{[}Wikiless{]}]\from[url669]
\useURL[url670][https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake][][{[}Archive.org{]}]\from[url670]}
by crafting false information (Pictures, Videos, Voice
Recordings\footnote{Econotimes, Deepfake Voice Technology: The Good. The
Bad. The Future
\useURL[url671][https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278]\from[url671]
\useURL[url672][https://web.archive.org/web/https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278][][{[}Archive.org{]}]\from[url672]}\ldots{})
and have already been used for such purposes\footnote{Wikipedia,
Deepfake Events
\useURL[url673][https://en.wikipedia.org/wiki/Deepfake\#Example_events]\from[url673]
\useURL[url674][https://wikiless.org/wiki/Deepfake][][{[}Wikiless{]}]\from[url674]
\useURL[url675][https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake][][{[}Archive.org{]}]\from[url675]}'\footnote{Forbes,
A Voice Deepfake Was Used To Scam A CEO Out Of \$243,000
\useURL[url676][https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/]\from[url676]
\useURL[url677][https://web.archive.org/web/https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/][][{[}Archive.org{]}]\from[url677]}.
There are even commercial services for this readily available such as
\useURL[url678][https://www.respeecher.com/]\from[url678]
\useURL[url679][https://web.archive.org/web/https://www.respeecher.com/][][{[}Archive.org{]}]\from[url679]
and \useURL[url680][https://www.descript.com/overdub]\from[url680]
\useURL[url681][https://web.archive.org/web/https://www.descript.com/overdub][][{[}Archive.org{]}]\from[url681].
See this demo:
\useURL[url682][https://www.youtube.com/watch?v=t5yw5cR79VA]\from[url682]
\useURL[url683][https://yewtu.be/watch?v=t5yw5cR79VA][][{[}Invidious{]}]\from[url683]
At this time, there are a few steps\footnote{Joseph Steinberg, How To
Prevent Facial Recognition Technology From Identifying You
\useURL[url684][https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/]\from[url684]
\useURL[url685][https://web.archive.org/web/https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/][][{[}Archive.org{]}]\from[url685]}
you can use to mitigate (and only mitigate) face recognition when
conducting sensitive activities where CCTV might be present:
\startitemize
\item
Wear a facemask as they have been proven to defeat some face
recognition technologies\footnote{NIST, Face recognition accuracy with
masks using pre-COVID-19 algorithms
\useURL[url686][https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf]\from[url686]
\useURL[url687][https://web.archive.org/web/https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf][][{[}Archive.org{]}]\from[url687]}
but not all\footnote{BBC, Facial recognition identifies people wearing
masks
\useURL[url688][https://www.bbc.com/news/technology-55573802]\from[url688]
\useURL[url689][https://web.archive.org/web/https://www.bbc.com/news/technology-55573802][][{[}Archive.org{]}]\from[url689]}.
\item
Wear a baseball cap or hat to mitigate identification from high-angle
CCTVs (filming from above) from recording your face. Remember this
will not help against front-facing cameras.
\item
Wear sunglasses in addition to the facemask and baseball cap to
mitigate identification from your eye's features.
\item
Consider wearing special sunglasses (expensive, unfortunately) called
\quotation{Reflectacles}
\useURL[url690][https://www.reflectacles.com/]\from[url690]
\useURL[url691][https://web.archive.org/web/https://www.reflectacles.com/][][{[}Archive.org{]}]\from[url691].
There was a small study showing their efficiency against IBM and
Amazon facial recognition\footnote{University of Wisconsin, Exploring
Reflectacles As Anti-Surveillance Glasses and for Adversarial
Machine Learning in Computer Vision
\useURL[url692][http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download]\from[url692]
\useURL[url693][https://web.archive.org/web/http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download][][{[}Archive.org{]}]\from[url693]}.
\item
All that might still be useless because of gait recognition mentioned
earlier but there might be hope here if you have a 3D Printer:
\useURL[url694][https://gitlab.com/FG-01/fg-01]\from[url694]
\useURL[url695][https://web.archive.org/web/https://gitlab.com/FG-01/fg-01][][{[}Archive.org{]}]\from[url695]
\stopitemize
(see \goto{Gait Recognition and Other Long-Range
Biometrics}[gait-recognition-and-other-long-range-biometrics])
(Note that if you intend to use these where advanced facial recognition
systems have been installed, these measures could also flag as you as
suspicious by themselves and trigger a human check)
\subsubsection[title={Phishing and Social
Engineering:},reference={phishing-and-social-engineering}]
Phishing\footnote{Wikipedia, Phishing
\useURL[url696][https://en.wikipedia.org/wiki/Phishing]\from[url696]
\useURL[url697][https://wikiless.org/wiki/Phishing][][{[}Wikiless{]}]\from[url697]
\useURL[url698][https://web.archive.org/web/https://en.wikipedia.org/wiki/Phishing][][{[}Archive.org{]}]\from[url698]}
is a social engineering\footnote{Wikipedia, Social Engineering
\useURL[url699][https://en.wikipedia.org/wiki/Social_engineering_(security)]\from[url699]
\useURL[url700][https://wikiless.org/wiki/Social_engineering_(security)][][{[}Wikiless{]}]\from[url700]
\useURL[url701][https://web.archive.org/web/https://en.wikipedia.org/wiki/Social_engineering_(security)][][{[}Archive.org{]}]\from[url701]}
type of attack where an adversary could try to extract information from
you by pretending or impersonating something/someone else.
A typical case is an adversary using a man-in-the-middle\footnote{Wikipedia,
MITM
\useURL[url702][https://en.wikipedia.org/wiki/Man-in-the-middle_attack]\from[url702]
\useURL[url703][https://wikiless.org/wiki/Man-in-the-middle_attack][][{[}Wikiless{]}]\from[url703]
\useURL[url704][https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack][][{[}Archive.org{]}]\from[url704]}
attack or a fake e-mail/call to ask for your credential for a service.
This could for example be through e-mail or through impersonating
financial services.
Such attacks can also be used to de-anonymize someone by tricking them
into downloading malware or revealing personal information over time.
The only defense against those is not to fall for them and common sense.
These have been used countless times since the early days of the
internet and the usual one is called the \quotation{419 scam} (see
\useURL[url705][https://en.wikipedia.org/wiki/Advance-fee_scam]\from[url705]
\useURL[url706][https://wikiless.org/wiki/Advance-fee_scam][][{[}Wikiless{]}]\from[url706]
\useURL[url707][https://web.archive.org/web/https://en.wikipedia.org/wiki/Advance-fee_scam][][{[}Archive.org{]}]\from[url707]).
Here is a good video if you want to learn a bit more about phishing
types: Black Hat, Ichthyology: Phishing as a Science
\useURL[url708][https://www.youtube.com/watch?v=Z20XNp-luNA]\from[url708]
\useURL[url709][https://yewtu.be/watch?v=Z20XNp-luNA][][{[}Invidious{]}]\from[url709].
\subsection[title={Malware, exploits, and
viruses:},reference={malware-exploits-and-viruses}]
\subsubsection[title={Malware in your
files/documents/e-mails:},reference={malware-in-your-filesdocumentse-mails}]
Using steganography or other techniques, it is easy to embed malware
into common file formats such as Office Documents, Pictures, Videos, PDF
documents\ldots{}
These can be as simple as HTML tracking links or complex targeted
malware.
These could be simple pixel-sized images\footnote{BBC, Spy pixels in
emails have become endemic
\useURL[url710][https://www.bbc.com/news/technology-56071437]\from[url710]
\useURL[url711][https://web.archive.org/web/https://www.bbc.com/news/technology-56071437][][{[}Archive.org{]}]\from[url711]}
hidden in your e-mails that would call a remote server to try and get
your IP address.
These could be exploiting a vulnerability in an outdated format or an
outdated reader\footnote{Vice, Facebook Helped the FBI Hack a Child
Predator
\useURL[url712][https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez]\from[url712]
\useURL[url713][https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez][][{[}Archive.org{]}]\from[url713]}.
Such exploits could then be used to compromise your system.
See these good videos for more explanations on the matter:
\startitemize
\item
What is a File Format?
\useURL[url714][https://www.youtube.com/watch?v=VVdmmN0su6E]\from[url714]
\useURL[url715][https://yewtu.be/watch?v=VVdmmN0su6E][][{[}Invidious{]}]\from[url715]
\item
Ange Albertini: Funky File Formats:
\useURL[url716][https://www.youtube.com/watch?v=hdCs6bPM4is]\from[url716]
\useURL[url717][https://yewtu.be/watch?v=hdCs6bPM4is][][{[}Invidious{]}]\from[url717]
\stopitemize
You should always use extreme caution. To mitigate these attacks, this
guide will later recommend the use of virtualization (See \goto{Appendix
W: Virtualization}[appendix-v1-hardening-your-browsers]) to mitigate
leaking any information even in case of opening such a malicious file.
If you want to learn how to try detecting such malware, see
\goto{Appendix T: Checking files for
malware}[appendix-t-checking-files-for-malware]
\subsubsection[title={Malware and Exploits in your apps and
services:},reference={malware-and-exploits-in-your-apps-and-services}]
So, you are using Tor Browser or Brave Browser over Tor. You could be
using those over a VPN for added security. But you should keep in mind
that there are exploits\footnote{Wikipedia, Exploit
\useURL[url718][https://en.wikipedia.org/wiki/Exploit_(computer_security)]\from[url718]
\useURL[url719][https://wikiless.org/wiki/Exploit_(computer_security)][][{[}Wikiless{]}]\from[url719]
\useURL[url720][https://web.archive.org/web/https://en.wikipedia.org/wiki/Exploit_(computer_security)][][{[}Archive.org{]}]\from[url720]}
(hacks) that could be known by an adversary (but unknown to the
App/Browser provider). Such exploits could be used to compromise your
system and reveal details to de-anonymize you such as your IP address or
other details.
A real use case of this technique was the Freedom Hosting\footnote{Wikipedia,
Freedom Hosting
\useURL[url721][https://en.wikipedia.org/wiki/Freedom_Hosting]\from[url721]
\useURL[url722][https://wikiless.org/wiki/Freedom_Hosting][][{[}Wikiless{]}]\from[url722]
\useURL[url723][https://web.archive.org/web/https://en.wikipedia.org/wiki/Freedom_Hosting][][{[}Archive.org{]}]\from[url723]}
case in 2013 where the FBI inserted malware\footnote{Wired, 2013 FBI
Admits It Controlled Tor Servers Behind Mass Malware Attack
\useURL[url724][https://www.wired.com/2013/09/freedom-hosting-fbi/]\from[url724]
\useURL[url725][https://web.archive.org/web/https://www.wired.com/2013/09/freedom-hosting-fbi/][][{[}Archive.org{]}]\from[url725]}
using a Firefox browser exploit on a Tor website. This exploit allowed
them to reveal details of some users. More recently, there was the
notable SolarWinds\footnote{Wikipedia, 2020 United States federal
government data breach
\useURL[url726][https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach]\from[url726]
\useURL[url727][https://wikiless.org/wiki/2020_United_States_federal_government_data_breach][][{[}Wikiless{]}]\from[url727]
\useURL[url728][https://web.archive.org/web/https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach][][{[}Archive.org{]}]\from[url728]}
hack that breached several US government institutions by inserting
malware into an official software update server.
In some countries, Malware is just mandatory and/or distributed by the
state itself. This is the case for instance in China with
WeChat\footnote{BBC, China social media: WeChat and the Surveillance
State
\useURL[url729][https://www.bbc.com/news/blogs-china-blog-48552907]\from[url729]
\useURL[url730][https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907][][{[}Archive.org{]}]\from[url730]}
which can then be used in combination with other data for state
surveillance\footnote{The Intercept, Revealed: Massive Chinese Police
Database
\useURL[url731][https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/]\from[url731]
\useURL[url732][http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/][][{[}Tor
Mirror{]}]\from[url732]
\useURL[url733][https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/][][{[}Archive.org{]}]\from[url733]}.
There are countless examples of malicious browser extensions, smartphone
apps, and various apps that have been infiltrated with malware over the
years.
Here are some steps to mitigate this type of attack:
\startitemize
\item
You should never have 100\letterpercent{} trust in the apps you are
using.
\item
You should always check that you are using the updated version of such
apps before use and ideally validate each download using their
signature if available.
\item
You should not use such apps directly from a hardware system but
instead, use a Virtual Machine for compartmentalization.
\stopitemize
To reflect these recommendations, this guide will therefore later guide
you in the use of Virtualization (See \goto{Appendix W:
Virtualization}[appendix-v1-hardening-your-browsers]) so that even if
your Browser/Apps get compromised by a skilled adversary, that adversary
will find himself stuck in a sandbox\footnote{Wikipedia, Sandbox
\useURL[url734][https://en.wikipedia.org/wiki/Sandbox_(computer_security)]\from[url734]
\useURL[url735][https://wikiless.org/wiki/Sandbox_(computer_security)][][{[}Wikiless{]}]\from[url735]
\useURL[url736][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security)][][{[}Archive.org{]}]\from[url736]}
without being able to access identifying information or compromise your
system.
\subsubsection[title={Malicious USB
devices:},reference={malicious-usb-devices}]
There are readily available commercial and cheap \quotation{badUSB}
\footnote{Wired, Why the Security of USB Is Fundamentally Broken
\useURL[url737][https://www.wired.com/2014/07/usb-security/]\from[url737]
\useURL[url738][https://web.archive.org/web/https://www.wired.com/2014/07/usb-security/][][{[}Archive.org{]}]\from[url738]}devices
that can take deploy malware, log your typing, geolocate you, listen to
you or gain control of your laptop just by plugging them in. Here are
some examples that you can already buy yourself:
\startitemize
\item
Hak5, USB Rubber Ducky
\useURL[url739][https://shop.hak5.org/products/usb-rubber-ducky-deluxe]\from[url739]
\useURL[url740][https://web.archive.org/web/https://shop.hak5.org/products/usb-rubber-ducky-deluxe][][{[}Archive.org{]}]\from[url740]
\item
Hak5, O.MG Cable
\useURL[url741][https://www.youtube.com/watch?v=V5mBJHotZv0]\from[url741]
\useURL[url742][https://yewtu.be/watch?v=V5mBJHotZv0][][{[}Invidious{]}]\from[url742]
\item
Keelog \useURL[url743][https://www.keelog.com/]\from[url743]
\useURL[url744][https://web.archive.org/web/https://www.keelog.com/][][{[}Archive.org{]}]\from[url744]
\item
AliExpress
\useURL[url745][https://www.aliexpress.com/i/4000710369016.html]\from[url745]
\useURL[url746][https://web.archive.org/web/https://www.aliexpress.com/i/4000710369016.html][][{[}Archive.org{]}]\from[url746]
\stopitemize
Such devices can be implanted anywhere (charging cable, mouse, keyboard,
USB key \ldots{}) by an adversary and can be used to track you or
compromise your computer or smartphone. The most notable example of such
attacks is probably Stuxnet\footnote{Wikipedia, Stuxnet
\useURL[url747][https://en.wikipedia.org/wiki/Stuxnet]\from[url747]
\useURL[url748][https://wikiless.org/wiki/Stuxnet][][{[}Wikiless{]}]\from[url748]
\useURL[url749][https://web.archive.org/web/https://en.wikipedia.org/wiki/Stuxnet][][{[}Archive.org{]}]\from[url749]}
in 2005.
While you could inspect a USB key physically, scan it with various
utilities, check the various components to see if they are genuine, you
will most likely never be able to discover complex malware embedded in
genuine parts of a genuine USB key by a skilled adversary without
advanced forensics equipment\footnote{Superuser.com, How do I safely
investigate a USB stick found in the parking lot at work?
\useURL[url750][https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work]\from[url750]
\useURL[url751][https://web.archive.org/web/https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work][][{[}Archive.org{]}]\from[url751]}.
To mitigate this, you should never trust such devices and plug them into
sensitive equipment. If you use a charging device, you should consider
the use of a USB data blocking device that will only allow charging but
not any data transfer. Such data blocking devices are now readily
available in many online shops. You should also consider disabling USB
ports completely within the BIOS of your computer unless you need them
(if you can).
\subsubsection[title={Malware and backdoors in your Hardware Firmware
and Operating
System:},reference={malware-and-backdoors-in-your-hardware-firmware-and-operating-system}]
This might sound a bit familiar as this was already partially covered
previously in the \goto{Your CPU}[your-cpu] section.
Malware and backdoors can be embedded directly into your hardware
components. Sometimes those backdoors are implemented by the
manufacturer itself such as the IME in the case of Intel CPUs. And in
other cases, such backdoors can be implemented by a third party that
places itself between orders of new hardware and customer
delivery\footnote{The Guardian, Glenn Greenwald: how the NSA tampers
with US-made internet routers
\useURL[url752][https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden]\from[url752]
\useURL[url753][https://web.archive.org/web/https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden][][{[}Archive.org{]}]\from[url753]}.
Such malware and backdoors can also be deployed by an adversary using
software exploits. Many of those are called rootkits\footnote{Wikipedia,
Rootkit
\useURL[url754][https://en.wikipedia.org/wiki/Rootkit]\from[url754]
\useURL[url755][https://wikiless.org/wiki/Rootkit][][{[}Wikiless{]}]\from[url755]
\useURL[url756][https://web.archive.org/web/https://en.wikipedia.org/wiki/Rootkit][][{[}Archive.org{]}]\from[url756]}
within the tech world. Usually, these types of malware are harder to
detect and mitigate as they are implemented at a lower level than the
userspace\footnote{Wikipedia, Userspace
\useURL[url757][https://en.wikipedia.org/wiki/User_space]\from[url757]
\useURL[url758][https://wikiless.org/wiki/User_space][][{[}Wikiless{]}]\from[url758]
\useURL[url759][https://web.archive.org/web/https://en.wikipedia.org/wiki/User_space][][{[}Archive.org{]}]\from[url759]}
and often in the firmware\footnote{Wikipedia, Firmware
\useURL[url760][https://en.wikipedia.org/wiki/Firmware]\from[url760]
\useURL[url761][https://wikiless.org/wiki/Firmware][][{[}Wikiless{]}]\from[url761]
\useURL[url762][https://web.archive.org/web/https://en.wikipedia.org/wiki/Firmware][][{[}Archive.org{]}]\from[url762]}
of hardware components itself.
What is firmware? Firmware is a low-level operating system for devices.
Each component in your computer probably has firmware including for
instance your disk drives. The BIOS\footnote{Wikipedia, BIOS
\useURL[url763][https://en.wikipedia.org/wiki/BIOS]\from[url763]
\useURL[url764][https://wikiless.org/wiki/BIOS][][{[}Wikiless{]}]\from[url764]
\useURL[url765][https://web.archive.org/web/https://en.wikipedia.org/wiki/BIOS][][{[}Archive.org{]}]\from[url765]}/UEFI\footnote{Wikipedia,
UEFI
\useURL[url766][https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface]\from[url766]
\useURL[url767][https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface][][{[}Wikiless{]}]\from[url767]
\useURL[url768][https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface][][{[}Archive.org{]}]\from[url768]}
system of your machine for instance is a type of firmware.
These can allow remote management and are capable of enabling full
control of a target system silently and stealthily.
As mentioned previously, these are harder to detect by users but some
limited steps that can be taken to mitigate some of those by protecting
your device from tampering and use some measures (like re-flashing the
bios for example). Unfortunately, if such malware or backdoor is
implemented by the manufacturer itself, it becomes extremely difficult
to detect and disable those.
\subsection[title={Your files, documents, pictures, and
videos:},reference={your-files-documents-pictures-and-videos}]
\subsubsection[title={Properties and
Metadata:},reference={properties-and-metadata}]
This can be obvious to many but not to all. Most files have metadata
attached to them. Good examples are pictures that store EXIF\footnote{Bellingcat,
Joseph Mifsud: Rush for the EXIF
\useURL[url769][https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/]\from[url769]
\useURL[url770][https://web.archive.org/web/https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/][][{[}Archive.org{]}]\from[url770]}
information which can hold a lot of information such as GPS coordinates,
which camera/phone model took it, and when it was taken precisely. While
this information might not directly give out who you are, it could tell
exactly where you were at a certain moment which could allow others to
use various sources to find you (CCTV or other footage taken at the same
place at the same time during a protest for instance). You must verify
any file you would put on those platforms for any properties that might
hold any information that might lead back to you.
Here is an example of EXIF data that could be on a picture:
{\externalfigure[./tex2pdf.-1a34188c73046814/2ea3ec068530d8b4c654a4dd1567ef05949062de.png]}
(Illustration from Wikipedia)
This also works for videos. Yes, videos too have geo-tagging, and many
are very unaware of this. Here Is for instance a very convenient tool to
geo-locate YouTube videos:
\useURL[url771][https://mattw.io/youtube-geofind/location]\from[url771]
\useURL[url772][https://web.archive.org/web/https://mattw.io/youtube-geofind/location][][{[}Archive.org{]}]\from[url772]
For this reason, you will always have to be incredibly careful when
uploading files using your anonymous identities and check the metadata
of those files.
{\bf Even if you publish a plain text file, you should always double or
triple-check it for any information leakage before publishing. You will
find some guidance about this in the \goto{Some additional measures
against forensics}[some-additional-measures-against-forensics] section
at the end of the guide.}
\subsubsection[title={Watermarking:},reference={watermarking}]
\subsubsubsection[title={Pictures/Videos/Audio:},reference={picturesvideosaudio}]
Pictures/Videos often contain visible watermarks indicating who is the
owner/creator but there are also invisible watermarks in various
products aiming at identifying the viewer itself.
So, if you are a whistleblower and thinking about leaking some
picture/audio/video file. Think twice. There are chances that those
might contain invisible watermarking within them that would include
information about you as a viewer. Such watermarks can be enabled with a
simple switch in like Zoom (Video\footnote{Zoom Support, Adding a
watermark
\useURL[url773][https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark]\from[url773]
\useURL[url774][https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark][][{[}Archive.org{]}]\from[url774]}
or Audio\footnote{Zoom Support, Audio Watermark
\useURL[url775][https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark]\from[url775]
\useURL[url776][https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark][][{[}Archive.org{]}]\from[url776]})
or with extensions\footnote{CreativeCloud Extension, IMATAG
\useURL[url777][https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html]\from[url777]
\useURL[url778][https://web.archive.org/web/https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html][][{[}Archive.org{]}]\from[url778]}
for popular apps such as Adobe Premiere Pro. These can be inserted by
various content management systems.
For a recent example where someone leaking a Zoom meeting recording was
caught because it was watermarked:
\useURL[url779][https://theintercept.com/2021/01/18/leak-zoom-meeting/]\from[url779]
\useURL[url780][http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/][][{[}Tor
Mirror{]}]\from[url780]
\useURL[url781][https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/][][{[}Archive.org{]}]\from[url781]
Such watermarks can be inserted by various products\footnote{NexGuard,
\useURL[url782][https://dtv.nagra.com/nexguard-forensic-watermarking]\from[url782]
\useURL[url783][https://web.archive.org/web/https://dtv.nagra.com/nexguard-forensic-watermarking][][{[}Archive.org{]}]\from[url783]}\quote{\footnote{Vobile
Solutions, \useURL[url784][https://www.vobilegroup.com/]\from[url784]
\useURL[url785][https://web.archive.org/web/https://www.vobilegroup.com][][{[}Archive.org{]}]\from[url785]}}\footnote{Cinavia,
\useURL[url786][https://www.cinavia.com/languages/english/pages/technology.html]\from[url786]
\useURL[url787][https://web.archive.org/web/https://www.cinavia.com/languages/english/pages/technology.html][][{[}Archive.org{]}]\from[url787]}\quote{\footnote{Imatag,
\useURL[url788][https://www.imatag.com/]\from[url788]
\useURL[url789][https://web.archive.org/web/https://www.imatag.com/][][{[}Archive.org{]}]\from[url789]}
using Steganography\footnote{Wikipedia, Steganography
\useURL[url790][https://en.wikipedia.org/wiki/Steganography]\from[url790]
\useURL[url791][https://wikiless.org/wiki/Steganography][][{[}Wikiless{]}]\from[url791]
\useURL[url792][https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography][][{[}Archive.org{]}]\from[url792]}
and can resist compression\footnote{IEEExplore, A JPEG compression
resistant steganography scheme for raster graphics images
\useURL[url793][https://ieeexplore.ieee.org/document/4428921]\from[url793]
\useURL[url794][https://web.archive.org/web/https://ieeexplore.ieee.org/document/4428921][][{[}Archive.org{]}]\from[url794]}
and re-encoding\footnote{ScienceDirect, Robust audio watermarking using
perceptual masking
\useURL[url795][https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking]\from[url795]
\useURL[url796][https://web.archive.org/web/https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking][][{[}Archive.org{]}]\from[url796]}}\footnote{IEEExplore,
Spread-spectrum watermarking of audio signals
\useURL[url797][https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio]\from[url797]
\useURL[url798][https://web.archive.org/web/https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio][][{[}Archive.org{]}]\from[url798]}.
These watermarks are not easily detectable and could allow
identification of the source despite all efforts.
In addition to watermarks, the camera used for filming (and therefore
the device used for filming) a video can also be identified using
various techniques such as lens identification\footnote{Google Scholar,
source camera identification
\useURL[url799][https://scholar.google.com/scholar?q=source+camera+identification]\from[url799]
\useURL[url800][https://web.archive.org/web/https://scholar.google.com/scholar?q=source+camera+identification][][{[}Archive.org{]}]\from[url800]}
which could lead to de-anonymization.
Be extremely careful when publishing videos/pictures/audio files from
known commercial platforms as they might contain such invisible
watermarks in addition to details in the images themselves. There is no
guaranteed 100\letterpercent{} protection against those. You will have
to use common sense.
\subsubsubsection[title={Printing
Watermarking:},reference={printing-watermarking}]
Did you know your printer is most likely spying on you too? Even if it
is not connected to any network? This is usually a known fact by many
people in the IT community but few outside people.
Yes \ldots{} Your printers can be used to de-anonymize you as well as
explained by the EFF here
\useURL[url801][https://www.eff.org/issues/printers]\from[url801]
\useURL[url802][https://web.archive.org/web/https://www.eff.org/issues/printers][][{[}Archive.org{]}]\from[url802]
With this (old but still relevant) video explaining how from the EFF as
well:
\useURL[url803][https://www.youtube.com/watch?v=izMGMsIZK4U]\from[url803]
\useURL[url804][https://yewtu.be/watch?v=izMGMsIZK4U][][{[}Invidious{]}]\from[url804]
Many printers will print an invisible watermark allowing for
identification of the printer on every printed page. This is called
Printer Steganography\footnote{Wikipedia, Printing Steganography
\useURL[url805][https://en.wikipedia.org/wiki/Machine_Identification_Code]\from[url805]
\useURL[url806][https://wikiless.org/wiki/Machine_Identification_Code][][{[}Wikiless{]}]\from[url806]
\useURL[url807][https://web.archive.org/web/https://en.wikipedia.org/wiki/Machine_Identification_Code][][{[}Archive.org{]}]\from[url807]}.
There is no tangible way to mitigate this but to inform yourself on your
printer and make sure it does not print any invisible watermark. This is
important if you intend to print anonymously.
Here is an (old but still relevant) list of printers and brands who do
not print such tracking dots provided by the EFF
\useURL[url808][https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots]\from[url808]
\useURL[url809][https://web.archive.org/web/https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots][][{[}Archive.org{]}]\from[url809]
Here are also some tips from the Whonix documentation
(\useURL[url810][https://www.whonix.org/wiki/Printing_and_Scanning]\from[url810]
\useURL[url811][https://web.archive.org/web/https://www.whonix.org/wiki/Printing_and_Scanning][][{[}Archive.org{]}]\from[url811]):
{\bf Do not ever print in Color, usually, watermarks are not present
without color toners/cartridges}\footnote{MIT, SeeingYellow,
\useURL[url812][https://web.archive.org/web/20220224174025/http://seeingyellow.com/]\from[url812]
\useURL[url813][https://web.archive.org/web/https://web.archive.org/web/20220224174025/http://seeingyellow.com/][][{[}Archive.org{]}]\from[url813]}{\bf .}
\subsubsection[title={Pixelized or Blurred
Information:},reference={pixelized-or-blurred-information}]
Did you ever see a document with blurred text? Did you ever make fun of
those movies/series where they \quotation{enhance} an image to recover
seemingly impossible-to-read information?
Well, there are techniques for recovering information from such
documents, videos, and pictures.
Here is for example an open-source project you could use yourself for
recovering text from some blurred images yourself:
\useURL[url814][https://github.com/beurtschipper/Depix]\from[url814]
\useURL[url815][https://web.archive.org/web/https://github.com/beurtschipper/Depix][][{[}Archive.org{]}]\from[url815]
\placefigure{image14}{\externalfigure[./tex2pdf.-1a34188c73046814/8c97c975e37c2792538e508a4a8c0a7ddce0c40e.png]}
This is of course an open-source project available for all to use. But
you can imagine that such techniques have probably been used before by
other adversaries. These could be used to reveal blurred information
from published documents that could then be used to de-anonymize you.
There are also tutorials for using such techniques using Photo Editing
tools such as GIMP such as
\useURL[url816][https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b]\from[url816]
\useURL[url817][https://web.archive.org/web/https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b][][{[}Archive.org{]}]\from[url817]
followed by
\useURL[url818][https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d]\from[url818]
\useURL[url819][https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d][][{[}Scribe.rip{]}]\from[url819]
\useURL[url820][https://web.archive.org/web/https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d][][{[}Archive.org{]}]\from[url820]
\placefigure{image15}{\externalfigure[./tex2pdf.-1a34188c73046814/697c4bdfe82ded26f96471e66af08ac5a49c4107.png]}
Finally, you will find plenty of deblurring resources here:
\useURL[url821][https://github.com/subeeshvasu/Awesome-Deblurring]\from[url821]
\useURL[url822][https://web.archive.org/web/https://github.com/subeeshvasu/Awesome-Deblurring][][{[}Archive.org{]}]\from[url822]
Some online services could even help you do this automatically to some
extent like MyHeritage.com enhance tool:
\useURL[url823][https://www.myheritage.com/photo-enhancer]\from[url823]
\useURL[url824][https://web.archive.org/web/https://www.myheritage.com/photo-enhancer][][{[}Archive.org{]}]\from[url824]
Here is the result of the above image:
\placefigure{image16}{\externalfigure[./tex2pdf.-1a34188c73046814/80dd775aa8d16e6e8776e3ff627b45b661d10949.png]}
Of course, this tool is more like \quotation{guessing} than really
deblurring at this point, but it could be enough to find you using
various reverse image searching services.
There are also techniques to deblur/depixelate parts in videos: see
\useURL[url825][https://positive.security/blog/video-depixelation]\from[url825]
\useURL[url826][https://web.archive.org/web/https://positive.security/blog/video-depixelation][][{[}Archive.org{]}]\from[url826]
For this reason, it is always extremely important that you correctly
redact and curate any document you might want to publish. Blurring is
not enough, and you should always completely blacken/remove any
sensitive data to avoid any attempt at recovering data from any
adversary. Do not pixelized, do not blur, just put a hard black
rectangle to redact information.
\subsection[title={Your Cryptocurrencies
transactions:},reference={your-cryptocurrencies-transactions}]
Contrary to widespread belief, Crypto transactions (such as Bitcoin and
Ethereum) are not anonymous\footnote{arXiv, An Analysis of Anonymity in
the Bitcoin System
\useURL[url827][https://arxiv.org/pdf/1107.4524.pdf]\from[url827]
\useURL[url828][https://web.archive.org/web/https://arxiv.org/pdf/1107.4524.pdf][][{[}Archive.org{]}]\from[url828]}.
Most cryptocurrencies can be tracked accurately through various
methods\footnote{Bellingcat, How To Track Illegal Funding Campaigns Via
Cryptocurrency,
\useURL[url829][https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/]\from[url829]
\useURL[url830][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/][][{[}Archive.org{]}]\from[url830]}'\footnote{CoinDesk,
Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops
\useURL[url831][https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/]\from[url831]
\useURL[url832][https://web.archive.org/web/https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/][][{[}Archive.org{]}]\from[url832]}.
Remember what they say on their page:
\useURL[url833][https://bitcoin.org/en/you-need-to-know]\from[url833]
\useURL[url834][https://web.archive.org/web/https://bitcoin.org/en/you-need-to-know][][{[}Archive.org{]}]\from[url834]
and
\useURL[url835][https://bitcoin.org/en/protect-your-privacy]\from[url835]
\useURL[url836][https://web.archive.org/web/https://bitcoin.org/en/protect-your-privacy][][{[}Archive.org{]}]\from[url836]:
\quotation{Bitcoin is not anonymous}
The main issue is not setting up a random Crypto wallet to receive some
currency behind a VPN/Tor address (at this point, the wallet is
anonymous). The issue is mainly when you want to convert Fiat money
(Euros, Dollars \ldots{}) to Crypto and then when you want to cash in
your Crypto. You will have few realistic options but to transfer those
to an exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those
exchanges have known wallet addresses and will keep detailed logs (due
to KYC\footnote{Wikipedia, KYC
\useURL[url837][https://en.wikipedia.org/wiki/Know_your_customer]\from[url837]
\useURL[url838][https://wikiless.org/wiki/Know_your_customer][][{[}Wikiless{]}]\from[url838]
\useURL[url839][https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer][][{[}Archive.org{]}]\from[url839]}
financial regulations) and can then trace back those crypto transactions
to you using the financial system\footnote{arXiv.org, Probing the
Mystery of Cryptocurrency Theft: An Investigation into Methods for
Taint Analysis
\useURL[url840][https://arxiv.org/pdf/1906.05754.pdf]\from[url840]
\useURL[url841][https://web.archive.org/web/https://arxiv.org/pdf/1906.05754.pdf][][{[}Archive.org{]}]\from[url841]}.
There are some cryptocurrencies with privacy/anonymity in mind like
Monero but even those have some and warnings to consider\footnote{YouTube,
Breaking Monero
\useURL[url842][https://www.youtube.com/watch?v=WOyC6OB6ezA&list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y]\from[url842]
\useURL[url843][https://yewtu.be/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y][][{[}Invidious{]}]\from[url843]}'\footnote{Monero,
Monero vs Princeton Researchers,
\useURL[url844][https://monero.org/monero-vs-princeton-researchers/]\from[url844]
\useURL[url845][https://web.archive.org/web/https://monero.org/monero-vs-princeton-researchers/][][{[}Archive.org{]}]\from[url845]}.
Use of \quotation{private} mixers, tumblers\footnote{Wikipedia,
Cryptocurrency Tumbler
\useURL[url846][https://en.wikipedia.org/wiki/Cryptocurrency_tumbler]\from[url846]
\useURL[url847][https://wikiless.org/wiki/Cryptocurrency_tumbler][][{[}Wikiless{]}]\from[url847]
\useURL[url848][https://web.archive.org/web/https://en.wikipedia.org/wiki/Cryptocurrency_tumbler][][{[}Archive.org{]}]\from[url848]}
(centralized services that specialize in \quotation{anonymizing}
cryptocurrencies by \quotation{mixing them}) and coinjoiners are risky
as you don't know what's happening on them\footnote{Wikipedia, Security
Through Obscurity
\useURL[url849][https://en.wikipedia.org/wiki/Security_through_obscurity]\from[url849]
\useURL[url850][https://wikiless.org/wiki/Security_through_obscurity][][{[}Wikiless{]}]\from[url850]
\useURL[url851][https://web.archive.org/web/https://en.wikipedia.org/wiki/Security_through_obscurity][][{[}Archive.org{]}]\from[url851]}
and can be trivially de-mixed\footnote{ArXiv, Tracking Mixed Bitcoins
\useURL[url852][https://arxiv.org/pdf/2009.14007.pdf]\from[url852]
\useURL[url853][https://web.archive.org/web/https://arxiv.org/pdf/2009.14007.pdf][][{[}Archive.org{]}]\from[url853]}.
Their centrally-controlled nature could also put you in trouble as they
are more susceptible to money-laundering laws\footnote{SSRN, The
Cryptocurrency Tumblers: Risks, Legality and Oversight
\useURL[url854][https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight]\from[url854]
\useURL[url855][https://web.archive.org/web/https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight][][{[}Archive.org{]}]\from[url855]}.
This does not mean you cannot use Bitcoin anonymously at all. You can
actually use Bitcoin anonymously as long as you do not convert it to
actual currency, use a Bitcoin wallet from a safe anonymous network, and
do not reuse addresses or consolidate outputs that were used when
spending at different merchants. Meaning you should avoid KYC/AML
regulations by various exchanges, avoid using the Bitcoin network from
any known IP address, and use a wallet that provides privacy-preserving
tools. See \goto{Appendix Z: Online anonymous payments using
cryptocurrencies}[appendix-z-online-anonymous-payments-using-cryptocurrencies].
{\bf Overall, the best option for using Crypto with reasonable anonymity
and privacy is still Monero and you should ideally not use any other for
sensitive transactions unless you are aware of the limitations and risks
involved. Please do read} \goto{Appendix B2: Monero
Disclaimer}[appendix-b2-monero-disclaimer]{\bf .}
{\bf TLDR: Use Monero!}
\subsection[title={Your Cloud backups/sync
services:},reference={your-cloud-backupssync-services}]
All companies are advertising their use of end-to-end encryption (E2EE).
This is true for almost every messaging app and website (HTTPS). Apple
and Google are advertising their use of encryption on their Android
devices and their iPhones.
But what about your backups? Those automated iCloud/Google Drive backups
you have?
Well, you should know that most of those backups are not fully
end-to-end encrypted and will hold some of your information readily
available for a third party. You will see their claims that data is
encrypted at rest and safe from anyone \ldots{} Except they usually do
keep a key to access some of the data themselves. These keys are used
for them indexing your content, recover your account, collecting various
analytics.
There are specialized commercial forensics solutions available (Magnet
Axiom\footnote{Magnet Forensics, Magnet AXIOM
\useURL[url856][https://www.magnetforensics.com/products/magnet-axiom/cloud/]\from[url856]
\useURL[url857][https://web.archive.org/web/https://www.magnetforensics.com/products/magnet-axiom/cloud/][][{[}Archive.org{]}]\from[url857]},
Cellebrite Cloud\footnote{Cellebrite, Unlock cloud-based evidence to
solve the case sooner
\useURL[url858][https://www.cellebrite.com/en/ufed-cloud/]\from[url858]
\useURL[url859][https://web.archive.org/web/https://www.cellebrite.com/en/ufed-cloud/][][{[}Archive.org{]}]\from[url859]})
that will help an adversary analyze your cloud data with ease.
Notable Examples:
\startitemize
\item
Apple iCloud:
\useURL[url860][https://support.apple.com/en-us/HT202303]\from[url860]
\useURL[url861][https://web.archive.org/web/https://support.apple.com/en-us/HT202303][][{[}Archive.org{]}]\from[url861]
: \quotation{Messages in iCloud also uses end-to-end encryption. If
you have iCloud Backup turned on{\bf , your backup includes a copy of
the key protecting your Messages}. This ensures you can recover your
Messages if you lose access to iCloud Keychain and your trusted
devices.}.
\item
Google Drive and WhatsApp:
\useURL[url862][https://faq.whatsapp.com/android/chats/about-google-drive-backups/]\from[url862]
\useURL[url863][https://web.archive.org/web/https://faq.whatsapp.com/android/chats/about-google-drive-backups/][][{[}Archive.org{]}]\from[url863]:
\quotation{{\bf Media and messages you back up aren't protected by
WhatsApp end-to-end encryption while in Google Drive}.}. Do however
note that Facebook/Whatsapp have announced the rollout of encrypted
backups on October 14\high{th} 2021
(\useURL[url864][https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/]\from[url864]
\useURL[url865][https://web.archive.org/web/https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/][][{[}Archive.org{]}]\from[url865])
which should solve this issue.
\item
Dropbox:
\useURL[url866][https://www.dropbox.com/privacy\#terms]\from[url866]
\useURL[url867][https://web.archive.org/web/https://www.dropbox.com/privacy][][{[}Archive.org{]}]\from[url867]
\quotation{To provide these and other features, {\bf Dropbox accesses,
stores, and scans Your Stuff}. You give us permission to do those
things, and this permission extends to our affiliates and trusted
third parties we work with}.
\item
Microsoft OneDrive:
\useURL[url868][https://privacy.microsoft.com/en-us/privacystatement]\from[url868]
\useURL[url869][https://web.archive.org/web/https://privacy.microsoft.com/en-us/privacystatement][][{[}Archive.org{]}]\from[url869]:
Productivity and communications products, \quotation{When you use
OneDrive, we collect data about your usage of the service, as well as
the content you store, to provide, improve, and protect the services.
{\bf Examples include indexing the contents of your OneDrive documents
so that you can search for them later and using location information
to enable you to search for photos based on where the photo was
taken}}.
\stopitemize
You should not trust cloud providers with your (not previously and
locally encrypted) sensitive data and you should be wary of their
privacy claims. In most cases, they can access your data and provide it
to a third party if they want to\footnote{Property of the People, Lawful
Access to Secure Messaging Apps Data,
\useURL[url870][https://propertyofthepeople.org/document-detail/?doc-id=21114562]\from[url870]
\useURL[url871][https://web.archive.org/web/https://propertyofthepeople.org/document-detail/?doc-id=21114562][][{[}Archive.org{]}]\from[url871]}.
The only way to mitigate this is to encrypt your data on your side and
then only upload it to such services {\bf or just not use them at all.}
\subsection[title={Your Browser and Device
Fingerprints:},reference={your-browser-and-device-fingerprints}]
Your Browser and Device Fingerprints\footnote{Wikipedia, Device
Fingerprinting
\useURL[url872][https://en.wikipedia.org/wiki/Device_fingerprint]\from[url872]
\useURL[url873][https://wikiless.org/wiki/Device_fingerprint][][{[}Wikiless{]}]\from[url873]
\useURL[url874][https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint][][{[}Archive.org{]}]\from[url874]}
are a set of properties/capabilities of your System/Browser. These are
used on most websites for invisible user tracking but also to adapt the
website user experience depending on their browser. For instance,
websites will be able to provide a \quotation{mobile experience} if you
are using a mobile browser or propose a specific language/geographic
version depending on your fingerprint. Most of those techniques work
with recent Browsers like Chromium-based\footnote{Chromium
Documentation, Technical analysis of client identification mechanisms
\useURL[url875][https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms\#TOC-Machine-specific-characteristics]\from[url875]
\useURL[url876][https://web.archive.org/web/https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms][][{[}Archive.org{]}]\from[url876]}
browsers (such as Chrome/Edge) or Firefox\footnote{Mozilla Wiki,
Fingerprinting
\useURL[url877][https://wiki.mozilla.org/Fingerprinting]\from[url877]
\useURL[url878][https://web.archive.org/web/https://wiki.mozilla.org/Fingerprinting][][{[}Archive.org{]}]\from[url878]}
unless taking specific measures. Browser and Device\footnote{Wikipedia,
Device Fingerprinting
\useURL[url879][https://en.wikipedia.org/wiki/Device_fingerprint]\from[url879]
\useURL[url880][https://wikiless.org/wiki/Device_fingerprint][][{[}Wikiless{]}]\from[url880]
\useURL[url881][https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint][][{[}Archive.org{]}]\from[url881]}
Fingerprinting are usually integrated into the Captcha services but also
in other various services.
We will address \goto{Browser and Device
Fingerprinting}[browser-and-device-fingerprinting] further down but this
is a basic introduction to the methodology behind it and why it is used
in practice.
It should also be noted that while some browsers and extensions will
offer some fingerprint resistance, this resistance in itself can also be
used to fingerprint you as explained here
\useURL[url882][https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/]\from[url882]
\useURL[url883][https://web.archive.org/web/https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/][][{[}Archive.org{]}]\from[url883]
This guide will mitigate these issues by randomizing or hiding many of
those fingerprinting identifiers by:
\startitemize
\item
Using Virtualization (See \goto{Appendix W:
Virtualization}[appendix-w-virtualization]);
\item
Using specific recommendations (See \goto{Appendix A5: Additional
browser precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled];
\item
Using hardening \goto{Appendix V1: Hardening your
Browsers}[appendix-v1-hardening-your-browsers]);
\item
and by using fingerprint-resistant browsers (like Brave or Tor
Browser).
\stopitemize
\subsection[title={Microarchitectural Side-channel Deanonymization
Attacks:},reference={microarchitectural-side-channel-deanonymization-attacks}]
There was an attack published that can deanonymize users if they have a
known alias. For example, an attacker trying to track the activities of
a journalist can use that journalist's public Twitter handle to link
their anonymous identities with their public one. This breaks
compartmentalization of identities and can lead to complete
deanonymization, even of users who practice proper OPSEC.
The attack, published at
\useURL[url884][https://leakuidatorplusteam.github.io/]\from[url884]
\useURL[url885][https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/][][{[}Archive.org{]}]\from[url885],
can be mitigated using the well-known
\useURL[url886][https://noscript.net/][][NoScript]\from[url886]
extension and will be our preferred recommendation.
One loosely documented attack might take the following approach to
fingerprinting: Alice is browsing the web using Firefox. The website she
has just visited is using an invisible \type{iframe} that creates long
strings, e.g., sentences or hashes, to produce some non-user-viewable
string. These strings are setting a certain font type, Arial. Whether
the browser renders this is non-essential, it only matters if the font
changes. The \type{iframe} in this case serves no purpose but to
identify whether a user has installed a certain font on their machine.
If Alice is using a font that this frame has tried to render, then it is
reported back to the website and to the person in control of the
website.
The font renders a box with a specific height and width around itself,
so that means a specific height and width of the text contained within.
The \type{iframe} keeps doing this for each installed font to create a
list of installed fonts for Alice. Because of stylistic differences
between each font family, the same string and the same font size will
add up to a different height and a different width than Arial. It is
used as a fallback font to display text that won't display otherwise, in
the case of a user not having that font on their machine and thus
non-viewable from their browser.
If a font requested by an \type{iframe} is not available, Arial will be
used to show that text to the user. Every time the font measurement
(identified by the dimensions of the box produced) changed, it means the
font is present on Alice's browser and her machine. By doing this for
hundreds of fonts, websites can use this information to track users
using their installed fonts across websites. Imagine a website then
selling this \quotation{anonymized} information as a dataset to
advertisement companies to serve you ads based on the websites you
visit, because they know every font you have installed on your machine
and can now track your identity across the internet. This attack is
demonstrated here:
\useURL[url887][https://www.youtube.com/watch?v=5Y1Y96jC5AA][][Everything
you always wanted to know about web-based device fingerprinting (but
were afraid to ask)]\from[url887] by Dr.~Nick Nikiforakis, PhD in
Computer Science from KU Leuven. He explains how his team of researchers
identified which sites were using such techniques on Alexa's top 10,000
websites. Primarily, they found that of those, 145 were fingerprinting
browsers. They were fingerprinted 100\letterpercent{} of the time ---
whether they were using the Do Not Track header, a popular Privacy &
Security setting in many browsers, did not matter.
Attacks such as invisible iframes and media elements can be avoided by
blocking all scripts globally by using something like uBlock Origin
\useURL[url888][https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm]\from[url888]
or by using NoScript
\useURL[url889][https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm]\from[url889].
This is highly encouraged, not only to those wishing to be anonymous,
but also to general web users.
\subsection[title={Tor Browser:},reference={tor-browser}]
{\bf Note: This attack is now prevented by default by an update of
\useURL[url890][https://noscript.net/][][NoScript]\from[url890] (11.4.8
and above) on all security levels in Tor Browser.}
\subsection[title={All others:},reference={all-others}]
Installing the
\useURL[url891][https://noscript.net/][][NoScript]\from[url891]
extension will prevent the attack {\bf by default only in private
Windows} using their new \quotation{TabGuard feature}. But can be
enabled in the NoScript options to work on all Windows. See:
\startitemize[packed]
\item
Release tweet:
\useURL[url892][https://twitter.com/ma1/status/1557751019945299969]\from[url892]
\useURL[url893][https://web.archive.org/web/https://twitter.com/ma1/status/1557751019945299969][][{[}Archive.org{]}]\from[url893]
\item
User explanation:
\useURL[url894][https://noscript.net/usage/\#crosstab-identity-leak-protection]\from[url894]
\useURL[url895][https://web.archive.org/web/https://noscript.net/usage/\#crosstab-identity-leak-protection][][{[}Archive.org{]}]\from[url895]
\item
Tor Project Forum Post:
\useURL[url896][https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2]\from[url896]
\useURL[url897][https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2][][{[}Archive.org{]}]\from[url897]
\item
NoScript extension for Firefox (Firefox, and other Firefox-based
browsers except Tor Browser):
\useURL[url898][https://addons.mozilla.org/en-US/firefox/addon/noscript/]\from[url898]
\item
NoScript extension for Chromium based browsers (Brave, Chrome, Edge,
and other Chromium-based browsers):
\useURL[url899][https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en]\from[url899]
\stopitemize
\subsubsection[title={Alternative to NoScript for all other
browsers:},reference={alternative-to-noscript-for-all-other-browsers}]
The researches who disclosed the issue also made an extension available
below. Again, {\bf nothing is required in Tor Browser}. This path is not
our preferred path but is still available if you do not want to use
NoScript.
\startitemize[packed]
\item
Leakuidator+ extension for Chromium based browsers (Brave, Chrome,
Edge, and other Chromium-based browsers):
\useURL[url900][https://chrome.google.com/webstore/detail/leakuidator\%2B/hhfpajcjkikoocmmhcimllpinjnbedll][][https://chrome.google.com/webstore/detail/leakuidator\letterpercent{}2B/hhfpajcjkikoocmmhcimllpinjnbedll]\from[url900]
\item
Leakuidator+ extension for Firefox (Firefox, and other Firefox-based
browsers except Tor Browser):
\useURL[url901][https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/]\from[url901]
\stopitemize
Separating identities via separate browsers or even with VMs is not
enough to avoid this attack. However, another solution is to make sure
that when you start working with an anonymous identity, you entirely
close all activities linked to other identities. The vulnerability only
works if you're actively logged into a non-anonymous identity. The issue
with this is that it can hinder effective workflow, as multitasking
across multiple identities becomes impossible.
\subsection[title={Local Data Leaks and
Forensics:},reference={local-data-leaks-and-forensics}]
Most of you have probably seen enough Crime dramas on Netflix or TV to
know what forensics are. These are technicians (usually working for law
enforcement) that will perform various analysis of evidence. This of
course could include your smartphone or laptop.
While these might be done by an adversary when you already got
\quotation{burned}, these might also be done randomly during a routine
control or a border check. These unrelated checks might reveal secret
information to adversaries that had no prior knowledge of such
activities.
Forensics techniques are now very advanced and can reveal a staggering
amount of information from your devices even if they are
encrypted\footnote{Grayshift,
\useURL[url902][https://www.grayshift.com/]\from[url902]
\useURL[url903][https://web.archive.org/web/https://www.grayshift.com/][][{[}Archive.org{]}]\from[url903]}.
These techniques are widely used by law enforcement all over the world
and should be considered.
Here are some recent resources you should read about your smartphone:
\startitemize
\item
UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile
Phones
\useURL[url904][https://www.upturn.org/reports/2020/mass-extraction/]\from[url904]
\useURL[url905][https://web.archive.org/web/https://www.upturn.org/reports/2020/mass-extraction/][][{[}Archive.org{]}]\from[url905]
\item
New-York Times, The Police Can Probably Break Into Your Phone
\useURL[url906][https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html]\from[url906]
\useURL[url907][https://web.archive.org/web/https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html][][{[}Archive.org{]}]\from[url907]
\item
Vice, Cops Around the Country Can Now Unlock iPhones, Records Show
\useURL[url908][https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police]\from[url908]
\useURL[url909][https://web.archive.org/web/https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police][][{[}Archive.org{]}]\from[url909]
\stopitemize
I also highly recommend that you read some documents from a forensics
examiner perspective such as:
\startitemize
\item
EnCase Forensic User Guide,
\useURL[url910][http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External\%20Files/EnCase\%20Forensic\%20v8.07\%20User\%20Guide.pdf][][http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External\letterpercent{}20Files/EnCase\letterpercent{}20Forensic\letterpercent{}20v8.07\letterpercent{}20User\letterpercent{}20Guide.pdf]\from[url910]
\useURL[url911][https://web.archive.org/web/http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External\%20Files/EnCase\%20Forensic\%20v8.07\%20User\%20Guide.pdf][][{[}Archive.org{]}]\from[url911]
\item
FTK Forensic Toolkit,
\useURL[url912][https://accessdata.com/products-services/forensic-toolkit-ftk]\from[url912]
\useURL[url913][https://web.archive.org/web/https://accessdata.com/products-services/forensic-toolkit-ftk][][{[}Archive.org{]}]\from[url913]
\item
SANS Digital Forensics and Incident Response Videos,
\useURL[url914][https://www.youtube.com/c/SANSDigitalForensics/videos]\from[url914]
\stopitemize
And finally, here is this very instructive detailed paper on the current
state of IOS/Android security from the John Hopkins University:
https://securephones.io/main.html\footnote{Securephones.io, Data
Security on Mobile Devices: Current State of the Art, Open Problems,
and Proposed Solutions
\useURL[url915][https://securephones.io/main.pdf]\from[url915]
\useURL[url916][https://web.archive.org/web/https://securephones.io/main.pdf][][{[}Archive.org{]}]\from[url916]}.
When it comes to your laptop, the forensics techniques are many and
widespread. Many of those issues can be mitigated by using full disk
encryption, virtualization (See \goto{Appendix W:
Virtualization}[appendix-v1-hardening-your-browsers]), and
compartmentalization. This guide will later detail such threats and
techniques to mitigate them.
\subsection[title={Bad Cryptography:},reference={bad-cryptography}]
There is a frequent adage among the infosec community: \quotation{Don't
roll your own crypto!}.
And there are reasons\footnote{Loup-Vaillant.fr, Rolling Your Own Crypto
\useURL[url917][https://loup-vaillant.fr/articles/rolling-your-own-crypto]\from[url917]
\useURL[url918][https://web.archive.org/web/https://loup-vaillant.fr/articles/rolling-your-own-crypto][][{[}Archive.org{]}]\from[url918]}\quote{\footnote{Dhole
Moments, Crackpot Cryptography and Security Theater
\useURL[url919][https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/]\from[url919]
\useURL[url920][https://web.archive.org/web/https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/][][{[}Archive.org{]}]\from[url920]}}\footnote{Vice.com,
Why You Don't Roll Your Own Crypto
\useURL[url921][https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto]\from[url921]
\useURL[url922][https://web.archive.org/web/https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto][][{[}Archive.org{]}]\from[url922]}'\footnote{arXiv,
MIT, You Really Shouldn't Roll Your Own Crypto: An Empirical Study of
Vulnerabilities in Cryptographic Libraries
\useURL[url923][https://arxiv.org/pdf/2107.04940.pdf]\from[url923]
\useURL[url924][https://web.archive.org/web/https://arxiv.org/pdf/2107.04940.pdf][][{[}Archive.org{]}]\from[url924]}
for that:
We would not want people discouraged from studying and innovating in the
crypto field because of that adage. So instead, we would recommend
people to be cautious with \quotation{Roll your own crypto} because it
is not necessarily good crypto:
\startitemize
\item
Good cryptography is not easy and usually takes years of research to
develop and fine-tune.
\item
Good cryptography is transparent and not proprietary/closed source so
it can be reviewed by peers.
\item
Good cryptography is developed carefully, slowly, and rarely alone.
\item
Good cryptography is usually presented and discussed in conferences
and published in various journals.
\item
Good cryptography is extensively peer-reviewed before it is released
for use in the wild.
\item
Using and implementing existing good cryptography correctly is already
a challenge.
\stopitemize
Yet, this is not stopping some from doing it anyway and publishing
various production Apps/Services using their self-made cryptography or
proprietary closed-source methods:
\startitemize
\item
You should apply caution when using Apps/Services using closed-source
or proprietary encryption methods. All the good crypto standards are
public and peer-reviewed and there should be no issue disclosing the
one you use.
\item
You should be wary of Apps/Services using a \quotation{modified} or
proprietary cryptographic method\footnote{YouTube, Great Crypto
Failures
\useURL[url925][https://www.youtube.com/watch?v=loy84K3AJ5Q]\from[url925]
\useURL[url926][https://yewtu.be/watch?v=loy84K3AJ5Q][][{[}Invidious{]}]\from[url926]}.
\item
By default, you should not trust any \quotation{Roll your own crypto}
until it was audited, peer-reviewed, vetted, and accepted by the
cryptography community\footnote{Cryptography Dispatches, The Most
Backdoor-Looking Bug I've Ever Seen
\useURL[url927][https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/]\from[url927]
\useURL[url928][https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/][][{[}Archive.org{]}]\from[url928]}'\footnote{Citizenlab.ca,
Move Fast and Roll Your Own Crypto
\useURL[url929][https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/]\from[url929]
\useURL[url930][https://web.archive.org/web/https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/][][{[}Archive.org{]}]\from[url930]}.
\item
There is no such thing as \quotation{military-grade crypto}\footnote{Jack
Poon, The myth of military grade encryption
\useURL[url931][https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369]\from[url931]
\useURL[url932][https://scribe.rip/@atcipher/the-myth-of-military-grade-encryption-292313ae6369][][{[}Scribe.rip{]}]\from[url932]
\useURL[url933][https://web.archive.org/web/https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369][][{[}Archive.org{]}]\from[url933]}\quote{\footnote{Congruent
Labs, Stop calling it \quotation{Military-Grade Encryption}
\useURL[url934][https://blog.congruentlabs.co/military-grade-encryption/]\from[url934]
\useURL[url935][https://web.archive.org/web/https://blog.congruentlabs.co/military-grade-encryption/][][{[}Archive.org{]}]\from[url935]}}\footnote{IronCoreLabs
Blog, \quotation{Military Grade Encryption}
\useURL[url936][https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588]\from[url936]
\useURL[url937][https://web.archive.org/web/https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588][][{[}Archive.org{]}]\from[url937]}.
\stopitemize
Cryptography is a complex topic and bad cryptography could easily lead
to your de-anonymization.
In the context of this guide,we recommend sticking to Apps/Services
using well-established, published, and peer-reviewed methods.
So, what to prefer and what to avoid as of 2021? You will have to look
up for yourself to get the technical details of each app and see if they
are using \quotation{bad crypto} or \quotation{good crypto}. Once you
get the technical details, you could check this page for seeing what it
is worth:
\useURL[url938][https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html]\from[url938]
\useURL[url939][https://web.archive.org/web/https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html][][{[}Archive.org{]}]\from[url939]
Here are some examples:
\startitemize
\item
Hashes:
\startitemize
\item
Prefer: SHA-3 or BLAKE2\footnote{Wikipedia, BLAKE2,
\useURL[url940][https://en.wikipedia.org/wiki/BLAKE_(hash_function)\#BLAKE2]\from[url940]
\useURL[url941][https://wikiless.org/wiki/BLAKE_(hash_function)\#BLAKE2][][{[}Wikiless{]}]\from[url941]
\useURL[url942][https://web.archive.org/web/https://en.wikipedia.org/wiki/BLAKE_(hash_function)\#BLAKE2][][{[}Archive.org{]}]\from[url942]}
\item
Still relatively ok to use: SHA-2 (such as the widely used SHA-256
or SHA-512)
\item
Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6
(rarely used)
\stopitemize
\item
File/Disk Encryption:
\startitemize
\item
Prefer:
\startitemize
\item
Hardware Accelerated\footnote{Wikipedia, AES Instruction Set,
\useURL[url943][https://en.wikipedia.org/wiki/AES_instruction_set]\from[url943]
\useURL[url944][https://wikiless.org/wiki/AES_instruction_set][][{[}Wikiless{]}]\from[url944]
\useURL[url945][https://web.archive.org/web/https://en.wikipedia.org/wiki/AES_instruction_set][][{[}Archive.org{]}]\from[url945]}:
AES (Rijndael) 256 Bits with HMAC-SHA-2 or HMAC-SHA-3 (This is
what Veracrypt, Bitlocker, Filevault 2, KeepassXC, and LUKS use by
default). Prefer SHA-3.
\item
Non-Hardware Accelerated: Same as accelerated above or if
available consider:
\startitemize
\item
ChaCha20\footnote{Wikipedia, ChaCha Variants,
\useURL[url946][https://en.wikipedia.org/wiki/Salsa20\#ChaCha_variant]\from[url946]
\useURL[url947][https://wikiless.org/wiki/Salsa20\#ChaCha_variant][][{[}Wikiless{]}]\from[url947]
\useURL[url948][https://web.archive.org/web/https://en.wikipedia.org/wiki/Salsa20\#ChaCha_variant][][{[}Archive.org{]}]\from[url948]}
or XChaCha20 (You can use ChaCha20 with Kryptor
\useURL[url949][https://www.kryptor.co.uk]\from[url949],
unfortunately, it is not available with Veracrypt).
\item
Serpent\footnote{Wikipedia, Serpent,
\useURL[url950][https://en.wikipedia.org/wiki/Serpent_(cipher)]\from[url950]
\useURL[url951][https://wikiless.org/wiki/Serpent_(cipher)][][{[}Wikiless{]}]\from[url951]
\useURL[url952][https://web.archive.org/web/https://en.wikipedia.org/wiki/Serpent_(cipher)][][{[}Archive.org{]}]\from[url952]}
\item
TwoFish\footnote{Wikipedia, TwoFish,
\useURL[url953][https://en.wikipedia.org/wiki/Twofish]\from[url953]
\useURL[url954][https://wikiless.org/wiki/Twofish][][{[}Wikiless{]}]\from[url954]
\useURL[url955][https://web.archive.org/web/https://en.wikipedia.org/wiki/Twofish][][{[}Archive.org{]}]\from[url955]}
\stopitemize
\stopitemize
\item
Avoid: Pretty much anything else
\stopitemize
\item
Password Storage:
\startitemize
\item
Prefer: Argon2, scrypt
\item
If these aren't options, use bcrypt, or if not possible at least
PBKDF2 (only as a last resort)
\item
Be skeptical of Argon2d, as it's vulnerable to some forms of
side-channels. Prefer Argon2i or Argon2id
\item
Avoid: SHA-3, SHA-2, SHA-1, MD5
\stopitemize
\item
Browser Security (HTTPS):
\startitemize
\item
Prefer: TLS 1.3 (ideally TLS 1.3 with ECH/eSNI support) or at least
TLS 1.2 (widely used)
\item
Avoid: Anything Else (TLS =<1.1, SSL =<3)
\stopitemize
\item
Signing messages/files with PGP/GPG:
\startitemize
\item
Prefer ECDSA (ed25519)+ECDH (ec25519) or RSA 4096 Bits*
\startitemize[packed]
\item
{\bf Consider a more modern}\footnote{Lacatora, The PGP Problem
\useURL[url956][https://latacora.singles/2019/07/16/the-pgp-problem.html]\from[url956]
\useURL[url957][https://web.archive.org/web/https://latacora.singles/2019/07/16/the-pgp-problem.html][][{[}Archive.org{]}]\from[url957]}
{\bf alternative to PGP/GPG: Minisign
\useURL[url958][https://jedisct1.github.io/minisign/]\from[url958]}
\useURL[url959][https://web.archive.org/web/https://jedisct1.github.io/minisign/][][{[}Archive.org{]}]\from[url959]
\stopitemize
\item
Avoid: RSA 2048 bits
\stopitemize
\item
SSH keys:
\startitemize
\item
ED25519 (preferred) or RSA 4096 Bits*
\item
Avoid: RSA 2048 bits
\stopitemize
\item
{\bf Warning: RSA and ED25519 are unfortunately not seen as
\quotation{Quantum Resistant}}\footnote{Wikipedia, Shor's Algorithm,
\useURL[url960][https://en.wikipedia.org/wiki/Shor\%27s_algorithm][][https://en.wikipedia.org/wiki/Shor\letterpercent{}27s_algorithm]\from[url960]
\useURL[url961][https://wikiless.org/wiki/Shor\%27s_algorithm][][{[}Wikiless{]}]\from[url961]
\useURL[url962][https://web.archive.org/web/https://en.wikipedia.org/wiki/Shor\%27s_algorithm][][{[}Archive.org{]}]\from[url962]}
{\bf and while they have not been broken yet, they probably will be
broken someday into the future. It is just a matter of when rather
than if RSA will ever be broken. So, these are preferred in those
contexts due to the lack of a better possibility.}
\stopitemize
Here are some real cases of issues bad cryptography:
\startitemize
\item
Telegram:
\useURL[url963][https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/]\from[url963]
\useURL[url964][https://web.archive.org/web/https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/][][{[}Archive.org{]}]\from[url964]
\item
Telegram:
\useURL[url965][https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/]\from[url965]
\useURL[url966][https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/][][{[}Archive.org{]}]\from[url966]
\item
Cryptocat:
\useURL[url967][https://web.archive.org/web/20130705051050/https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/]\from[url967]
\item
Some other examples can be found here:
\useURL[url968][https://www.cryptofails.com/]\from[url968]
\useURL[url969][https://web.archive.org/web/https://www.cryptofails.com/][][{[}Archive.org{]}]\from[url969]
\stopitemize
Later this guide will not recommend \quotation{bad cryptography} and
that should hopefully be enough to protect you?
\subsection[title={No logging but logging anyway
policies:},reference={no-logging-but-logging-anyway-policies}]
Many people have the idea that privacy-oriented services such as VPN or
E-Mail providers are safe due to their no-logging policies or their
encryption schemes. Unfortunately, many of those same people forget that
all those providers are legal commercial entities subject to the laws of
the countries in which they operate.
Any of those providers can be forced to silently (without your knowing
(using for example a court order with a gag order\footnote{Wikipedia,
Gag Order,
\useURL[url970][https://en.wikipedia.org/wiki/Gag_order]\from[url970]
\useURL[url971][https://wikiless.org/wiki/Gag_order][][{[}Wikiless{]}]\from[url971]
\useURL[url972][https://web.archive.org/web/https://en.wikipedia.org/wiki/Gag_order][][{[}Archive.org{]}]\from[url972]}
or a national security letter\footnote{Wikipedia, National Security
Letter
\useURL[url973][https://en.wikipedia.org/wiki/National_security_letter]\from[url973]
\useURL[url974][https://wikiless.org/wiki/National_security_letter][][{[}Wikiless{]}]\from[url974]
\useURL[url975][https://web.archive.org/web/https://en.wikipedia.org/wiki/National_security_letter][][{[}Archive.org{]}]\from[url975]})
log your activity to de-anonymize you. There have been several recent
examples of those:
\startitemize
\item
2021, Proton, Proton logged IP address of French activist after an
order by Swiss authorities (source link unavailable).
\item
2021, WindScribe, Servers were not encrypted as they should have been
allowing MITM attacks by authorities\footnote{ArsTechnica, VPN servers
seized by Ukrainian authorities weren't encrypted
\useURL[url976][https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/]\from[url976]
\useURL[url977][https://web.archive.org/web/https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/][][{[}Archive.org{]}]\from[url977]}.
\item
2021, DoubleVPN servers, logs, and account info seized by law
enforcement\footnote{BleepingComputer, DoubleVPN servers, logs, and
account info seized by law enforcement
\useURL[url978][https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/]\from[url978]
\useURL[url979][https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/][][{[}Archive.org{]}]\from[url979]}.
\item
2021, The Germany-based mail provider Tutanota was forced to monitor
specific accounts for 3 months\footnote{CyberScoop, Court rules
encrypted email provider Tutanota must monitor messages in blackmail
case
\useURL[url980][https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/]\from[url980]
\useURL[url981][https://web.archive.org/web/https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/][][{[}Archive.org{]}]\from[url981]}.
\item
2020, The Germany-based mail provider Tutanota was forced to implement
a backdoor to intercept and save copies of the unencrypted e-mails of
one user\footnote{Heise Online (German),
\useURL[url982][https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html]\from[url982]
\useURL[url983][https://web.archive.org/web/https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html][][{[}Archive.org{]}]\from[url983]}
(they did not decrypt the stored e-mail).
\item
2017, PureVPN was forced to disclose information of one user to the
FBI\footnote{PCMag, Did PureVPN Cross a Line When It Disclosed User
Information?
\useURL[url984][https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information]\from[url984]
\useURL[url985][https://web.archive.org/web/https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information][][{[}Archive.org{]}]\from[url985]}.
\item
2014, an EarthVPN user was arrested based on logs provider to the
Dutch Police\footnote{Internet Archive, Wipeyourdata, \quotation{No
logs} EarthVPN user arrested after police finds logs
\useURL[url986][https://archive.is/XNuVw\#selection-230.0-230.1]\from[url986]
\useURL[url987][https://web.archive.org/web/https://archive.is/XNuVw][][{[}Archive.org{]}]\from[url987]}.
\item
2013, Secure E-Mail provider Lavabit shuts down after fighting a
secret gag order\footnote{Wikipedia, Lavabit Suspension and Gag order,
\useURL[url988][https://en.wikipedia.org/wiki/Lavabit\#Suspension_and_gag_order]\from[url988]
\useURL[url989][https://wikiless.org/wiki/Lavabit][][{[}Wikiless{]}]\from[url989]
\useURL[url990][https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit][][{[}Archive.org{]}]\from[url990]}.
\item
2011, HideMyAss user was de-anonymized, and logs were provided to the
FBI\footnote{Internet Archive, Invisibler, What Everybody Ought to
Know About HideMyAss
\useURL[url991][https://archive.is/ag9w4\#selection-136.0-136.1]\from[url991]}.
\stopitemize
Some providers have implemented the use of a Warrant Canary\footnote{Wikipedia,
Warrant Canary
\useURL[url992][https://en.wikipedia.org/wiki/Warrant_canary]\from[url992]
\useURL[url993][https://wikiless.org/wiki/Warrant_canary][][{[}Wikiless{]}]\from[url993]
\useURL[url994][https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary][][{[}Archive.org{]}]\from[url994]}
that would allow their users to find out if they have been compromised
by such orders, but this has not been tested yet as far as we know.
Finally, it is now well known that some companies might be sponsored
front ends for some state adversaries (see the Crypto AG story\footnote{Washington
Post, The intelligence coup of the century
\useURL[url995][https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/]\from[url995]
\useURL[url996][https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/][][{[}Archive.org{]}]\from[url996]}
and Omnisec story\footnote{Swissinfo.ch, Second Swiss firm allegedly
sold encrypted spying devices
\useURL[url997][https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432]\from[url997]
\useURL[url998][https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432][][{[}Archive.org{]}]\from[url998]}).
For these reasons, you mustn't trust such providers for your privacy
despite all their claims. In most cases, you will be the last person to
know if any of your accounts were targeted by such orders and you might
never know at all.
To mitigate this, in cases where you want to use a VPN, we will
recommend the use of a cash/Monero-paid VPN provider over Tor to prevent
the VPN service from knowing any identifiable information about you.
If the VPN provider knows nothing about you, it should mitigate any
issue due to them not logging but logging anyway.
\subsection[title={Some Advanced targeted
techniques:},reference={some-advanced-targeted-techniques}]
\placefigure{image17}{\externalfigure[./tex2pdf.-1a34188c73046814/a56e4587b1199b03f2e2f69dd1cec9540440c565.png]}
(Illustration: an excellent movie we highly recommend: Das Leben der
Anderen\footnote{Wikipedia, Das Leben der Anderen
\useURL[url999][https://en.wikipedia.org/wiki/The_Lives_of_Others]\from[url999]
\useURL[url1000][https://wikiless.org/wiki/The_Lives_of_Others][][{[}Wikiless{]}]\from[url1000]
\useURL[url1001][https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others][][{[}Archive.org{]}]\from[url1001]})
Many advanced techniques can be used by skilled adversaries\footnote{Wired,
Mind the Gap: This Researcher Steals Data With Noise, Light, and
Magnets
\useURL[url1002][https://www.wired.com/story/air-gap-researcher-mordechai-guri/]\from[url1002]
\useURL[url1003][https://web.archive.org/web/https://www.wired.com/story/air-gap-researcher-mordechai-guri/][][{[}Archive.org{]}]\from[url1003]}
to bypass your security measures provided they already know where your
devices are. Many of those techniques are detailed here
\useURL[url1004][https://cyber.bgu.ac.il/advanced-cyber/airgap]\from[url1004]
\useURL[url1005][https://web.archive.org/web/https://cyber.bgu.ac.il/advanced-cyber/airgap][][{[}Archive.org{]}]\from[url1005]
(Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion
University of the Negev, Israel) but also in this report
\useURL[url1006][https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf]\from[url1006]
\useURL[url1007][https://web.archive.org/web/https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf][][{[}Archive.org{]}]\from[url1007]
(ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and
include:
\startitemize
\item
Attacks requiring malware implants:
\startitemize
\item
Exfiltration of Data through a Malware infected Router:
\useURL[url1008][https://www.youtube.com/watch?v=mSNt4h7EDKo]\from[url1008]
\useURL[url1009][https://yewtu.be/watch?v=mSNt4h7EDKo][][{[}Invidious{]}]\from[url1009]
\item
Exfiltration of Data through observation of Light variation in a
Backlit keyboard with a compromised camera:
\useURL[url1010][https://www.youtube.com/watch?v=1kBGDHVr7x0]\from[url1010]
\useURL[url1011][https://yewtu.be/watch?v=1kBGDHVr7x0][][{[}Invidious{]}]\from[url1011]
\startitemize
\item
Exfiltration of Data through a compromised Security Camera (that
could first use the previous attack)
\useURL[url1012][https://www.youtube.com/watch?v=om5fNqKjj2M]\from[url1012]
\useURL[url1013][https://yewtu.be/watch?v=om5fNqKjj2M][][{[}Invidious{]}]\from[url1013]
\item
Communication from outsider to compromised Security Cameras
through IR light signals:
\useURL[url1014][https://www.youtube.com/watch?v=auoYKSzdOj4]\from[url1014]
\useURL[url1015][https://yewtu.be/watch?v=auoYKSzdOj4][][{[}Invidious{]}]\from[url1015]
\stopitemize
\item
Exfiltration of data from a compromised air-gapped computer through
acoustic analysis of the FAN noises with a smartphone
\useURL[url1016][https://www.youtube.com/watch?v=v2_sZIfZkDQ]\from[url1016]
\useURL[url1017][https://yewtu.be/watch?v=v2_sZIfZkDQ][][{[}Invidious{]}]\from[url1017]
\item
Exfiltration of data from a malware-infected air-gapped computer
through HD LEDs with a Drone
\useURL[url1018][https://www.youtube.com/watch?v=4vIu8ld68fc]\from[url1018]
\useURL[url1019][https://yewtu.be/watch?v=4vIu8ld68fc][][{[}Invidious{]}]\from[url1019]
\item
Exfiltration of data from a USB malware on an air-gapped computer
through electromagnetic interferences
\useURL[url1020][https://www.youtube.com/watch?v=E28V1t-k8Hk]\from[url1020]
\useURL[url1021][https://yewtu.be/watch?v=E28V1t-k8Hk][][{[}Invidious{]}]\from[url1021]
\item
Exfiltration of data from a malware-infected HDD drive through
covert acoustic noise
\useURL[url1022][https://www.youtube.com/watch?v=H7lQXmSLiP8]\from[url1022]
\useURL[url1023][https://yewtu.be/watch?v=H7lQXmSLiP8][][{[}Invidious{]}]\from[url1023]
\item
Exfiltration of data through GSM frequencies from a compromised
(with malware) air-gapped computer
\useURL[url1024][https://www.youtube.com/watch?v=RChj7Mg3rC4]\from[url1024]
\useURL[url1025][https://yewtu.be/watch?v=RChj7Mg3rC4][][{[}Invidious{]}]\from[url1025]
\item
Exfiltration of data through electromagnetic emissions from a
compromised Display device
\useURL[url1026][https://www.youtube.com/watch?v=2OzTWiGl1rM&t=20s]\from[url1026]
\useURL[url1027][https://yewtu.be/watch?v=2OzTWiGl1rM&t=20s][][{[}Invidious{]}]\from[url1027]
\item
Exfiltration of data through magnetic waves from a compromised
air-gapped computer to a Smartphone stored inside a Faraday bag
\useURL[url1028][https://www.youtube.com/watch?v=yz8E5n1Tzlo]\from[url1028]
\useURL[url1029][https://yewtu.be/watch?v=yz8E5n1Tzlo][][{[}Invidious{]}]\from[url1029]
\item
Communication between two compromised air-gapped computers using
ultrasonic soundwaves
\useURL[url1030][https://www.youtube.com/watch?v=yz8E5n1Tzlo]\from[url1030]
\useURL[url1031][https://yewtu.be/watch?v=yz8E5n1Tzlo][][{[}Invidious{]}]\from[url1031]
\item
Exfiltration of Bitcoin Wallet from a compromised air-gapped
computer to a smartphone
\useURL[url1032][https://www.youtube.com/watch?v=2WtiHZNeveY]\from[url1032]
\useURL[url1033][https://yewtu.be/watch?v=2WtiHZNeveY][][{[}Invidious{]}]\from[url1033]
\item
Exfiltration of Data from a compromised air-gapped computer using
display brightness
\useURL[url1034][https://www.youtube.com/watch?v=ZrkZUO2g4DE]\from[url1034]
\useURL[url1035][https://yewtu.be/watch?v=ZrkZUO2g4DE][][{[}Invidious{]}]\from[url1035]
\item
Exfiltration of Data from a compromised air-gapped computer through
vibrations
\useURL[url1036][https://www.youtube.com/watch?v=XGD343nq1dg]\from[url1036]
\useURL[url1037][https://yewtu.be/watch?v=XGD343nq1dg][][{[}Invidious{]}]\from[url1037]
\item
Exfiltration of Data from a compromised air-gapped computer by
turning RAM into a Wi-Fi emitter
\useURL[url1038][https://www.youtube.com/watch?v=vhNnc0ln63c]\from[url1038]
\useURL[url1039][https://yewtu.be/watch?v=vhNnc0ln63c][][{[}Invidious{]}]\from[url1039]
\item
Exfiltration of Data from a compromised air-gapped computer through
power lines
\useURL[url1040][https://arxiv.org/pdf/1804.04014.pdf]\from[url1040]
\useURL[url1041][https://web.archive.org/web/https://arxiv.org/pdf/1804.04014.pdf][][{[}Archive.org{]}]\from[url1041]
\stopitemize
\item
{\bf Attacks not requiring malware:}
\startitemize
\item
Observing a blank wall in a room from a distance to figure how many
people are in a room and what they are doing\footnote{Scientific
American, A Blank Wall Can Show How Many People Are in a Room and
What They're Doing
\useURL[url1042][https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/]\from[url1042]
\useURL[url1043][https://web.archive.org/web/https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/][][{[}Archive.org{]}]\from[url1043]}.
Publication with demonstration:
\useURL[url1044][http://wallcamera.csail.mit.edu/]\from[url1044]
\useURL[url1045][https://web.archive.org/web/http://wallcamera.csail.mit.edu/][][{[}Archive.org{]}]\from[url1045]
\item
Observing a reflective bag of snacks in a room from a distance to
reconstruct the entire room\footnote{Scientific American, A Shiny
Snack Bag's Reflections Can Reconstruct the Room around It
\useURL[url1046][https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/]\from[url1046]
\useURL[url1047][https://web.archive.org/web/https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/][][{[}Archive.org{]}]\from[url1047]}.
Publication with photographic examples:
\useURL[url1048][https://arxiv.org/pdf/2001.04642.pdf]\from[url1048]
\useURL[url1049][https://web.archive.org/web/https://arxiv.org/pdf/2001.04642.pdf][][{[}Archive.org{]}]\from[url1049]
\item
Measuring floor vibrations to identify individuals and determine
their health condition and mood\footnote{Scientific American,
Footstep Sensors Identify People by Gait
\useURL[url1050][https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/]\from[url1050]
\useURL[url1051][https://web.archive.org/web/https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/][][{[}Archive.org{]}]\from[url1051]}.
Publication with demonstration:
\useURL[url1052][https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html]\from[url1052]
\useURL[url1053][https://web.archive.org/web/https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html][][{[}Archive.org{]}]\from[url1053]
\item
Observing a light bulb from a distance to listen to the sound in the
room\footnote{Ben Nassi, Lamphone
\useURL[url1054][https://www.nassiben.com/lamphone]\from[url1054]
\useURL[url1055][https://web.archive.org/web/https://www.nassiben.com/lamphone][][{[}Archive.org{]}]\from[url1055]}
{\bf without any malware}: Demonstration:
\useURL[url1056][https://www.youtube.com/watch?v=t32QvpfOHqw]\from[url1056]
\useURL[url1057][https://yewtu.be/watch?v=t32QvpfOHqw][][{[}Invidious{]}]\from[url1057].
It should be noted that this type of attack is not new at all and
there have been articles about such techniques as far back as
2013\footnote{The Guardian, Laser spying: is it really practical?
\useURL[url1058][https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices]\from[url1058]
\useURL[url1059][https://web.archive.org/web/https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices][][{[}Archive.org{]}]\from[url1059]}
and that you can even buy devices to perform this yourself such as
here:
\useURL[url1060][http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html]\from[url1060]
\useURL[url1061][https://web.archive.org/web/http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html][][{[}Archive.org{]}]\from[url1061]
\stopitemize
\stopitemize
Here is also a good video from the same authors to explain those topics:
Black Hat, The Air-Gap Jumpers
\useURL[url1062][https://www.youtube.com/watch?v=YKRtFgunyj4]\from[url1062]
\useURL[url1063][https://yewtu.be/watch?v=YKRtFgunyj4][][{[}Invidious{]}]\from[url1063]
{\bf Realistically, this guide will be of little help against such
adversaries as such malware could be implanted on the devices by a
manufacturer, anyone in the middle}\footnote{ArsTechnica, Photos of an
NSA \quotation{upgrade} factory show Cisco router getting implant
\useURL[url1064][https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/]\from[url1064]
\useURL[url1065][https://web.archive.org/web/https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/][][{[}Archive.org{]}]\from[url1065]}{\bf ,
or by anyone with physical access to the air-gapped computer but there
are still some ways to mitigate such techniques:}
\startitemize
\item
Do not conduct sensitive activity while connected to an
untrusted/unsecured power line to prevent power line leaks.
\item
Do not use your devices in front of a camera that could be
compromised.
\item
Use your devices in a soundproofed room to prevent sound leaks.
\item
Use your devices in a Faraday cage to prevent electromagnetic leaks.
\item
Do not talk about sensitive information where lightbulbs could be seen
from outside.
\item
Buy your devices from different/unpredictable/offline places (shops)
where the probability of them being infected with such malware is
lower.
\item
Do not let anyone access your air-gapped computers except trusted
people.
\stopitemize
\subsection[title={Some bonus
resources:},reference={some-bonus-resources}]
\startitemize
\item
Have a look at the Whonix Documentation concerning Data Collection
techniques here:
\useURL[url1066][https://www.whonix.org/wiki/Data_Collection_Techniques]\from[url1066]
\useURL[url1067][https://web.archive.org/web/https://www.whonix.org/wiki/Data_Collection_Techniques][][{[}Archive.org{]}]\from[url1067]
\item
You might also enjoy looking at this service
\useURL[url1068][https://tosdr.org/]\from[url1068]
\useURL[url1069][https://web.archive.org/web/https://tosdr.org/][][{[}Archive.org{]}]\from[url1069]
(Terms of Services, Didn't Read) that will give you a good overview of
the various ToS of many services.
\item
Have a look at
\useURL[url1070][https://www.eff.org/issues/privacy]\from[url1070]
\useURL[url1071][https://web.archive.org/web/https://www.eff.org/issues/privacy][][{[}Archive.org{]}]\from[url1071]
for some more resources.
\item
Have a look at
\useURL[url1072][https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects]\from[url1072]
\useURL[url1073][https://wikiless.org/wiki/List_of_government_mass_surveillance_projects][][{[}Wikiless{]}]\from[url1073]
\useURL[url1074][https://web.archive.org/web/https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects][][{[}Archive.org{]}]\from[url1074]
to have an overview of all known mass-surveillance projects, current,
and past.
\item
Have a look at
\useURL[url1075][https://www.gwern.net/Death-Note-Anonymity]\from[url1075]
\useURL[url1076][https://web.archive.org/web/https://www.gwern.net/Death-Note-Anonymity][][{[}Archive.org{]}]\from[url1076]
(even if you don't know about Death Note).
\item
Consider finding and reading Michael Bazzell's book
\quotation{Open-Source Intelligence Techniques} (eighth edition as of
this writing to find out more about recent OSINT techniques)
\useURL[url1077][https://inteltechniques.com/book1.html]\from[url1077]
\item
Finally, check
\useURL[url1078][https://www.freehaven.net/anonbib/date.html]\from[url1078]
\useURL[url1079][https://web.archive.org/web/https://www.freehaven.net/anonbib/date.html][][{[}Archive.org{]}]\from[url1079]
for the latest academic papers related to Online Anonymity.
\stopitemize
\subsection[title={Notes:},reference={notes}]
If you still do not think such information can be used by various actors
to track you, you can see some statistics for yourself for some
platforms and keep in mind those are only accounting for the lawful data
requests and will not count things like PRISM, MUSCULAR, SORM or
XKEYSCORE explained earlier:
\startitemize
\item
Google Transparency Report
\useURL[url1080][https://transparencyreport.google.com/user-data/overview]\from[url1080]
\useURL[url1081][https://web.archive.org/web/https://transparencyreport.google.com/user-data/overview][][{[}Archive.org{]}]\from[url1081]
\item
Facebook Transparency Report
\useURL[url1082][https://transparency.facebook.com/]\from[url1082]
\useURL[url1083][https://web.archive.org/web/https://transparency.facebook.com/][][{[}Archive.org{]}]\from[url1083]
\item
Apple Transparency Report
\useURL[url1084][https://www.apple.com/legal/transparency/]\from[url1084]
\useURL[url1085][https://web.archive.org/web/https://www.apple.com/legal/transparency/][][{[}Archive.org{]}]\from[url1085]
\item
Cloudflare Transparency Report
\useURL[url1086][https://www.cloudflare.com/transparency/]\from[url1086]
\useURL[url1087][https://web.archive.org/web/https://www.cloudflare.com/transparency/][][{[}Archive.org{]}]\from[url1087]
\item
Snapchat Transparency Report
\useURL[url1088][https://www.snap.com/en-US/privacy/transparency]\from[url1088]
\useURL[url1089][https://web.archive.org/web/https://www.snap.com/en-US/privacy/transparency][][{[}Archive.org{]}]\from[url1089]
\item
Telegram Transparency Report
\useURL[url1090][https://t.me/transparency]\from[url1090]
\useURL[url1091][https://web.archive.org/web/https://t.me/transparency][][{[}Archive.org{]}]\from[url1091]
(requires telegram installed)
\item
Microsoft Transparency Report
\useURL[url1092][https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report]\from[url1092]
\useURL[url1093][https://web.archive.org/web/https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report][][{[}Archive.org{]}]\from[url1093]
\item
Amazon Transparency Report
\useURL[url1094][https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF]\from[url1094]
\useURL[url1095][https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF][][{[}Archive.org{]}]\from[url1095]
\item
Dropbox Transparency Report
\useURL[url1096][https://www.dropbox.com/transparency]\from[url1096]
\useURL[url1097][https://web.archive.org/web/https://www.dropbox.com/transparency][][{[}Archive.org{]}]\from[url1097]
\item
Discord Transparency Report
\useURL[url1098][https://discord.com/blog/discord-transparency-report-q1-2022]\from[url1098]
\useURL[url1099][https://web.archive.org/web/20220812051950/https://discord.com/blog/discord-transparency-report-q1-2022][][{[}Archive.org{]}]\from[url1099]
\item
GitHub Transparency Report
\useURL[url1100][https://github.blog/2021-02-25-2020-transparency-report/]\from[url1100]
\useURL[url1101][https://web.archive.org/web/https://github.blog/2021-02-25-2020-transparency-report/][][{[}Archive.org{]}]\from[url1101]
\item
Snapchat Transparency Report
\useURL[url1102][https://www.snap.com/en-US/privacy/transparency/]\from[url1102]
\useURL[url1103][https://web.archive.org/web/20220806141853/https://www.snap.com/en-US/privacy/transparency][][{[}Archive.org{]}]\from[url1103]
\item
TikTok Transparency Report
\useURL[url1104][https://www.tiktok.com/transparency/en/information-requests-2021-2/]\from[url1104]
\useURL[url1105][https://web.archive.org/web/20220812054600/https://www.tiktok.com/transparency/en/information-requests-2021-2/][][{[}Archive.org{]}]\from[url1105]
\item
Reddit Transparency Report
\useURL[url1106][https://www.redditinc.com/policies/transparency-report-2021]\from[url1106]
\useURL[url1107][https://web.archive.org/web/20220812054736/https://www.redditinc.com/policies/transparency-report-2021][][{[}Archive.org{]}]\from[url1107]
\item
Twitter Transparency Report
\useURL[url1108][https://transparency.twitter.com/]\from[url1108]
\useURL[url1109][https://web.archive.org/web/20220812054839/https://transparency.twitter.com/][][{[}Archive.org{]}]\from[url1109]
\stopitemize
\section[title={General Preparations:},reference={general-preparations}]
Personally, in the context of this guide, it is also interesting to have
a look at your security model. And in this context,we only have one to
recommend:
Zero-Trust Security\footnote{Wikipedia, Zero-trust Security Model
\useURL[url1110][https://en.wikipedia.org/wiki/Zero_trust_security_model]\from[url1110]
\useURL[url1111][https://wikiless.org/wiki/Zero_trust_security_model][][{[}Wikiless{]}]\from[url1111]
\useURL[url1112][https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model][][{[}Archive.org{]}]\from[url1112]}
(\quotation{Never trust, always verify}).
Here are some various resources about what Zero-Trust Security is:
\startitemize
\item
DEFCON, Zero Trust a Vision for Securing Cloud,
\useURL[url1113][https://www.youtube.com/watch?v=euSsqXO53GY]\from[url1113]
\useURL[url1114][https://yewtu.be/watch?v=euSsqXO53GY][][{[}Invidious{]}]\from[url1114]
\item
From the NSA themselves, Embracing a Zero Trust Security Model,
\useURL[url1115][https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF]\from[url1115]
\useURL[url1116][https://web.archive.org/web/https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF][][{[}Archive.org{]}]\from[url1116]
\stopitemize
\subsection[title={Picking your route:},reference={picking-your-route}]
First, here is a small basic UML diagram showing your available options
according to your skills/budget/time/resources.
\placefigure{image18}{\externalfigure[./tex2pdf.-1a34188c73046814/5039d0baf9b2f223fb7e3228a8e4606f8c126171.png]}
\subsubsection[title={Timing
limitations:},reference={timing-limitations}]
\startitemize
\item
You have no time at all:
\startitemize[packed]
\item
{\bf Go for the Tor Browser route.}
\stopitemize
\item
You have extremely limited time to learn and need a fast-working
solution:
\startitemize[packed]
\item
{\bf Your best option is to go for the Tails route (excluding the
persistent plausible deniability section).}
\stopitemize
\item
You have time and more importantly motivation to learn:
\startitemize[packed]
\item
{\bf Go with any route.}
\stopitemize
\stopitemize
\subsubsection[title={Budget/Material
limitations:},reference={budgetmaterial-limitations}]
\startitemize
\item
You have no budget and even accessing a laptop is complicated or you
only have your smartphone:
\startitemize[packed]
\item
{\bf Go for the Tor Browser route.}
\stopitemize
\item
You only have one laptop available and cannot afford anything else.
You use this laptop for either work, family, or your personal stuff
(or both):
\startitemize[packed]
\item
{\bf Your best option is to go for the Tails route.}
\stopitemize
\item
You can afford a spare dedicated unsupervised/unmonitored laptop for
your sensitive activities:
\startitemize
\item
But it is old, slow, and has bad specs (less than 6GB of RAM, less
than 250GB disk space, old/slow CPU):
\startitemize[packed]
\item
{\bf You should go for the Tails route.}
\stopitemize
\item
It is not that old, and it has decent specs (at least 8GB of RAM,
250GB of disk space or more, decent CPU):
\startitemize[packed]
\item
{\bf You could go for Tails, Whonix routes.}
\stopitemize
\item
It is new and it has great specs (more than 16GB or ideally 32GB of
RAM, >250GB of disk space, recent fast CPU):
\startitemize[packed]
\item
{\bf You could go for any route, but we would recommend Qubes OS
if your threat model allows it. Please see the
requirements.\footnote{Qubes OS, System Requirements
\useURL[url1117][https://www.qubes-os.org/doc/system-requirements/]\from[url1117]
\useURL[url1118][https://web.archive.org/web/https://www.qubes-os.org/doc/system-requirements/][][{[}Archive.org{]}]\from[url1118]}}
\stopitemize
\item
If it is an ARM-based M1/M2 Mac:
\startitemize
\item
{\bf Not possible currently for these reasons:}
\startitemize
\item
Virtualization of Intel x86 images on ARM (M1/M2) hosts is still
limited to commercial software (e.g., Parallels, Fusion) which
are mostly not supported by Whonix, yet. They are very buggy and
for advanced people only. Please seek this information yourself.
\item
\useURL[url1119][https://osxdaily.com/2022/10/22/you-can-now-run-virtualbox-on-apple-silicon-m1-m2/][][Virtualbox
is now available natively for ARM64 architecture]\from[url1119]
in a package as of October 2022. Download the
\useURL[url1120][https://www.virtualbox.org/wiki/Downloads][][\quotation{Developer
preview for macOS/Arm64 (M1/M2) hosts}]\from[url1120].
\item
Whonix does not support macOS easily. \quotation{You need to
build Whonix using the build script to get it running on Apple
Silicon.}
\useURL[url1121][https://www.whonix.org/wiki/MacOS\#M1][][See
the forum thread]\from[url1121].
\item
Tails is not supported on ARM64 architecture yet.
\useURL[url1122][https://gitlab.tails.boum.org/tails/blueprints/-/wikis/ARM_platforms/][][See
this thread]\from[url1122] for more information (keep in mind
this page hasn't been updated recently).
\item
Qubes OS is not supported on ARM64 architecture yet, but there
is work being done to make it available on aarch64, which may be
delayed for the unforseeable future..
\stopitemize
\stopitemize
\stopitemize
\stopitemize
{\bf The general advice in this guide regarding virtualization software
is that it's costly. That said, you should probably get a dedicated
laptop, capable of running virtualization software, preferably a 64-bit
architecture, to be used for more sensitive activities and testing.}
\subsubsection[title={Skills:},reference={skills}]
\startitemize
\item
Do you have no IT skills at all the content of this guide look like an
alien language to you? Consider:
\startitemize
\item
{\bf The Tor Browser route (simplest of all)}
\item
{\bf The Tails route (excluding the persistent plausible deniability
section).}
\stopitemize
\item
You have some IT skills and mostly understand this guide so far,
consider:
\startitemize
\item
{\bf The Tails route (with the optional persistent plausible
deniability section).}
\item
{\bf The Whonix route.}
\stopitemize
\item
You have moderate to high IT skills, and you are already familiar with
some of the content of this guide, consider:
\startitemize[packed]
\item
{\bf Any route (Qubes OS is preferred if you can afford it).}
\stopitemize
\item
You are an l33T hacker, \quotation{there is no spoon}, \quotation{the
cake is a lie}, you have been using \quotation{doas} for years, and
\quotation{all your base is belong to us}, and you have strong
opinions on systemd.
\startitemize[packed]
\item
{\bf This guide is not meant for you and will not help you with your
HardenedBSD on your hardened Libreboot laptop ;-)}
\stopitemize
\stopitemize
\subsubsection[title={Adversarial
considerations:},reference={adversarial-considerations}]
Now that you know what is possible, you should also consider threats and
adversaries before picking the right route.
\subsubsubsection[title={Threats:},reference={threats}]
\startitemize
\item
If your main concern is a forensic examination of your devices, you
should consider the Tor Browser route or the Tails route.
\item
If your main concerns are remote adversaries that might uncover your
online identity on various platforms, you should consider the Tails,
Whonix, or Qubes OS routes (listed in order of difficulty).
\item
If you want system-wide plausible deniability\footnote{Wikipedia,
Plausible Deniability
\useURL[url1123][https://en.wikipedia.org/wiki/Plausible_deniability]\from[url1123]
\useURL[url1124][https://wikiless.org/wiki/Plausible_deniability][][{[}Wikiless{]}]\from[url1124]
\useURL[url1125][https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability][][{[}Archive.org{]}]\from[url1125]}\quote{\footnote{Wikipedia,
Rubber-hose Cryptanalysis
\useURL[url1126][https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis]\from[url1126]
\useURL[url1127][https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis][][{[}Archive.org{]}]\from[url1127]}
despite the risks\footnote{Defuse.ca, TrueCrypt's Plausible
Deniability is Theoretically Useless
\useURL[url1128][https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm]\from[url1128]
\useURL[url1129][https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm][][{[}Archive.org{]}]\from[url1129]}}\footnote{Wikipedia,
Deniable Encryption
\useURL[url1130][https://en.wikipedia.org/wiki/Deniable_encryption]\from[url1130]
\useURL[url1131][https://wikiless.org/wiki/Deniable_encryption][][{[}Wikiless{]}]\from[url1131]
\useURL[url1132][https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption][][{[}Archive.org{]}]\from[url1132]},
consider the Tails route, including the persistent plausible
deniability section (see \goto{Persistent Plausible Deniability using
Whonix within
Tails}[persistent-plausible-deniability-using-whonix-within-tails]).**
\item
If you are in a hostile environment where Tor/VPN usage alone is
impossible/dangerous/suspicious, consider the Tails route (without
actually using Tor), or more advanced routes like Whonix or Qubes OS.
\stopitemize
\subsubsubsection[title={Adversaries:},reference={adversaries}]
\startitemize
\item
Low skills:
\startitemize
\item
Low resources:
\startitemize[packed]
\item
Any motivation: Any Route
\stopitemize
\item
Medium resources:
\startitemize
\item
Low to Medium motivation: Any Route
\item
High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\item
High resources:
\startitemize
\item
Low motivation: Any route
\item
Medium to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\stopitemize
\item
Intermediate skills:
\startitemize
\item
Low resources:
\startitemize
\item
Low motivation: Any Route
\item
Medium to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\item
Medium resources:
\startitemize
\item
Low motivation: Any Route
\item
Medium to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\item
High resources:
\startitemize[packed]
\item
Low to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\stopitemize
\item
Highly skilled:
\startitemize
\item
Low resources:
\startitemize
\item
Low motivation: Any Route
\item
Medium to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\item
Medium resources:
\startitemize[packed]
\item
Low to High motivation: TAILS, Whonix, Qubes OS Routes
\stopitemize
\item
High resources:
\startitemize[packed]
\item
Low to High motivations: TAILS, Whonix, Qubes OS Routes {\bf (but
likely out of scope from this guide as this is probably a global
adversary)}
\stopitemize
\stopitemize
\stopitemize
In all cases, you should read these two pages from the Whonix
documentation that will give you in-depth insight into your choices:
\startitemize
\item
\useURL[url1133][https://www.whonix.org/wiki/Warning]\from[url1133]
\useURL[url1134][https://web.archive.org/web/https://www.whonix.org/wiki/Warning][][{[}Archive.org{]}]\from[url1134]
\item
\useURL[url1135][https://www.whonix.org/wiki/Dev/Threat_Model]\from[url1135]
\useURL[url1136][https://web.archive.org/web/https://www.whonix.org/wiki/Dev/Threat_Model][][{[}Archive.org{]}]\from[url1136]
\item
\useURL[url1137][https://www.whonix.org/wiki/Comparison_with_Others]\from[url1137]
\useURL[url1138][https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_with_Others][][{[}Archive.org{]}]\from[url1138]
\stopitemize
You might be asking yourself: \quotation{How do I know if I'm in a
hostile online environment where activities are actively monitored and
blocked?}
\startitemize
\item
First read more about it at the EFF here:
\useURL[url1139][https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship]\from[url1139]
\useURL[url1140][https://web.archive.org/web/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship][][{[}Archive.org{]}]\from[url1140]
\item
Check some data yourself here on the Tor Project OONI\footnote{Wikipedia,
OONI,
\useURL[url1141][https://en.wikipedia.org/wiki/OONI]\from[url1141]
\useURL[url1142][https://wikiless.org/wiki/OONI][][{[}Wikiless{]}]\from[url1142]
\useURL[url1143][https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI][][{[}Archive.org{]}]\from[url1143]}
(Open Observatory of Network Interference) website:
\useURL[url1144][https://explorer.ooni.org/]\from[url1144]
\item
Have a look at
\useURL[url1145][https://censoredplanet.org/]\from[url1145] and see if
they have data about your country.
\item
Specific to China, look at
\useURL[url1146][https://gfwatch.org/]\from[url1146] and
\useURL[url1147][https://www.usenix.org/system/files/sec21-hoang.pdf]\from[url1147]
\useURL[url1148][https://web.archive.org/web/https://www.usenix.org/system/files/sec21-hoang.pdf][][{[}Archive.org{]}]\from[url1148]
\item
Test for yourself using OONI (this can be risky in a hostile
environment).
\stopitemize
\subsection[title={Steps for all
routes:},reference={steps-for-all-routes}]
\subsubsection[title={Getting used to using better
passwords:},reference={getting-used-to-using-better-passwords}]
See \goto{Appendix A2: Guidelines for passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases].
\subsubsection[title={Getting an anonymous Phone
number:},reference={getting-an-anonymous-phone-number}]
{\bf Skip this step if you have no intention of creating anonymous
accounts on most mainstream platforms but just want anonymous browsing
or if the platforms you will use allow registration without a phone
number.}
\subsubsubsection[title={Physical Burner Phone and prepaid SIM
card:},reference={physical-burner-phone-and-prepaid-sim-card}]
\subsubsubsubsection[title={Get a burner
phone:},reference={get-a-burner-phone}]
This is rather easy. Leave your smartphone on and at home. Have some
cash and go to some random flea market or small shop (ideally one
without CCTV inside or outside and while avoiding being
photographed/filmed) and just buy the cheapest phone you can find with
cash and without providing any personal information. It only needs to be
in working order.
{\em A note regarding your current phone:} The point of leaving your
smartphone on is to create avoid leaking the fact that you're not using
the device. If a smartphone is turned off, this creates a metadata trail
that can be used to correlate the time your smartphone was turned off
with the activation of your burner. If possible, leave your phone doing
something (for example, watching YouTube on auto-play) to obscure the
metadata trail further. This will not make it impossible to correlate
your inactivity, but may make it more difficult if your phone's usage
patterns can look convincing while you buy your burner.
We would recommend getting an old \quotation{dumbphone} with a removable
battery (old Nokia if your mobile networks still allow those to connect
as some countries phased out 1G-2G completely). This is to avoid the
automatic sending/gathering of any telemetry/diagnostic data on the
phone itself. You should never connect that phone to any Wi-Fi.
{\bf Site Note: Be careful of some sellers as shown here
\useURL[url1149][https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/]\from[url1149]}
\useURL[url1150][https://web.archive.org/web/https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/][][{[}Archive.org{]}]\from[url1150]
It will also be crucial not to power on that burner phone ever (not even
without the SIM card) in any geographical location that could lead to
you (at your home/work for instance) and never at the same location as
your other known smartphone (because that one has an IMEI/IMSI that will
easily lead to you). This might seem like a big burden, but it is not as
these phones are only being used during the setup/sign-up process and
for verification from time to time.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
You should test that the phone is in working order before going to the
next step. But we will repeat ourselves and state that it is important
to leave your smartphone at home when going (or turn it off before
leaving if you must keep it) and that you test the phone at a random
location that cannot be tracked back to you (and again, do not do that
in front of a CCTV, avoid cameras, be aware of your surroundings). No
need for Wi-Fi at this place either.
When you are certain the phone is in working order, disable Bluetooth
then power it off (remove the battery if you can) and go back home and
resume your normal activities. Go to the next step.
\subsubsubsubsection[title={Getting an anonymous pre-paid SIM
card:},reference={getting-an-anonymous-pre-paid-sim-card}]
This is the hardest part of the whole guide. It is a SPOF (Single Point
of Failure). The places where you can still buy prepaid SIM cards
without ID registration are getting increasingly limited due to various
KYC type regulations\footnote{Privacy International, Timeline of SIM
Card Registration Laws
\useURL[url1151][https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws]\from[url1151]
\useURL[url1152][https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws][][{[}Archive.org{]}]\from[url1152]}.
So here is a list of places where you can still get them now:
\useURL[url1153][https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country]\from[url1153]
\useURL[url1154][https://web.archive.org/web/https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country][][{[}Archive.org{]}]\from[url1154]
You should be able to find a place that is \quotation{not too far} and
just go there physically to buy some pre-paid cards and top-up vouchers
with cash. Do verify that no law was passed before going that would make
registration mandatory (in case the above wiki was not updated). Try to
avoid CCTV and cameras and do not forget to buy a Top-Up voucher with
the SIM card (if it is not a package) as most pre-paid cards will
require a top-up before use.
See \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]
Double-check that the mobile operators selling the pre-paid SIM cards
will accept the SIM activation and top-up without any ID registration of
any kind before going there. Ideally, they should accept SIM activation
and top-up from the country you live in.
We would recommend GiffGaff in the UK as they are
\quotation{affordable}, do not require identification for activation and
top-up, and will even allow you to change your number up to two times
from their website. One GiffGaff prepaid SIM card will therefore grant
you three numbers to use for your needs.
Power off the phone after activation/top-up and before going home. Do
not ever power it on again unless you are not at a place that can be
used to reveal your identity and ideally leave your real phone on but at
home before going to the safe place with only your burner phone.
\subsubsubsection[title={Online Phone
Number:},reference={online-phone-number}]
{\bf DISCLAIMER: Do not attempt this until you are done setting up a
secure environment according to one of the selected routes. This step
will require online access and should only be done from an anonymous
network. Do not do this from any known/unsecured environment. Skip this
until you have finished one of the routes.}
There are many commercial services offering numbers to receive SMS
messages online but most of those have no anonymity/privacy and can be
of no help as most Social Media platforms place a limit on how many
times a phone number can be used for registration.
There are some forums and subreddits (like r/phoneverification/) where
users will offer the service of receiving such SMS messages for you for
a small fee (using PayPal or some crypto payment). Unfortunately, these
are full of scammers and very risky in terms of anonymity. {\bf You
should not use those under any circumstance.}
To this date, we do not know any reputable service that would offer this
service and accept cash payments (by post for instance) like some VPN
providers. But a few services are providing online phone numbers and do
accept Monero which could be reasonably anonymous (yet less recommended
than that physical way in the earlier chapter) that you could consider:
\startitemize
\item
{\bf Recommended}: Do not require any identification (even e-mail):
\startitemize
\item
(Iceland based, accepts Monero)
\useURL[url1155][https://crypton.sh]\from[url1155]
\useURL[url1156][http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion][][{[}Tor
Mirror{]}]\from[url1156]
\useURL[url1157][https://web.archive.org/web/https://crypton.sh/][][{[}Archive.org{]}]\from[url1157]
\item
(Ukraine based, accepts Monero)
\useURL[url1158][https://virtualsim.net/]\from[url1158]
\useURL[url1159][https://web.archive.org/web/https://virtualsim.net/][][{[}Archive.org{]}]\from[url1159]
\stopitemize
\item
Do require identification (valid e-mail):
\startitemize
\item
(US California based, accepts Monero)
\useURL[url1160][https://mobilesms.io]\from[url1160]
\useURL[url1161][https://web.archive.org/web/https://mobilesms.io/][][{[}Archive.org{]}]\from[url1161]
\item
(Germany based, accepts Monero)
\useURL[url1162][https://www.sms77.io/]\from[url1162]
\useURL[url1163][https://web.archive.org/web/https://www.sms77.io/][][{[}Archive.org{]}]\from[url1163]
\item
(Russia based, accepts Monero)
\useURL[url1164][https://onlinesim.ru/]\from[url1164]
\useURL[url1165][https://web.archive.org/web/https://onlinesim.ru/][][{[}Archive.org{]}]\from[url1165]
\stopitemize
\stopitemize
There are some other possibilities listed here
\useURL[url1166][https://cryptwerk.com/companies/sms/xmr/]\from[url1166]
\useURL[url1167][https://web.archive.org/web/https://cryptwerk.com/companies/sms/xmr/][][{[}Archive.org{]}]\from[url1167].
{\bf Use at your own risk.}
Now, what if you have no money? Well, in that case, you will have to try
your luck with free services and hope for the best. Here are some
examples, {\bf use at your own risk}:
\startitemize
\item
\useURL[url1168][https://oksms.org]\from[url1168]
\item
\useURL[url1169][https://smspva.com]\from[url1169]
\item
\useURL[url1170][https://sms24.me]\from[url1170]
\stopitemize
{\bf Disclaimer: We cannot vouch for any of these providers. We
recommend doing it yourself physically. In this case, you will have to
rely on the anonymity of Monero and you should not use any service that
requires any kind of identification using your real identity. Please do
read \goto{Appendix B2: Monero
Disclaimer}[appendix-b2-monero-disclaimer].}
It is more convenient, cheaper, and less risky to just get a pre-paid
SIM card from one of the physical places that still sell them for cash
without ID.
\subsubsection[title={Get a USB key:},reference={get-a-usb-key}]
{\bf Skip this step if you have no intention of creating anonymous
accounts on most mainstream platforms, but you will want anonymous
browsing; or if the platforms which you will use allow registration
without a phone number.}
Get at least one or two decent size generic USB keys (at least 16GB but
we would recommend 32GB).
Please do not buy or use gimmicky self-encrypting devices such as these:
\useURL[url1171][https://syscall.eu/blog/2018/03/12/aigo_part1/]\from[url1171]
\useURL[url1172][https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/][][{[}Archive.org{]}]\from[url1172]
Some might be very efficient\footnote{NYTimes, Lost Passwords Lock
Millionaires Out of Their Bitcoin Fortunes
\useURL[url1173][https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html]\from[url1173]
\useURL[url1174][https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html][][{[}Archive.org{]}]\from[url1174]}
but many are gimmicky gadgets that offer no real protection\footnote{Usenix.org,
Shedding too much Light on a Microcontroller's Firmware Protection
\useURL[url1175][https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf]\from[url1175]
\useURL[url1176][https://web.archive.org/web/https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf][][{[}Archive.org{]}]\from[url1176]}.
\subsubsection[title={Find some safe places with decent public
Wi-Fi:},reference={find-some-safe-places-with-decent-public-wi-fi}]
You need to find safe places where you will be able to do your sensitive
activities using some publicly accessible Wi-Fi (without any account/ID
registration, avoid CCTVs).
This can be anywhere that will not be tied to you directly (your
home/work) and where you can use the Wi-Fi for a while without being
bothered. But also, a place where you can do this without being
\quotation{noticed} by anyone.
If you think Starbucks is a clever idea, you may reconsider:
\startitemize
\item
They probably have CCTVs in all their shops and keep those recordings
for an unknown amount of time.
\item
You will need to buy a coffee to get the Wi-Fi access code in most. If
you pay for this coffee with an electronic method, they will be able
to tie your Wi-Fi access with your identity.
\stopitemize
Situational awareness is key, and you should be constantly aware of your
surroundings and avoid touristy places like it was plagued by Ebola. You
want to avoid appearing on any picture/video of anyone while someone is
taking a selfie, making a TikTok video, or posting some travel pictures
on their Instagram. If you do, remember chances are high that those
pictures will end up online (publicly or privately) with full metadata
attached to them (time/date/geolocation) and your face. Remember these
can and will be indexed by Facebook/Google/Yandex/Apple and probably all
three letters' agencies.
While this will not be available yet to your local police officers, it
could be in the near future.
You will ideally need a set of 3-5 separate places such as this to avoid
using the same place twice. Several trips will be needed over the weeks
for the various steps in this guide.
You could also consider connecting to these places from a safe distance
for added security. See \goto{Appendix Q: Using long-range Antenna to
connect to Public Wi-Fis from a safe
distance.}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance]
\subsection[title={The Tor Browser
route:},reference={the-tor-browser-route}]
This part of the guide will help you in setting up the simplest and
easiest way to browse the web anonymously. It is not necessarily the
best method and there are more advanced methods below with (much) better
security and (much) better mitigations against various adversaries. Yet,
this is a straightforward way of accessing resources anonymously and
quickly with no budget, no time, no skills, and limited usage.
So, what is Tor Browser? Tor Browser
(\useURL[url1177][https://www.torproject.org/]\from[url1177]
\useURL[url1178][https://web.archive.org/web/https://www.torproject.org/][][{[}Archive.org{]}]\from[url1178])
is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with
privacy and anonymity in mind.
This browser is different from other browsers as it will connect to the
internet through the Tor Network using Onion Routing. We first recommend
that you watch this very nice introduction video by the Tor Project
themselves:
\useURL[url1179][https://www.youtube.com/watch?v=JWII85UlzKw]\from[url1179]
\useURL[url1180][https://yewtu.be/watch?v=JWII85UlzKw][][{[}Invidious{]}]\from[url1180].
After that, you should probably head over to their page to read their
quick overview here:
\useURL[url1181][https://2019.www.torproject.org/about/overview.html.en]\from[url1181]
\useURL[url1182][https://web.archive.org/web/https://2019.www.torproject.org/about/overview.html.en][][{[}Archive.org{]}]\from[url1182].
Without going into too many technical details, Tor Browser is an easy
and simple \quotation{fire and forget} solution to browse the web
anonymously from pretty much any device. It is probably sufficient for
most people and can be used from any computer or smartphone.
Here are several ways to set it up for all main OSes.
{\bf Warning:} You should avoid installing extensions in Tor Browser, as
they can be used to fingerprint and identify you.
\subsubsection[title={Windows, Linux, and
macOS:},reference={windows-linux-and-macos}]
Please see \goto{Appendix Y: Installing and using desktop Tor
Browser}[appendix-y-installing-and-using-desktop-tor-browser].
\subsubsection[title={Android:},reference={android}]
{\bf Note on Tor Browser for Android: The development of Tor Browser for
Android is behind desktop Tor Browser Bundle (TBB). Some features are
not available yet. E.g., the desktop version of Tor now enables
automatic bridges using Moat:}
\quotation{{\bf Connection Assist} works by looking up and downloading
an up-to-date list of country-specific options to try using your
location (with your consent). It manages to do so without needing to
connect to the Tor Network first by utilizing
\useURL[url1183][https://support.torproject.org/glossary/moat/][][moat]\from[url1183]
-- the same domain-fronting tool that Tor Browser uses to request a
bridge from torproject.org.}
\startitemize
\item
Head over to:
\startitemize
\item
Play Store:
\useURL[url1184][https://play.google.com/store/apps/details?id=org.torproject.torbrowser]\from[url1184]
\item
F-Droid Store: It's not yet there but you can add it manually
following the instructions at
\useURL[url1185][https://support.torproject.org/tormobile/tormobile-7/]\from[url1185]
\useURL[url1186][https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-7/][][{[}Archive.org{]}]\from[url1186]
\stopitemize
\item
Install
\item
Launch Tor Browser
\item
After launching, click the upper right {\bf Settings} icon
\item
Select {\bf Settings} > {\bf Privacy and security} > {\bf Tor network}
\item
Select {\bf Config Bridge}.
\item
Read \goto{Appendix X: Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments].
\item
{\bf If needed (after reading the appendix above)}, activate the
option and select the type of bridge you want:
\startitemize
\item
Obfs4
\item
Meek-Azure
\item
Snowflake
\stopitemize
\item
{\bf If your internet isn't censored}, consider running one of the
bridge types to help the network!
\startitemize
\item
Easy: Obsf4 - You can run your own Obsf4 easily with these
instructions.
\useURL[url1187][https://community.torproject.org/relay/setup/bridge/]\from[url1187]
\item
Medium: Snowflake - More about Snowflakes here.
\useURL[url1188][https://snowflake.torproject.org/]\from[url1188]
\item
Hard: Meek - This is the documentation. It's not as simple.
\useURL[url1189][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek/\#how-to-run-a-meek-server-bridge]\from[url1189]
\stopitemize
\stopitemize
Personally, if you need to use a Bridge (this is not necessary for a
non-hostile environment), you should pick a Meek-Azure. Those will
probably work even if you are in China and want to bypass the Great
Firewall. It is probably the best option to obfuscate your Tor
activities if needed and Microsoft servers are usually not blocked.
{\em Only available for Desktop Tor users: Recently, the Tor Project has
made it incredibly simple to access Bridges with {\bf Connection
Assist}, and it is now automatically done in hostile or censored
regions. Simply open the Tor Browser and the connection will be
configured based on your needs on any hostile network. Previously, we
had a list of options below this paragraph which were necessary to
enable and configure bridges, but now that this is done automatically
using
\useURL[url1190][https://support.torproject.org/glossary/moat/][][moat]\from[url1190].}
\useURL[url1191][https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/][][{[}Archive.org{]}]\from[url1191]
\startitemize[packed]
\item
You are almost done
\stopitemize
As with the desktop version, you need to know there are safety levels in
Tor Browser. On Android, you can access these by following these steps:
\startitemize
\item
Click the menu (bottom right)
\item
Click {\bf Settings}.
\item
Head over to the {\bf Privacy and security} section.
\item
Click {\bf Security Settings}.
\stopitemize
You will find details about each level here:
\useURL[url1192][https://tb-manual.torproject.org/security-settings/]\from[url1192]
\useURL[url1193][https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/][][{[}Archive.org{]}]\from[url1193]
but here is a summary:
\startitemize
\item
Standard (the default):
\startitemize[packed]
\item
All features are enabled (including JavaScript)
\stopitemize
\item
Safer:
\startitemize
\item
JavaScript is disabled on non-HTTPS websites
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\item
Safest:
\startitemize
\item
Javascript is disabled everywhere
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\stopitemize
We would recommend the \quotation{Safer} level for most cases. The
Safest level should be enabled if you think you are accessing suspicious
or dangerous websites and/or if you are extra paranoid.
If you are extra paranoid, use the \quotation{Safest} level by default
and consider downgrading to Safer is the website is unusable because of
Javascript blocking.
However, the Safer level should be used with some extra precautions
while using some websites: see \goto{Appendix A5: Additional browser
precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled].
Now, you are really done, and you can now surf the web anonymously from
your Android device.
{\bf Please see} \goto{Warning for using Orbot on
Android}[appendix-b6-warning-for-using-orbot-on-android].
\subsubsection[title={iOS:},reference={ios}]
{\bf Disclaimer: Onion Browser, following a 2018 release on iOS, has had
IP leaks via WebRTC. It is still the only officially endorsed browser
for the Tor network for iOS. Users should exercise caution when using
the browser and check for any DNS leaks.}
While the official Tor Browser is not yet available for iOS, there is an
alternative called Onion Browser endorsed by the Tor Project\footnote{TorProject.org,
Can I run Tor Browser on an iOS device?
\useURL[url1194][https://support.torproject.org/tormobile/tormobile-3/]\from[url1194]
\useURL[url1195][https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-3/][][{[}Archive.org{]}]\from[url1195]}.
\startitemize
\item
Head over to
\useURL[url1196][https://apps.apple.com/us/app/onion-browser/id519296448]\from[url1196]
\item
Install
\item
Disable Wi-Fi and Mobile Data
\item
Launch Onion Browser
\item
After Launching, click the upper right Settings icon (Disabling Wi-Fi
and Mobile Data previously were to prevent Onion Browser from
connecting automatically and to allow access to these options).
\item
Select \quotation{Bridge Configuration} and read \goto{Appendix X:
Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments]
\item
{\bf If needed (after reading the appendix above)}, activate the
option and select the type of bridge you want:
\startitemize
\item
Obfs4
\item
Snowflake
\item
(Meek-Azure is unfortunately not available on Onion Browser for iOS
(See
\useURL[url1197][https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810][][commit
21bc18428]\from[url1197] for more information.)
\stopitemize
\item
{\bf If your internet isn't censored}, consider running one of the
bridge types to help the network!
\startitemize
\item
Easy: Obsf4 - You can run your own Obsf4 easily with these
instructions.
\useURL[url1198][https://community.torproject.org/relay/setup/bridge/]\from[url1198]
\item
Medium: Snowflake - More about Snowflakes here.
\useURL[url1199][https://snowflake.torproject.org/]\from[url1199]
\item
Hard: Meek - This is the documentation. It's not as simple.
\useURL[url1200][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek/\#how-to-run-a-meek-server-bridge]\from[url1200]
\stopitemize
\stopitemize
Personally, if you need to use a Bridge (this is not necessary for a
non-hostile environment), you should pick a Snowflake one (since
Meek-Azure bridges are not available). Those will probably work even if
you are in China and want to bypass the Great Firewall. It is probably
the best option you have on iOS.
\startitemize[packed]
\item
You are almost done
\stopitemize
As with the desktop version, you need to know there are safety levels in
Onion Browser. On iOS, you can access these by following these steps:
\startitemize
\item
Click the shield icon (upper left)
\item
You will have three levels to pick from
\startitemize
\item
\startitemize[n,packed][stopper=.]
\item
Gold: Ideal if you are suspicious, paranoid, or accessing what you
think are dangerous resources.
\stopitemize
\startitemize
\item
JavaScript is disabled
\item
WebSockets, Geolocation, and XHR are disabled
\item
No Video or Audio
\item
Links cannot open Apps
\item
WebRTC is blocked
\item
Mixed HTTP/HTTPS is blocked
\item
Ads and Pop-Ups are blocked
\stopitemize
\item
\startitemize[n,packed][start=2,stopper=.]
\item
Silver:
\stopitemize
\startitemize
\item
JavaScript partially allowed
\item
WebSockets, Geolocation, and XHR are disabled
\item
No Video or Audio
\item
Links cannot open Apps
\item
WebRTC is blocked
\item
Mixed HTTP/HTTPS is blocked
\item
Ads and Pop-Ups are blocked
\stopitemize
\item
\startitemize[n,packed][start=3,stopper=.]
\item
Bronze (not recommended):
\stopitemize
\startitemize
\item
JavaScript allowed
\item
Audio and Video allowed
\item
Links cannot open Apps
\item
WebRTC is not blocked
\item
Mixed HTTP/HTTPS is not blocked
\item
Ads and Pop-Ups are blocked
\stopitemize
\stopitemize
\stopitemize
We would recommend the \quotation{Silver} level for most cases. The Gold
level should only be enabled if you think you are accessing suspicious
or dangerous websites or if you are extra paranoid. The Gold mode will
also most likely break many websites that rely actively on JavaScript.
As JavaScript is enabled in the Silver mode, please see \goto{Appendix
A5: Additional browser precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled].
Now, you are really done, and you can now surf the web anonymously from
your iOS device.
\subsubsection[title={Important Warning:},reference={important-warning}]
{\bf This route is the easiest but is not designed to resist highly
skilled adversaries. It is however usable on any device regardless of
the configuration. This route is also vulnerable to correlation attacks
(See \goto{Your Anonymized Tor/VPN
traffic}[your-anonymized-torvpn-traffic]) and is blind to anything that
might be on your device (this could be any malware, exploit, virus,
remote administration software, parental controls\ldots{}). Yet, if your
threat model is quite low, it is probably sufficient for most people.}
If you have time and want to learn, we recommend going for other routes
instead as they offer far better security and mitigate far more risks
while lowering your attack surface considerably.
\subsection[title={The Tails route:},reference={the-tails-route}]
This part of the guide will help you in setting up Tails if one of the
following is true:
\startitemize
\item
You cannot afford a dedicated laptop
\item
Your dedicated laptop is just too old and too slow
\item
You have very low IT skills
\item
You decide to go with Tails anyway
\stopitemize
Tails\footnote{Wikipedia, Tails
\useURL[url1201][https://en.wikipedia.org/wiki/Tails_(operating_system)]\from[url1201]
\useURL[url1202][https://wikiless.org/wiki/Tails_(operating_system)][][{[}Wikiless{]}]\from[url1202]
\useURL[url1203][https://web.archive.org/web/https://en.wikipedia.org/wiki/Tails_(operating_system)][][{[}Archive.org{]}]\from[url1203]}
stands for {\bf The Amnesic Incognito Live System}. It is a bootable
Live Operating System running from a USB key that is designed for
leaving no traces and forcing all connections through the Tor network.
You insert the Tails USB key into your laptop, boot from it and you have
a full operating system running with privacy and anonymity in mind. As
soon as you shut down the computer, everything will be gone unless you
saved it somewhere.
Tails is an amazingly straightforward way to get going in no time with
what you have and without much learning. It has extensive documentation
and tutorials.
{\bf WARNING: Tails is not always up to date with their bundled
software. And not always up to date with the Tor Browser updates either.
You should always make sure you are using the latest version of Tails
and you should use extreme caution when using bundled apps within Tails
that might be vulnerable to exploits and reveal your location}\footnote{Vice.com,
Facebook Helped the FBI Hack a Child Predator
\useURL[url1204][https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez]\from[url1204]
\useURL[url1205][https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez][][{[}Archive.org{]}]\from[url1205]}{\bf .}
It does however have some drawbacks:
\startitemize
\item
Tails uses Tor and therefore you will be using Tor to access any
resource on the internet. This alone will make you suspicious to most
platforms where you want to create anonymous accounts (this will be
explained in more detail later).
\item
Your ISP (whether it is yours or some public Wi-Fi) will also see that
you are using Tor, and this could make you suspicious in itself.
\item
Tails does not include (natively) some of the software you might want
to use later which will complicate things quite a bit if you want to
run some specific things (Android Emulators for instance).
\item
Tails uses Tor Browser which while it is very secure will be detected
as well by most platforms and will hinder you in creating anonymous
identities on many platforms.
\item
Tails will not protect you more from the 5\$ wrench\footnote{XKCD,
Security \useURL[url1206][https://xkcd.com/538/]\from[url1206]
\useURL[url1207][https://web.archive.org/web/https://xkcd.com/538/][][{[}Archive.org{]}]\from[url1207]}.
\item
Tor in itself might not be enough to protect you from an adversary
with enough resources as explained earlier.
\stopitemize
{\bf Important Note: If your laptop is monitored/supervised and some
local restrictions are in place, please read} \goto{Appendix U: How to
bypass (some) local restrictions on supervised
computers}[appendix-u-how-to-bypass-some-local-restrictions-on-supervised-computers]{\bf .}
You should also read Tails Documentation, Warnings, and limitations,
before going further
\useURL[url1208][https://tails.boum.org/doc/about/warnings/index.en.html]\from[url1208]
\useURL[url1209][https://web.archive.org/web/https://tails.boum.org/doc/about/warnings/index.en.html][][{[}Archive.org{]}]\from[url1209]
Taking all this into account and the fact that their documentation is
great, we will just redirect you towards their well-made and
well-maintained tutorial:
\useURL[url1210][https://tails.boum.org/install/index.en.html]\from[url1210]
\useURL[url1211][https://web.archive.org/web/https://tails.boum.org/install/index.en.html][][{[}Archive.org{]}]\from[url1211],
pick your flavor and proceed.
If you're having an issue accessing Tor due to censorship or other
issues, you can try using Tor Bridges by following this Tails tutorial:
\useURL[url1212][https://tails.boum.org/doc/anonymous_internet/tor/index.en.html]\from[url1212]
\useURL[url1213][https://web.archive.org/web/https://tails.boum.org/doc/anonymous_internet/tor/index.en.html][][{[}Archive.org{]}]\from[url1213]
and find more information about these on Tor Documentation
\useURL[url1214][https://2019.www.torproject.org/docs/bridges]\from[url1214]
\useURL[url1215][https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges][][{[}Archive.org{]}]\from[url1215]
{\bf If you think using Tor alone is dangerous/suspicious, see
\goto{Appendix P: Accessing the internet as safely as possible when
Tor/VPN is not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]}
\subsubsection[title={Tor Browser settings on
Tails:},reference={tor-browser-settings-on-tails}]
When using Tor Browser, you should click the little shield Icon (upper
right, next to the Address bar) and select your Security level (see
\useURL[url1216][https://tb-manual.torproject.org/security-settings/]\from[url1216]
\useURL[url1217][https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/][][{[}Archive.org{]}]\from[url1217]
for details). Basically, there are three.
\startitemize
\item
Standard (the default):
\startitemize[packed]
\item
All features are enabled (including JavaScript)
\stopitemize
\item
Safer:
\startitemize
\item
JavaScript is disabled on non-HTTPS websites
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\item
Safest:
\startitemize
\item
Javascript is disabled everywhere
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\stopitemize
We would recommend the \quotation{Safer} level for most cases. The
Safest level should be enabled if you think you are accessing suspicious
or dangerous websites or if you are extra paranoid. The Safest mode will
also most likely break many websites that rely actively on JavaScript.
If you are extra paranoid, use the \quotation{Safest} level by default
and consider downgrading to Safer is the website is unusable because of
Javascript blocking.
Lastly, while using Tor Browser on Tails on the \quotation{Safer} level,
please consider \goto{Appendix A5: Additional browser precautions with
JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled]
When you are done and have a working Tails on your laptop, go to the
\goto{Creating your anonymous online
identities}[creating-your-anonymous-online-identities] step much further
in this guide or if you want persistence and plausible deniability,
continue with the next section.
\subsubsection[title={Persistent Plausible Deniability using Whonix
within
Tails:},reference={persistent-plausible-deniability-using-whonix-within-tails}]
Consider checking the
\useURL[url1218][https://github.com/aforensics/HiddenVM]\from[url1218]
\useURL[url1219][https://web.archive.org/web/https://github.com/aforensics/HiddenVM][][{[}Archive.org{]}]\from[url1219]
project for Tails.
This project is a clever idea of a one-click self-contained VM solution
that you could store on an encrypted disk using plausible
deniability\footnote{Wikipedia, Plausible Deniability
\useURL[url1220][https://en.wikipedia.org/wiki/Plausible_deniability]\from[url1220]
\useURL[url1221][https://wikiless.org/wiki/Plausible_deniability][][{[}Wikiless{]}]\from[url1221]
\useURL[url1222][https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability][][{[}Archive.org{]}]\from[url1222]}
(see \goto{The Whonix route:}[the-whonix-route] first chapters and also
for some explanations about Plausible deniability, as well as the
\goto{How to securely delete specific files/folders/data on your HDD/SSD
and Thumb
drives:}[how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives]
section at the end of this guide for more understanding).
This would allow the creation of a hybrid system mixing Tails with the
Virtualization options of the Whonix route in this guide.
\placefigure{image19}{\externalfigure[./tex2pdf.-1a34188c73046814/67f5e6d6a057d0b015934661fba6f7d7bf386403.png]}
{\bf Note: See} \goto{Pick your connectivity
method}[pick-your-connectivity-method] {\bf in the Whonix Route for more
explanations about Stream Isolation}
In short:
\startitemize
\item
You could run non-persistent Tails from one USB key (following their
recommendations)
\item
You could store persistent VMs within a secondary container that could
be encrypted normally or using the Veracrypt plausible deniability
feature (these could be Whonix VMs for instance or any other).
\item
You do benefit from the added Tor Stream Isolation feature (see
\goto{Tor over VPN}[tor-over-vpn] for more info about stream
isolation).
\stopitemize
In that case, as the project outlines it, there should be no traces of
any of your activities on your computer and the sensitive work could be
done from VMs stored into a Hidden container that should not be easily
discoverable by a soft adversary.
{\bf This option is particularly interesting for \quotation{traveling
light} and to mitigate forensics attacks while keeping persistence on
your work.} You only need 2 USB keys (one with Tails and one with a
Veracrypt container containing persistent Whonix). The first USB key
will appear to contain just Tails and the second USB will appear to
contain just random garbage but will have a decoy volume which you can
show for plausible deniability.
You might also wonder if this will result in a \quotation{Tor over Tor}
setup, but it will not. The Whonix VMs will be accessing the network
directly through clearnet and not through Tails Onion Routing.
In the future, this could also be supported by the Whonix project
themselves as explained here:
\useURL[url1223][https://www.whonix.org/wiki/Whonix-Host]\from[url1223]
\useURL[url1224][https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Host][][{[}Archive.org{]}]\from[url1224]
but it is not yet recommended as of now for end-users.
Remember that encryption with or without plausible deniability is not a
silver bullet and will be of little use in case of torture. As a matter
a fact, depending on who your adversary would be (your threat model), it
might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown
in this demonstration:
\useURL[url1225][https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm]\from[url1225]
\useURL[url1226][https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm][][{[}Archive.org{]}]\from[url1226]
{\bf Plausible deniability is only effective against soft lawful
adversaries that will not resort to physical means.}
{\bf See
\useURL[url1227][https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis]\from[url1227]}
\useURL[url1228][https://wikiless.org/wiki/Rubber-hose_cryptanalysis][][{[}Wikiless{]}]\from[url1228]
\useURL[url1229][https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis][][{[}Archive.org{]}]\from[url1229]
CAUTION: Please see \goto{{\bf Appendix K: Considerations for using
external SSD
drives}}[appendix-k-considerations-for-using-external-ssd-drives] and
\goto{{\bf Understanding HDD vs SSD}}[understanding-hdd-vs-ssd] sections
if you consider storing such hidden VMs on an external SSD drive:
\startitemize
\item
{\bf Do not use hidden volumes on SSD drives as this is not
supported/recommended by Veracrypt}\footnote{Veracrypt Documentation,
Trim Operations
\useURL[url1230][https://www.veracrypt.fr/en/Trim\%20Operation.html][][https://www.veracrypt.fr/en/Trim\letterpercent{}20Operation.html]\from[url1230]
\useURL[url1231][https://web.archive.org/web/https://www.veracrypt.fr/en/Trim\%20Operation.html][][{[}Archive.org{]}]\from[url1231]}{\bf .}
\item
{\bf Use instead file containers instead of encrypted volumes.}
\item
{\bf Make sure you do know how to clean data from an external SSD
drive properly.}
\stopitemize
Here is my guide on how to achieve this:
\subsubsubsection[title={First Run:},reference={first-run}]
\startitemize
\item
Download the latest HiddenVM release from
\useURL[url1232][https://github.com/aforensics/HiddenVM/releases]\from[url1232]
\useURL[url1233][https://web.archive.org/web/https://github.com/aforensics/HiddenVM/releases][][{[}Archive.org{]}]\from[url1233]
\item
Download the latest Whonix XFCE release from
\useURL[url1234][https://www.whonix.org/wiki/VirtualBox/XFCE]\from[url1234]
\useURL[url1235][https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE][][{[}Archive.org{]}]\from[url1235]
\item
Prepare a USB Key/Drive with Veracrypt
\startitemize
\item
Create a Hidden Volume on the USB/Key Drive (We would recommend at
least 16GB for the hidden volume)
\item
In the Outer Volume, place some decoy files
\item
In the Hidden Volume, place the HiddenVM appimage file
\item
In the Hidden Volume, place the Whonix XFCE ova file
\stopitemize
\item
Boot into Tails
\item
Setup the Keyboard layout as you want.
\item
Select Additional Settings and set an administrator (root) password
(needed for installing HiddenVM)
\item
Start Tails
\item
Connect to a safe wi-fi (this is a required step for the rest to work)
\item
Go into Utilities and Unlock your Veracrypt (hidden) Volume (do not
forget to check the hidden volume checkbox)
\item
Launch the HiddenVM appimage
\item
When prompted to select a folder, select the Root of the Hidden volume
(where the Whonix OVA and HiddenVM app image files are).
\item
Let it do its thing (This will install Virtualbox within Tails with
one click)
\item
When it is done, it should automatically start Virtualbox Manager.
\item
Import the Whonix OVA files (see \goto{Whonix Virtual
Machines:}[whonix-virtual-machines])
\stopitemize
Note, if during the import you are having issues such as
\quotation{NS_ERROR_INVALID_ARG (0x80070057)}, this is probably because
there is not enough disk space on your Hidden volume for Whonix. Whonix
themselves recommend 32GB of free space but that's probably not
necessary and 10GB should be enough for a start. You can try working
around this error by renaming the Whonix {\em .OVA file to }.TAR and
decompressing it within Tails. When you are done with decompression,
delete the OVA file and import the other files with the Import wizard.
This time it might work.
\subsubsubsection[title={Subsequent Runs:},reference={subsequent-runs}]
\startitemize
\item
Boot into Tails
\item
Connect to Wi-Fi
\item
Unlock your Hidden Volume
\item
Launch the HiddenVM App
\item
This should automatically open VirtualBox manager and show your
earlier VMs from the first run
\stopitemize
\subsection[title={Steps for all other
routes:},reference={steps-for-all-other-routes}]
\subsubsection[title={Get a dedicated laptop for your sensitive
activities:},reference={get-a-dedicated-laptop-for-your-sensitive-activities}]
Ideally, you should get a dedicated laptop that will not be tied to you
in any effortless way (ideally paid with cash anonymously and using the
same precautions as previously mentioned for the phone and the SIM
card). It is recommended but not mandatory. This guide will help you
harden your laptop as much as possible to prevent data leaks through
various means. There will be several lines of defense standing between
your online identities and yourself which should prevent most
adversaries from de-anonymizing you - besides state/global actors. It
will take considerable resources.
This laptop should ideally be a clean, freshly installed laptop (running
Windows, Linux, or macOS); which is clean of your normal day-to-day
activities; and which is offline (never connected to your home network).
In the case of a Windows laptop, and if you used it before such a clean
install, it should also not be activated. Simply reinstall without a
product key in the case that it came pre-activated. Specifically, in the
case of MacBooks, it should never have been tied to your identity before
in any means. So, buy secondhand with cash from an unknown stranger who
does not know your identity.
This is to mitigate some future issues in case of online leaks
(including telemetry from your OS or Apps) that could compromise any
unique identifiers of the laptop while using it (MAC Address, Bluetooth
Address, and Product key \ldots{}). But also, to avoid being tracked
back if you need to dispose of the laptop.
If you used this laptop before for different purposes (like your
day-to-day activities), all its hardware identifiers are probably known
and registered by Microsoft or Apple. If later any of those identifiers
is compromised (by malware, telemetry, exploits, human errors \ldots{})
they could lead back to you.
The laptop should have at least 250GB of Disk Space {\bf at least 6GB
(ideally 8GB or 16GB)} of RAM and should be able to run a couple of
Virtual Machines at the same time. It should have a working battery that
lasts a few hours. You should aim for something with large storage
(1TB+) if possible because we will need as much as possible.
This laptop could have an HDD (7200rpm) or an SSD/NVMe drive. Both
possibilities have their benefits and issues that will be detailed
later.
All future online steps performed with this laptop should ideally be
done from a safe network such as Public Wi-Fi in a safe place (see
\goto{Find some safe places with decent public
Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi]). But several
steps will have to be taken offline first.
\subsubsection[title={Some laptop
recommendations:},reference={some-laptop-recommendations}]
We would strongly recommend getting a \quotation{business grade} laptop
(meaning not consumer/gaming-grade laptop) if you can. For instance,
some ThinkPad from Lenovo (my personal favorite).
This is because those business laptops usually offer better and more
customizable security features (especially in the BIOS/UEFI settings)
with longer support than most consumer laptops (Asus, MSI, Gigabyte,
Acer\ldots{}). The interesting features to look for are:
\startitemize
\item
Better custom Secure Boot {\bf settings (where you can selectively
manage all the keys and not just use the Standard ones)}
\item
HDD/SSD passwords in addition to just BIOS/UEFI passwords.
\item
AMD laptops could be more interesting as some provide the ability to
disable AMD PSP (the AMD equivalent of Intel IME) from the BIOS/UEFI
settings by default. And, because AFAIK, AMD PSP was audited and
contrary to IME was not found to have any \quotation{evil}
functionalities\footnote{YouTube, 36C3 - Uncover, Understand, Own -
Regaining Control Over Your AMD CPU
\useURL[url1236][https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s]\from[url1236]
\useURL[url1237][https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s][][{[}Invidious{]}]\from[url1237]}.
However, if you are going for the Qubes OS Route consider Intel CPUs
as Qubes OS does not support AMD with their anti-evil-maid
system\footnote{Qubes OS, Anti-Evil Maid,
\useURL[url1238][https://github.com/QubesOS/qubes-antievilmaid]\from[url1238]
\useURL[url1239][https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid][][{[}Archive.org{]}]\from[url1239]}.
\item
Secure Wipe tools from the BIOS (especially useful for SSD/NVMe
drives, see \goto{Appendix M: BIOS/UEFI options to wipe disks in
various
Brands}[appendix-m-biosuefi-options-to-wipe-disks-in-various-brands]).
\item
Better control over the disabling/enabling of select peripherals (USB
ports, Wi-Fis, Bluetooth, Camera, Microphone \ldots{}).
\item
Better security features with Virtualization.
\item
Native anti-tampering protections.
\item
Longer support with BIOS/UEFI updates (and subsequent BIOS/UEFI
security updates).
\item
Some are supported by Libreboot
\stopitemize
\subsubsection[title={Bios/UEFI/Firmware Settings of your
laptop:},reference={biosuefifirmware-settings-of-your-laptop}]
\subsubsubsection[title={PC:},reference={pc}]
These settings can be accessed through the boot menu of your laptop.
Here is a good tutorial from HP explaining all the ways to access the
BIOS on various computers:
\useURL[url1240][https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs]\from[url1240]
\useURL[url1241][https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs][][{[}Archive.org{]}]\from[url1241]
Usually how to access it is by pressing a specific key (F1, F2, or Del)
at boot (before your OS).
Once you are in there, you will need to apply a few recommended
settings:
\startitemize
\item
Disable Bluetooth completely if you can.
\item
Disable Biometrics (fingerprint scanners) if you have any if you can.
However, you could add a biometric additional check for booting only
(pre-boot) but not for accessing the BIOS/UEFI settings.
\item
Disable the Webcam and Microphone if you can.
\item
Enable BIOS/UEFI password and use a long passphrase instead of a
password (if you can) and make sure this password is required for:
\startitemize
\item
Accessing the BIOS/UEFI settings themselves
\item
Changing the Boot order
\item
Startup/Power-on of the device
\stopitemize
\item
Enable HDD/SSD password if the feature is available. This feature will
add another password on the HDD/SSD itself (not in the BIOS/UEFI
firmware) that will prevent this HDD/SSD from being used in a
different computer without the password. Note that this feature is
also specific to some manufacturers and could require specific
software to unlock this disk from a completely different computer.
\item
Prevent accessing the boot options (the boot order) without providing
the BIOS/UEFI password if you can.
\item
Disable USB/HDMI or any other port (Ethernet, Firewire, SD card
\ldots{}) if you can.
\item
Disable Intel ME if you can (odds are very high you can't).
\item
Disable AMD PSP if you can (AMD's equivalent to IME, see \goto{Your
CPU}[your-cpu])
\item
Disable Secure Boot if you intend to use Qubes OS as they do not
support it out of the box\footnote{QubesOS FAQ,
\useURL[url1242][https://www.qubes-os.org/faq/\#is-secure-boot-supported]\from[url1242]
\useURL[url1243][https://web.archive.org/web/https://www.qubes-os.org/faq/][][{[}Archive.org{]}]\from[url1243]}.
Keep it on if you intend to use Linux/Windows.
\item
Check if your laptop BIOS has a secure erase option for your HDD/SSD
that could be convenient in case of need.
\stopitemize
Only enable those on a \quotation{need to use} basis and disable them
again after use. This can help mitigate some attacks in case your laptop
is seized while locked but still on OR if you had to shut it down rather
quickly and someone took possession of it (this topic will be explained
later in this guide).
\subsubsubsubsection[title={About Secure
boot:},reference={about-secure-boot}]
So, what is Secure Boot\footnote{Wikipedia, Secure Boot
\useURL[url1244][https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface\#Secure_boot]\from[url1244]
\useURL[url1245][https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface][][{[}Wikiless{]}]\from[url1245]
\useURL[url1246][https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface][][{[}Archive.org{]}]\from[url1246]}?
In short, it is a UEFI security feature designed to prevent your
computer from booting an operating system from which the bootloader was
not signed by specific keys stored in the UEFI firmware of your laptop.
When the operating system (or the Bootloader\footnote{Wikipedia, Booting
\useURL[url1247][https://en.wikipedia.org/wiki/Booting]\from[url1247]
\useURL[url1248][https://wikiless.org/wiki/Booting][][{[}Wikiless{]}]\from[url1248]
\useURL[url1249][https://web.archive.org/web/https://en.wikipedia.org/wiki/Booting][][{[}Archive.org{]}]\from[url1249]})
supports it, you can store the keys of your bootloader in your UEFI
firmware, and this will prevent booting up any unauthorized Operating
System (such as a live OS USB or anything similar).
Secure Boot settings are protected by the password you set up to access
the BIOS/UEFI settings. If you have that password, you can disable
Secure Boot and allow unsigned OSes to boot on your system. This can
help mitigate some Evil-Maid attacks (explained later in this guide).
In most cases, Secure Boot is disabled by default or is enabled but in
\quotation{setup} mode which will allow any system to boot. For Secure
Boot to work, your Operating System will have to support it and then
sign its bootloader and push those signing keys to your UEFI firmware.
After that, you will have to go to your BIOS/UEFI settings and save
those pushed keys from your OS and change the Secure Boot from setup to
user mode (or custom mode in some cases).
After doing that step, only the Operating Systems from which your UEFI
firmware can verify the integrity of the bootloader will be able to
boot.
Most laptops will have some default keys already stored in the secure
boot settings. Usually, those are from the manufacturer itself or some
companies such as Microsoft. So, this means that by default, it will
always be possible to boot some USB disks even with secure boot. These
include Windows, Fedora, Ubuntu, Mint, Debian, CentOS, OpenSUSE, Tails,
Clonezilla, and many others. Secure Boot is however not supported at all
by Qubes OS at this point.
In some laptops, you can manage those keys and remove the ones you do
not want with a \quotation{custom mode} to only authorize your
bootloader that you could sign yourself if you want to.
So, what is Secure Boot protecting you from? It will protect your laptop
from booting unsigned bootloaders (by the OS provider) with for instance
injected malware.
What is Secure Boot {\bf not} protecting you from?
\startitemize
\item
Secure Boot is not encrypting your disk and an adversary can still
just remove the disk from your laptop and extract data from it using a
different machine. Secure Boot is therefore useless without full disk
encryption.
\item
Secure Boot is not protecting you from a signed bootloader that would
be compromised and signed by the manufacturer itself (Microsoft for
example in the case of Windows). Most mainstream Linux distributions
are signed these days and will boot with Secure Boot enabled.
\item
Secure Boot can have flaws and exploits like any other system. If you
are running an old laptop that does not benefit from new BIOS/UEFI
updates, these can be left unfixed.
\stopitemize
Additionally, several attacks could be possible against Secure Boot as
explained (in-depth) in these technical videos:
\startitemize
\item
Defcon 22,
\useURL[url1250][https://www.youtube.com/watch?v=QDSlWa9xQuA]\from[url1250]
\useURL[url1251][https://yewtu.be/watch?v=QDSlWa9xQuA][][{[}Invidious{]}]\from[url1251]
\item
BlackHat 2016,
\useURL[url1252][https://www.youtube.com/watch?v=0fZdL3ufVOI]\from[url1252]
\useURL[url1253][https://yewtu.be/watch?v=0fZdL3ufVOI][][{[}Invidious{]}]\from[url1253]
\stopitemize
{\bf So, it can be useful as an added measure against some adversaries
but not all. Secure Boot in itself is not encrypting your hard drive. It
is an added layer but that is it.}
{\bf I still recommend you keep it on if you can.}
\subsubsubsection[title={Mac:},reference={mac}]
Take a moment to set a firmware password according to the tutorial here:
\useURL[url1254][https://support.apple.com/en-au/HT204455]\from[url1254]
\useURL[url1255][https://web.archive.org/web/https://support.apple.com/en-au/HT204455][][{[}Archive.org{]}]\from[url1255]
You should also enable firmware password reset protection (available
from Catalina) according to the documentation here:
\useURL[url1256][https://support.apple.com/en-gb/guide/security/sec28382c9ca/web]\from[url1256]
\useURL[url1257][https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web][][{[}Archive.org{]}]\from[url1257]
This feature will mitigate the possibility for some adversaries to use
hardware hacks to disable/bypass your firmware password. Note that this
will also prevent Apple themselves from accessing the firmware in case
of repair.
\subsubsection[title={Physically Tamper protect your
laptop:},reference={physically-tamper-protect-your-laptop}]
At some point, you will inevitably leave this laptop alone somewhere.
You will not sleep with it and take it everywhere every single day. You
should make it as hard as possible for anyone to tamper with it without
you noticing it. This is mostly useful against some limited adversaries
that will not use a 5\$ wrench against you\footnote{XKCD, Security
\useURL[url1258][https://xkcd.com/538/]\from[url1258]
\useURL[url1259][https://web.archive.org/web/https://xkcd.com/538/][][{[}Archive.org{]}]\from[url1259]}.
It is important to know that it is trivially easy for some specialists
to install a key logger in your laptop, or to just make a clone copy of
your hard drive that could later allow them to detect the presence of
encrypted data in it using forensic techniques (more on that later).
Here is a good cheap method to make your laptop tamper-proof using Nail
Polish (with glitter)
\useURL[url1260][https://mullvad.net/en/help/how-tamper-protect-laptop/]\from[url1260]
\useURL[url1261][https://web.archive.org/web/https://mullvad.net/en/help/how-tamper-protect-laptop/][][{[}Archive.org{]}]\from[url1261]
\footnote{Wired, Don't Want Your Laptop Tampered With? Just Add Glitter
Nail Polish
\useURL[url1262][https://www.wired.com/2013/12/better-data-security-nail-polish/]\from[url1262]
\useURL[url1263][https://web.archive.org/web/https://www.wired.com/2013/12/better-data-security-nail-polish/][][{[}Archive.org{]}]\from[url1263]}
(with pictures).
While this is a good cheap method, it could also raise suspicions as it
is quite \quotation{noticeable} and might just reveal that you
\quotation{have something to hide}. So, there are more subtle ways of
achieving the same result. You could also for instance make a close-up
macro photography of the back screws of your laptop or just use a small
amount of candle wax within one of the screws that could just look like
usual dirt. You could then check for tampering by comparing the
photographs of the screws with new ones. Their orientation might have
changed a bit if your adversary was not careful enough (Tightening them
exactly the same way they were before). Or the wax within the bottom of
a screw head might have been damaged compared to before.
\placefigure{image20}{\externalfigure[./tex2pdf.-1a34188c73046814/a0a9bd8f5400eecc92075b502854bb202c2de9fc.png]}
\placefigure{image21}{\externalfigure[./tex2pdf.-1a34188c73046814/7285fc77e7eb3c0381a6dd18d8378bf0422a363b.png]}
The same techniques can be used with USB ports where you could just put
a tiny amount of candle wax within the plug that would be damaged by
inserting a USB key in it.
In riskier environments, check your laptop for tampering before using it
regularly.
\subsection[title={The Whonix route:},reference={the-whonix-route}]
\subsubsection[title={Picking your Host OS (the OS installed on your
laptop):},reference={picking-your-host-os-the-os-installed-on-your-laptop}]
This route will make extensive use of Virtual Machines\footnote{Wikipedia,
Virtual Machine
\useURL[url1264][https://en.wikipedia.org/wiki/Virtual_machine]\from[url1264]
\useURL[url1265][https://wikiless.org/wiki/Virtual_machine][][{[}Wikiless{]}]\from[url1265]
\useURL[url1266][https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_machine][][{[}Archive.org{]}]\from[url1266]},
they will require a host OS to run the Virtualization software. You have
three recommended choices in this part of the guide:
\startitemize
\item
Your Linux distribution of choice (excluding Qubes OS)
\item
Windows 10/11 (preferably Home edition due to the absence of
Bitlocker)
\item
macOS (Catalina or higher up to Monterey)
\stopitemize
In addition, chances are high that your Mac is or has been tied to an
Apple account (at the time of purchase or after signing-in) and
therefore its unique hardware identifiers could lead back to you in case
of hardware identifiers leak.
Linux is also not necessarily the best choice for anonymity depending on
your threat model. This is because using Windows will allow us to
{\bf conveniently} use Plausible Deniability\footnote{Wikipedia,
Plausible Deniability
\useURL[url1267][https://en.wikipedia.org/wiki/Plausible_deniability]\from[url1267]
\useURL[url1268][https://wikiless.org/wiki/Plausible_deniability][][{[}Wikiless{]}]\from[url1268]
\useURL[url1269][https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability][][{[}Archive.org{]}]\from[url1269]}
(aka Deniable Encryption\footnote{Wikipedia, Deniable Encryption
\useURL[url1270][https://en.wikipedia.org/wiki/Deniable_encryption]\from[url1270]
\useURL[url1271][https://wikiless.org/wiki/Deniable_encryption][][{[}Wikiless{]}]\from[url1271]
\useURL[url1272][https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption][][{[}Archive.org{]}]\from[url1272]})
easily at the OS level. Windows is also unfortunately at the same time a
privacy nightmare\footnote{PrivacyGuides.org, Don't use Windows 10 -
It's a privacy nightmare
\useURL[url1273][https://web.archive.org/web/20220313023015/https://www.privacyguides.org/tools/\#operating-systems\#win10]\from[url1273]
\useURL[url1274][https://web.archive.org/web/https://www.privacyguides.org/tools/\#operating-systems][][{[}Archive.org{]}]\from[url1274]}
but is the only easy to set up option for using OS-wide plausible
deniability. Windows telemetry and telemetry blocking are also widely
documented which should mitigate many issues.
{\bf So, what is Plausible Deniability?} You can cooperate with an
adversary requesting access to your device/data without revealing your
true secret. All this using Deniable Encryption\footnote{Wikipedia,
Deniable Encryption
\useURL[url1275][https://en.wikipedia.org/wiki/Deniable_encryption]\from[url1275]
\useURL[url1276][https://wikiless.org/wiki/Deniable_encryption][][{[}Wikiless{]}]\from[url1276]
\useURL[url1277][https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption][][{[}Archive.org{]}]\from[url1277]}.
A soft lawful adversary could ask for your encrypted laptop password. At
first, you could refuse to give out any password (using your
\quotation{right to remain silent}, \quotation{right not to incriminate
yourself}) but some countries are implementing laws\footnote{Wikipedia,
Key Disclosure Laws
\useURL[url1278][https://en.wikipedia.org/wiki/Key_disclosure_law]\from[url1278]
\useURL[url1279][https://wikiless.org/wiki/Key_disclosure_law][][{[}Wikiless{]}]\from[url1279]
\useURL[url1280][https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law][][{[}Archive.org{]}]\from[url1280]}'\footnote{GP
Digital, World map of encryption laws and policies
\useURL[url1281][https://www.gp-digital.org/world-map-of-encryption/]\from[url1281]
\useURL[url1282][https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/][][{[}Archive.org{]}]\from[url1282]}
to exempt this from such rights (because terrorists and \quotation{think
of the children}). In that case, you might have to reveal the password
or face jail time in contempt of court. This is where plausible
deniability will come into play.
You could then reveal a password, but that password will only give
access to \quotation{plausible data} (a decoy OS). The forensics will be
well aware that it is possible for you to have hidden data but should
not be able to prove this {\bf (if you do this right)}. You will have
cooperated, and the investigators will have access to something but not
what you actually want to hide. Since the burden of proof should lie on
their side, they will have no options but to believe you unless they
have proof that you have hidden data.
This feature can be used at the OS level (a plausible OS and a hidden
OS) or at the files level where you will have an encrypted file
container (similar to a zip file) where different files will be shown
depending on the encryption password you use.
This also means you could set up your own advanced \quotation{plausible
deniability} setup using any Host OS by storing for instance Virtual
Machines on a Veracrypt hidden volume container (be careful of traces in
the Host OS tho that would need to be cleaned if the host OS is
persistent, see \goto{Some additional measures against
forensics}[some-additional-measures-against-forensics] section later).
There is a project for achieving this within Tails
(\useURL[url1283][https://github.com/aforensics/HiddenVM]\from[url1283]
\useURL[url1284][https://web.archive.org/web/https://github.com/aforensics/HiddenVM][][{[}Archive.org{]}]\from[url1284])
which would make your Host OS non-persistent and use plausible
deniability within Tails.
In the case of Windows, plausible deniability is also the reason you
should ideally have Windows 10/11 Home (and not Pro). This is because
Windows 10/11 Pro natively offers a full-disk encryption system
(Bitlocker\footnote{Wikipedia, Bitlocker
\useURL[url1285][https://en.wikipedia.org/wiki/BitLocker]\from[url1285]
\useURL[url1286][https://wikiless.org/wiki/BitLocker][][{[}Wikiless{]}]\from[url1286]
\useURL[url1287][https://web.archive.org/web/https://en.wikipedia.org/wiki/BitLocker][][{[}Archive.org{]}]\from[url1287]})
where Windows 10/11 Home offers no full-disk encryption at all. You will
later use third-party open-source software for encryption that will
allow full-disk encryption on Windows 10/11 Home. This will give you a
good (plausible) excuse to use this software. While using this software
on Windows 10/11 Pro would be suspicious.
{\bf Note about Linux:} So, what about Linux and plausible deniability?
Yes, it is possible to achieve plausible deniability with Linux too.
More information within the Linux Host OS section later.
Unfortunately, encryption is not magic and there are some risks
involved:
\subsubsubsection[title={Threats with
encryption:},reference={threats-with-encryption}]
\subsubsubsubsection[title={{\bf The 5\$
Wrench:}},reference={the-5-wrench}]
Remember that encryption with or without plausible deniability is not a
silver bullet and will be of little use in case of torture. As a matter
a fact, depending on who your adversary would be (your threat model), it
might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown
in this demonstration:
\useURL[url1288][https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm]\from[url1288]
\useURL[url1289][https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm][][{[}Archive.org{]}]\from[url1289]
Plausible deniability is only effective against soft lawful adversaries
that will not resort to physical means. {\bf Avoid, if possible, the use
of plausible deniability-capable software (such as Veracrypt) if your
threat model includes hard adversaries. So, Windows users should in that
case install Windows Pro as a Host OS and use Bitlocker instead.}
See
\useURL[url1290][https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis]\from[url1290]
\useURL[url1291][https://wikiless.org/wiki/Rubber-hose_cryptanalysis][][{[}Wikiless{]}]\from[url1291]
\useURL[url1292][https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis][][{[}Archive.org{]}]\from[url1292]
\subsubsubsubsection[title={Evil-Maid
Attack:},reference={evil-maid-attack}]
Evil Maid Attacks\footnote{Wikipedia, Evil Maid Attack
\useURL[url1293][https://en.wikipedia.org/wiki/Evil_maid_attack]\from[url1293]
\useURL[url1294][https://wikiless.org/wiki/Evil_maid_attack][][{[}Wikiless{]}]\from[url1294]
\useURL[url1295][https://web.archive.org/web/https://en.wikipedia.org/wiki/Evil_maid_attack][][{[}Archive.org{]}]\from[url1295]}
are conducted when someone tampers with your laptop while you are away.
To install to clone your hard drive, install malware or a key logger. If
they can clone your hard drive, they can compare one image of your hard
drive at the time they took it while you were away with the hard drive
when they seize it from you. If you used the laptop again in between,
forensics examiners might be able to prove the existence of the hidden
data by looking at the variations between the two images in what should
be an empty/unused space. This could lead to compelling evidence of the
existence of hidden data. If they install a key logger or malware within
your laptop (software or hardware), they will be able to simply get the
password from you for later use when they seize it. Such attacks can be
done at your home, your hotel, a border crossing, or anywhere you leave
your devices unattended.
You can mitigate this attack by doing the following (as recommended
earlier):
\startitemize
\item
Have basic tamper protection (as explained previously) to prevent
physical access to the internals of the laptop without your knowing.
This will prevent them from cloning your disks and installing a
physical key logger without your knowledge.
\item
Disable all the USB ports (as explained previously) within a
password-protected BIOS/UEFI. Again, they will not be able to turn
them on (without physically accessing the motherboard to reset the
BIOS) to boot a USB device that could clone your hard drive or install
a software-based malware that could act as a key logger.
\item
Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized boot
of an unauthorized device.
\item
Some OSes and Encryption software have the \goto{Anti Evil Maid
(AEM)}[anti-evil-maid-aem] protection that can be enabled. This is the
case with Windows/Veracrypt and QubeOS (only on Intel CPUs).
\stopitemize
\subsubsubsubsection[title={Cold-Boot
Attack:},reference={cold-boot-attack}]
Cold Boot attacks\footnote{Wikipedia, Cold Boot Attack
\useURL[url1296][https://en.wikipedia.org/wiki/Cold_boot_attack]\from[url1296]
\useURL[url1297][https://wikiless.org/wiki/Cold_boot_attack][][{[}Wikiless{]}]\from[url1297]
\useURL[url1298][https://web.archive.org/web/https://en.wikipedia.org/wiki/Cold_boot_attack][][{[}Archive.org{]}]\from[url1298]}
are trickier than the Evil Maid Attack but can be part of an Evil Maid
attack as it requires an adversary to come into possession of your
laptop while you are actively using your device or shortly afterward.
The idea is rather simple, as shown in this video\footnote{CITP 2008
(\useURL[url1299][https://www.youtube.com/watch?v=JDaicPIgn9U]\from[url1299])
\useURL[url1300][https://yewtu.be/watch?v=JDaicPIgn9U][][{[}Invidious{]}]\from[url1300]},
an adversary could theoretically quickly boot your device on a special
USB key that would copy the content of the RAM (the memory) of the
device after you shut it down. If the USB ports are disabled or if they
feel like they need more time, they could open it and \quotation{cool
down} the memory using a spray or other chemicals (liquid nitrogen for
instance) preventing the memory from decaying. They could then be able
to copy its content for analysis. This memory dump could contain the key
to decrypt your device. You will later apply a few principles to
mitigate these.
In the case of Plausible Deniability, there have been some forensics
studies\footnote{ResearchGate, Defeating Plausible Deniability of
VeraCrypt Hidden Operating Systems
\useURL[url1301][https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems]\from[url1301]
\useURL[url1302][https://web.archive.org/web/https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems][][{[}Archive.org{]}]\from[url1302]}
about technically proving the presence of the hidden data with a simple
forensic examination (without a Cold Boot/Evil Maid Attack) but these
have been contested by other studies\footnote{SANS.org, Mission
Implausible: Defeating Plausible Deniability with Digital Forensics
\useURL[url1303][https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500]\from[url1303]
\useURL[url1304][https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500][][{[}Archive.org{]}]\from[url1304]}
and by the maintainer of Veracrypt\footnote{SourceForge, Veracrypt Forum
\useURL[url1305][https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/]\from[url1305]
\useURL[url1306][https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/][][{[}Archive.org{]}]\from[url1306]}
so we would not worry too much about those yet.
The same measures used to mitigate Evil Maid attacks should be in place
for Cold Boot attacks with some added ones:
\startitemize
\item
If your OS or Encryption software allows it, you should consider
encrypting the keys within RAM too (this is possible with
Windows/Veracrypt and will be explained later). Again see
\useURL[url1307][https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/]\from[url1307]
\useURL[url1308][https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/][][{[}Archive.org{]}]\from[url1308]
\item
Do enable the option to Wipe keys from memory if a device is inserted
in Veracrypt.
\item
You should limit the use of Sleep stand-by and instead use Shutdown or
Hibernate to prevent the encryption keys from staying in RAM when your
computer goes to sleep. This is because sleep will maintain power in
your memory for resuming your activity faster. Only hibernation and
shutdown will actually clear the key from the memory\footnote{Microsoft,
BitLocker Countermeasures
\useURL[url1309][https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures]\from[url1309]
\useURL[url1310][https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures][][{[}Archive.org{]}]\from[url1310]}.
\stopitemize
See also
\useURL[url1311][https://www.whonix.org/wiki/Cold_Boot_Attack_Defense]\from[url1311]
\useURL[url1312][https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense][][{[}Archive.org{]}]\from[url1312]
and
\useURL[url1313][https://www.whonix.org/wiki/Protection_Against_Physical_Attacks]\from[url1313]
\useURL[url1314][https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks][][{[}Archive.org{]}]\from[url1314]
Here are also some interesting tools to consider for Linux users to
defend against these:
\startitemize
\item
\useURL[url1315][https://github.com/0xPoly/Centry]\from[url1315]
\useURL[url1316][https://web.archive.org/web/https://github.com/0xPoly/Centry][][{[}Archive.org{]}]\from[url1316]
(unfortunately unmaintained it seems)
\item
\useURL[url1317][https://github.com/hephaest0s/usbkill]\from[url1317]
\useURL[url1318][https://web.archive.org/web/https://github.com/hephaest0s/usbkill][][{[}Archive.org{]}]\from[url1318]
(unfortunately unmaintained as well it seems)
\item
\useURL[url1319][https://github.com/Lvl4Sword/Killer]\from[url1319]
\useURL[url1320][https://web.archive.org/web/https://github.com/Lvl4Sword/Killer][][{[}Archive.org{]}]\from[url1320]
\item
\useURL[url1321][https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks]\from[url1321]
\useURL[url1322][https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks][][{[}Archive.org{]}]\from[url1322]
\item
(Qubes OS, Intel CPU only)
\useURL[url1323][https://github.com/QubesOS/qubes-antievilmaid]\from[url1323]
\useURL[url1324][https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid][][{[}Archive.org{]}]\from[url1324]
\stopitemize
\subsubsubsubsection[title={About Sleep, Hibernation, and
Shutdown:},reference={about-sleep-hibernation-and-shutdown}]
If you want better security, you should shut down your laptop completely
every time you leave it unattended or close the lid. This should clean
and/or release the RAM and provide mitigations against cold boot
attacks. However, this can be a bit inconvenient as you will have to
reboot completely and type in a ton of passwords into various apps.
Restart various VMs and other apps. So instead, you could also use
hibernation (not supported on Qubes OS). Since the whole disk is
encrypted, hibernation in itself should not pose a large security risk
but will still shut down your laptop and clear the memory while allowing
you to conveniently resume your work afterward. {\bf What you should
never do is using the standard sleep feature which will keep your
computer on, and the memory powered. This is an attack vector against
evil-maid and cold-boot attacks discussed earlier. This is because your
powered-on memory holds the encryption keys to your disk (encrypted or
not) and could then be accessed by a skilled adversary.}
This guide will provide guidance later on how to enable hibernation on
various host OSes (except Qubes OS) if you do not want to shut down
every time.
\subsubsubsubsection[title={Local Data Leaks (traces) and forensics
examination:},reference={local-data-leaks-traces-and-forensics-examination}]
As mentioned briefly earlier, these are data leaks and traces from your
operating system and apps when you perform any activity on your
computer. These mostly apply to encrypted file containers (with or
without plausible deniability) than OS-wide encryption. Such leaks are
less \quotation{important} if your whole OS is encrypted (if you are not
compelled to reveal the password).
Let us say for example you have a Veracrypt encrypted USB key with
plausible deniability enabled. Depending on the password you use when
mounting the USB key, it will open a decoy folder or the sensitive
folder. Within those folders, you will have decoy documents/data within
the decoy folder and sensitive documents/data within the sensitive
folder.
In all cases, you will (most likely) open these folders with Windows
Explorer, macOS Finder, or any other utility and do whatever you planned
to do. Maybe you will edit a document within the sensitive folder. Maybe
you will search for a document within the folder. Maybe you will delete
one or watch a sensitive video using VLC.
Well, all those Apps and your Operating System might keep logs and
traces of that usage. This might include the full path of the
folder/files/drives, the time those were accessed, temporary caches of
those files, the \quotation{recent} lists in each app, the file indexing
system that could index the drive, and even thumbnails that could be
generated
Here are some examples of such leaks:
\subsubsubsubsubsection[title={Windows:},reference={windows}]
\startitemize
\item
Windows ShellBags that are stored within the Windows Registry silently
storing various histories of accessed volumes/files/folders\footnote{SANS,
Windows ShellBag Forensics in-depth
\useURL[url1325][https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545]\from[url1325]
\useURL[url1326][https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545][][{[}Archive.org{]}]\from[url1326]}.
\item
Windows Indexing keeping traces of the files present in your user
folder by default\footnote{University of York, Forensic data recovery
from the Windows Search Database
\useURL[url1327][https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf]\from[url1327]
\useURL[url1328][https://web.archive.org/web/https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf][][{[}Archive.org{]}]\from[url1328]}.
\item
Recent lists (aka Jump Lists) in Windows and various apps keeping
traces of recently accessed documents\footnote{A forensic insight into
Windows 10 Jump Lists
\useURL[url1329][https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf]\from[url1329]
\useURL[url1330][https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf][][{[}Archive.org{]}]\from[url1330]}.
\item
Many more traces in various logs, please see this convenient
interesting poster for more insight:
\useURL[url1331][https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download]\from[url1331]
\useURL[url1332][https://web.archive.org/web/https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download][][{[}Archive.org{]}]\from[url1332]
\stopitemize
\subsubsubsubsubsection[title={macOS:},reference={macos}]
\startitemize
\item
Gatekeeper\footnote{Wikipedia, Gatekeeper
\useURL[url1333][https://en.wikipedia.org/wiki/Gatekeeper_(macOS)]\from[url1333]
\useURL[url1334][https://wikiless.org/wiki/Gatekeeper_(macOS)][][{[}Wikiless{]}]\from[url1334]
\useURL[url1335][https://web.archive.org/web/https://en.wikipedia.org/wiki/Gatekeeper_(macOS)][][{[}Archive.org{]}]\from[url1335]}
and XProtect keeping track of your download history in a local
database and file attributes.
\item
Spotlight Indexing
\item
Recent lists in various apps keeping traces of recently accessed
documents.
\item
Temporary folders keeping various traces of App usage and Document
usage.
\item
macOS Logs
\item
\ldots{}
\stopitemize
\subsubsubsubsubsection[title={Linux:},reference={linux}]
\startitemize
\item
Tracker Indexing
\item
Bash History
\item
USB logs
\item
Recent lists in various apps keeping traces of recently accessed
documents.
\item
Linux Logs
\item
\ldots{}
\stopitemize
Forensics could' use all those leaks (see \goto{Local Data Leaks and
Forensics}[local-data-leaks-and-forensics]) to prove the existence of
hidden data and defeat your attempts at using plausible deniability and
to find out about your various sensitive activities.
It will be therefore important to apply various steps to prevent
forensics from doing this by preventing and cleaning these leaks/traces
and more importantly by using whole disk encryption, virtualization, and
compartmentalization.
Forensics cannot extract local data leaks from an OS they cannot access.
And you will be able to clean most of those traces by wiping the drive
or by securely erasing your virtual machines (which is not as easy as
you think on SSD drives).
Some cleaning techniques will nevertheless be covered in the
\quotation{Cover your Tracks} part of this guide at the very end.
\subsubsubsubsection[title={Online Data
Leaks:},reference={online-data-leaks}]
Whether you are using simple encryption or plausible deniability
encryption. Even if you covered your tracks on the computer itself.
There is still a risk of online data leaks that could reveal the
presence of hidden data.
{\bf Telemetry is your enemy}. As explained earlier in this guide, the
telemetry of Operating Systems but also from Apps can send staggering
amounts of private information online.
In the case of Windows, this data could for instance be used to prove
the existence of a hidden OS / Volume on a computer and would be readily
available at Microsoft. Therefore, it is critically important that you
disable and block telemetry with all the means at your disposal. No
matter what OS you are using.
\subsubsubsection[title={Conclusion:},reference={conclusion}]
You should never conduct sensitive activities from a non-encrypted
system. And even if it is encrypted, you should never conduct sensitive
activities from the Host OS itself. Instead, you should use a VM to be
able to efficiently isolate and compartmentalize your activities and
prevent local data leaks.
If you have little to no knowledge of Linux or if you want to use
OS-wide plausible deniability, we recommend going for Windows (or back
to the Tails route) for convenience. This guide will help you hardening
it as much as possible to prevent leaks. This guide will also help you
hardening macOS and Linux as much as possible to prevent similar leaks.
If you have no interest in OS-wide plausible deniability and want to
learn to use Linux, we will strongly recommend going for Linux or the
Qubes OS route if your hardware allows it.
{\bf In all cases, the host OS should never be used to conduct sensitive
activities directly. The host OS will only be used to connect to a
public Wi-Fi Access Point. It will be left unused while you conduct
sensitive activities and should ideally not be used for any of your
day-to-day activities.}
Consider also reading
{\bf \useURL[url1336][https://www.whonix.org/wiki/Full_Disk_Encryption\#Encrypting_Whonix_VMs]\from[url1336]}
\useURL[url1337][https://web.archive.org/web/https://www.whonix.org/wiki/Full_Disk_Encryption][][{[}Archive.org{]}]\from[url1337]
\subsubsection[title={Linux Host OS:},reference={linux-host-os}]
As mentioned earlier, we do not recommend using your daily laptop for
sensitive activities. Or at least we do not recommend using your
in-place OS for these. Doing that might result in unwanted data leaks
that could be used to de-anonymize you. If you have a dedicated laptop
for this, you should reinstall a fresh clean OS. If you do not want to
wipe your laptop and start over, you should consider the Tails route or
proceed at your own risk.
I also recommend that you do the initial installation completely offline
to avoid any data leak.
You should always remember that despite the reputation, Linux mainstream
distributions (Ubuntu for instance) are not necessarily better at
security than other systems such as macOS and Windows. See this
reference to understand why
\useURL[url1338][https://madaidans-insecurities.github.io/linux.html]\from[url1338]
\useURL[url1339][https://web.archive.org/web/https://madaidans-insecurities.github.io/linux.html][][{[}Archive.org{]}]\from[url1339].
\subsubsubsection[title={Full disk
encryption:},reference={full-disk-encryption}]
There are two routes here with Ubuntu or Debian based distros:
\startitemize
\item
Using LUKS:
\startitemize
\item
Without plausible deniability:
\startitemize
\item
(Recommended and easy) Encrypt as part of the installation
process:
\useURL[url1340][https://ubuntu.com/tutorials/install-ubuntu-desktop]\from[url1340]
\useURL[url1341][https://web.archive.org/web/https://ubuntu.com/tutorials/install-ubuntu-desktop][][{[}Archive.org{]}]\from[url1341]
\startitemize
\item
This process requires the full erasure of your entire drive
(clean install).
\item
Just check the \quotation{Encrypt the new Ubuntu installation
for security}
\stopitemize
\item
(Tedious but possible) Encrypt after installation:
\useURL[url1342][https://help.ubuntu.com/community/ManualFullSystemEncryption]\from[url1342]
\useURL[url1343][https://web.archive.org/web/https://help.ubuntu.com/community/ManualFullSystemEncryption][][{[}Archive.org{]}]\from[url1343]
\stopitemize
\item
With plausible deniability: See the next section \goto{The Detached
Headers Way}[the-detached-headers-way]
\stopitemize
\item
Using Veracrypt:
\startitemize[packed]
\item
With or without plausible deniability: See the next section
\goto{The Veracrypt Way}[the-veracrypt-way]
\stopitemize
\stopitemize
For other distros, you will have to document yourself, but it will
likely be similar. Encryption during install is just much easier in the
context of this guide.
\subsubsubsection[title={Note about plausible deniability on
Linux:},reference={note-about-plausible-deniability-on-linux}]
There are several ways to achieve plausible deniability on
Linux\footnote{Alpine Linux Wiki, Setting up a laptop
\useURL[url1344][https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop]\from[url1344]
\useURL[url1345][https://web.archive.org/web/https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop][][{[}Archive.org{]}]\from[url1345]}
and it is possible to achieve. Here are some more details about some of
the ways we would recommend. All these options require some higher level
of skills at using Linux.
\subsubsubsubsection[title={The Detached Headers
Way:},reference={the-detached-headers-way}]
While not supported yet by this guide, it is possible to achieve a form
of deniability on Linux using LUKS by using detached LUKS headers. For
now, we will redirect you toward this page for more information:
\useURL[url1346][https://wiki.archlinux.org/title/Dm-crypt/Specialties\#Encrypted_system_using_a_detached_LUKS_header]\from[url1346]
\useURL[url1347][https://web.archive.org/web/https://wiki.archlinux.org/title/Dm-crypt/Specialties\#Encrypted_system_using_a_detached_LUKS_header][][{[}Archive.org{]}]\from[url1347]
\subsubsubsubsection[title={The Veracrypt
Way:},reference={the-veracrypt-way}]
It is technically possible to not only use Veracrypt but also to achieve
plausible deniability on a Linux Host OS by using Veracrypt for system
full-disk encryption (instead of LUKS). This is not supported by
Veracrypt (System encryption is only supported on Windows) and requires
some tinkering with various commands. This is not recommended at all for
unskilled users and should only be used at your own risk.
The steps to achieve this are not yet integrated into this guide but can
be found here:
\useURL[url1348][http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/5779e55aae7fc06e4758]\from[url1348]
(this is a .onion address and requires Tor Browser).
\subsubsubsection[title={Reject/Disable any
telemetry:},reference={rejectdisable-any-telemetry}]
\startitemize
\item
During the install, just make sure you do not allow any data
collection if prompted.
\item
If you are not sure, just make sure you did not enable any telemetry
and follow this tutorial if needed
\useURL[url1349][https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/]\from[url1349]
\useURL[url1350][https://web.archive.org/web/https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/][][{[}Archive.org{]}]\from[url1350]
\item
Any other distro: you will need to document yourself and find out how
to disable telemetry.
\stopitemize
\subsubsubsection[title={Disable anything
unnecessary:},reference={disable-anything-unnecessary}]
\startitemize
\item
Disable Bluetooth if enabled by following this guide
\useURL[url1351][https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/]\from[url1351]
\useURL[url1352][https://web.archive.org/web/https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/][][{[}Archive.org{]}]\from[url1352]
or issuing the following command:
\startitemize[packed]
\item
\type{sudo systemctl disable bluetooth.service --force}
\stopitemize
\item
Disable Indexing if enabled by default (Ubuntu >19.04) by following
this guide
\useURL[url1353][https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html]\from[url1353]
\useURL[url1354][https://web.archive.org/web/https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html][][{[}Archive.org{]}]\from[url1354]
or issuing the following commands:
\startitemize
\item
\type{sudo systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service}
\startitemize[packed]
\item
You can safely ignore any error if it says some service does not
exist
\stopitemize
\item
\type{sudo tracker reset -hard}
\stopitemize
\stopitemize
\subsubsubsubsection[title={Hibernation:},reference={hibernation}]
As explained previously, you should not use the sleep features but shut
down or hibernate your laptop to mitigate some evil-maid and cold-boot
attacks. Unfortunately, this feature is disabled by default on many
Linux distros including Ubuntu. It is possible to enable it, but it
might not work as expected. Follow this information at your own risk. If
you do not want to do this, you should never use the sleep function and
power off instead (and set the lid closing behavior to power off instead
of sleep).
Follow one of these tutorials to enable Hibernate:
\startitemize
\item
\useURL[url1355][https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/]\from[url1355]
\useURL[url1356][https://web.archive.org/web/https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/][][{[}Archive.org{]}]\from[url1356]
\item
\useURL[url1357][http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/]\from[url1357]
\useURL[url1358][https://web.archive.org/web/http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/][][{[}Archive.org{]}]\from[url1358]
\item
\useURL[url1359][https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/]\from[url1359]
\useURL[url1360][https://web.archive.org/web/20211011215449/https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/][][{[}Archive.org{]}]\from[url1360]
\stopitemize
After Hibernate is enabled, change the behavior so that your laptop will
hibernate when you close the lid by following this tutorial for Ubuntu
20.04
\useURL[url1361][http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/]\from[url1361]
\useURL[url1362][https://web.archive.org/web/http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/][][{[}Archive.org{]}]\from[url1362]
and this tutorial for Ubuntu 18.04
\useURL[url1363][https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/]\from[url1363]
\useURL[url1364][https://web.archive.org/web/https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/][][{[}Archive.org{]}]\from[url1364].
There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for
20.04 should probably work too.
Unfortunately, this will not clean the key from memory directly when
hibernating. To avoid this at the cost of some performance, you might
consider encrypting the swap file by following this tutorial:
\useURL[url1365][https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap]\from[url1365]
\useURL[url1366][https://web.archive.org/web/https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap][][{[}Archive.org{]}]\from[url1366]
These settings should mitigate cold boot attacks if you can hibernate
fast enough.
\subsubsubsection[title={Enable MAC address
randomization:},reference={enable-mac-address-randomization}]
\startitemize
\item
For Ubuntu, follow these steps
\useURL[url1367][https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses]\from[url1367]
\useURL[url1368][https://web.archive.org/web/https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses][][{[}Archive.org{]}]\from[url1368].
\item
Consider this tutorial which should still work:
\useURL[url1369][https://josh.works/shell-script-basics-change-mac-address]\from[url1369]
\useURL[url1370][https://web.archive.org/web/https://josh.works/shell-script-basics-change-mac-address][][{[}Archive.org{]}]\from[url1370]
\stopitemize
\subsubsubsection[title={Hardening Linux:},reference={hardening-linux}]
As a light introduction for new Linux users, consider
\useURL[url1371][https://www.youtube.com/watch?v=Sa0KqbpLye4]\from[url1371]
\useURL[url1372][https://yewtu.be/watch?v=Sa0KqbpLye4][][{[}Invidious{]}]\from[url1372]
For more in-depth and advanced options, refer to:
\startitemize
\item
This excellent guide:
\useURL[url1373][https://madaidans-insecurities.github.io/guides/linux-hardening.html]\from[url1373]
\useURL[url1374][https://web.archive.org/web/https://madaidans-insecurities.github.io/guides/linux-hardening.html][][{[}Archive.org{]}]\from[url1374]
\item
This excellent wiki resource:
\useURL[url1375][https://wiki.archlinux.org/title/Security]\from[url1375]
\useURL[url1376][https://web.archive.org/web/https://wiki.archlinux.org/title/Security][][{[}Archive.org{]}]\from[url1376]
\item
These excellent scripts are based on the guide and wiki above:
\useURL[url1377][https://codeberg.org/SalamanderSecurity/PARSEC]\from[url1377]
\useURL[url1378][https://web.archive.org/web/https://codeberg.org/SalamanderSecurity/PARSEC][][{[}Archive.org{]}]\from[url1378]
\item
These tools that can help you harden your Linux Kernel:
\startitemize
\item
Lynis:
\useURL[url1379][https://github.com/CISOfy/lynis]\from[url1379]
\item
Kconfig-hardened-check:
\useURL[url1380][https://github.com/a13xp0p0v/kconfig-hardened-check]\from[url1380]
\stopitemize
\item
Consider installing Safing Portmaster from
\useURL[url1381][https://safing.io/portmaster/]\from[url1381]
\useURL[url1382][https://web.archive.org/web/https://safing.io/portmaster/][][{[}Archive.org{]}]\from[url1382]
{\bf (Warning: there might be issues with some VPN clients. See:
\useURL[url1383][https://docs.safing.io/portmaster/install/status/vpn-compatibility]\from[url1383]}
\useURL[url1384][https://web.archive.org/web/https://docs.safing.io/portmaster/install/status/vpn-compatibility][][{[}Archive.org{]}]\from[url1384]
\item
Consider the use of KickSecure when using Debian:
\useURL[url1385][https://www.whonix.org/wiki/Kicksecure]\from[url1385]
\useURL[url1386][https://web.archive.org/web/https://www.whonix.org/wiki/Kicksecure][][{[}Archive.org{]}]\from[url1386]
\item
This interesting article:
\useURL[url1387][http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html]\from[url1387]
\useURL[url1388][https://web.archive.org/web/http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html][][{[}Archive.org{]}]\from[url1388]
\stopitemize
\subsubsubsection[title={Setting up a safe
Browser:},reference={setting-up-a-safe-browser}]
See \goto{Appendix G: Safe Browser on the Host
OS}[appendix-g-safe-browser-on-the-host-os]
\subsubsection[title={macOS Host OS:},reference={macos-host-os}]
{\bf Note: Mac M1/M2 chips are now supported natively, or, if you wish
to use commercial tools like VMWare Fusion or Parallels Desktop, but
those are not covered in this guide. Seek this information yourself.}
As mentioned earlier, we do not recommend using your daily laptop for
sensitive activities. Or at least we do not recommend using your
in-place OS for these. Doing that might result in unwanted data leaks
that could be used to de-anonymize you. If you have a dedicated laptop
for this, you should reinstall a fresh clean OS. If you do not want to
wipe your laptop and start over, you should consider the Tails route or
proceed at your own risk.
We also recommend that you do the initial installation completely
offline to avoid any data leak.
{\bf Do not ever sign in with your Apple account using that Mac.}
\subsubsubsection[title={During the
install:},reference={during-the-install}]
\startitemize
\item
Stay Offline
\item
Disable all data sharing requests when prompted including location
services
\item
Do not sign in with Apple
\item
Do not enable Siri
\stopitemize
\subsubsubsection[title={Hardening macOS:},reference={hardening-macos}]
As a light introduction for new macOS users, consider
\useURL[url1389][https://www.youtube.com/watch?v=lFx5icuE6Io]\from[url1389]
\useURL[url1390][https://yewtu.be/watch?v=lFx5icuE6Io][][{[}Invidious{]}]\from[url1390]
Now to go more in-depth in securing and hardening your macOS, we
recommend reading this guide which covers many of the issues:
\useURL[url1391][https://www.bejarano.io/hardening-macos/]\from[url1391]
\useURL[url1392][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url1392]
Here are the basic steps you should take after your offline
installation:
\subsubsubsubsection[title={Enable Firmware password with
\quotation{disable-reset-capability}
option:},reference={enable-firmware-password-with-disable-reset-capability-option}]
First, you should set up a firmware password following this guide from
Apple:
\useURL[url1393][https://support.apple.com/en-us/HT204455]\from[url1393]
\useURL[url1394][https://web.archive.org/web/https://support.apple.com/en-us/HT204455][][{[}Archive.org{]}]\from[url1394]
Unfortunately, some attacks are still possible and an adversary could
disable this password so you should also follow this guide to prevent
disabling the firmware password from anyone including Apple:
\useURL[url1395][https://support.apple.com/en-gb/guide/security/sec28382c9ca/web]\from[url1395]
\useURL[url1396][https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web][][{[}Archive.org{]}]\from[url1396]
\subsubsubsubsection[title={Enable Hibernation instead of
sleep:},reference={enable-hibernation-instead-of-sleep}]
Again, this is to prevent some cold-boot and evil-maid attacks by
powering down your RAM and cleaning the encryption key when you close
the lid. You should always either hibernate or shut down. On macOS, the
hibernate feature even has a special option to specifically clear the
encryption key from memory when hibernating (while you might have to
wait for the memory to decay on other Operating Systems). Once again
there are no easy options to do this within the settings so instead, we
will have to do this by running a few commands to enable hibernation:
\startitemize
\item
Open a Terminal
\item
Run: \type{sudo pmset -a destroyfvkeyonstandby 1}
\startitemize[packed]
\item
This command will instruct macOS to destroy the Filevault key on
Standby (sleep)
\stopitemize
\item
Run: \type{sudo pmset -a hibernatemode 25}
\startitemize[packed]
\item
This command will instruct macOS to power off the memory during
sleep instead of doing a hybrid hibernate that keeps the memory
powered on. It will result in slower wakes but will increase battery
life.
\stopitemize
\stopitemize
Now when you close the lid of your MacBook, it should hibernate instead
of sleep and mitigate attempts at performing cold-boot attacks.
In addition, you should also set up an automatic sleep (Settings >
Energy) so that your MacBook will hibernate automatically if left
unattended.
\subsubsubsubsection[title={Disable unnecessary
services:},reference={disable-unnecessary-services}]
Disable some unnecessary settings within the settings:
\startitemize
\item
Disable Bluetooth
\item
Disable the Camera and Microphone
\item
Disable Location Services
\item
Disable Airdrop
\item
Disable Indexing
\stopitemize
\subsubsubsubsection[title={Prevent Apple OCSP
calls:},reference={prevent-apple-ocsp-calls}]
These are the infamous \quotation{unblockable telemetry} calls from
macOS Big Sur disclosed here:
\useURL[url1397][https://sneak.berlin/20201112/your-computer-isnt-yours/]\from[url1397]
\useURL[url1398][https://web.archive.org/web/https://sneak.berlin/20201112/your-computer-isnt-yours/][][{[}Archive.org{]}]\from[url1398]
You could block OCSP reporting by issuing the following command in
Terminal:
\startitemize[packed]
\item
\type{sudo sh -c 'echo "127.0.0.1 ocsp.apple.com" >> /etc/hosts'}
\stopitemize
But you should document yourself on the actual issue before acting. This
page is a good place to start:
\useURL[url1399][https://blog.jacopo.io/en/post/apple-ocsp/]\from[url1399]
\useURL[url1400][https://web.archive.org/web/https://blog.jacopo.io/en/post/apple-ocsp/][][{[}Archive.org{]}]\from[url1400]
Up to you really. We would block it because we do not want any telemetry
at all from my OS to the mothership without my specific consent. None.
\subsubsubsubsection[title={Enable Full Disk encryption
(Filevault):},reference={enable-full-disk-encryption-filevault}]
You should enable full disk encryption on your Mac using Filevault
according to this part of the guide:
\useURL[url1401][https://github.com/drduh/macOS-Security-and-Privacy-Guide\#full-disk-encryption]\from[url1401]
\useURL[url1402][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url1402]
{\bf Be careful when enabling. Do not store the recovery key at Apple if
prompted (should not be an issue since you should be offline at this
stage). You do not want a third party to have your recovery key.}
\subsubsubsubsection[title={MAC Address
Randomization:},reference={mac-address-randomization}]
Unfortunately, macOS does not offer a native convenient way of
randomizing your MAC Address and so you will have to do this manually.
This will be reset at each reboot, and you will have to re-do it each
time to ensure you do not use your actual MAC Address when connecting to
various Wi-Fis
You can do this by issuing the following commands in terminal (without
the parentheses):
\startitemize
\item
(Turn the Wi-Fi off) \type{networksetup -setairportpower en0 off}
\item
(Change the MAC Address)
\type{sudo ifconfig en0 ether 88:63:11:11:11:11}
\item
(Turn the Wi-Fi back on) \type{networksetup -setairportpower en0 on}
\stopitemize
\subsubsubsection[title={Setting up a safe
Browser:},reference={setting-up-a-safe-browser-1}]
See \goto{Appendix G: Safe Browser on the Host
OS}[appendix-g-safe-browser-on-the-host-os]
\subsubsection[title={Windows Host OS:},reference={windows-host-os}]
As mentioned earlier, we do not recommend using your daily laptop for
sensitive activities. Or at leastWedo not recommend using your in-place
OS for these. Doing that might result in unwanted data leaks that could
be used to de-anonymize you. If you have a dedicated laptop for this,
you should reinstall a fresh clean OS. If you do not want to wipe your
laptop and start over, you should consider the Tails route or proceed at
your own risk.
I also recommend that you do the initial installation completely offline
to avoid any data leak.
\subsubsubsection[title={Installation:},reference={installation}]
You should follow \goto{Appendix A: Windows
Installation}[appendix-a-windows-installation]
As a light introduction, consider watching
\useURL[url1403][https://www.youtube.com/watch?v=vNRics7tlqw]\from[url1403]
\useURL[url1404][https://yewtu.be/watch?v=vNRics7tlqw][][{[}Invidious{]}]\from[url1404]
\subsubsubsection[title={Enable MAC address
randomization:},reference={enable-mac-address-randomization-1}]
You should randomize your MAC address as explained earlier in this
guide:
Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware
addresses
Alternatively, you could use this free piece of software:
\useURL[url1405][https://technitium.com/tmac/]\from[url1405]
\useURL[url1406][https://web.archive.org/web/https://technitium.com/tmac/][][{[}Archive.org{]}]\from[url1406]
\subsubsubsection[title={Setting up a safe
Browser:},reference={setting-up-a-safe-browser-2}]
See \goto{Appendix G: Safe Browser on the Host
OS}[appendix-g-safe-browser-on-the-host-os]
\subsubsubsection[title={Enable some additional privacy settings on your
Host
OS:},reference={enable-some-additional-privacy-settings-on-your-host-os}]
See \goto{Appendix B: Windows Additional Privacy
Settings}[appendix-b-windows-additional-privacy-settings]
\subsubsubsubsection[title={Windows Host OS
encryption:},reference={windows-host-os-encryption}]
\subsubsubsubsubsection[title={If you intend to use system-wide
plausible
deniability:},reference={if-you-intend-to-use-system-wide-plausible-deniability}]
Veracrypt\footnote{Wikipedia Veracrypt
\useURL[url1407][https://en.wikipedia.org/wiki/VeraCrypt]\from[url1407]
\useURL[url1408][https://wikiless.org/wiki/VeraCrypt][][{[}Wikiless{]}]\from[url1408]
\useURL[url1409][https://web.archive.org/web/https://en.wikipedia.org/wiki/VeraCrypt][][{[}Archive.org{]}]\from[url1409]}
is the software we will recommend for full-disk encryption, file
encryption, and plausible deniability. It is a fork of the well-known
but deprecated and unmaintained TrueCrypt. It can be used for:
\startitemize
\item
Full Disk simple encryption (your hard drive is encrypted with one
passphrase).
\item
Full Disk encryption with plausible deniability (this means that
depending on the passphrase entered at boot, you will either boot a
decoy OS or a hidden OS).
\item
File container simple encryption (it is a large file that you will be
able to mount within Veracrypt as if it were an external drive to
store encrypted files within).
\item
File container with plausible deniability (it is the same large file
but depending on the passphrase you use when mounting it, you will
either mount a \quotation{hidden volume} or the \quotation{decoy
volume}).
\stopitemize
It is to my knowledge the only (convenient and usable by anyone) free,
open-source, and openly audited\footnote{OSTIF Veracrypt Audit, 2016
\useURL[url1410][https://web.archive.org/web/https://ostif.org/the-veracrypt-audit-results/]\from[url1410]}
encryption software that also provides plausible deniability for
widespread use and it works with Windows Home Edition.
Go ahead and download and install Veracrypt from:
\useURL[url1411][https://www.veracrypt.fr/en/Downloads.html]\from[url1411]
\useURL[url1412][https://web.archive.org/web/https://www.veracrypt.fr/en/Downloads.html][][{[}Archive.org{]}]\from[url1412]
After installation, please take a moment to review the following options
that will help mitigate some attacks:
\startitemize
\item
Encrypt the memory with a Veracrypt option\footnote{Veracrypt
Documentation, Unencrypted Data in RAM
\useURL[url1413][https://www.veracrypt.fr/en/Unencrypted\%20Data\%20in\%20RAM.html][][https://www.veracrypt.fr/en/Unencrypted\letterpercent{}20Data\letterpercent{}20in\letterpercent{}20RAM.html]\from[url1413]
\useURL[url1414][https://web.archive.org/web/https://www.veracrypt.fr/en/Unencrypted\%20Data\%20in\%20RAM.html][][{[}Archive.org{]}]\from[url1414]}
(settings > performance/driver options > encrypt RAM) at a cost of
5-15\letterpercent{} performance. This setting will also disable
hibernation (which does not actively clear the key when hibernating)
and instead encrypt the memory altogether to mitigate some cold-boot
attacks. More details about this feature here:
\useURL[url1415][https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/]\from[url1415]
\useURL[url1416][https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/][][{[}Archive.org{]}]\from[url1416]
\item
Enable the Veracrypt option to wipe the keys from memory if a new
device is inserted (system > settings > security > clear keys from
memory if a new device is inserted). This could help in case your
system is seized while still on (but locked).
\item
Enable the Veracrypt option to mount volumes as removable volumes
(Settings > Preferences > Mount volume as removable media). This will
prevent Windows from writing some logs about your mounts in the Event
logs\footnote{Veracrypt Documentation, Data Leaks
\useURL[url1417][https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\%20Leaks.html][][https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\letterpercent{}20Leaks.html]\from[url1417]
\useURL[url1418][https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\%20Leaks.html][][{[}Archive.org{]}]\from[url1418]}
and prevent some local data leaks.
\item
Be careful and have a good situational awareness if you sense
something weird. Shut your laptop down as fast as possible.
\stopitemize
If you do not want to use encrypted memory (because performance might be
an issue), you should at least enable hibernation instead of sleep. This
will not clear the keys from memory (you are still vulnerable to cold
boot attacks) but at least should mitigate them if your memory has
enough time to decay.
More details later in \goto{Route A and B: Simple Encryption using
Veracrypt (Windows
tutorial)}[route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial].
\subsubsubsubsubsection[title={If you do not intend to use system-wide
plausible
deniability:},reference={if-you-do-not-intend-to-use-system-wide-plausible-deniability}]
For this case, we will recommend the use of BitLocker instead of
Veracrypt for the full disk encryption. The reasoning is that BitLocker
does not offer a plausible deniability possibility contrary to
Veracrypt. A hard adversary has then no incentive in pursuing his
\quotation{enhanced} interrogation if you reveal the passphrase.
Normally, you should have installed Windows Pro in this case and the
BitLocker setup is quite straightforward.
Basically, you can follow the instructions here:
\useURL[url1419][https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838]\from[url1419]
\useURL[url1420][https://web.archive.org/web/https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838][][{[}Archive.org{]}]\from[url1420]
But here are the steps:
\startitemize
\item
Click the Windows Menu
\item
Type \quotation{Bitlocker}
\item
Click \quotation{Manage Bitlocker}
\item
Click \quotation{Turn on Bitlocker} on your System Drive
\item
Follow the instructions
\startitemize
\item
{\bf Do not save your recovery key to a Microsoft Account if
prompted.}
\item
{\bf Only save the recovery key to an external encrypted drive. To
bypass this, print the recovery key using the Microsoft Print to PDF
printer and save the key within the Documents folder. Delete that
file later.}
\item
{\bf Encrypt Entire Drive (do not encrypt the used disk space
only).}
\item
{\bf Use \quotation{New Encryption Mode}}
\item
{\bf Run the BitLocker Check}
\item
{\bf Reboot}
\stopitemize
\item
Encryption should now be started in the background (you can check by
clicking the Bitlocker icon on the lower right side of the taskbar).
\stopitemize
Unfortunately, this is not enough. With this setup, your Bitlocker key
can just be stored as-is in the TPM chip of your computer. This is
rather problematic as the key can be extracted in some cases with
ease\footnote{Dolos Group, From Stolen Laptop to Inside the Company
Network
\useURL[url1421][https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network]\from[url1421]
\useURL[url1422][https://web.archive.org/web/https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network][][{[}Archive.org{]}]\from[url1422]}\quote{\footnote{Trammell
Hudson's Projects, Understanding TPM Sniffing Attacks
\useURL[url1423][https://trmm.net/tpm-sniffing/]\from[url1423]
\useURL[url1424][https://web.archive.org/web/https://trmm.net/tpm-sniffing/][][{[}Archive.org{]}]\from[url1424]}}\footnote{Jon
Aubrey, attacking laptops that are protected by Microsoft Bitlocker
drive encryption
\useURL[url1425][https://twitter.com/SecurityJon/status/1445020885472235524]\from[url1425]
\useURL[url1426][https://nitter.net/SecurityJon/status/1445020885472235524][][{[}Nitter{]}]\from[url1426]}'\footnote{F-Secure
Labs, Sniff, there leaks my BitLocker key
\useURL[url1427][https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/]\from[url1427]
\useURL[url1428][https://web.archive.org/web/https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/][][{[}Archive.org{]}]\from[url1428]}.
To mitigate this, you will have to enable a few more options as per the
recommendations of Microsoft\footnote{Microsoft, BitLocker
Countermeasures, Attacker countermeasures
\useURL[url1429][https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures]\from[url1429]
\useURL[url1430][https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures][][{[}Archive.org{]}]\from[url1430]}:
\startitemize
\item
Click the Windows icon
\item
Type Run
\item
Type \quotation{gpedit.msc} (this is the group policy editor)
\item
Navigate to Computer Configuration > Administrative Templates >
Windows Components > BitLocker > Operating System Drives
\startitemize
\item
Double Click the \quotation{Require Additional Authentication at
Startup}
\startitemize[packed]
\item
Click the \quotation{Configure TPM Startup PIN} and set it to
\quotation{Require Startup PIN with TPM}
\stopitemize
\item
Double Click the \quotation{Allow enhanced PINs for startup}
\startitemize[packed]
\item
Click the \quotation{Enable} (this will allow us to set a password
rather than a PIN)
\stopitemize
\stopitemize
\item
Close the Group Policy Editor
\item
Click the Windows icon
\item
Type Command to display the \quotation{Command Prompt}
\item
Right Click on it and click \quotation{Run as Administrator}
\item
Run \type{manage-bde -protectors -delete c:} (this will delete current
protection: the recovery key you will not need)
\item
Run \type{manage-bde -protectors -add c: -TPMAndPIN} (this will prompt
you for a pre-boot password)
\startitemize[packed]
\item
Enter a password or passphrase of your choice (a good one)
\stopitemize
\item
Run \type{manage-bde -status}
\startitemize[packed]
\item
You should now see at your C: drive below \quotation{Key Protectors}
the option \quotation{TPM and PIN}
\stopitemize
\item
You are done
\stopitemize
Now when you reboot your computer, you should ideally be prompted for:
\startitemize
\item
A BIOS/UEFI boot password
\item
An SSD/HDD unlock password (if the feature is available on your BIOS)
\item
A Bitlocker Pre-Boot Pin Screen where you need to enter the
password/passphrase you just set-up
\item
And finally, the Windows Logon Screen where you can enter the
credentials you set-up earlier
\stopitemize
\subsubsubsubsection[title={Enable Hibernation
(optional):},reference={enable-hibernation-optional}]
Again, as explained earlier. You should never use the sleep/stand-by
feature to mitigate some cold-boot and evil-maid attacks. Instead, you
should Shut down or hibernate. You should therefore switch your laptop
from sleeping to hibernating when closing the lid or when your laptop
goes to sleep.
({\bf Note that you cannot enable hibernation if you previously enabled
RAM encryption within Veracrypt)}
The reason is that Hibernation will actually shut down your laptop
completely and clean the memory. Sleep on the other hand will leave the
memory powered on (including your decryption key) and could leave your
laptop vulnerable to cold-boot attacks.
By default, Windows 10/11 might not offer you this possibility so you
should enable it by following this Microsoft tutorial:
\useURL[url1431][https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation]\from[url1431]
\useURL[url1432][https://web.archive.org/web/https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation][][{[}Archive.org{]}]\from[url1432]
\startitemize
\item
Open an administrator command prompt (right-click on Command Prompt
and \quotation{Run as Administrator})
\item
Run: powercfg.exe /hibernate on
\item
Now run the additional command: \type{**powercfg /h /type full**}
\startitemize[packed]
\item
{\bf This command will make sure your hibernate mode is full and
will fully clean the memory (not securely tho).}
\stopitemize
\stopitemize
After that you should go into your power settings:
\startitemize
\item
Open the Control Panel
\item
Open System & Security
\item
Open Power Options
\item
Open \quotation{Choose what the power button does}
\item
Change everything from sleep to hibernate or shutdown
\item
Go back to the Power Options
\item
Select Change Plan Settings
\item
Select Advanced Power Settings
\item
Change all the Sleep Values for each Power Plan to 0 (Never)
\item
Make sure Hybrid Sleep is Off for each Power Plan
\item
Enable Hibernate After the time you would like
\item
Disable all the Wake timers
\stopitemize
\subsubsubsection[title={Deciding which sub-route you will
take:},reference={deciding-which-sub-route-you-will-take}]
Now you will have to pick your next step between two options:
\startitemize
\item
Route A: Simple encryption of your current OS
\startitemize
\item
Pros:
\startitemize
\item
Does not require you to wipe your laptop
\item
No issue with local data leaks
\item
Works fine with an SSD drive
\item
Works with any OS
\item
Simple
\stopitemize
\item
Cons:
\startitemize
\item
You could be compelled by an adversary to reveal your password and
all your secrets and will have no plausible deniability.
\item
The danger of Online data leaks
\stopitemize
\stopitemize
\item
Route B: Simple encryption of your current OS with later use of
plausible deniability on files themselves:
\startitemize
\item
Pros:
\startitemize
\item
Does not require you to wipe your laptop
\item
Works fine with an SSD drive
\item
Works with any OS
\item
Plausible deniability is possible with \quotation{soft}
adversaries
\stopitemize
\item
Cons:
\startitemize
\item
The danger of Online Data leaks
\item
The danger of Local Data leaks (that will lead to more work to
clean up those leaks)
\stopitemize
\stopitemize
\item
Route C: Plausible Deniability Encryption of your Operating system
(you will have a \quotation{hidden OS} and a \quotation{decoy OS}
running on the laptop):
\startitemize
\item
Pros:
\startitemize
\item
No issues with local Data leaks
\item
Plausible deniability is possible with \quotation{soft}
adversaries
\stopitemize
\item
Cons:
\startitemize
\item
Requires Windows (this feature is not \quotation{easily} supported
on Linux).
\item
The danger of online Data leaks
\item
Requires full wipe of your laptop
\item
No use with an SSD drive due to the requirement of disabling
Trim\footnote{Wikipedia, Trim
\useURL[url1433][https://en.wikipedia.org/wiki/Trim_(computing)]\from[url1433]
\useURL[url1434][https://wikiless.org/wiki/Trim_(computing)][][{[}Wikiless{]}]\from[url1434]
\useURL[url1435][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)][][{[}Archive.org{]}]\from[url1435]}
Operations\footnote{Veracrypt Documentation, Trim Operations
\useURL[url1436][https://www.veracrypt.fr/en/Trim\%20Operation.html][][https://www.veracrypt.fr/en/Trim\letterpercent{}20Operation.html]\from[url1436]
\useURL[url1437][https://web.archive.org/web/https://www.veracrypt.fr/en/Trim\%20Operation.html][][{[}Archive.org{]}]\from[url1437]}.
This will severely degrade the performance/health of your SSD
drive over time.
\stopitemize
\stopitemize
\stopitemize
{\bf As you can see, Route C only offers two privacy advantages over the
others, and it will only be of use against a soft lawful adversary.
Remember
\useURL[url1438][https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis]\from[url1438]}
\useURL[url1439][https://wikiless.org/wiki/Rubber-hose_cryptanalysis][][{[}Wikiless{]}]\from[url1439]
\useURL[url1440][https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis][][{[}Archive.org{]}]\from[url1440]{\bf .}
Deciding which route you will take is up to you. Route A is a minimum.
{\bf Always be sure to check for new versions of Veracrypt frequently to
ensure you benefit from the latest patches. Especially check this before
applying large Windows updates that might break the Veracrypt bootloader
and send you into a boot loop.}
{\bf NOTE THAT BY DEFAULT VERACRYPT WILL ALWAYS PROPOSE A SYSTEM
PASSWORD IN QWERTY (display the password as a test). This can cause
issues if your boot input is using your laptop's keyboard (AZERTY for
example) as you will have set up your password in QWERTY and will input
it at boot time in AZERTY. So, make sure you check when doing the test
boot what keyboard layout your BIOS is using. You could fail to log in
just because of the QWERTY/AZERTY mix-up. If your BIOS boots using
AZERTY, you will need to type the password in QWERTY within Veracrypt.}
\subsubsubsubsection[title={Route A and B: Simple Encryption using
Veracrypt (Windows
tutorial)},reference={route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial}]
{\bf Skip this step if you used BitLocker instead earlier.}
You do not have to have an HDD for this method, and you do not need to
disable Trim on this route. Trim leaks will only be of use to forensics
in detecting the presence of a Hidden Volume but will not be of much use
otherwise.
This route is rather straightforward and will just encrypt your current
Operating System in place without losing any data. Be sure to read all
the texts Veracrypt is showing you, so you have a full understanding of
what is going on. Here are the steps:
\startitemize
\item
Launch VeraCrypt
\item
Go into Settings:
\startitemize
\item
Settings > Performance/driver options > Encrypt RAM
\item
System > Settings > Security > Clear keys from memory if a new
device is inserted
\item
System > Settings > Windows > Enable Secure Desktop
\stopitemize
\item
Select System
\item
Select Encrypt System Partition/Drive
\item
Select Normal (Simple)
\item
Select Single-Boot
\item
Select AES as encryption Algorithm (click the test button if you want
to compare the speeds)
\item
Select SHA-512 as hash Algorithm (because why not)
\item
Enter a strong passphrase (longer the better, remember \goto{Appendix
A2: Guidelines for passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases])
\item
Collect some entropy by randomly moving your cursor around until the
bar is full
\item
Click Next as the Generated Keys screen
\item
To rescue disk\footnote{Veracrypt Documentation, Rescue Disk
\useURL[url1441][https://www.veracrypt.fr/en/VeraCrypt\%20Rescue\%20Disk.html][][https://www.veracrypt.fr/en/VeraCrypt\letterpercent{}20Rescue\letterpercent{}20Disk.html]\from[url1441]
\useURL[url1442][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Rescue\%20Disk.html][][{[}Archive.org{]}]\from[url1442]}
or not rescue disk, well that is up to you. We recommend making one
(just in case), just make sure to store it outside your encrypted
drive (USB key for instance or wait and see the end of this guide for
guidance on safe backups). This rescue disk will not store your
passphrase and you will still need it to use it.
\item
Wipe mode:
\startitemize
\item
If you have no sensitive data yet on this laptop, select None
\item
If you have sensitive data on an SSD, Trim alone should take care of
it\footnote{St Cloud State University, Forensic Research on Solid
State Drives using Trim Analysis
\useURL[url1443][https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds]\from[url1443]
\useURL[url1444][https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds][][{[}Archive.org{]}]\from[url1444]}
but we would recommend one pass (random data) just to be sure.
\item
If you have sensitive data on an HDD, there is no Trim, and we
Swould recommend at least 1-pass.
\stopitemize
\item
Test your setup. Veracrypt will now reboot your system to test the
bootloader before encryption. This test must pass for encryption to go
forward.
\item
After your computer rebooted and the test is passed. You will be
prompted by Veracrypt to start the encryption process.
\item
Start the encryption and wait for it to complete.
\item
You are done, skip Route B and go to the next steps.
\stopitemize
There will be another section on creating encrypted file containers with
Plausible Deniability on Windows.
\subsubsubsubsection[title={Route B: Plausible Deniability Encryption
with a Hidden OS (Windows
only)},reference={route-b-plausible-deniability-encryption-with-a-hidden-os-windows-only}]
{\bf This is only supported on Windows.}
{\bf This is only recommended on an HDD drive. This is not recommended
on an SSD drive.}
{\bf Your Hidden OS should not be activated (with an MS product key).
Therefore, this route will recommend and guide you through a full clean
installation that will wipe everything on your laptop.}
Read the Veracrypt Documentation
\useURL[url1445][https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][https://www.veracrypt.fr/en/VeraCrypt\letterpercent{}20Hidden\letterpercent{}20Operating\letterpercent{}20System.html]\from[url1445]
\useURL[url1446][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][{[}Archive.org{]}]\from[url1446]
(Process of Creation of Hidden Operating System part) and
\useURL[url1447][https://www.veracrypt.fr/en/Security\%20Requirements\%20for\%20Hidden\%20Volumes.html][][https://www.veracrypt.fr/en/Security\letterpercent{}20Requirements\letterpercent{}20for\letterpercent{}20Hidden\letterpercent{}20Volumes.html]\from[url1447]
\useURL[url1448][https://web.archive.org/web/https://www.veracrypt.fr/en/Security\%20Requirements\%20for\%20Hidden\%20Volumes.html][][{[}Archive.org{]}]\from[url1448]
(Security Requirements and Precautions Pertaining to Hidden Volumes).
This is how your system will look after this process is done:
\placefigure{image22}{\externalfigure[./tex2pdf.-1a34188c73046814/4f7142de5d77f6ca1331e5447ea064a93b94e87c.png]}
(Illustration from Veracrypt Documentation,
\useURL[url1449][https://veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][https://veracrypt.fr/en/VeraCrypt\letterpercent{}20Hidden\letterpercent{}20Operating\letterpercent{}20System.html]\from[url1449]
\useURL[url1450][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][{[}Archive.org{]}]\from[url1450])
As you can see this process requires you to have two partitions on your
hard drive from the start.
This process will do the following:
\startitemize
\item
Encrypt your second partition (the outer volume) that will look like
an empty unformatted disk from the decoy OS.
\item
Prompt you with the opportunity to copy some decoy content within the
outer volume.
\startitemize[packed]
\item
This is where you will copy your decoy Anime/Porn collection from
some external hard drive to the outer volume.
\stopitemize
\item
Create a hidden volume within the outer volume of that second
partition. This is where the hidden OS will reside.
\item
Clone your currently running Windows 10/11 installation onto the
hidden volume.
\item
Wipe your currently running Windows 10/11.
\item
This means that your current Windows 10/11 will become the hidden
Windows 10/11 and that you will need to reinstall a fresh decoy
Windows 10/11 OS.
\stopitemize
{\bf Mandatory if you have an SSD drive and you still want to do this
against the recommendation: Disable SSD Trim in Windows}\footnote{WindowsCentral,
Trim Tutorial
\useURL[url1451][https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance]\from[url1451]
\useURL[url1452][https://web.archive.org/web/https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance][][{[}Archive.org{]}]\from[url1452]}
{\bf (again this is NOT recommended at all as} {\bf disabling Trim in
itself is highly suspicious}). {\bf Also} {\bf as mentioned earlier,
disabling Trim will reduce the lifetime of your SSD drive and will
significantly impact its performance over time (your laptop will become
slower and slower over several months of use until it becomes almost
unusable, you will then have to clean the drive and re-install
everything). But you must do it to prevent data leaks}\footnote{Veracrypt
Documentation, Trim Operation
\useURL[url1453][https://veracrypt.eu/en/docs/trim-operation/]\from[url1453]
\useURL[url1454][https://web.archive.org/web/https://veracrypt.eu/en/docs/trim-operation/][][{[}Archive.org{]}]\from[url1454]}
{\bf that could allow forensics to defeat your plausible
deniability}\footnote{Black Hat 2018, Perfectly Deniable Steganographic
Disk Encryption
\useURL[url1455][https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf]\from[url1455]
\useURL[url1456][https://web.archive.org/web/https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf][][{[}Archive.org{]}]\from[url1456]}\footnote{Milan
Broz's Blog, TRIM & dm-crypt \ldots{} problems?
\useURL[url1457][http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html]\from[url1457]
\useURL[url1458][https://web.archive.org/web/http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html][][{[}Archive.org{]}]\from[url1458]}{\bf .
The only way around this at the moment is to have a laptop with a
classic HDD drive instead.}
\subsubsubsubsubsection[title={Step 1: Create a Windows 10/11 install
USB key},reference={step-1-create-a-windows-1011-install-usb-key}]
See {[}Appendix C: Windows Installation Media Creation{]}{[}306{]} and
go with the USB key route.
\subsubsubsubsubsection[title={Step 2: Boot the USB key and start the
Windows 10/11 install process (Hidden
OS)},reference={step-2-boot-the-usb-key-and-start-the-windows-1011-install-process-hidden-os}]
\startitemize
\item
Insert the USB key into your laptop
\item
See \goto{Appendix A: Windows
Installation}[appendix-a-windows-installation] and proceed with
installing Windows 10/11 Home.
\stopitemize
\subsubsubsubsubsection[title={Step 3: Privacy Settings (Hidden
OS)},reference={step-3-privacy-settings-hidden-os}]
See \goto{Appendix B: Windows Additional Privacy
Settings}[appendix-b-windows-additional-privacy-settings]
\subsubsubsubsubsection[title={Step 4: Veracrypt installation and
encryption process start (Hidden
OS)},reference={step-4-veracrypt-installation-and-encryption-process-start-hidden-os}]
Remember to read
\useURL[url1459][https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][https://www.veracrypt.fr/en/VeraCrypt\letterpercent{}20Hidden\letterpercent{}20Operating\letterpercent{}20System.html]\from[url1459]
\useURL[url1460][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][{[}Archive.org{]}]\from[url1460]
Do not connect this OS to your known Wi-Fi. You should download the
Veracrypt installer from a different computer and copy the installer
here using a USB key. Here are the steps:
\startitemize
\item
Install Veracrypt
\item
Start Veracrypt
\item
Go into Settings:
\startitemize
\item
Settings > Performance/driver options > Encrypt RAM ({\bf note that
this option is not compatible with Hibernation your laptop and means
you will have to shut down completely)}
\item
System > Settings > Security > Clear keys from memory if a new
device is inserted
\item
System > Settings > Windows > Enable Secure Desktop
\stopitemize
\item
Go into System and select Create Hidden Operating System
\item
Read all the prompts thoroughly
\item
Select Single-Boot if prompted
\item
Create the Outer Volume using AES and SHA-512.
\item
Use all the space available on the second partition for the Outer
Volume
\item
Use a strong passphrase (remember \goto{Appendix A2: Guidelines for
passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases])
\item
Select yes to Large Files
\item
Create some Entropy by moving the mouse around until the bar is full
and select NTFS (do not select exFAT as you want this outer volume to
look \quotation{normal} and NTFS is normal).
\item
Format the Outer Volume
\item
Open Outer Volume:
\startitemize
\item
At this stage, you should copy decoy data onto the outer volume. So,
you should have some sensitive but not so sensitive files/folders to
copy there. In case you need to reveal a password to this
Volume{\bf .} This is a good place for your Anime/Mp3/Movies/Porn
collection.
\item
We recommend you do not fill the outer volume too much or too little
(about 40\letterpercent{}). Remember you must leave enough space for
the Hidden OS (which will be the same size as the first partition
you created during installation).
\stopitemize
\item
Use a strong passphrase for the Hidden Volume (obviously a different
one than the one for the Outer Volume).
\item
Now you will create the Hidden Volume, select AES and SHA-512
\item
Fill the entropy bar until the end with random mouse movements
\item
Format the hidden Volume
\item
Proceed with the Cloning
\item
Veracrypt will now restart and Clone the Windows where you started
this process into the Hidden Volume. This Windows will become your
Hidden OS.
\item
When the cloning is complete, Veracrypt will restart within the Hidden
System
\item
Veracrypt will inform you that the Hidden System is now installed and
then prompt you to wipe the Original OS (the one you installed
previously with the USB key).
\item
Use 1-Pass Wipe and proceed.
\item
Now your Hidden OS will be installed, proceed to the next step
\stopitemize
\subsubsubsubsubsection[title={Step 5: Reboot and boot the USB key and
start the Windows 10/11 install process again (Decoy
OS)},reference={step-5-reboot-and-boot-the-usb-key-and-start-the-windows-1011-install-process-again-decoy-os}]
Now that the Hidden OS is fully installed, you will need to install a
Decoy OS:
\startitemize
\item
Insert the USB key into your laptop
\item
See \goto{Appendix A: Windows
Installation}[appendix-a-windows-installation] and proceed with
installing Windows 10/11 Home again (do not install a different
version and stick with Home).
\stopitemize
\subsubsubsubsubsection[title={Step 6: Privacy settings (Decoy
OS)},reference={step-6-privacy-settings-decoy-os}]
See \goto{Appendix B: Windows Additional Privacy
Settings}[appendix-b-windows-additional-privacy-settings]
\subsubsubsubsubsection[title={Step 7: Veracrypt installation and
encryption process start (Decoy
OS)},reference={step-7-veracrypt-installation-and-encryption-process-start-decoy-os}]
Now you will encrypt the Decoy OS:
\startitemize
\item
Install Veracrypt
\item
Launch VeraCrypt
\item
Select System
\item
Select Encrypt System Partition/Drive
\item
Select Normal (Simple)
\item
Select Single-Boot
\item
Select AES as encryption Algorithm (click the test button if you want
to compare the speeds)
\item
Select SHA-512 as hash Algorithm (because why not)
\item
Enter a short weak password (yes this is serious, do it, it will be
explained later).
\item
Collect some entropy by randomly moving your cursor around until the
bar is full
\item
Click Next as the Generated Keys screen
\item
To rescue disk\footnote{Veracrypt Documentation, Rescue Disk
\useURL[url1461][https://www.veracrypt.fr/en/VeraCrypt\%20Rescue\%20Disk.html][][https://www.veracrypt.fr/en/VeraCrypt\letterpercent{}20Rescue\letterpercent{}20Disk.html]\from[url1461]
\useURL[url1462][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Rescue\%20Disk.html][][{[}Archive.org{]}]\from[url1462]}
or not rescue disk, well that is up to you. We recommend making one
(just in case), just make sure to store it outside your encrypted
drive (USB key for instance or wait and see the end of this guide for
guidance on safe backups). This rescue disk will not store your
passphrase and you will still need it to use it.
\item
Wipe mode: Select 1-Pass just to be safe
\item
Pre-Test your setup. Veracrypt will now reboot your system to test the
bootloader before encryption. This test must pass for encryption to go
forward.
\item
After your computer rebooted and the test is passed. You will be
prompted by Veracrypt to start the encryption process.
\item
Start the encryption and wait for it to complete.
\item
Your Decoy OS is now ready for use.
\stopitemize
\subsubsubsubsubsection[title={Step 8: Test your setup (Boot in
Both)},reference={step-8-test-your-setup-boot-in-both}]
Time to test your setup:
\startitemize
\item
Reboot and input your Hidden OS passphrase, you should boot within the
Hidden OS.
\item
Reboot and input your Decoy OS passphrase, you should boot within the
Decoy OS.
\item
Launch Veracrypt on the Decoy OS and mount the second partition using
the Outer Volume Passphrase (mount it as read-only, by going into
Mount Options and Selecting Read-Only) and it should mount the second
partition as a read-only displaying your decoy data (your Anime/Porn
collection). You are mounting it as read-only now because if you were
to write data on it, you could override content from your Hidden OS.
\stopitemize
\subsubsubsubsubsection[title={Step 9: Changing the decoy data on your
Outer Volume
safely},reference={step-9-changing-the-decoy-data-on-your-outer-volume-safely}]
Before going to the next step, you should learn the way to mount your
Outer Volume safely for writing content on it. This is also explained in
this official Veracrypt Documentation
\useURL[url1463][https://www.veracrypt.fr/en/Protection\%20of\%20Hidden\%20Volumes.html][][https://www.veracrypt.fr/en/Protection\letterpercent{}20of\letterpercent{}20Hidden\letterpercent{}20Volumes.html]\from[url1463]
\useURL[url1464][https://web.archive.org/web/https://www.veracrypt.fr/en/Protection\%20of\%20Hidden\%20Volumes.html][][{[}Archive.org{]}]\from[url1464]
{\bf You should do this from a safe, trusted space.}
Basically, you are going to mount your Outer Volume while also providing
the Hidden Volume passphrase within the Mount Options to protect the
Hidden Volume from being overwritten:
\startitemize
\item
Open Veracrypt
\item
Select your Second Partition
\item
Click Mount
\item
Click Mount Options
\item
Check the \quotation{Protect the Hidden volume\ldots{}} Option
\item
Enter the Hidden OS passphrase
\item
Click OK
\item
Enter your Outer Volume passphrase
\item
Click OK
\item
You should now be able to open and write to your Outer Volume to
change the content (copy/move/delete/edit\ldots{})
\stopitemize
This operation will not actually mount the Hidden Volume and should
prevent the creation of any forensic evidence that could lead to the
discovery of the Hidden OS. However, while you are performing this
operation, both passwords will be stored in your RAM. You could still be
vulnerable to a Cold-Boot Attack. To mitigate this, be sure to have the
option to encrypt your RAM as instructed before.
\subsubsubsubsubsection[title={Step 10: Leave some forensics evidence of
your Outer Volume (with the decoy Data) within your Decoy
OS},reference={step-10-leave-some-forensics-evidence-of-your-outer-volume-with-the-decoy-data-within-your-decoy-os}]
We must make the Decoy OS as plausible as possible. We also want your
adversary to underestimate your intelligence.
It is important to voluntarily leave some forensic evidence of your
Decoy Content within your Decoy OS. This evidence will let forensic
examiners see that you mounted your Outer Volume frequently to access
its content.
Here are useful tips to leave some forensics evidence:
\startitemize
\item
Play the content from the Outer Volume from your Decoy OS (using VLC
for instance). Be sure to keep a history of those.
\item
Edit documents and work on them.
\item
Enable file indexing again on the Decoy OS and include the mounted
Outer Volume.
\item
Unmount it and mount it frequently to watch some content or move files
around.
\item
Copy some content from your Outer Volume to your Decoy OS and then
delete it unsafely. Just put it in the Recycle Bin, which only someone
who is naive would do, thinking it were deleted.
\item
Have a Torrent Client installed on the Decoy OS; use it from time to
time to download some similar stuff that you will leave on the Decoy
OS.
\item
You could have a VPN client installed on the Decoy OS with a known VPN
of yours (non-cash paid).
\stopitemize
Do not put anything suspicious on the Decoy OS such as:
\startitemize
\item
This guide
\item
Any links to this guide
\item
Any suspicious anonymity software such as Tor Browser
\item
Any Veracrypt volumes
\item
Any documents on anonymity or security
\stopitemize
The intention is to make your adversary believe you are not as smart as
they thought, to deter them from searching deeper.
\subsubsubsubsubsection[title={Notes:},reference={notes-1}]
{\bf Remember that you will need valid excuses for this plausible
deniability scenario to work:}
\startitemize
\item
{\bf You are using Veracrypt because you are using Windows 10/11 Home,
which do not feature Bitlocker, but you still wanted reasonable
Privacy.}
\item
{\bf You have two partitions because you wanted to separate the system
from the data for easy organization, and because some geeky friend
told you this was better for performance.}
\item
{\bf You have used a weak password for easy convenient booting of the
system and a strong, long passphrase on the Outer Volume. You were too
lazy to type a strong passphrase at each boot.}
\item
{\bf You encrypted the second partition with a different password than
the system because you do not want anyone in your group/domain to see
your stuff. You did not want that data available to anyone.}
\stopitemize
Take some time to read again the \quotation{Possible Explanations for
Existence of Two Veracrypt Partitions on Single Drive} of the Veracrypt
documentation here
\useURL[url1465][https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][https://www.veracrypt.fr/en/VeraCrypt\letterpercent{}20Hidden\letterpercent{}20Operating\letterpercent{}20System.html]\from[url1465]
\useURL[url1466][https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt\%20Hidden\%20Operating\%20System.html][][{[}Archive.org{]}]\from[url1466]
{\bf Be careful:}
\startitemize
\item
{\bf You should never mount the Hidden Volume from the Decoy OS (NEVER
EVER). If you did this, it would create forensic evidence of the
Hidden Volume within the Decoy OS which could jeopardize your attempt
at plausible deniability}. If you did this anyway (intentionally or by
mistake) from the Decoy OS, there are ways to erase forensic evidence
that will be explained later at the end of this guide, so this mistake
alone isn't a huge deal if you follow the steps in \goto{Some
additional measures against
forensics}[some-additional-measures-against-forensics].
\item
{\bf Never use the Decoy OS from the same network (public Wi-Fi) as
the Hidden OS.}
\item
{\bf When you do mount the Outer Volume from the Decoy OS, do not
write any data within the Outer Volume. This could override what looks
like empty space, but is in fact your Hidden OS. You should always
mount it as read-only.}
\item
{\bf If you want to change the decoy content of the Outer Volume, you
should use a Live OS USB Key that will run Veracrypt.}
\item
{\bf Note that you will not use the Hidden OS to perform sensitive
activities, this will be done later from a VM within the Hidden OS.
The Hidden OS is only meant to protect you from soft lawful
adversaries that could gain access to your laptop and compel you to
reveal your password.}
\item
{\bf Be careful of any tampering with your laptop. Evil-Maid Attacks
can reveal your Hidden OS.}
\stopitemize
\subsubsection[title={Virtualbox on your Host
OS:},reference={virtualbox-on-your-host-os}]
Remember \goto{Appendix W: Virtualization}[appendix-w-virtualization].
This step and the following steps should be done from within the Host
OS. This can either be your Host OS with simple encryption
(Windows/Linux/macOS) or your Hidden OS with plausible deniability
(Windows only).
In this route, you will make extensive use of the free Oracle
Virtualbox\footnote{Wikipedia, Virtualbox
\useURL[url1467][https://en.wikipedia.org/wiki/VirtualBox]\from[url1467]
\useURL[url1468][https://wikiless.org/wiki/VirtualBox][][{[}Wikiless{]}]\from[url1468]
\useURL[url1469][https://web.archive.org/web/https://en.wikipedia.org/wiki/VirtualBox][][{[}Archive.org{]}]\from[url1469]}
software. This is a virtualization software in which you can create
Virtual Machines that emulate a computer running a specific OS (if you
want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to
do so but this part of the guide covers Virtualbox only for
convenience).
So, you should be aware that Virtualbox is not the virtualization
software with the best track record in terms of security. Some of the
reported issues\footnote{VirtualBox Ticket 17987
\useURL[url1470][https://www.virtualbox.org/ticket/17987]\from[url1470]
\useURL[url1471][https://web.archive.org/web/https://www.virtualbox.org/ticket/17987][][{[}Archive.org{]}]\from[url1471]}
have not been completely fixed to date\footnote{Whonix Documentation,
Spectre Meltdown
\useURL[url1472][https://www.whonix.org/wiki/Spectre_Meltdown\#VirtualBox]\from[url1472]
\useURL[url1473][https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown][][{[}Archive.org{]}]\from[url1473]}.
If you are using Linux, and you possess a bit more technical skill, you
should consider using KVM instead by following the guide available at
Whonix here
\useURL[url1474][https://www.whonix.org/wiki/KVM]\from[url1474]
\useURL[url1475][https://web.archive.org/web/https://www.whonix.org/wiki/KVM][][{[}Archive.org{]}]\from[url1475]
and here
\useURL[url1476][https://www.whonix.org/wiki/KVM\#Why_Use_KVM_Over_VirtualBox.3F]\from[url1476]
\useURL[url1477][https://web.archive.org/web/https://www.whonix.org/wiki/KVM\#Why_Use_KVM_Over_VirtualBox.3F][][{[}Archive.org{]}]\from[url1477]
Some steps should be taken in all cases:
{\bf All your sensitive activities will be done from within a guest
Virtual Machine running Windows 10/11 Pro (not Home this time), Linux,
or macOS.}
This has a few advantages that will help you remain anonymous:
\startitemize
\item
It should prevent the guest VM OS (Windows/Linux/macOS), apps, and any
telemetry within the VMs from accessing your hardware directly. Even
if your VM is compromised by malware, the malware should not be able
to access the Host OS and compromise your actual machine.
\item
It will allow us to force all the network traffic from your VM to run
through another Gateway VM that will direct all the traffic over the
Tor Network. This is a network \quotation{kill switch}. Your VM will
lose its network connectivity completely and go offline if the target
network VM loses its connection to the Tor Network.
\item
The VM itself, which only has internet connectivity through a Tor
Network Gateway, will connect to your cash-paid VPN service through
Tor.
\item
DNS Leaks will be impossible because the VM is on an isolated network
that must go through Tor no matter what.
\stopitemize
\subsubsection[title={Pick your connectivity
method:},reference={pick-your-connectivity-method}]
There are seven possibilities within this route:
\startitemize
\item
{\bf Recommended and preferred:}
\startitemize
\item
{\bf Use Tor alone (User > Tor > Internet)}
\item
{\bf Use VPN over Tor (User > Tor > VPN > Internet) in specific
cases}
\item
{\bf Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor >
Self-Hosted VPN/Proxy > Internet) in specific cases}
\stopitemize
\item
Possible if required by context:
\startitemize
\item
Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)
\item
Use Tor over VPN (User > VPN > Tor > Internet)
\stopitemize
\item
Not recommended and risky:
\startitemize
\item
Use VPN alone (User > VPN > Internet)
\item
Use VPN over VPN (User > VPN > VPN > Internet)
\stopitemize
\item
{\bf Not recommended and highly risky (but possible)}
\startitemize[packed]
\item
No VPN and no Tor (User > Internet)
\stopitemize
\stopitemize
\placefigure{image23}{\externalfigure[./tex2pdf.-1a34188c73046814/ad5dac2a0c32b6db732493569d7134218c54534b.png]}
\subsubsubsection[title={Tor only:},reference={tor-only}]
This is the preferred and most recommended solution.
\placefigure{image24}{\externalfigure[./tex2pdf.-1a34188c73046814/4c5dddb8843b891eb249928e3907ff9878265a57.png]}
With this solution, all your network goes through Tor, and it should be
sufficient to guarantee your anonymity in most cases.
There is one main drawback tho: {\bf Some services block/ban Tor Exit
nodes outright and will not allow account creations from those.}
To mitigate this, you might have to consider the next option: VPN over
Tor but consider some risks associated with it explained in the next
section.
\subsubsubsection[title={VPN/Proxy over
Tor:},reference={vpnproxy-over-tor}]
This solution can bring some benefits in some specific cases vs using
Tor only where accessing the destination service would be impossible
from a Tor Exit node. This is because many services will just outright
ban, hinder, or block Tor Exit Nodes (see
\useURL[url1478][https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor]\from[url1478]
\useURL[url1479][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor][][{[}Archive.org{]}]\from[url1479]).
This solution can be achieved in two ways:
\startitemize
\item
Paid VPN over Tor (easiest)
\item
Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in
avoiding online obstacles such as captchas but requiring more skills
with Linux)
\stopitemize
As you can see in this illustration, if your cash (preferred)/Monero
paid VPN/Proxy is compromised by an adversary (despite their privacy
statement and no-logging policies), they will only find an anonymous
cash/Monero paid VPN/Proxy account connecting to their services from a
Tor Exit node.
\placefigure{image25}{\externalfigure[./tex2pdf.-1a34188c73046814/4ccbbc189aa8cae0ea882310ecaeb4c1b3f6acb0.png]}
If an adversary somehow manages to compromise the Tor network too, they
will only reveal the IP of a random public Wi-Fi that is not tied to
your identity.
If an adversary somehow compromises your VM OS (with malware or an
exploit for instance), they will be trapped within the internal Network
of Whonix and should be unable to reveal the IP of the public Wi-Fi.
{\bf This solution however has one main drawback to consider:
Interference with Tor Stream Isolation}\footnote{Whonix Documentation,
Stream Isolation
\useURL[url1480][https://www.whonix.org/wiki/Stream_Isolation]\from[url1480]
\useURL[url1481][https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation][][{[}Archive.org{]}]\from[url1481]}.
Stream isolation is a mitigation technique used to prevent some
correlation attacks by having different Tor Circuits for each
application. Here is an illustration to show what stream isolation is:
\placefigure{image26}{\externalfigure[./tex2pdf.-1a34188c73046814/a32a269c6ea46148dddc02bb954ddeb6e5805666.png]}
(Illustration from Marcelo Martins,
\useURL[url1482][https://stakey.club/en/decred-via-tor-network/]\from[url1482]
\useURL[url1483][https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/][][{[}Archive.org{]}]\from[url1483])
VPN/Proxy over Tor falls on the right-side\footnote{Whonix
Documentation, Tunnels Comparison Table
\useURL[url1484][https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table]\from[url1484]
\useURL[url1485][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table][][{[}Archive.org{]}]\from[url1485]}
meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all
activities instead of multiple circuits for each. This means that using
a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases
and should therefore be used only for some specific cases:
\startitemize
\item
When your destination service does not allow Tor Exit nodes.
\item
When you do not mind using a shared Tor circuit for various services.
For instance, when using various authenticated services.
\stopitemize
{\bf You should however consider not using this method when your aim is
just to browse random various unauthenticated websites as you will not
benefit from Stream Isolation and this could make correlation attacks
easier over time for an adversary between each of your sessions (see
\goto{Your Anonymized Tor/VPN traffic}[your-anonymized-torvpn-traffic]).
If your goal however is to use the same identity at each session on the
same authenticated services, the value of Stream isolation is lessened
as you can be correlated through other means.}
You should also know that Stream Isolation is not necessarily configured
by default on Whonix Workstation. It is only pre-configured for some
applications (including Tor Browser).
Also, note that Stream Isolation does not necessarily change all the
nodes in your Tor circuit. It can sometimes only change one or two. In
many cases, Stream Isolation (for instance within the Tor Browser) will
only change the relay (middle) node and the exit node while keeping the
same guard (entry) node.
More information at:
\startitemize
\item
\useURL[url1486][https://www.whonix.org/wiki/Stream_Isolation]\from[url1486]
\useURL[url1487][https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation][][{[}Archive.org{]}]\from[url1487]
\item
\useURL[url1488][https://tails.boum.org/contribute/design/stream_isolation/]\from[url1488]
\useURL[url1489][https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/][][{[}Archive.org{]}]\from[url1489]
\item
\useURL[url1490][https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table]\from[url1490]
\useURL[url1491][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table][][{[}Archive.org{]}]\from[url1491]
\stopitemize
\subsubsubsection[title={Tor over VPN:},reference={tor-over-vpn}]
You might be wondering: Well, what about using Tor over VPN instead of
VPN over Tor? Well, we would not necessarily recommend it:
\startitemize
\item
Disadvantages:
\startitemize
\item
Your VPN provider is just another ISP that will then know your
origin IP and will be able to de-anonymize you if required. We do
not trust them. We prefer a situation where your VPN provider does
not know who you are. It does not add much in terms of anonymity.
\item
This would result in you connecting to various services using the IP
of a Tor Exit Node which is banned/flagged in many places. It does
not help in terms of convenience.
\stopitemize
\item
Advantages:
\startitemize
\item
{\bf The main advantage is that if you are in a hostile environment
where Tor access is impossible/dangerous/suspicious, but VPN is
okay.}
\item
This method also does not break Tor Stream isolation.
\item
This also hides your Tor activities from your main ISP.
\stopitemize
\stopitemize
Note, if you are having issues accessing the Tor Network due to
blocking/censorship, you could try using Tor Bridges. See \goto{Appendix
X: Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments].
It is also possible to consider {\bf VPN over Tor over VPN (User > VPN >
Tor > VPN > Internet)} using two cash/Monero paid VPNs instead. This
means that you will connect the Host OS to a first VPN from your Public
Wi-Fi, then Whonix will connect to Tor, and finally, your VM will
connect to a second VPN over Tor over VPN (see
\useURL[url1492][https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor]\from[url1492]
\useURL[url1493][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor][][{[}Archive.org{]}]\from[url1493]).
This will of course have a significant performance impact and might be
quite slow, but Tor is necessary somewhere for achieving reasonable
anonymity.
Achieving this technically is easy within this route, you need two
separate anonymous VPN accounts and must connect to the first VPN from
the Host OS and follow the route.
Conclusion: Only do this if you think using Tor alone is
risky/impossible but VPNs are okay. Or just because you can and so why
not. This method will not lower your security/privacy/anonymity.
\subsubsubsection[title={VPN only:},reference={vpn-only}]
This route will not be explained nor recommended.
{\bf If you can use VPNs then you should be able to add a Tor layer over
it. And if you can use Tor, then you can add an anonymous VPN over Tor
to get the preferred solution.}
Just using a VPN or even a VPN over VPN makes no sense as those can be
traced back to you over time. One of the VPN providers will know your
real origin IP (even if it is in a safe public space) and even if you
add one over it, the second one will still know you were using that
other first VPN service. This will only slightly delay your
de-anonymization. Yes, it is an added layer \ldots{} but it is a
persistent centralized added layer, and you can be de-anonymized over
time. This is just chaining 3 ISPs that are all subject to lawful
requests.
For more info, please see the following references:
\startitemize
\item
\useURL[url1494][https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services\#Tor_and_VPN_Services_Comparison]\from[url1494]
\useURL[url1495][https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services][][{[}Archive.org{]}]\from[url1495]
\item
\useURL[url1496][https://www.whonix.org/wiki/Why_does_Whonix_use_Tor]\from[url1496]
\useURL[url1497][https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor][][{[}Archive.org{]}]\from[url1497]
\item
\useURL[url1498][https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study]\from[url1498]
\useURL[url1499][https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study][][{[}Archive.org{]}]\from[url1499]
\item
\useURL[url1500][https://gist.github.com/joepie91/5a9909939e6ce7d09e29\#file-vpn-md]\from[url1500]
\useURL[url1501][https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29][][{[}Archive.org{]}]\from[url1501]
\item
\useURL[url1502][https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html]\from[url1502]
\useURL[url1503][https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html][][{[}Archive.org{]}]\from[url1503]
\stopitemize
{\bf In the context of this guide, Tor is required somewhere to achieve
reasonable and safe anonymity and you should use it if you can.}
\subsubsubsection[title={No VPN/Tor:},reference={no-vpntor}]
If you cannot use VPN nor Tor where you are, you probably are in a very
hostile environment where surveillance and control are extremely high.
Just do not, it is not worth it and too risky. You can be de-anonymized
almost instantly by any motivated adversary that could get to your
physical location in a matter of minutes.
Do not forget to check back on \goto{Adversaries (threats)}[threats] and
\goto{Appendix S: Check your network for surveillance/censorship using
OONI}[appendix-s-check-your-network-for-surveillancecensorship-using-ooni].
If you have absolutely no other option and still want to do something,
see \goto{Appendix P: Accessing the internet as safely as possible when
Tor/VPN is not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
{\bf (at your own risk) and consider \goto{The Tails
route}[the-tor-browser-route] instead.}
\subsubsubsection[title={Conclusion:},reference={conclusion-1}]
\startplacetable[location=none]
\startxtable
\startxtablehead[head]
\startxrow
\startxcell[width={0.15\textwidth}] Connection Type \stopxcell
\startxcell[width={0.05\textwidth}] Anonymity \stopxcell
\startxcell[width={0.15\textwidth}] Ease of Access to online
resources \stopxcell
\startxcell[width={0.09\textwidth}] Tor Stream isolation \stopxcell
\startxcell[width={0.17\textwidth}] Safer where Tor is
suspicious/dangerous \stopxcell
\startxcell[width={0.05\textwidth}] Speed \stopxcell
\startxcell[width={0.11\textwidth}] Cost \stopxcell
\startxcell[width={0.21\textwidth}] Recommended \stopxcell
\stopxrow
\stopxtablehead
\startxtablebody[body]
\startxrow
\startxcell[width={0.15\textwidth}] Tor Alone \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Free} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Tor over VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good+} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed (Tor
inaccessible)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Tor over VPN over Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Best} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Poor} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN over Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed
(convenience)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Self-Hosted VPS VPN/Proxy over
Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Very Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed
(convenience)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN/Proxy over Tor over
VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Poor} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 100€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed (convenience and Tor
inaccessible)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN/Proxy Alone \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Bad} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf N/A} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf No.} \stopxcell
\stopxrow
\stopxtablebody
\startxtablefoot[foot]
\startxrow
\startxcell[width={0.15\textwidth}] No Tor and VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Bad} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Unknown} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf N/A} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 100€
(Antenna)} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf No.} \stopxcell
\stopxrow
\stopxtablefoot
\stopxtable
\stopplacetable
Unfortunately, using Tor alone will raise the suspicion of many
destinations' platforms. You will face many hurdles (captchas, errors,
difficulties signing up) if you only use Tor. In addition, using Tor
where you are could put you in trouble just for that. But Tor is still
the best solution for anonymity and must be somewhere for anonymity.
\startitemize
\item
If you intend to create persistent shared and authenticated identities
on various services where access from Tor is hard, we recommend the
{\bf VPN over Tor} and {\bf VPS VPN/Proxy over Tor} options (or VPN
over Tor over VPN if needed). It might be a bit less secure against
correlation attacks due to breaking Tor Stream isolation but provides
much better convenience in accessing online resources than just using
Tor. It is an \quotation{acceptable} trade-off IMHP if you are careful
enough with your identity.
\startitemize[packed]
\item
{\bf Note: It is becoming more common that mainstream services and
CDNS are also blocking or hindering VPN users with captchas and
other various obstacles}. {\bf In that case, a self-hosted VPS with
a VPN/Proxy over Tor is the best solution for this as having your
own dedicated VPS guarantees you are the sole user of your IP and
encounter little to no obstacles.} Consider a \goto{Self-hosted
VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with
Linux)}[self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux]
if you want the least amount of issues (this will be explained in
the next section in more details).
\stopitemize
\item
If your intent however is just to browse random services anonymously
without creating specific shared identities, using tor friendly
services; or if you do not want to accept that trade-off in the
earlier option. {\bf Then we recommend using the Tor Only route to
keep the full benefits of Stream Isolation (or Tor over VPN if you
need to).}
\item
If cost is an issue, we recommend the Tor Only option if possible.
\item
If both Tor and VPN access are impossible or dangerous then you have
no choice but to rely on Public wi-fi safely. See \goto{Appendix P:
Accessing the internet as safely as possible when Tor and VPNs are not
an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\stopitemize
For more information, you can also see the discussions here that could
help decide yourself:
\startitemize
\item
Tor Project:
\useURL[url1504][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN]\from[url1504]
\useURL[url1505][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN][][{[}Archive.org{]}]\from[url1505]
\item
Tails Documentation:
\startitemize
\item
\useURL[url1506][https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/]\from[url1506]
\useURL[url1507][https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/][][{[}Archive.org{]}]\from[url1507]
\item
\useURL[url1508][https://tails.boum.org/support/faq/index.en.html\#index20h2]\from[url1508]
\useURL[url1509][https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html][][{[}Archive.org{]}]\from[url1509]
\stopitemize
\item
Whonix Documentation (in this order):
\startitemize
\item
\useURL[url1510][https://www.whonix.org/wiki/Tunnels/Introduction]\from[url1510]
\useURL[url1511][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction][][{[}Archive.org{]}]\from[url1511]
\item
\useURL[url1512][https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN]\from[url1512]
\useURL[url1513][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN][][{[}Archive.org{]}]\from[url1513]
\item
\useURL[url1514][https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor]\from[url1514]
\useURL[url1515][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor][][{[}Archive.org{]}]\from[url1515]
\stopitemize
\item
Some papers on the matter:
\startitemize[packed]
\item
\useURL[url1516][https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study]\from[url1516]
\useURL[url1517][https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study][][{[}Archive.org{]}]\from[url1517]
\stopitemize
\stopitemize
\subsubsection[title={Getting an anonymous
VPN/Proxy:},reference={getting-an-anonymous-vpnproxy}]
{\bf Skip this step if you want to use Tor only.}
See \goto{Appendix O: Getting an anonymous
VPN/Proxy}[appendix-o-getting-an-anonymous-vpnproxy]
\subsubsection[title={Whonix:},reference={whonix}]
{\bf Skip this step if you cannot use Tor.}
This route will use Virtualization and Whonix\footnote{Wikipedia, Whonix
\useURL[url1518][https://en.wikipedia.org/wiki/Whonix]\from[url1518]
\useURL[url1519][https://wikiless.org/wiki/Whonix][][{[}Wikiless{]}]\from[url1519]
\useURL[url1520][https://web.archive.org/web/https://en.wikipedia.org/wiki/Whonix][][{[}Archive.org{]}]\from[url1520]}
as part of the anonymization process. Whonix is a Linux distribution
composed of two Virtual Machines:
\startitemize
\item
The Whonix Workstation (this is a VM where you can conduct sensitive
activities)
\item
The Whonix Gateway (this VM will establish a connection to the Tor
network and route all the network traffic from the Workstation through
the Tor network).
\stopitemize
This guide will therefore propose two flavors of this route:
\startitemize[packed]
\item
The Whonix only route where all traffic is routed through the Tor
Network (Tor Only or Tor over VPN).
\stopitemize
\placefigure{image27}{\externalfigure[./tex2pdf.-1a34188c73046814/b966aa3e3d5aabca8c7865ad45c2585ac031fa87.png]}
\startitemize[packed]
\item
A Whonix hybrid route where all traffic is routed through a cash
(preferred)/Monero paid VPN over the Tor Network (VPN over Tor or VPN
over Tor over VPN).
\stopitemize
\placefigure{image28}{\externalfigure[./tex2pdf.-1a34188c73046814/3519fa6fbdac01618e225d534c5918474bd78346.png]}
You will be able to decide which flavor to use based on my
recommendations. We recommend the second one as explained before.
Whonix is well maintained and has extensive and incredibly detailed
documentation.
\subsubsubsection[title={A note on Virtualbox
Snapshots:},reference={a-note-on-virtualbox-snapshots}]
Later, you will create and run several Virtual Machines within
Virtualbox for your sensitive activities. Virtualbox provides a feature
called \quotation{Snapshots}\footnote{Oracle Virtualbox Manual,
Snapshots
\useURL[url1521][https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html]\from[url1521]
\useURL[url1522][https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html][][{[}Archive.org{]}]\from[url1522]}
that allow for saving the state of a VM at any point in time. If for any
reason later you want to go back to that state, you can restore that
snapshot at any moment.
{\bf I strongly recommend that you do make use of this feature by
creating a snapshot after the initial installation/update of each VM.
This snapshot should be done before its use for any sensitive/anonymous
activity.}
This will allow you to turn your VMs into a kind of disposable
\quotation{Live Operating Systems} (like Tails discussed earlier).
Meaning that you will be able to erase all the traces of your activities
within a VM by restoring a Snapshot to an earlier state. Of course, this
will not be \quotation{as good} as Tails (where everything is stored in
memory) as there might be traces of this activity left on your hard
disk. Forensics studies have shown the ability to recover data from a
reverted VM\footnote{Utica College, Forensic Recovery Of Evidence From
Deleted Oracle Virtualbox Virtual Machines
\useURL[url1523][https://web.archive.org/web/https://programs.online.utica.edu/sites/default/files/Neal_6_Gonnella_Forensic_Recovery_of_Evidence_from_Deleted_Oracle_VirtualBox_Virtual_Machine.pdf]\from[url1523]}.
Fortunately, there will be ways to remove those traces after the
deletion or reverting to an earlier snapshot. Such techniques will be
discussed in the \goto{Some additional measures against
forensics}[some-additional-measures-against-forensics] section of this
guide.
\subsubsubsection[title={Download Virtualbox and Whonix
utilities:},reference={download-virtualbox-and-whonix-utilities}]
You should download a few things within the host OS:
\startitemize
\item
The latest version of the Virtualbox installer according to your Host
OS
\useURL[url1524][https://www.virtualbox.org/wiki/Downloads]\from[url1524]
\useURL[url1525][https://web.archive.org/web/https://www.virtualbox.org/wiki/Downloads][][{[}Archive.org{]}]\from[url1525]
\item
(Skip this if you cannot use Tor natively or through a VPN) The latest
Whonix OVA file from
\useURL[url1526][https://www.whonix.org/wiki/Download]\from[url1526]
\useURL[url1527][https://web.archive.org/web/https://www.whonix.org/wiki/Download][][{[}Archive.org{]}]\from[url1527]
according to your preference (Linux/Windows, with a Desktop interface
XFCE for simplicity or only with the text-client for advanced users)
\stopitemize
This will conclude the preparations and you should now be ready to start
setting up the final environment that will protect your anonymity
online.
\subsubsubsection[title={Virtualbox Hardening
recommendations:},reference={virtualbox-hardening-recommendations}]
For ideal security, you should follow the recommendations provided here
for each Virtualbox Virtual Machine
\useURL[url1528][https://www.whonix.org/wiki/Virtualization_Platform_Security\#VirtualBox_Hardening]\from[url1528]
\useURL[url1529][https://web.archive.org/web/https://www.whonix.org/wiki/Virtualization_Platform_Security][][{[}Archive.org{]}]\from[url1529]
:
\startitemize
\item
Disable Audio.
\item
Do not enable Shared Folders.
\item
Do not enable 2D acceleration. This one is done running the following
command \type{VBoxManage modifyvm "vm-id" --accelerate2dvideo on|off}
\item
Do not enable 3D acceleration.
\item
Do not enable the Serial Port.
\item
Remove the Floppy drive.
\item
Remove the CD/DVD drive.
\item
Do not enable the Remote Display server.
\item
Enable PAE/NX (NX is a security feature).
\item
Disable Advanced Configuration and Power Interface (ACPI). This one is
done running the following command
\type{VBoxManage modifyvm "vm-id" --acpi on|off}
\item
Do not attach USB devices.
\item
Disable the USB controller which is enabled by default. Set the
Pointing Device to \quotation{PS/2 Mouse} or changes will revert.
\stopitemize
Finally, also follow this recommendation to desync the clock you are
your VM compared to your host OS
\useURL[url1530][https://www.whonix.org/wiki/Network_Time_Synchronization\#Spoof_the_Initial_Virtual_Hardware_Clock_Offset]\from[url1530]
\useURL[url1531][https://web.archive.org/web/https://www.whonix.org/wiki/Network_Time_Synchronization][][{[}Archive.org{]}]\from[url1531]
This offset should be within a 60000-millisecond range and should be
different for each VM and here are some examples (which can be later
applied to any VM):
\startitemize
\item
\type{VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset -35017}
\item
\type{VBoxManage modifyvm "Whonix-Gateway-XFCE" --biossystemtimeoffset +27931}
\item
\type{VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset -35017}
\item
\type{VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931}
\stopitemize
Also, consider applying these mitigations from VirtualBox to mitigate
Spectre\footnote{Wikipedia, Spectre
\useURL[url1532][https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)]\from[url1532]
\useURL[url1533][https://wikiless.org/wiki/Spectre_(security_vulnerability)][][{[}Wikiless{]}]\from[url1533]
\useURL[url1534][https://web.archive.org/web/https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)][][{[}Archive.org{]}]\from[url1534]}/Meltdown\footnote{Wikipedia,
Meltdown
\useURL[url1535][https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)]\from[url1535]
\useURL[url1536][https://wikiless.org/wiki/Meltdown_(security_vulnerability)][][{[}Wikiless{]}]\from[url1536]
\useURL[url1537][https://web.archive.org/web/https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)][][{[}Archive.org{]}]\from[url1537]}
vulnerabilities by running this command from the VirtualBox Program
Directory. All of these are described here:
\useURL[url1538][https://www.whonix.org/wiki/Spectre_Meltdown]\from[url1538]
\useURL[url1539][https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown][][{[}Archive.org{]}]\from[url1539]
(be aware these can impact severely the performance of your VMs but
should be done for best security).
Finally, consider the security advice from Virtualbox themselves here
\useURL[url1540][https://www.virtualbox.org/manual/ch13.html]\from[url1540]
\useURL[url1541][https://web.archive.org/web/https://www.virtualbox.org/manual/ch13.html][][{[}Archive.org{]}]\from[url1541]
\subsubsection[title={Tor over VPN:},reference={tor-over-vpn-1}]
{\bf Skip this step if you do not intend to use Tor over VPN and only
intend to use Tor or cannot.}
If you intend to use Tor over VPN for any reason. You first must
configure a VPN service on your host OS.
Remember that in this case, we recommend having two VPN accounts. Both
paid with cash/Monero (see \goto{Appendix O: Getting an anonymous
VPN/Proxy}[appendix-o-getting-an-anonymous-vpnproxy]). One will be used
in the Host OS for the first VPN connection. The other could be used in
the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN).
If you intend to only use Tor over VPN, you only need one VPN account.
See \goto{Appendix R: Installing a VPN on your VM or Host
OS}[appendix-r-installing-a-vpn-on-your-vm-or-host-os] for instructions.
\subsubsection[title={Whonix Virtual
Machines:},reference={whonix-virtual-machines}]
{\bf Skip this step if you cannot use Tor.}
\startitemize
\item
Start Virtualbox on your Host OS.
\item
Import Whonix file Into Virtualbox following the instructions on
\useURL[url1542][https://www.whonix.org/wiki/VirtualBox/XFCE]\from[url1542]
\useURL[url1543][https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE][][{[}Archive.org{]}]\from[url1543]
\item
Start the Whonix VMs
\stopitemize
Remember at this stage that if you are having issues connecting to Tor
due to censorship or blocking, you should consider connecting using
Bridges as explained in this tutorial
\useURL[url1544][https://www.whonix.org/wiki/Bridges]\from[url1544]
\useURL[url1545][https://web.archive.org/web/https://www.whonix.org/wiki/Bridges][][{[}Archive.org{]}]\from[url1545].
\startitemize
\item
Update the Whonix VMs by following the instructions on
\useURL[url1546][https://www.whonix.org/wiki/Operating_System_Software_and_Updates\#Updates]\from[url1546]
\useURL[url1547][https://web.archive.org/web/https://www.whonix.org/wiki/Operating_System_Software_and_Updates][][{[}Archive.org{]}]\from[url1547]
\item
Shutdown the Whonix VMs
\item
Take a snapshot of the updated Whonix VMs within Virtualbox (select a
VM and click the Take Snapshot button). More on that later.
\item
Go to the next step
\stopitemize
{\bf Important Note: You should also read these very good
recommendations over there
\useURL[url1548][https://www.whonix.org/wiki/DoNot]\from[url1548]}
\useURL[url1549][https://web.archive.org/web/https://www.whonix.org/wiki/DoNot][][{[}Archive.org{]}]\from[url1549]
{\bf as most of those principles will also apply to this guide. You
should also read their general documentation here
\useURL[url1550][https://www.whonix.org/wiki/Documentation]\from[url1550]}
\useURL[url1551][https://web.archive.org/web/https://www.whonix.org/wiki/Documentation][][{[}Archive.org{]}]\from[url1551]
{\bf which will also provide tons of advice like this guide.}
\subsubsection[title={Pick your guest workstation Virtual
Machine:},reference={pick-your-guest-workstation-virtual-machine}]
Using Whonix/Linux will require more skills on your side as these are
Linux distributions. You will also encounter more difficulties if you
intend to use specific software that might be harder to use on
Whonix/Linux. Setting up a VPN over Tor on Whonix will also be more
complicated than on Windows as well.
\subsubsubsection[title={If you can use
Tor:},reference={if-you-can-use-tor}]
You can decide if you prefer to conduct your sensitive activities from
the Whonix Workstation provided in the earlier section {\bf (highly
recommended)} or from a Custom VM that will use the Whonix Gateway like
the Whonix Workstation (less secure but might be required depending on
what you intend to do).
\subsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor}]
If you cannot use Tor, you can use a Custom VM of your choice that will
ideally use an anonymous VPN, if possible, to then connect to the Tor
network. Or you could go with the risky route: See \goto{Appendix P:
Accessing the internet as safely as possible when Tor and VPNs are not
an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\subsubsection[title={Linux Virtual Machine (Whonix or
Linux):},reference={linux-virtual-machine-whonix-or-linux}]
\subsubsubsection[title={Whonix Workstation {\bf (recommended and
preferred)}:},reference={whonix-workstation-recommended-and-preferred}]
{\bf Skip this step if you cannot use Tor.}
Just use the provided Whonix Workstation VM. {\bf It is the safest and
most secure way to go on this route.}
{\bf It is also the only VM that will provide Stream Isolation
pre-configured for most apps by default}\footnote{Whonix Documentation,
Stream Isolation, By Settings
\useURL[url1552][https://www.whonix.org/wiki/Stream_Isolation\#By_Settings]\from[url1552]
\useURL[url1553][https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation\#By_Settings][][{[}Archive.org{]}]\from[url1553]}{\bf .}
If you want additional software on the Workstation (such as another
Browser), follow their guide here
\useURL[url1554][https://www.whonix.org/wiki/Install_Software]\from[url1554]
\useURL[url1555][https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software][][{[}Archive.org{]}]\from[url1555]
Consider running Whonix in Live Mode if for extra malware protection,
See
\useURL[url1556][https://www.whonix.org/wiki/Anti-Forensics_Precautions]\from[url1556]
\useURL[url1557][https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions][][{[}Archive.org{]}]\from[url1557]
Do not forget to apply the VM hardening recommendations here:
\goto{Virtualbox Hardening
recommendations}[virtualbox-hardening-recommendations].
Consider using AppArmor on your Whonix Workstations by following this
guide:
\useURL[url1558][https://www.whonix.org/wiki/AppArmor]\from[url1558]
\useURL[url1559][https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor][][{[}Archive.org{]}]\from[url1559]
\subsubsubsection[title={Linux (any
distro):},reference={linux-any-distro}]
{\bf Be careful, any customization you make to the non-Whonix guest VMs
(keyboard layout, language, time zone, screen resolution, or other)
could be used to fingerprint your VMs later. See
\useURL[url1560][https://www.whonix.org/wiki/VM_Fingerprinting]\from[url1560]}
\useURL[url1561][https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting][][{[}Archive.org{]}]\from[url1561]
\subsubsubsubsection[title={If you can use Tor (natively or over a
VPN):},reference={if-you-can-use-tor-natively-or-over-a-vpn}]
Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora
for convenience but any other would work too. Be sure to not enable any
telemetry.
Refer to this tutorial
\useURL[url1562][https://www.whonix.org/wiki/Other_Operating_Systems]\from[url1562]
\useURL[url1563][https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems][][{[}Archive.org{]}]\from[url1563]
for detailed instructions.
Consider hardening the VM as recommended in \goto{Hardening
Linux}[hardening-linux].
\subsubsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-1}]
Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora
for convenience but any other would work too. Be sure to not enable any
telemetry. You could go with the risky route: See \goto{Appendix P:
Accessing the internet as safely as possible when Tor and VPNs are not
an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\subsubsubsubsection[title={Choose a browser within the
VM:},reference={choose-a-browser-within-the-vm}]
This time, we will recommend Brave browser.
See why here: \goto{Appendix V: What browser to use in your Guest
VM/Disposable
VM}[appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm]
See \goto{Appendix V1: Hardening your
Browsers}[appendix-v1-hardening-your-browsers] as well.
\subsubsection[title={Windows 10/11 Virtual
Machine:},reference={windows-1011-virtual-machine}]
{\bf Be careful, any customization you make to the non-Whonix guest VMs
(keyboard layout, language, time zone, screen resolution, or other)
could be used to fingerprint your VMs later. See
\useURL[url1564][https://www.whonix.org/wiki/VM_Fingerprinting]\from[url1564]}
\useURL[url1565][https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting][][{[}Archive.org{]}]\from[url1565]
\subsubsubsection[title={Windows 10 and 11 ISO
download:},reference={windows-10-and-11-iso-download}]
Go with the Official Windows 10/11 Pro VM and harden it yourself: see
{[}Appendix C: Windows Installation Media Creation{]}{[}306{]} and go
with the ISO route.
\subsubsubsection[title={If you can use Tor (natively or over a
VPN):},reference={if-you-can-use-tor-natively-or-over-a-vpn-1}]
Refer to this tutorial
\useURL[url1566][https://www.whonix.org/wiki/Other_Operating_Systems]\from[url1566]
\useURL[url1567][https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems][][{[}Archive.org{]}]\from[url1567]
for detailed instructions.
\subsubsubsubsection[title={Install:},reference={install}]
\startitemize
\item
Shut down the Whonix Gateway VM (this will prevent Windows from
sending out telemetry and allow you to create a local account).
\item
Open Virtualbox
\item
Select Machine > New > Select Windows 10 or Windows 11 64bit
\item
Allocate a minimum amount of 2GB for Windows 10 and 4GB for Windows 11
\item
Create a Virtual Disk using the VDI format and select Dynamically
Allocated
\item
Keep the disk size at 50GB for Windows 10 and 80GB for Windows 11
(this is a maximum; it should not reach that much)
\item
Make sure PAE/NX is enabled in System > Processor
\item
Select the VM and click Settings, Go into the Network Tab
\item
Select \quotation{Internal Network} in the \quotation{Attached to}
Field and select Whonix.
\item
Go into the Storage Tab, Select the Empty CD and click the icon next
to SATA Port 1
\item
Click on \quotation{Choose a disk file} and select the Windows ISO you
previously downloaded
\item
Click ok and start the VM
\item
Virtualbox will prompt you to either push a button to boot the ISO or
ask you what to boot, select the ISO or click.
\item
Follow the steps in \goto{Appendix A: Windows
Installation}[appendix-a-windows-installation]
\item
Start the Whonix Gateway VM
\stopitemize
\subsubsubsubsection[title={Network
Settings:},reference={network-settings}]
\startitemize
\item
Back to your Windows
\item
Windows 10: Go back into Settings then Network & Internet. Windows 11:
Go into settings, click the upper left menu and pick
\quotation{Network and Internet}
\item
Windows 10: Click Properties (Below Ethernet). Windows 11: Click
Ethernet
\item
Windows 10: Edit IP settings. Windows 11: Edit IP assignment.
\item
Windows 10: Enable IPv4 and set the following, Windows 11: Switch from
DHCP to Manual and set the following:
\startitemize
\item
IP address \type{10.152.152.50} (increase this IP by one for any
other VM)
\item
Subnet prefix length \type{18} (\type{255.255.192.0})
\item
Gateway \type{10.152.152.10} (this is the Whonix Gateway)
\item
(Windows 10) DNS \type{10.152.152.10} (this is again the Whonix
Gateway)
\item
(Windows 11) exit the IP assignment and select DNS server assignment
and set it to \type{10.152.152.10} (this is again the Whonix
Gateway)
\item
Save
\stopitemize
\item
Windows might prompt you if you want to be \quotation{discoverable} on
this network. Click NO. Always stay on a \quotation{public network} if
prompted.
\stopitemize
{\bf Every time you will power on this VM in the future, you should make
sure to change its Ethernet Mac Address before each boot. You can do
this in Virtualbox > Settings > Network > Advanced > Click the refresh
button next to the MAC address. You can only do this while the VM is
powered off.}
\subsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-2}]
See \goto{Appendix P: Accessing the internet as safely as possible when
Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\subsubsubsubsection[title={Install:},reference={install-1}]
\startitemize
\item
Open Virtualbox
\item
Select Machine > New > Select Windows 10 or 11 64bit
\item
Allocate a minimum amount of 4GB of RAM for 11 , 2GB of RAM for 10.
\item
Create a Virtual Disk using the VDI format and select Dynamically
Allocated
\item
In the System/Processor tab, make sure PAE/NX is enabled.
\item
Keep the disk size at 80GB for 11, 50GB for 10 (this is a maximum; it
should not reach that much)
\item
Go into the Storage Tab, Select the Empty CD and click the icon next
to SATA Port 1
\item
Click on \quotation{Choose a disk file} and select the Windows ISO you
previously downloaded
\item
Click ok and start the VM
\item
Virtualbox will prompt you to either push a button to boot the ISO or
ask you what to boot, select the ISO or click.
\item
Follow the steps in \goto{Appendix A: Windows
Installation}[appendix-a-windows-installation]
\stopitemize
\subsubsubsubsection[title={Network
Settings:},reference={network-settings-1}]
\startitemize[packed]
\item
Windows will prompt you if you want to be discoverable on this
network. Click NO.
\stopitemize
{\bf Every time you will power on this VM in the future, you should make
sure to change its Ethernet Mac Address before each boot. You can do
this in Virtualbox > Settings > Network > Advanced > Click the refresh
button next to the MAC address. You can only do this while the VM is
powered off.}
\subsubsubsection[title={Choose a browser within the
VM:},reference={choose-a-browser-within-the-vm-1}]
This time, we will recommend Brave browser.
See why here: \goto{Appendix V: What browser to use in your Guest
VM/Disposable
VM}[appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm]
See \goto{Appendix V1: Hardening your
Browsers}[appendix-v1-hardening-your-browsers] as well.
\subsubsubsection[title={Additional Privacy settings in Windows
10/11:},reference={additional-privacy-settings-in-windows-1011}]
See \goto{Appendix B: Windows Additional Privacy
Settings}[appendix-b-windows-additional-privacy-settings]
\subsubsection[title={Android Virtual
Machine:},reference={android-virtual-machine}]
Because sometimes you want to run mobile Apps anonymously too. You can
also set up an Android VM for this purpose. As in other cases, ideally,
this VM will also be sitting behind the Whonix Gateway for Tor network
connectivity. But this can also be set up as VPN over Tor over VPN
\subsubsubsection[title={If you can use Tor (natively or over a
VPN):},reference={if-you-can-use-tor-natively-or-over-a-vpn-2}]
Later in the VM settings during creation, go into Network and select
Internal Network, Whonix.
Then on Android itself:
\startitemize
\item
Select Wi-Fi
\item
Select VirtWifi to connect
\item
Go into the advanced Wi-Fi properties
\item
Switch from DHCP to Static
\startitemize
\item
IP address \type{10.152.152.50} (increase this IP by one for any
other VM)
\item
Subnet prefix length \type{18} (\type{255.255.192.0})
\item
Gateway \type{10.152.152.10} (this is the Whonix Gateway)
\item
DNS \type{10.152.152.10} (this is again the Whonix Gateway)
\stopitemize
\stopitemize
\subsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-3}]
Just use the tutorials as is and see \goto{Appendix P: Accessing the
internet as safely as possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\subsubsubsection[title={Installation:},reference={installation-1}]
Two possibilities: AnBox or Android-x86
Personally, We would recommend AnBox over Android-x86 but it requires
Linux
\subsubsubsubsection[title={AnBox:},reference={anbox}]
Basically follow the tutorial here for installing AnBox on the Whonix
Workstation:
\useURL[url1568][https://www.whonix.org/wiki/Anbox]\from[url1568]
\useURL[url1569][https://web.archive.org/web/https://www.whonix.org/wiki/Anbox][][{[}Archive.org{]}]\from[url1569]
for running Android Applications within an AnBox VM.
Or follow the instructions here
\useURL[url1570][https://anbox.io/]\from[url1570] to install on any
other VM {\bf (Linux Only)}
\subsubsubsubsection[title={Android-x86:},reference={android-x86}]
Basically, follow the tutorial here:
\useURL[url1571][https://www.android-x86.org/documentation/virtualbox.html]\from[url1571]
\useURL[url1572][https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html][][{[}Archive.org{]}]\from[url1572]
\startitemize
\item
Download the ISO file of your choice
\item
Create a New VM.
\item
Select Linux and Linux 2.6 / 3.x / 4.x 64 Bit.
\item
In System:
\startitemize
\item
Allocate at least 2048MB (2GB) memory
\item
Uncheck the Floppy drive
\item
In the Processor Tab, select at least 1 or more CPUs
\item
Enable PAE/NX
\stopitemize
\item
In Display Settings, Change the adapter to VBoxVGA
\item
In Audio Settings, Change to Intel HD Audio
\item
Start the VM
\item
Select Advanced if you want persistence, Live if you want a disposable
Boot (and skip the next steps).
\item
Select Auto Install on Selected Hard Disk
\item
Select Run Android
\item
Set up as you wish (disable all prompts for data collections). {\bf I
recommend using the TaskBar Home.}
\item
Go into Settings, Android-x86 Options, and disable all collections.
\item
Connect to VirtWifi Wi-Fi Network {\bf (see the above section if you
are behind Whonix and want to use Tor)}
\stopitemize
You are now done and can now install any Android app.
\subsubsection[title={macOS Virtual
Machine:},reference={macos-virtual-machine}]
Yes, you can actually run macOS within Virtualbox (on
Windows/Linux/macOS host systems) if you want to use macOS. You can run
any version of macOS you want.
\subsubsubsection[title={If you can use Tor (natively or over a
VPN):},reference={if-you-can-use-tor-natively-or-over-a-vpn-3}]
During the following tutorials, before starting the macOS VM, make sure
you do put the macOS VMs on the Whonix Network.
\startitemize
\item
Select the VM and click Settings, Go into the Network Tab
\item
Select \quotation{Internal Network} in the \quotation{Attached to}
Field and select Whonix
\stopitemize
Afterward, and during the install, you will need to input an IP address
manually to connect through the Whonix Gateway.
Use these settings when prompted in the macOS installation process:
\startitemize
\item
IP address \type{10.152.152.50} (increase this IP by one for any other
VM)
\item
Subnet prefix length \type{18} (\type{255.255.192.0})
\item
Gateway \type{10.152.152.10} (this is the Whonix Gateway)
\item
DNS \type{10.152.152.10} (this is again the Whonix Gateway)
\stopitemize
\subsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-4}]
Just use the tutorials as is and see \goto{Appendix P: Accessing the
internet as safely as possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\subsubsubsection[title={Installation:},reference={installation-2}]
\startitemize
\item
Windows Host OS:
\startitemize
\item
Virtualbox Catalina Tutorial:
\useURL[url1573][https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/]\from[url1573]
\useURL[url1574][https://web.archive.org/web/https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/][][{[}Archive.org{]}]\from[url1574]
\item
Virtualbox Big Sur Tutorial:
\useURL[url1575][https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/]\from[url1575]
\useURL[url1576][https://web.archive.org/web/https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/][][{[}Archive.org{]}]\from[url1576]
\item
Virtualbox Monterey Tutorial:
\useURL[url1577][https://www.wikigain.com/install-macos-monterey-on-virtualbox/]\from[url1577]
\useURL[url1578][https://web.archive.org/web/https://www.wikigain.com/install-macos-monterey-on-virtualbox/][][{[}Archive.org{]}]\from[url1578]
\stopitemize
\item
macOS Host OS:
\startitemize[packed]
\item
Just use the same tutorials as above but execute the various
commands in the terminal. It should work without issue.
\stopitemize
\item
Linux Host OS:
\startitemize[packed]
\item
Just use the same tutorials as above but execute the various
commands in the terminal. It should work without issue.
\stopitemize
\stopitemize
There are some drawbacks to running macOS on Virtual Machines. The main
one is that they do not have a serial number (0 by default) and you will
be unable to log in to any Apple-provided service (iCloud,
iMessage\ldots{}) without a genuine ID. You can set such IDs using this
script:
\useURL[url1579][https://github.com/myspaghetti/macos-virtualbox]\from[url1579]
\useURL[url1580][https://web.archive.org/web/https://github.com/myspaghetti/macos-virtualbox][][{[}Archive.org{]}]\from[url1580]
but keep in mind that randomly generated IDs will not work and using the
ID of someone else will break their Terms of Services and could count as
impersonation (and therefore could be illegal).
Note: We also ran in multiple issues with running these on AMD
processors. This can be fixed so here is the configurationWeused which
worked fine with Catalina, Big Sur and Monterey which will tell
Virtualbox to emulate an Intel Processor instead:
\startitemize
\item
\type{VBoxManage modifyvm "macOSCatalina" ---cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff}
\item
\type{VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBookPro15,1"}
\item
\type{VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-551B86E5744E2388"}
\item
\type{VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/DeviceKey" "ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc"}
\item
\type{VBoxManage setextradata "macOSCatalina" "VBoxInternal/Devices/smc/0/Config/GetKeyFromRealSMC" 1}
\item
\type{VBoxManage modifyvm "macOSCatalina" --cpu-profile "Intel Core i7-6700K"}
\item
\type{VBoxManage setextradata "macOSCatalina" VBoxInternal2/EfiGraphicsResolution 1920x1080}
\stopitemize
\subsubsubsection[title={Hardening
macOS:},reference={hardening-macos-1}]
Refer to \goto{Hardening macOS}[hardening-macos].
\subsubsubsection[title={Choose a browser within the
VM:},reference={choose-a-browser-within-the-vm-2}]
This time, we will recommend Brave browser.
See why here: \goto{Appendix V: What browser to use in your Guest
VM/Disposable
VM}[appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm]
See \goto{Appendix V1: Hardening your
Browsers}[appendix-v1-hardening-your-browsers] as well.
\subsubsection[title={KeepassXC:},reference={keepassxc}]
You will need something to store your data (logins/passwords,
identities, and TOTP\footnote{Wikipedia, TOTP
\useURL[url1581][https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm]\from[url1581]
\useURL[url1582][https://wikiless.org/wiki/Time-based_One-time_Password_algorithm][][{[}Wikiless{]}]\from[url1582]
\useURL[url1583][https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm][][{[}Archive.org{]}]\from[url1583]}
information).
For this purpose, we strongly recommend KeePassXC because of its
integrated TOTP feature. This is the ability to create entries for
2FA\footnote{Wikipedia, Multi-Factor Authentication
\useURL[url1584][https://en.wikipedia.org/wiki/Multi-factor_authentication]\from[url1584]
\useURL[url1585][https://wikiless.org/wiki/Multi-factor_authentication][][{[}Wikiless{]}]\from[url1585]
\useURL[url1586][https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication][][{[}Archive.org{]}]\from[url1586]}
authentication with the authenticator feature.
Remember this should ideally be installed on your Guest VM and not on
your Host OS. You should never do any sensitive activities from your
Host OS.
Here are the tutorials:
\startitemize
\item
Tails: KeePassXC is integrated by default
\item
Whonix:
\useURL[url1587][https://www.whonix.org/wiki/Keepassxc]\from[url1587]
\useURL[url1588][https://web.archive.org/web/https://www.whonix.org/wiki/Keepassxc][][{[}Archive.org{]}]\from[url1588]
\item
Linux:
\startitemize
\item
Download from
\useURL[url1589][https://keepassxc.org/download/]\from[url1589]
\useURL[url1590][https://web.archive.org/web/https://keepassxc.org/download/][][{[}Archive.org{]}]\from[url1590]
\item
Follow the tutorial here
\useURL[url1591][https://keepassxc.org/docs/KeePassXC_GettingStarted.html\#_linux]\from[url1591]
\useURL[url1592][https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html][][{[}Archive.org{]}]\from[url1592]
\stopitemize
\item
Windows:
\startitemize
\item
Download from
\useURL[url1593][https://keepassxc.org/download/]\from[url1593]
\useURL[url1594][https://web.archive.org/web/https://keepassxc.org/download/][][{[}Archive.org{]}]\from[url1594]
\item
Follow the tutorial here
\useURL[url1595][https://KeePassXC.org/docs/KeePassXC_GettingStarted.html\#_microsoft_windows/]\from[url1595]
\useURL[url1596][https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html][][{[}Archive.org{]}]\from[url1596]
\stopitemize
\item
macOS:
\startitemize
\item
Download from
\useURL[url1597][https://keepassxc.org/download/]\from[url1597]
\useURL[url1598][https://web.archive.org/web/https://keepassxc.org/download/][][{[}Archive.org{]}]\from[url1598]
\item
Follow the tutorial here
\useURL[url1599][https://keepassxc.org/docs/KeePassXC_GettingStarted.html\#_macos]\from[url1599]
\useURL[url1600][https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html][][{[}Archive.org{]}]\from[url1600]
\stopitemize
\stopitemize
Test that KeePassXC is working before going to the next step.
\subsubsection[title={VPN client installation (cash/Monero
paid):},reference={vpn-client-installation-cashmonero-paid}]
{\bf If you decided to not use a cash-paid VPN and just want to use Tor,
skip this step.}
{\bf If you cannot use a VPN at all in a hostile environment, skip this
step.}
Otherwise, see \goto{Appendix R: Installing a VPN on your VM or Host
OS}[appendix-r-installing-a-vpn-on-your-vm-or-host-os] to install a VPN
client on your client VM.
This should conclude the Route and you should now be ready.
\subsubsubsection[title={About VPN Client Data
Mining/Leaks:},reference={about-vpn-client-data-miningleaks}]
You might be asking yourself if those VPN clients are trustworthy not to
leak any information about your local environment to the VPN provider
when using them in the \quotation{VPN over Tor} context.
This is a valid concern but should be taken with a grain of salt.
Remember that all VPN activities are happening from a sandboxed VM on an
internal network behind a Network Gateway (the Whonix Gateway). It does
not matter much if the VPN client leaves some identifiers on your guest
VM. The guest VM is still sandboxed and walled-off from the Host OS. The
attack surface is small especially when using the reputable and
recommended VPN providers within the guides (iVPN, Mullvad, Proton VPN,
and maybe Safing.io).
At best, the VPN client would know your local IP (internal IP) and some
randomized identifiers but should not be able to get anything from the
Host OS. And in theory, the VPN client should not send any telemetry
back to the VPN provider. If your VPN client does this or asks this, you
should consider changing the provider.
\subsubsection[title={(Optional) VM kill
switch:},reference={optional-vm-kill-switch}]
This step will allow you to configure your Host OS so that only the
Whonix Gateway VM will have access to the internet. This will therefore
prevent any \quotation{leak} from your Host OS while letting the Whonix
Gateway establish the tor connectivity. The other VMs (Whonix
Workstation or any other VM you installed behind it will not be
affected)
There are three ways to do this:
\startitemize
\item
The Lazy Way (not really recommended): not supported by Whonix and
might have some security implications as you will expose the Whonix
Gateway VM to the Public Wi-Fi network. We would recommend against
this unless you are in a hurry or very lazy.
\startitemize[packed]
\item
{\bf This method will not work with Wi-Fi captive portals requiring
any registration to connect.}
\stopitemize
\item
The Better Way (see further down): still not supported by Whonix but
it will not expose the Whonix Gateway VM to the Public Wi-Fi network.
This should keep things in check in terms of security.
\item
The Best Way: Using an external USB Wi-Fi dongle and just disabling
Wi-Fi on the Host OS/Computer.
\stopitemize
\subsubsubsection[title={The Lazy Way ({\bf not supported by Whonix} but
it will work if you are in a hurry, see further for the better
way):},reference={the-lazy-way-not-supported-by-whonix-but-it-will-work-if-you-are-in-a-hurry-see-further-for-the-better-way}]
{\bf This way is not supported by the Whonix project}\footnote{Whonix
Documentation, Bridged Adapters Warning
\useURL[url1601][https://www.whonix.org/wiki/Whonix-Gateway_Security\#Warning:_Bridged_Networking]\from[url1601]
\useURL[url1602][https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Gateway_Security\#Warning:_Bridged_Networking][][{[}Archive.org{]}]\from[url1602]}
but I will go ahead and give this option anyway. This is helpful to
prevent your Host OS from leaking any information while you are using
the Whonix VMs.
{\bf Note that this option as-is will only work on Wi-Fis without a
captive portal (where you must enter some information to unlock
access).}
The illustration below shows the result of this step:
\placefigure{image29}{\externalfigure[./tex2pdf.-1a34188c73046814/c7837d016afb2456fc0abad51408405b8fd44efd.png]}
\subsubsubsubsection[title={Configuration of the Whonix Gateway
VM:},reference={configuration-of-the-whonix-gateway-vm}]
For this to work, we will need to change some configurations on the
Whonix Gateway VM. we will need to add a DHCP client to the Whonix
Gateway to receive IP addresses from the network. To do those changes
the Host OS will still have to have internet access allowed for now.
So here is how:
\startitemize
\item
Be sure to have your Host OS connected to a safe Wi-Fi.
\item
Through VirtualBox, start the Whonix Gateway VM
\item
Start a Terminal on the VM
\item
Install a DHCP client on the Whonix Gateway VM using the following
command:
\startitemize[packed]
\item
\type{sudo apt install dhcpcd5}
\stopitemize
\item
Now edit the Whonix Gateway VM network configuration using the
following command:
\startitemize[packed]
\item
\type{sudo nano /etc/network/interfaces.d/30_non-qubes-whonix}
\stopitemize
\item
Within the file change the following lines:
\startitemize
\item
\type{# auto eth0} to \type{auto eth0}
\item
\type{# iface eth0 inet dhcp} to \type{iface eth0 inet dhcp}
\item
\type{iface eth0 inet static} to \type{# iface eth0 inet static}
\item
\type{address 10.0.2.15} to \type{# address 10.0.2.15}
\item
\type{netmask 255.255.255.0} to \type{# netmask 255.255.255.0}
\item
\type{gateway 10.0.2.2} to \type{# gateway 10.0.2.2}
\stopitemize
\item
Save (using Ctrl+X and confirm with Y) and power off the VM from the
top left menu
\item
Go into the VirtualBox Application and select the Whonix Gateway VM
\item
Click Settings
\item
Click the Network Tab
\item
For Adapter 1, change the \quotation{Attached To} value from
\quotation{NAT} to \quotation{Bridged Adapter}
\item
As \quotation{Name}, select your Wi-Fi network Adapter
\item
Click OK and you are done with the VM configuration part
\stopitemize
\subsubsubsubsection[title={Configuration of the Host
OS:},reference={configuration-of-the-host-os}]
Now you must block internet access from your Host OS while still
allowing the VM to connect. This will be done by connecting to Wi-Fi
with the Host OS but without assigning itself an IP address. The VM will
then use your Wi-fi association to get an IP address.
\subsubsubsubsubsection[title={Windows Host
OS:},reference={windows-host-os-1}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open an administrative command prompt (right-click on Command Prompt
and Run as Administrator)
\item
Run the following command: \type{route delete 0.0.0.0} (this deletes
the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the Whonix Gateway VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsubsubsection[title={Linux Host
OS:},reference={linux-host-os-1}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open a Terminal
\item
Run the following command: \type{sudo ip route del default} (this
deletes the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the Whonix Gateway VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsubsubsection[title={macOS Host
OS:},reference={macos-host-os-1}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open a Terminal
\item
Run the following command: \type{sudo route delete default} (this
deletes the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the Whonix Gateway VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsection[title={The Better Way
(recommended):},reference={the-better-way-recommended}]
This way will not go against Whonix recommendations (as it will not
expose the Whonix Gateway to the Host OS) and will have the advantage of
allowing connections not only to open Wi-Fis but also to the ones with a
Captive Portal where you need to enter some information to access the
internet.
Yet this will still not be supported by the Whonix project, but it is
fine as the main concern for the earlier Lazy Way is to have the Whonix
Gateway VM exposed to the Host Network, and it will not be the case
here.
This option will require an additional VM between the Host OS and the
Whonix Gateway to act as a Network Bridge.
For this purpose, I will recommend the use of a lightweight Linux
Distro. Any will do but the easiest will be an Ubuntu-based distro and I
would recommend the lightweight XUbuntu as it will be extremely easy to
configure this setup.
Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE
desktop environment which is lightweight and this VM will only serve as
a proxy and nothing else.
Of course, you can also achieve this with any other Linux distro if you
so decide you do not like XUbuntu.
This is how it will look at the end:
\placefigure{image30}{\externalfigure[./tex2pdf.-1a34188c73046814/29596f395807873100e641cf2387680899958a47.png]}
\subsubsubsubsection[title={Installing XUbuntu
VM:},reference={installing-xubuntu-vm}]
XUbuntu was picked due the performance of XFCE.
Make sure you are connected to a safe Wi-Fi for this operation.
First, you will need to download the latest XUbuntu Stable release ISO
from \useURL[url1603][https://xubuntu.org/download/]\from[url1603]
When you are done with the download, it is time to create a new VM:
\startitemize
\item
Start VirtualBox Manager
\item
Create a new VM and name it as you want, for example,
\quotation{XUbuntu Bridge}
\item
Select type \quotation{Linux}
\item
Select Version \quotation{Ubuntu (64-bit)}
\item
Leave other options to default and click Create
\item
On the next screen, leave the default options and click Create
\item
Select the newly create VM and click Settings
\item
Select Network
\item
For Adapter 1, Switch to Bridged Mode and pick your Wi-Fi adapter in
the Name
\item
Select Adapter 2 and enable it
\item
Attach it to \quotation{Internal Network} and name it
\quotation{XUbuntu Bridge}
\item
Select Storage
\item
Select the Empty CD drive
\item
On the right side, click the CD icon and select \quotation{Choose a
disk file}
\item
Select the ISO of XUbuntu you previously downloaded and Click Ok
\item
Start the VM
\item
Select Start XUbuntu
\item
Select Install XUbuntu
\item
Pick your Keyboard Layout and click Continue
\item
Select Minimal Installation and Download Updates while installing
XUbuntu
\item
Select Erase Disk and install XUbuntu and click Install Now
\item
Select the Time Zone of your choice and click Continue
\item
Pick some random names unrelated to you (my favorite username is
\quotation{NoSuchAccount})
\item
Pick a password and require a password to login
\item
Click Continue and wait for the install to finish and Restart
\item
When you are done rebooting, log-in
\item
Click the upper right connection icon (it looks like two rotating
spheres)
\item
Click Edit Connections
\item
Select Wired Connection 2 (Adapter 2 previously configured in
VirtualBox settings)
\item
Select the IPv4 Tab
\item
Change the Method to \quotation{Shared to other computers} and click
Save
\item
You are now done setting up the XUbuntu Bridge VM
\stopitemize
\subsubsubsubsection[title={Configuring the Whonix Gateway
VM:},reference={configuring-the-whonix-gateway-vm}]
By default, the Whonix Gateway has no DHCP client and will require one
to get an IP from a shared network you configured earlier:
\startitemize
\item
Through VirtualBox, start the Whonix Gateway VM
\item
Start a Terminal on the VM
\item
Install a DHCP client on the Whonix Gateway VM using the following
command:
\startitemize[packed]
\item
\type{sudo apt install dhcpcd5}
\stopitemize
\item
Now edit the Whonix Gateway VM network configuration using the
following command:
\startitemize[packed]
\item
\type{sudo nano /etc/network/interfaces.d/30_non-qubes-whonix}
\stopitemize
\item
Within the file change the following lines:
\startitemize
\item
\type{# auto eth0} to \type{auto eth0}
\item
\type{# iface eth0 inet dhcp} to \type{iface eth0 inet dhcp}
\item
\type{iface eth0 inet static} to \type{# iface eth0 inet static}
\item
\type{address 10.0.2.15} to \type{# address 10.0.2.15}
\item
\type{netmask 255.255.255.0} to \type{# netmask 255.255.255.0}
\item
\type{gateway 10.0.2.2} to \type{# gateway 10.0.2.2}
\stopitemize
\item
Save (using Ctrl+X and confirm with Y) and power off the VM from the
top left menu
\item
Go into the VirtualBox Application and select the Whonix Gateway VM
\item
Click Settings
\item
Click the Network Tab
\item
For Adapter 1, change the \quotation{Attached To} value from
\quotation{NAT} to \quotation{Internal Network}
\item
As \quotation{Name}, select the internal network \quotation{XUbuntu
Bridge} you created earlier and click OK
\item
Reboot the Whonix Gateway VM
\item
From the upper left menu, select System, Tor Control Panel, and check
that you are connected (you should be)
\item
You are done configuring the Whonix Gateway VM
\stopitemize
\subsubsubsubsection[title={Configuration of the Host
OS:},reference={configuration-of-the-host-os-1}]
Now you must block internet access from your Host OS while still
allowing the XUbuntu Bridge VM to connect. This will be done by
connecting to Wi-Fi with the Host OS but without assigning itself a
gateway address. The VM will then use your Wi-fi association to get an
IP address.
If necessary, from the XUbuntu Bridge VM, you will be able to launch a
Browser to enter information into any captive/registration portal on the
Wi-Fi network.
Only the XUbuntu Bridge VM should be able to access the internet. The
Host OS will be limited to local traffic only.
\subsubsubsubsubsection[title={Windows Host
OS:},reference={windows-host-os-2}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open an administrative command prompt (right-click on Command Prompt
and Run as Administrator)
\item
Run the following command: \type{route delete 0.0.0.0} (this deletes
the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the XUbuntu Bridge VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
If necessary, you can use the XUbuntu Bridge VM Browser to fill in any
information on any captive/registration portal to access the Wi-Fi.
\item
After that, you can start the Whonix Gateway VM which should obtain
the Internet Connection from the XUbuntu Bridge VM.
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsubsubsection[title={Linux Host
OS:},reference={linux-host-os-2}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open a Terminal
\item
Run the following command: \type{sudo ip route del default} (this
deletes the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the XUbuntu Bridge VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
If necessary, you can use the XUbuntu Bridge VM Browser to fill in any
information on any captive/registration portal to access the Wi-Fi.
\item
After that, you can start the Whonix Gateway VM which should obtain
the Internet Connection from the XUbuntu Bridge VM.
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsubsubsection[title={macOS Host
OS:},reference={macos-host-os-2}]
The goal here is to associate with a Wi-Fi network without having an
internet connection. You will achieve this by deleting the Gateway from
the connection after you are connected:
\startitemize
\item
First, connect to the safe Wi-Fi of your choice
\item
Open a Terminal
\item
Run the following command: \type{sudo route delete default} (this
deletes the Gateway from your IP configuration)
\item
You are done, your Host OS will now be unable to access the internet
while still connected to the Wi-Fi
\startitemize[packed]
\item
Note that this will reset at each disconnect/reconnection to a
network, and you will have to delete the route again. This is not
permanent.
\stopitemize
\item
You can now start the XUbuntu Bridge VM which should now obtain an IP
automatically from the Wi-Fi network and should provide Network to the
other VMs behind (Whonix Workstation or other).
\item
If necessary, you can use the XUbuntu Bridge VM Browser to fill in any
information on any captive/registration portal to access the Wi-Fi.
\item
After that, you can start the Whonix Gateway VM which should obtain
the Internet Connection from the XUbuntu Bridge VM.
\item
And finally, after that, you can start the Whonix Workstation VM (or
any other VM you configured to work behind the Whonix Gateway VM) and
it should be connected to the internet through Tor.
\stopitemize
\subsubsubsection[title={The best way:},reference={the-best-way}]
This way will not go against Whonix recommendations (as it will not
expose the Whonix Gateway to the Host OS) and will have the advantage of
allowing connections not only to open Wi-Fis but also to the ones with a
Captive Portal where you need to enter some information to access the
internet. Yet this will still not be supported by the Whonix project,
but it is fine as the main concern for the earlier Lazy Way is to have
the Whonix Gateway VM exposed to the Host Network, and it will not be
the case here. This option is the best because the network will be
completely disabled on the Host OS from booting up.
This option will require an additional VM between the Host OS and the
Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi
network. {\bf This option requires a working USB Wi-Fi Dongle that will
be passed through to a bridge VM.}
For this purpose, I will recommend the use of a lightweight Linux
Distro. Any will do but the easiest will be an Ubuntu-based distro and I
would recommend the lightweight XUbuntu as it will be extremely easy to
configure this setup.
Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE
desktop environment which is lightweight and this VM will only serve as
a proxy and nothing else.
Of course, you can also achieve this with any other Linux distro if you
so decide you do not like XUbuntu.
This is how it will look at the end:
\placefigure{image31}{\externalfigure[./tex2pdf.-1a34188c73046814/45f855034bc1c4fc299ce9e1baca4e3bea7609fd.png]}
\subsubsubsubsection[title={Configuration of the Host
OS:},reference={configuration-of-the-host-os-2}]
\startitemize
\item
Disable Networking on your Host OS completely (Turn off the on-board
Wi-Fi completely)
\item
Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public
Wi-Fi. This should be easy and automatically installed by any recent
OS (Windows 10/11, macOS, Linux).
\stopitemize
\subsubsubsubsection[title={Configuring the Whonix Gateway
VM:},reference={configuring-the-whonix-gateway-vm-1}]
By default, the Whonix Gateway has no DHCP client and will require one
to get an IP from a shared network you will configure later, on a Bridge
VM:
\startitemize
\item
Through VirtualBox, start the Whonix Gateway VM
\item
Start a Terminal on the VM
\item
Install a DHCP client on the Whonix Gateway VM using the following
command:
\startitemize[packed]
\item
\type{sudo apt install dhcpcd5}
\stopitemize
\item
Now edit the Whonix Gateway VM network configuration using the
following command:
\startitemize[packed]
\item
\type{sudo nano /etc/network/interfaces.d/30_non-qubes-whonix}
\stopitemize
\item
Within the file change the following lines:
\startitemize
\item
\type{# auto eth0} to \type{auto eth0}
\item
\type{# iface eth0 inet dhcp} to \type{iface eth0 inet dhcp}
\item
\type{iface eth0 inet static} to \type{# iface eth0 inet static}
\item
\type{address 10.0.2.15} to \type{# address 10.0.2.15}
\item
\type{netmask 255.255.255.0} to \type{# netmask 255.255.255.0}
\item
\type{gateway 10.0.2.2} to \type{# gateway 10.0.2.2}
\stopitemize
\item
Save (using Ctrl+X and confirm with Y) and power off the VM from the
top left menu
\stopitemize
\subsubsubsubsection[title={Installing XUbuntu
VM:},reference={installing-xubuntu-vm-1}]
Make sure you are connected to a safe Wi-Fi for this operation.
First, you will need to download the latest XUbuntu Stable release ISO
from \useURL[url1604][https://xubuntu.org/download/]\from[url1604]
When you are done with the download, it is time to create a new VM:
\startitemize
\item
Disconnect your host OS from the Wi-Fi you previously connected to
with the dongle and forget the network.
\item
Start VirtualBox Manager
\item
Create a new VM and name it as you want, for example,
\quotation{XUbuntu Bridge}
\item
Select type \quotation{Linux}
\item
Select Version \quotation{Ubuntu (64-bit)}
\item
Leave other options to default and click Create
\item
On the next screen, leave the default options and click Create
\item
Select the newly create VM and click Settings
\item
Select Network
\item
For Adapter 1, Attach it to \quotation{Internal Network} and name it
\quotation{XUbuntu Bridge}
\item
Select Storage
\item
Select the Empty CD drive
\item
On the right side, click the CD icon and select \quotation{Choose a
disk file}
\item
Select the ISO of XUbuntu you previously downloaded and Click Ok
\item
Select the USB Tab
\item
On the right side, click the USB icon with a + sign (the second from
the top)
\item
Select the Wi-Fi Adapter Dongle from the list and make sure it is
checked (leave the USB options to default)
\item
Start the VM
\item
Select Start XUbuntu
\item
Select Install XUbuntu
\item
Pick your Keyboard Layout and click Continue
\item
Select Minimal Installation and do not check the Download Updates
during the install option
\item
Select Erase Disk and install XUbuntu and click Install Now
\item
Select the Time Zone of your choice and click Continue
\item
Pick some random names unrelated to you (my favorite username is
\quotation{NoSuchAccount})
\item
Pick a password and require a password to login
\item
Click Continue and wait for the install to finish and Restart
\item
When you are done rebooting, log-in
\item
Click the upper right connection icon (it looks like two rotating
spheres)
\item
Click Edit Connections
\item
Select Wired Connection 1 (normally there should only be one)
\item
Select the IPv4 Tab
\item
Change the Method to \quotation{Shared to other computers} and click
Save
\item
Again, click the upper right connection icon
\item
Connect to the safe Wi-Fi of your choice and if necessary, input the
necessary information into a Captive Portal.
\item
You are now done setting up the XUbuntu Bridge VM
\stopitemize
At this stage, your Host OS should have no network at all and your
XUbuntu VM should have a fully working Wi-Fi connection and this Wi-Fi
connection will be shared to the Internal Network \quotation{XUbuntu
Bridge}.
\subsubsubsubsection[title={Additional configuration of the Whonix
Gateway
VM:},reference={additional-configuration-of-the-whonix-gateway-vm}]
Now it is time to configure the Whonix Gateway VM to get access from the
shared network from the bridge VM you just made on the earlier step:
\startitemize
\item
Go into the VirtualBox Application and select the Whonix Gateway VM
\item
Click Settings
\item
Click the Network Tab
\item
For Adapter 1, change the \quotation{Attached To} value from
\quotation{NAT} to \quotation{Internal Network}
\item
As \quotation{Name}, select the internal network \quotation{XUbuntu
Bridge} you created earlier and click OK
\item
Reboot the Whonix Gateway VM
\item
From the upper left menu, select System, Tor Control Panel, and check
that you are connected (you should be)
\item
You are done configuring the Whonix Gateway VM
\stopitemize
At this stage, your Whonix Gateway VM should be getting internet access
from the XUbuntu Bridge VM which in turn is getting internet access from
the Wi-Fi Dongle and sharing it. Your Host OS should have no network
connectivity at all.
All the VMs behind the Whonix Gateway should now work fine without
additional configuration.
\subsubsection[title={Final step:},reference={final-step}]
{\bf Take a post-install VirtualBox snapshot of your VMs.}
You are done and can now skip the rest to go to the \goto{Getting
Online}[getting-online] part.
\subsection[title={The Qubes Route:},reference={the-qubes-route}]
{\bf Note that the guide has been updated to Qubes OS 4.1}
As they say on their website, Qubes OS is a reasonably secure, free,
open-source, and security-oriented operating system for single-user
desktop computing. Qubes OS leverages and extensively uses Xen-based
virtualization to allow for the creation and management of isolated
compartments called Qubes.
Qubes OS is not a Linux distribution\footnote{Qubes OS, FAQ,
\useURL[url1605][https://www.qubes-os.org/faq/\#is-qubes-just-another-linux-distribution]\from[url1605]
\useURL[url1606][https://web.archive.org/web/https://www.qubes-os.org/faq/\#is-qubes-just-another-linux-distribution][][{[}Archive.org{]}]\from[url1606]}
but a Xen distribution. It is different from Linux distributions because
it will make extensive use of Virtualization and Compartmentalization so
that any app will run in a different VM (Qube). As a bonus, Qubes OS
integrates Whonix by default and allows for increased privacy and
anonymity. It is highly recommended that you document yourself over
Qubes OS principles before going this route. Here are some recommended
resources:
\startitemize
\item
Qubes OS Introduction,
\useURL[url1607][https://www.qubes-os.org/intro/]\from[url1607]
\useURL[url1608][https://web.archive.org/web/https://www.qubes-os.org/intro/][][{[}Archive.org{]}]\from[url1608]
\item
Qubes OS Video Tours,
\useURL[url1609][https://www.qubes-os.org/video-tours/]\from[url1609]
\useURL[url1610][https://web.archive.org/web/https://www.qubes-os.org/video-tours/][][{[}Archive.org{]}]\from[url1610]
\item
Qubes OS Getting Started,
\useURL[url1611][https://www.qubes-os.org/doc/getting-started/]\from[url1611]
\useURL[url1612][https://web.archive.org/web/https://www.qubes-os.org/doc/getting-started/][][{[}Archive.org{]}]\from[url1612]
\item
YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead -
Konstantin Ryabitsev, The Linux Foundation
\useURL[url1613][https://www.youtube.com/watch?v=8cU4hQg6GvU]\from[url1613]
\useURL[url1614][https://yewtu.be/watch?v=8cU4hQg6GvU][][{[}Invidious{]}]\from[url1614]
\item
YouTube, We used the reasonably-secure Qubes OS for 6 months and
survived - Matty McFatty {[}@themattymcfatty{]}
\useURL[url1615][https://www.youtube.com/watch?v=sbN5Bz3v-uA]\from[url1615]
\useURL[url1616][https://yewtu.be/watch?v=sbN5Bz3v-uA][][{[}Invidious{]}]\from[url1616]
\item
YouTube, Qubes OS: How it works, and a demo of this VM-centric OS
\useURL[url1617][https://www.youtube.com/watch?v=YPAvoFsvSbg]\from[url1617]
\useURL[url1618][https://yewtu.be/watch?v=YPAvoFsvSbg][][{[}Invidious{]}]\from[url1618]
\stopitemize
This OS is recommended by prominent figures such as Edward Snowden,
PrivacyGuides.org.
Qubes is the best option in this guide for people who are more
comfortable with Linux and tech in general. But it has some downsides
such as the lack of OS-wide plausible deniability, its hardware
requirements, and its hardware compatibility. While you can run this on
4GB of RAM as per their requirements
\useURL[url1619][https://yewtu.be/watch?v=sbN5Bz3v-uA][][{[}Archive.org{]}]\from[url1619],
the recommended RAM is 16GB. We would recommend against using Qubes OS
if you have less than 8GB of RAM. If you want a comfortable experience,
you should have 16GB, if you want a particularly enjoyable experience,
you should have 24GB or 32GB.
The reason for this RAM requirement is that each app will run in a
different VM and each of those VM will require and allocate a certain
amount of memory that will not be available for other apps. If you are
running native Windows apps within Qubes OS Qubes, the ram overhead will
be significant.
You should also check their hardware compatibility here
\useURL[url1620][https://www.qubes-os.org/hcl/]\from[url1620]
\useURL[url1621][https://web.archive.org/web/https://www.qubes-os.org/hcl/][][{[}Archive.org{]}]\from[url1621]
before proceeding. Your mileage might vary, and you might experience
several issues about hardware compatibility that you will have to
troubleshoot and solve yourself.
I think that if you can afford it and are comfortable with the idea of
using Linux, you should go with this route as it is probably the best
one in terms of security and privacy. The only disadvantage of this
route is that it does not provide a way to enable OS-wide
\useURL[url1622][https://en.wikipedia.org/wiki/Plausible_deniability][][plausible
deniability]\from[url1622]
\useURL[url1623][https://en.wikipedia.org/wiki/Plausible_deniability]\from[url1623]
\useURL[url1624][https://wikiless.org/wiki/Plausible_deniability][][{[}Wikiless{]}]\from[url1624],
unlike the Whonix route.
\subsubsection[title={Pick your connectivity
method:},reference={pick-your-connectivity-method-1}]
There are seven possibilities within this route:
\startitemize
\item
{\bf Recommended and preferred:}
\startitemize
\item
{\bf Use Tor alone (User > Tor > Internet)}
\item
{\bf Use VPN over Tor (User > Tor > VPN > Internet) in specific
cases}
\item
{\bf Use a VPS with a self-hosted VPN/Proxy over Tor (User > Tor >
Self-Hosted VPN/Proxy > Internet) in specific cases}
\stopitemize
\item
Possible if required by context:
\startitemize
\item
Use VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)
\item
Use Tor over VPN (User > VPN > Tor > Internet)
\stopitemize
\item
Not recommended and risky:
\startitemize
\item
Use VPN alone (User > VPN > Internet)
\item
Use VPN over VPN (User > VPN > VPN > Internet)
\stopitemize
\item
{\bf Not recommended and highly risky (but possible)}
\startitemize[packed]
\item
No VPN and no Tor (User > Internet)
\stopitemize
\stopitemize
\placefigure{image23}{\externalfigure[./tex2pdf.-1a34188c73046814/ad5dac2a0c32b6db732493569d7134218c54534b.png]}
\subsubsubsection[title={Tor only:},reference={tor-only-1}]
This is the preferred and most recommended solution.
\placefigure{image32}{\externalfigure[./tex2pdf.-1a34188c73046814/f60ad50fd1483e104fbb457400a4a4c70a917183.png]}
With this solution, all your network goes through Tor, and it should be
sufficient to guarantee your anonymity in most cases.
There is one main drawback tho: {\bf Some services block/ban Tor Exit
nodes outright and will not allow account creations from those.}
To mitigate this, you might have to consider the next option: VPN over
Tor but consider some risks associated with it explained in the next
section.
\subsubsubsection[title={VPN/Proxy over
Tor:},reference={vpnproxy-over-tor-1}]
This solution can bring some benefits in some specific cases vs using
Tor only where accessing the destination service would be impossible
from a Tor Exit node. This is because many services will just outright
ban, hinder, or block Tor Exit Nodes (see
\useURL[url1625][https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor]\from[url1625]
\useURL[url1626][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor][][{[}Archive.org{]}]\from[url1626]).
This solution can be achieved in two ways:
\startitemize
\item
Paid VPN over Tor (easiest)
\item
Paid Self-Hosted VPS configured as VPN/Proxy (most efficient in
avoiding online obstacles such as captchas but requiring more skills
with Linux)
\stopitemize
As you can see in this illustration, if your cash (preferred)/Monero
paid VPN/Proxy is compromised by an adversary (despite their privacy
statement and no-logging policies), they will only find an anonymous
cash/Monero paid VPN account connecting to their services from a Tor
Exit node.
\placefigure{image33}{\externalfigure[./tex2pdf.-1a34188c73046814/9d551d82a85f0049229b0fa18bd65c8e1f999512.png]}
If an adversary somehow manages to compromise the Tor network too, they
will only reveal the IP of a random public Wi-Fi that is not tied to
your identity.
If an adversary somehow compromises your VM OS (with malware or an
exploit for instance), they will be trapped within the internal Network
of Whonix and should be unable to reveal the IP of the public Wi-Fi.
{\bf This solution however has one main drawback to consider:
Interference with Tor Stream Isolation}\footnote{Whonix Documentation,
Stream Isolation
\useURL[url1627][https://www.whonix.org/wiki/Stream_Isolation]\from[url1627]
\useURL[url1628][https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation][][{[}Archive.org{]}]\from[url1628]}.
Stream isolation is a mitigation technique used to prevent some
correlation attacks by having different Tor Circuits for each
application. Here is an illustration to show what stream isolation is:
\placefigure{image26}{\externalfigure[./tex2pdf.-1a34188c73046814/a32a269c6ea46148dddc02bb954ddeb6e5805666.png]}
(Illustration from Marcelo Martins,
\useURL[url1629][https://stakey.club/en/decred-via-tor-network/]\from[url1629]
\useURL[url1630][https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/][][{[}Archive.org{]}]\from[url1630])
VPN/Proxy over Tor falls on the right-side\footnote{Whonix
Documentation, Tunnels Comparison Table
\useURL[url1631][https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table]\from[url1631]
\useURL[url1632][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table][][{[}Archive.org{]}]\from[url1632]}
meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all
activities instead of multiple circuits for each. This means that using
a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases
and should therefore be used only for some specific cases:
\startitemize
\item
When your destination service does not allow Tor Exit nodes.
\item
When you do not mind using a shared Tor circuit for various services.
For instance for using various authenticated services.
\stopitemize
{\bf You should however consider not using this method when your aim is
just to browse random various unauthenticated websites as you will not
benefit from Stream Isolation and this could make correlation attacks
easier for an adversary between each of your sessions (see \goto{Your
Anonymized Tor/VPN traffic}[your-anonymized-torvpn-traffic]).}
More information at:
\startitemize
\item
\useURL[url1633][https://www.whonix.org/wiki/Stream_Isolation]\from[url1633]
\useURL[url1634][https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation][][{[}Archive.org{]}]\from[url1634]
\item
\useURL[url1635][https://tails.boum.org/contribute/design/stream_isolation/]\from[url1635]
\useURL[url1636][https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/][][{[}Archive.org{]}]\from[url1636]
\item
\useURL[url1637][https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table]\from[url1637]
\useURL[url1638][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction\#Comparison_Table][][{[}Archive.org{]}]\from[url1638]
\stopitemize
\subsubsubsection[title={Tor over VPN:},reference={tor-over-vpn-2}]
You might be wondering: Well, what about using Tor over VPN instead of
VPN over Tor?
\startitemize
\item
Disadvantages
\startitemize
\item
Your VPN provider is just another ISP that will then know your
origin IP and will be able to de-anonymize you if needed. We do not
trust them. Prefer a situation where your VPN provider does not know
who you are. It does not add much in terms of anonymity.
\item
This would result in you connecting to various services using the IP
of a Tor Exit Node which is banned/flagged in many places. It does
not help in terms of convenience.
\stopitemize
\item
Advantages:
\startitemize
\item
{\bf The main advantage is that if you are in a hostile environment
where Tor access is impossible/dangerous/suspicious, but VPN is
okay.}
\item
This method also does not break Tor Stream isolation.
\stopitemize
\stopitemize
Note, if you're having issues accessing the Tor Network due to
blocking/censorship, you could try using Tor Bridges (see Tor
Documentation
\useURL[url1639][https://2019.www.torproject.org/docs/bridges]\from[url1639]
\useURL[url1640][https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges][][{[}Archive.org{]}]\from[url1640]
and Whonix Documentation
\useURL[url1641][https://www.whonix.org/wiki/Bridges]\from[url1641]
\useURL[url1642][https://web.archive.org/web/https://www.whonix.org/wiki/Bridges][][{[}Archive.org{]}]\from[url1642]).
It is also possible to consider {\bf VPN over Tor over VPN (User > VPN >
Tor > VPN > Internet)} using two cash/Monero paid VPNs instead. This
means that you will connect the Host OS to a first VPN from your Public
Wi-Fi, then Whonix will connect to Tor, and finally, your VM will
connect to a second VPN over Tor over VPN (see
\useURL[url1643][https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor]\from[url1643]
\useURL[url1644][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor][][{[}Archive.org{]}]\from[url1644]).
This will of course have a significant performance impact and might be
quite slow, but Tor is necessary somewhere for achieving reasonable
anonymity.
Achieving this technically is easy within this route, you need two
separate anonymous VPN accounts and must connect to the first VPN from
the Host OS and follow the route.
Conclusion: Only do this if you think using Tor alone is
risky/impossible but VPNs are okay. Or just because you can and so why
not. This method will not lower your security/privacy/anonymity.
\subsubsubsection[title={VPN only:},reference={vpn-only-1}]
This route will not be explained nor recommended.
{\bf If you can use VPNs then you should be able to add a Tor layer over
it. And if you can use Tor, then you can add an anonymous VPN over Tor
to get the preferred solution.}
Just using a VPN or even a VPN over VPN makes no sense as those can be
traced back to you over time. One of the VPN providers will know your
real origin IP (even if it is in a safe public space) and even if you
add one over it, the second one will still know you were using that
other first VPN service. This will only slightly delay your
de-anonymization. Yes, it is an added layer \ldots{} but it is a
persistent centralized added layer, and you can be de-anonymized over
time. This is just chaining 3 ISPs that are all subject to lawful
requests.
For more info, please see the following references:
\startitemize
\item
\useURL[url1645][https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services\#Tor_and_VPN_Services_Comparison]\from[url1645]
\useURL[url1646][https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services][][{[}Archive.org{]}]\from[url1646]
\item
\useURL[url1647][https://www.whonix.org/wiki/Why_does_Whonix_use_Tor]\from[url1647]
\useURL[url1648][https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor][][{[}Archive.org{]}]\from[url1648]
\item
\useURL[url1649][https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study]\from[url1649]
\useURL[url1650][https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study][][{[}Archive.org{]}]\from[url1650]
\item
\useURL[url1651][https://gist.github.com/joepie91/5a9909939e6ce7d09e29\#file-vpn-md]\from[url1651]
\useURL[url1652][https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29][][{[}Archive.org{]}]\from[url1652]
\item
\useURL[url1653][https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html]\from[url1653]
\useURL[url1654][https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html][][{[}Archive.org{]}]\from[url1654]
\stopitemize
{\bf In the context of this guide, Tor is required somewhere to achieve
reasonable and safe anonymity and you should use it if you can.}
\subsubsubsection[title={No VPN/Tor:},reference={no-vpntor-1}]
If you cannot use VPN nor Tor where you are, you probably are in a very
hostile environment where surveillance and control are extremely high.
Just do not, it is not worth it and too risky. You can be de-anonymized
almost instantly by any motivated adversary that could get to your
physical location in a matter of minutes.
Do not forget to check back on \goto{Adversaries (threats)}[threats] and
\goto{Appendix S: Check your network for surveillance/censorship using
OONI}[appendix-s-check-your-network-for-surveillancecensorship-using-ooni].
If you have absolutely no other option and still want to do something,
see \goto{Appendix P: Accessing the internet as safely as possible when
Tor/VPN is not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
{\bf (at your own risk).}
\subsubsubsection[title={Conclusion:},reference={conclusion-2}]
\startplacetable[location=none]
\startxtable
\startxtablehead[head]
\startxrow
\startxcell[width={0.15\textwidth}] Connection Type \stopxcell
\startxcell[width={0.05\textwidth}] Anonymity \stopxcell
\startxcell[width={0.15\textwidth}] Ease of Access to online
resources \stopxcell
\startxcell[width={0.09\textwidth}] Tor Stream isolation \stopxcell
\startxcell[width={0.17\textwidth}] Safer where Tor is
suspicious/dangerous \stopxcell
\startxcell[width={0.05\textwidth}] Speed \stopxcell
\startxcell[width={0.11\textwidth}] Cost \stopxcell
\startxcell[width={0.21\textwidth}] Recommended \stopxcell
\stopxrow
\stopxtablehead
\startxtablebody[body]
\startxrow
\startxcell[width={0.15\textwidth}] Tor Alone \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Free} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Tor over VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good+} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed (Tor
inaccessible)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Tor over VPN over Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Best} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf Possible} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Poor} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN over Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed
(convenience)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] Self-Hosted VPS VPN/Proxy over
Tor \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Very Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Medium} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed
(convenience)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN/Proxy over Tor over
VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good-} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Poor} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 100€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf If needed (convenience and Tor
inaccessible)} \stopxcell
\stopxrow
\startxrow
\startxcell[width={0.15\textwidth}] VPN/Proxy Alone \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Bad} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf N/A} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf Yes} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 50€/y} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf No} \stopxcell
\stopxrow
\stopxtablebody
\startxtablefoot[foot]
\startxrow
\startxcell[width={0.15\textwidth}] No Tor and VPN \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Bad} \stopxcell
\startxcell[width={0.15\textwidth}] {\bf Unknown} \stopxcell
\startxcell[width={0.09\textwidth}] {\bf N/A} \stopxcell
\startxcell[width={0.17\textwidth}] {\bf No} \stopxcell
\startxcell[width={0.05\textwidth}] {\bf Good} \stopxcell
\startxcell[width={0.11\textwidth}] {\bf Around 100€
(Antenna)} \stopxcell
\startxcell[width={0.21\textwidth}] {\bf No.~At your own
risk.} \stopxcell
\stopxrow
\stopxtablefoot
\stopxtable
\stopplacetable
Unfortunately, using Tor alone will raise the suspicion of many
destinations' platforms. You will face many hurdles (captchas, errors,
difficulties signing up) if you only use Tor. In addition, using Tor
where you are could put you in trouble just for that. But Tor remains
the best solution for anonymity and must be somewhere for anonymity.
\startitemize
\item
If you intend to create persistent shared and authenticated identities
on various services where access from Tor is hard, we recommend the
{\bf VPN over Tor} and {\bf VPS VPN/Proxy over Tor} options (or VPN
over Tor over VPN if needed). It might be a bit less secure against
correlation attacks due to breaking Tor Stream isolation but provides
much better convenience in accessing online resources than just using
Tor. It is an \quotation{acceptable} trade-off IMHP if you are careful
enough with your identity.
\startitemize[packed]
\item
{\bf Note: It is becoming more common that mainstream services and
CDNS are also blocking or hindering VPN users with captchas and
other various obstacles}. {\bf In that case, a self-hosted VPS with
a VPN/Proxy over Tor is the best solution for this as having your
own dedicated VPS guarantees you are the sole user of your IP and
encounter little to no obstacles.} Consider a \goto{Self-hosted
VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with
Linux)}[self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux]
if you want the least amount of issues (this will be explained in
the next section in more details).
\stopitemize
\item
If your intent however is just to browse random services anonymously
without creating specific shared identities, using tor friendly
services; or if you do not want to accept that trade-off in the
earlier option. {\bf Then we recommend using the Tor Only route to
keep the full benefits of Stream Isolation (or Tor over VPN if you
need to).}
\item
If cost is an issue, we recommend the Tor Only option if possible.
\item
If both Tor and VPN access are impossible or dangerous then you have
no choice but to rely on Public wi-fi safely. See \goto{Appendix P:
Accessing the internet as safely as possible when Tor and VPNs are not
an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\stopitemize
For more information, you can also see the discussions here that could
help decide yourself:
\startitemize
\item
Tor Project:
\useURL[url1655][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN]\from[url1655]
\useURL[url1656][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN][][{[}Archive.org{]}]\from[url1656]
\item
Tails Documentation:
\startitemize
\item
\useURL[url1657][https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/]\from[url1657]
\useURL[url1658][https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/][][{[}Archive.org{]}]\from[url1658]
\item
\useURL[url1659][https://tails.boum.org/support/faq/index.en.html\#index20h2]\from[url1659]
\useURL[url1660][https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html][][{[}Archive.org{]}]\from[url1660]
\stopitemize
\item
Whonix Documentation (in this order):
\startitemize
\item
\useURL[url1661][https://www.whonix.org/wiki/Tunnels/Introduction]\from[url1661]
\useURL[url1662][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction][][{[}Archive.org{]}]\from[url1662]
\item
\useURL[url1663][https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN]\from[url1663]
\useURL[url1664][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN][][{[}Archive.org{]}]\from[url1664]
\item
\useURL[url1665][https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor]\from[url1665]
\useURL[url1666][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor][][{[}Archive.org{]}]\from[url1666]
\stopitemize
\item
Some papers on the matter:
\startitemize[packed]
\item
\useURL[url1667][https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study]\from[url1667]
\useURL[url1668][https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study][][{[}Archive.org{]}]\from[url1668]
\stopitemize
\stopitemize
\subsubsection[title={Getting an anonymous
VPN/Proxy:},reference={getting-an-anonymous-vpnproxy-1}]
{\bf Skip this step if you want to use Tor only or VPN is not an
option.}
See \goto{Appendix O: Getting an anonymous
VPN/Proxy}[appendix-o-getting-an-anonymous-vpnproxy]
\subsubsection[title={Note about Plausible
Deniability:},reference={note-about-plausible-deniability}]
Qubes OS uses LUKS for full disk encryption and it is technically
possible to achieve a form of deniability by using detached LUKS
headers. This is not yet integrated into this guide but you will find an
evolving tutorial on how to achieve this here:
\useURL[url1669][https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205]\from[url1669]
and some more background information within the Linux Host OS section
(see \goto{Note about plausible deniability on
Linux}[note-about-plausible-deniability-on-linux]).
\subsubsection[title={Installation:},reference={installation-3}]
You will follow the instructions from their own guide
\useURL[url1670][https://www.qubes-os.org/doc/installation-guide/]\from[url1670]
\useURL[url1671][https://web.archive.org/web/https://www.qubes-os.org/doc/installation-guide/][][{[}Archive.org{]}]\from[url1671]:
(Secure Boot is not supported as per their FAQ:
\useURL[url1672][https://www.qubes-os.org/faq/\#is-secure-boot-supported]\from[url1672]
\useURL[url1673][https://web.archive.org/web/https://www.qubes-os.org/faq/][][{[}Archive.org{]}]\from[url1673]
so it should be disabled in the BIOS/UEFI settings.)
\startitemize
\item
Download the latest Qubes OS 4.1.x installation ISO according to their
hardware compatibility list.
\item
Get and verify the Qubes OS Master Signing key:
\useURL[url1674][https://keys.qubes-os.org/keys/qubes-master-signing-key.asc]\from[url1674]
\item
Prepare a USB key with the Qubes OS ISO file
\item
Install Qubes OS according to the installation guide:
\startitemize
\item
{\bf If you want to use Tor or VPN over Tor: Check the}
"{\bf Enabling system and template updates over the Tor anonymity
network using Whonix" during the last step. This will force all
Qubes OS updates to go through Tor. While this will significantly
reduce your update speed, it will increase your anonymity from the
start.} (If you are having issues connecting to Tor due to
censorship or blocking, consider using Tor Bridges as recommended
earlier. Just follow the tutorial provided here:
\useURL[url1675][https://www.whonix.org/wiki/Bridges]\from[url1675]
\useURL[url1676][https://web.archive.org/web/https://www.whonix.org/wiki/Bridges][][{[}Archive.org{]}]\from[url1676])
\item
If you want to use Tor over VPN or cannot use any of those, leave it
unchecked.
\item
Be absolutely sure that you are verifying the signature of the ISO,
which you can find on this page:
\useURL[url1677][https://www.qubes-os.org/security/verifying-signatures/]\from[url1677]
\useURL[url1678][https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/][][{[}Archive.org{]}]\from[url1678].
Check by obtaining the fingerprint from multiple independent sources
in several different ways as recommended. This is to ensure the
image has not been tampered with. Do not skip this vital step even
though you know you are getting the ISO from a trusted source,
because it's possible for the Qubes website to be compromised.
\stopitemize
\item
If you are prevented from using Tor, there is no point in installing
the Whonix VM templates. You can disable Whonix installation during
the post-installation, initial setup wizard.
\stopitemize
To be sure your Qubes ISO hasn't been tampered with, you should get the
Qubes master key fingerprint from multiple different sources. This guide
can be used as one source.
The Qubes master signing key fingerprint should match
\type{427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494}.
{\em Remember to read the guide to verifying signatures on the Qubes
website:
\useURL[url1679][https://www.qubes-os.org/security/verifying-signatures/]\from[url1679]
\useURL[url1680][https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/][][{[}Archive.org{]}]\from[url1680].}
\subsubsection[title={Lid Closure
Behavior:},reference={lid-closure-behavior}]
Unfortunately, Qubes OS does not support hibernation\footnote{Qubes OS
Issues, Simulate Hibernation / Suspend-To-Disk (Issue \#2414)
\useURL[url1681][https://github.com/QubesOS/qubes-issues/issues/2414]\from[url1681]
\useURL[url1682][https://web.archive.org/web/https://github.com/QubesOS/qubes-issues/issues/2414][][{[}Archive.org{]}]\from[url1682]}
which is an issue regarding cold-boot attacks. To mitigate those, I
highly recommend that you configure Qubes OS to shut down on any power
action (power button, lid closure). You can do set this from the XFCE
Power Manager. Do not use the sleep features.
\subsubsection[title={Anti Evil Maid
(AEM):},reference={anti-evil-maid-aem}]
{\bf Warning}, this step only works with Intel CPUs, a legacy BIOS, TPM
1.2. If you do not meet those requirements, skip this step.
Anti Evil Maid is an implementation of a TPM-based static trusted boot
with a primary goal to prevent Evil Maid attacks. Installing and using
AEM requires attaching a USB drive directly to dom0. So the user must
make a choice between protecting dom0 from a potentially malicious USB
drive, and protecting the system from Evil Maid attacks. Note that AEM
is only compatible with Intel CPUs and Legacy boot options.
The preference for mitigating any evil maid attack is to maintain
physical control of your device at all times. If that is not possible,
then this might be relevant to your threat model.
Before deciding to use this system, please read \goto{Appendix B4:
Important notes about evil-maid and
tampering}[appendix-b4-important-notes-about-evil-maid-and-tampering]
See the following links for more details and installation instructions:
\startitemize
\item
\useURL[url1683][https://www.qubes-os.org/doc/anti-evil-maid/]\from[url1683]
\useURL[url1684][https://web.archive.org/web/https://www.qubes-os.org/doc/anti-evil-maid/][][{[}Archive.org{]}]\from[url1684]
\item
\useURL[url1685][https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html]\from[url1685]
\useURL[url1686][https://web.archive.org/web/https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html][][{[}Archive.org{]}]\from[url1686]
\item
\useURL[url1687][https://github.com/QubesOS/qubes-antievilmaid]\from[url1687]
\useURL[url1688][https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid][][{[}Archive.org{]}]\from[url1688]
\stopitemize
\subsubsection[title={Connect to a Public
Wi-Fi:},reference={connect-to-a-public-wi-fi}]
Remember this should be done from a safe place (see \goto{Find some safe
places with decent public
Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi] and
\goto{Appendix Q: Using long-range Antenna to connect to Public Wi-Fis
from a safe
distance}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance]):
\startitemize
\item
In the upper right corner, Left-click the network icon and note the
Wi-Fi SSID you want to connect to
\item
Now right-click the network icon and select Edit Connections
\item
Add one using the + sign
\item
Select Wi-Fi
\item
Enter the SSID of the desired network you noted before (if needed)
\item
Select Cloned Mac Address
\item
Select Random to randomize your Mac Address
\startitemize[packed]
\item
{\bf Warning: This setting should work in most cases but can be
unreliable on some network adapters. Please refer to this
documentation if you want to be sure:
\useURL[url1689][https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md]\from[url1689]}
\useURL[url1690][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md][][{[}Archive.org{]}]\from[url1690]
\stopitemize
\item
Save
\item
Now again Left-click the connection account and connect to the desired
Wi-Fi
\item
If this is an Open Wi-Fi requiring registration: You will have to
start a browser to register
\startitemize
\item
After you are connected, Start a Disposable Fedora Firefox Browser
\item
Go into the upper left Menu
\item
Select Disposable, Fedora, Firefox
\item
Open Firefox and register (anonymously) into the Wi-Fi
\stopitemize
\stopitemize
\subsubsection[title={Upgrading Qubes OS from 4.0.x to 4.1.x (you should
do
it)},reference={upgrading-qubes-os-from-4.0.x-to-4.1.x-you-should-do-it}]
Personally, we wouldn't do it in-place and do a fresh install.
But if you really want to, it's technically possible by following this
guide:
\useURL[url1691][https://www.qubes-os.org/doc/upgrade/4.1/]\from[url1691]
\useURL[url1692][https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/][][{[}Archive.org{]}]\from[url1692]
\subsubsection[title={Updating Qubes OS:},reference={updating-qubes-os}]
After you are connected to a Wi-Fi you need to update Qubes OS and
Whonix. You must keep Qubes OS always updated before conducting any
sensitive activities. Especially your Browser VMs. Normally, Qubes OS
will warn you about updates in the upper right corner with a gear icon.
As this might take a while in this case due to using Tor, you can force
the process by doing the following:
\startitemize
\item
Click the upper left Applications icon
\item
Select Qubes Tools
\item
Select Qubes Update
\item
Check the \quotation{Enable updates for Qubes without known available
updates}
\item
Select all the Qubes
\item
Click Next and wait for updates to complete
\item
If you checked the Tor option during install, be patient as this might
take a while over Tor
\stopitemize
\subsubsection[title={Upgrading Whonix from version 15 to version
16:},reference={upgrading-whonix-from-version-15-to-version-16}]
Again, you should really do this ASAP. We would use a fresh install but
it's technically possible to do it in-place, see
\useURL[url1693][https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16]\from[url1693]
\useURL[url1694][https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16][][{[}Archive.org{]}]\from[url1694]
Follow the instructions on
\useURL[url1695][https://www.whonix.org/wiki/Qubes/Install]\from[url1695]
\useURL[url1696][https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/Install][][{[}Archive.org{]}]\from[url1696].
{\em If you're running Qubes 4.1.x, this is already done for you.}
\subsubsection[title={Hardening Qubes
OS:},reference={hardening-qubes-os}]
{\bf Disclaimer: This section is under construction and will be worked
on heavily in the next releases. This section is for more advanced
users.}
\subsubsubsection[title={Application
Sandboxing:},reference={application-sandboxing}]
While Qubes OS is already sandboxing everything by design, it is also
useful to consider sandboxing apps themselves using AppArmor or SELinux.
\subsubsubsubsection[title={AppArmor:},reference={apparmor}]
\quotation{AppArmor is a Mandatory Access Control framework. When
enabled, AppArmor confines programs according to a set of rules that
specify what files a given program can access. This initiative-taking
approach helps protect the system against both known and unknown
vulnerabilities} (Debian.org).
Basically, AppArmor\footnote{Wikipedia, AppArmor
\useURL[url1697][https://en.wikipedia.org/wiki/AppArmor]\from[url1697]
\useURL[url1698][https://wikiless.org/wiki/AppArmor][][{[}Wikiless{]}]\from[url1698]
\useURL[url1699][https://web.archive.org/web/https://en.wikipedia.org/wiki/AppArmor][][{[}Archive.org{]}]\from[url1699]}
is an application sandboxing system. By default, it is not enabled but
supported by Qubes OS.
\startitemize
\item
About the Fedora VMs:
\startitemize[packed]
\item
Fedora does not use AppArmor but rather SELinux so see the next
section for that.
\stopitemize
\item
About the Debian VMs:
\startitemize[packed]
\item
Head out and read
\useURL[url1700][https://wiki.debian.org/AppArmor]\from[url1700]
\useURL[url1701][https://web.archive.org/web/https://wiki.debian.org/AppArmor][][{[}Archive.org{]}]\from[url1701]
\stopitemize
\item
About any other Linux VM:
\startitemize
\item
Head out and read:
\startitemize
\item
\useURL[url1702][https://wiki.archlinux.org/title/AppArmor]\from[url1702]
\useURL[url1703][https://web.archive.org/web/https://wiki.archlinux.org/title/AppArmor][][{[}Archive.org{]}]\from[url1703]
\item
\useURL[url1704][https://wiki.debian.org/AppArmor]\from[url1704]
\useURL[url1705][https://web.archive.org/web/https://wiki.debian.org/AppArmor][][{[}Archive.org{]}]\from[url1705]
\stopitemize
\stopitemize
\item
About the Whonix VMs, you should consider enabling and using AppArmor,
especially on the Whonix VMs of Qubes OS:
\startitemize
\item
First, you should head out and read
\useURL[url1706][https://www.whonix.org/wiki/AppArmor]\from[url1706]
\useURL[url1707][https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor][][{[}Archive.org{]}]\from[url1707]
\item
Secondly, you should head out again and read
\useURL[url1708][https://www.whonix.org/wiki/Qubes/AppArmor]\from[url1708]
\useURL[url1709][https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor][][{[}Archive.org{]}]\from[url1709]
\stopitemize
\stopitemize
\subsubsubsubsection[title={SELinux:},reference={selinux}]
SELinux\footnote{Wikipedia, SELinux
\useURL[url1710][https://en.wikipedia.org/wiki/Security-Enhanced_Linux]\from[url1710]
\useURL[url1711][https://wikiless.org/wiki/Security-Enhanced_Linux][][{[}Wikiless{]}]\from[url1711]
\useURL[url1712][https://web.archive.org/web/https://en.wikipedia.org/wiki/Security-Enhanced_Linux][][{[}Archive.org{]}]\from[url1712]}
is similar to AppArmor. The differences between SELinux and AppArmor are
technical details into which we will not get.
Here is a good explanation of what it is:
\useURL[url1713][https://www.youtube.com/watch?v=_WOKRaM-HI4]\from[url1713]
\useURL[url1714][https://yewtu.be/watch?v=_WOKRaM-HI4][][{[}Invidious{]}]\from[url1714]
In this guide and the context of Qubes OS, it is important to mention it
as it is the recommended method by Fedora which is one of the default
systems on Qubes OS.
So, head out and read
\useURL[url1715][https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/]\from[url1715]
\useURL[url1716][https://web.archive.org/web/https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/][][{[}Archive.org{]}]\from[url1716]
You could make use of SELinux on your Fedora Templates. But this is up
to you. Again, this is for advanced users.
\subsubsection[title={Setup the VPN
ProxyVM:},reference={setup-the-vpn-proxyvm}]
{\bf Skip this step if you do not want to use a VPN and just use Tor
only or if VPN is not an option either.}
This tutorial should also work with any OpenVPN provider (Mullvad, IVPN,
Safing.io, or Proton VPN for instance).
This is based on the tutorial provided by Qubes OS themselves
(\useURL[url1717][https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md]\from[url1717]
\useURL[url1718][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md][][{[}Archive.org{]}]\from[url1718]).
If you are familiar with this process, you can follow their tutorial.
Alternatively, Mullvad also have a help article that guides you through
setting up a Proxy VM
\useURL[url1719][https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/]\from[url1719]
\useURL[url1720][https://web.archive.org/web/https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/][][{[}Archive.org{]}]\from[url1720].
\subsubsubsection[title={Create the
ProxyVM:},reference={create-the-proxyvm}]
\startitemize
\item
Click the Applications icon (upper left corner)
\item
Click Create Qubes VM
\item
Name and label as you wish: I suggest \quotation{VPNGatewayVM}
\item
Select Type: Standalone Qube copied from a template
\item
Select Template: Debian-11 (the default)
\item
Select Networking:
\startitemize
\item
Select sys-whonix if you want to do VPN over Tor / Tor only
(recommended)
\item
Select sys-firewall if you want to do Tor over VPN / No Tor or VPN /
Just VPN
\stopitemize
\item
Advanced: Check provides network
\item
Check \quotation{Start Qube automatically on boot}
\item
Create the VM
\startitemize[packed]
\item
If you are going for VPN over Tor, you need to go into the settings
of the ProxyVM you made and select \quotation{sys-vpn} for
networking.
\startitemize[packed]
\item
An easier way to setup your ProxyVM is to simply run a VPN client
on the ProxyVM.
\item
Usually when you connect to your VPN provider's website, it'll
tell you whether your traffic is being properly routed through the
VPN.
\stopitemize
\item
If you are going for Tor over VPN, the opposite should be done, the
ProxyVM should have its networking set as \quotation{sys-tor} and
the \quotation{sys-tor} VM should have \quotation{sys-vpn} for its
networking.
\startitemize[packed]
\item
Test the VM connectivity to the internet by launching a Browser
within the ProxyVM. Visit
\useURL[url1721][https://check.torproject.org]\from[url1721]
\useURL[url1722][https://web.archive.org/web/https://check.torproject.org/][][{[}Archive.org{]}]\from[url1722]
(It should say you are connected to Tor)
\stopitemize
\stopitemize
\stopitemize
\subsubsubsection[title={Download the VPN configuration from your
cash/Monero paid VPN
provider:},reference={download-the-vpn-configuration-from-your-cashmonero-paid-vpn-provider}]
\subsubsubsubsection[title={If you can use
Tor:},reference={if-you-can-use-tor-1}]
{\bf Using Tor Browser (be careful not to use any Clearnet Browser for
this),} download the necessary OpenVPN configuration files for Linux
from your VPN provider.
This can be done by using the Qubes OS integrated Tor Browser by
accessing the Applications icon (upper left corner) and selecting the
Disposable Tor Browser application.
\subsubsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-5}]
Launch a browser from a DisposableVM and download the necessary OpenVPN
configuration files for Linux from your VPN provider. See \goto{Appendix
P: Accessing the internet as safely as possible when Tor and VPNs are
not an
option.}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
When you are done downloading the configuration files within the
Disposable Browser (usually a zip file), copy them to your ProxyVM VPN
Gateway machine (using right-click on the file and send to another
AppVM).
\subsubsubsection[title={Configure the
ProxyVM:},reference={configure-the-proxyvm}]
{\bf Skip this step if you are not going to use a VPN}
\startitemize
\item
Click the upper left corner
\item
Select the VPN VM you just created
\item
Open the Files of the VPN VM
\item
Go into \quotation{Qubesincoming} > dispXXXX (This was your Disposable
Browser VM)
\item
Double Click your downloaded zip file containing your OpenVPN
configuration files to unzip it
\item
Now select the VPN VM again and start a terminal
\item
Install OpenVPN with the following command
\type{sudo apt-get install openvpn}
\item
Copy all the OpenVPN configuration files provided by your VPN provider
in /etc/openvpn/
\item
For all the OpenVPN configuration files (for each location):
\startitemize
\item
Edit each file using \type{sudo nano configfile} (do not forget sudo
to edit the file within /etc)
\item
Change the protocol from \quotation{udp} to \quotation{tcp} (Tor
does not support UDP)
\item
Change the port to a supported (by your VPN provider) TCP port (like
80 or 443)
\item
Save and exit each file
\stopitemize
\item
Edit the OpenVPN config file (/etc/default/openvpn) by typing
\type{sudo nano /etc/default/openvpn}
\startitemize
\item
Change \type{#AUTOSTART="all"} to \type{AUTOSTART="all"} (in other
words, remove the \quotation{\#})
\item
Save and Exit
\stopitemize
\item
Edit the Qubes firewall rules file
(/rw/config/qubes-firewall-user-script) by typing \quotation{sudo nano
/rw/config/qubes-firewall-user-script}
\startitemize
\item
Add the following lines (without the quotes and remarks in
parentheses)
\startitemize[packed]
\item
\type{virtualif=10.137.0.17}
\stopitemize
\stopitemize
\stopitemize
\startblockquote
(This is the IP of the ProxyVM, this is not dynamic, and you might need
to change it at reboot)
\stopblockquote
\startitemize[packed]
\item
\type{vpndns1=10.8.0.1}
\stopitemize
\startblockquote
(This is the first DNS server of your VPN provider; it should not
change)
\stopblockquote
\startitemize[packed]
\item
\type{vpndns2=10.14.0.1}
\stopitemize
\startblockquote
(This is the second DNS server of your VPN provider; it should not
change)
\stopblockquote
\startitemize
\item
\type{iptables -F OUTPUT}
\item
\type{iptables -I FORWARD -o eth0 -j DROP}
\item
\type{iptables -I FORWARD -i eth0 -j DROP}
\item
\type{ip6tables -I FORWARD -o eth0 -j DROP}
\item
\type{ip6tables -I FORWARD -i eth0 -j DROP}
\stopitemize
\startblockquote
(These will block outbound traffic when the VPN is down, it is a kill
switch, more information here
\useURL[url1723][https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux]\from[url1723]
\useURL[url1724][https://web.archive.org/web/https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux][][{[}Archive.org{]}]\from[url1724]
)
\stopblockquote
\startitemize
\item
\type{iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT}
\item
\type{iptables -A OUTPUT -d 10.14.0.1 -j ACCEPT}
\stopitemize
\startblockquote
(These will allow DNS requests to your VPN provider DNS to resolve the
name of the VPN servers in the OpenVPN configuration files)
\stopblockquote
\startitemize
\item
\type{iptables -F PR-QBS -t nat}
\item
\type{iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns1}
\item
\type{iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns1}
\item
\type{iptables -A PR-QBS -t nat -d $virtualif -p udp --dport 53 -j DNAT --to $vpndns2}
\item
\type{iptables -A PR-QBS -t nat -d $virtualif -p tcp --dport 53 -j DNAT --to $vpndns2}
\stopitemize
\startblockquote
(These will redirect all DNS requests from the ProxyVM to the VPN
provider DNS servers)
\stopblockquote
\startitemize
\item
Restart the ProxyVM by typing \quotation{sudo reboot}
\item
Test the ProxyVM VPN connectivity by starting a Browser within it and
going to your VPN provider test page. It should now say you are
connected to a VPN:
\startitemize
\item
Mullvad:
\useURL[url1725][https://mullvad.net/en/check/]\from[url1725]
\useURL[url1726][https://web.archive.org/web/https://mullvad.net/en/check/][][{[}Archive.org{]}]\from[url1726]
\item
IVPN: \useURL[url1727][https://www.ivpn.net/]\from[url1727]
\useURL[url1728][https://web.archive.org/web/https://www.ivpn.net/][][{[}Archive.org{]}]\from[url1728]
(check the top banner)
\item
Proton VPN: Follow their instructions here
\useURL[url1729][https://protonvpn.com/support/vpn-ip-change/]\from[url1729]
\useURL[url1730][https://web.archive.org/web/https://protonvpn.com/support/vpn-ip-change/][][{[}Archive.org{]}]\from[url1730]
\stopitemize
\stopitemize
\subsubsubsection[title={VPN over Tor:},reference={vpn-over-tor}]
\subsubsubsubsection[title={Set up a disposable Browser Qube for VPN
over Tor
use:},reference={set-up-a-disposable-browser-qube-for-vpn-over-tor-use}]
\startitemize
\item
Within the Applications Menu (upper left corner), Select the
Disposable Fedora VM
\item
Go into Qube Settings
\item
Click Clone Qube and name it like \quotation{sys-VPNoverTor} for
example
\item
Again, within the Application Menu, Select the Clone you just created
\item
Go into Qube Settings
\item
Change the Networking to your ProxyVPN created earlier
\item
Click OK
\item
Start a Browser within the Whonix Workstation
\item
Check that you have VPN connectivity, and it should work
\stopitemize
You should now have a Disposable Browser VM that works with your
cash/Monero paid VPN over Tor.
\subsubsubsection[title={Tor Over VPN:},reference={tor-over-vpn-3}]
Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead
of sys-firewall:
\startitemize
\item
Within the Applications Menu (upper left corner), Select the
sys-whonix VM.
\item
Go into Qube Settings
\item
Change the Networking NetVM to your ProxyVPN created earlier instead
of sys-firewall
\item
Click OK
\item
Create a Whonix Workstation Disposable VM (follow this tutorial
\useURL[url1731][https://www.whonix.org/wiki/Qubes/DisposableVM]\from[url1731]
\useURL[url1732][https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/DisposableVM][][{[}Archive.org{]}]\from[url1732])
\item
Launch a browser from the VM and Check that you have VPN connectivity,
and it should work.
\stopitemize
Alternatively, you can also create any other type of disposable VM (but
less secure than the Whonix one):
\startitemize
\item
Within the Applications Menu (upper left corner), Select the
Disposable Fedora VM
\item
Go into Qube Settings
\item
Click Clone Qube and name it like \quotation{sys-TorOverVPN} for
example
\item
Again, within the Application Menu, Select the Clone you just created
\item
Go into Qube Settings
\item
Change the Networking to your sys-whonix created earlier
\item
Click OK
\item
Start a Browser within the VM
\item
Check that you have VPN connectivity, and it should work
\stopitemize
You should now have a Disposable Browser VM that works with Tor over a
cash/Monero paid VPN.
\subsubsubsection[title={Any other combination? (VPN over Tor over VPN
for
instance)},reference={any-other-combination-vpn-over-tor-over-vpn-for-instance}]
By now you should understand how easy it is to route traffic from one VM
to the other with Qubes.
You can create several ProxyVMs for VPN accesses and keep the Whonix one
for Tor. You just need to change the NetVM settings of the various VMs
to change the layout.
You could have:
\startitemize
\item
One VPN ProxyVM for the base Qubes OS connection
\item
Use the sys-whonix VM (Whonix Gateway) getting its network from the
first ProxyVM
\item
A second VPN ProxyVM getting network from sys-whonix
\item
Disposable VMs getting their NetVM from the second ProxyVM
\stopitemize
This would result in User > VPN > Tor > VPN > Internet (VPN over Tor
over VPN). Experiment for yourself. Qubes OS is great for these things.
\subsubsection[title={Setup a safe Browser within Qubes OS (optional but
recommended):},reference={setup-a-safe-browser-within-qubes-os-optional-but-recommended}]
See: \goto{Appendix V: What browser to use in your Guest VM/Disposable
VM}[appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm]
\subsubsubsection[title={Fedora Disposable
VM:},reference={fedora-disposable-vm}]
Within the Applications Menu (upper left), Select the Fedora-36
template:
\startitemize
\item
Go into Qube Settings
\item
Clone the VM and name it \quotation{fedora-36-brave} (this VM template
will have Brave)
\item
Again, go into the Applications Menu and select the clone you just
created
\item
Go into Qube Settings
\item
Change its network to the ProxyVPN and Apply
\item
Launch a terminal from the VM
\stopitemize
If you want to use Brave: apply the instructions from
\useURL[url1733][https://brave.com/linux/]\from[url1733]
\useURL[url1734][https://web.archive.org/web/https://brave.com/linux/][][{[}Archive.org{]}]\from[url1734]
and run the following commands:
\startitemize
\item
\type{sudo dnf install dnf-plugins-core}
\item
\type{sudo dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/}
\item
\type{sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc}
\item
\type{sudo dnf install brave-browser}
\stopitemize
You should also consider hardening your browser, see \goto{Appendix V1:
Hardening your Browsers}[appendix-v1-hardening-your-browsers]
\subsubsubsection[title={Whonix Disposable
VM:},reference={whonix-disposable-vm}]
Edit the Whonix Disposable VM template and follow instructions here
\useURL[url1735][https://www.whonix.org/wiki/Install_Software]\from[url1735]
\useURL[url1736][https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software][][{[}Archive.org{]}]\from[url1736]
\subsubsubsection[title={Additional browser
precautions:},reference={additional-browser-precautions}]
\startitemize
\item
See: \goto{Appendix V1: Hardening your
Browsers}[appendix-v1-hardening-your-browsers]
\item
See: \goto{Appendix A5: Additional browser precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled]
\stopitemize
\subsubsection[title={Setup an Android
VM:},reference={setup-an-android-vm}]
Because sometimes you want to run mobile Apps anonymously too. You can
also set up an Android VM for this purpose. As in other cases, ideally,
this VM will also be sitting behind the Whonix Gateway for Tor network
connectivity. But this can also be set up as VPN over Tor over VPN.
Since the Android-x86 does not work \quotation{well} with Qubes OS (my
own experience). We will instead recommend using AnBox
(\useURL[url1737][https://anbox.io/]\from[url1737]
\useURL[url1738][https://web.archive.org/web/https://anbox.io/][][{[}Archive.org{]}]\from[url1738])
which works \quotation{well enough} with Qubes OS. More information can
also be found at
\useURL[url1739][https://www.whonix.org/wiki/Anbox]\from[url1739]
\useURL[url1740][https://web.archive.org/web/https://www.whonix.org/wiki/Anbox][][{[}Archive.org{]}]\from[url1740]
\subsubsubsection[title={If you can use Tor (natively or over a
VPN):},reference={if-you-can-use-tor-natively-or-over-a-vpn-4}]
Later in the Qubes settings during creation:
\startitemize
\item
Select Networking
\item
Change to sys-whonix to put it behind the Whonix Gateway (over Tor).
\stopitemize
\subsubsubsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-6}]
Just use the tutorials as is. See \goto{Appendix P: Accessing the
internet as safely as possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option].
\subsubsubsection[title={Installation:},reference={installation-4}]
Basically, follow the tutorial here:
\startitemize
\item
Click the Applications icon (upper left corner)
\item
Click Create Qubes VM
\item
Name and label as you wish: we suggest \quotation{Android}
\item
Select Type: Standalone Qube copied from a template
\item
Select Template: Debian-11
\item
Select Networking:
\startitemize
\item
Select sys-whonix if you want to do VPN over Tor / Tor only
(recommended)
\item
Select sys-firewall if you want to do Tor over VPN / No Tor or VPN /
Just VPN
\stopitemize
\item
Start the Qube and open a Terminal
\stopitemize
Now you will have to follow the instructions from here:
\useURL[url1741][https://github.com/anbox/anbox-modules]\from[url1741]
\useURL[url1742][https://web.archive.org/web/https://github.com/anbox/anbox-modules][][{[}Archive.org{]}]\from[url1742]:
\startitemize
\item
Start by closing the AnBox Modules repository by running:
\startitemize
\item
\type{git clone https://github.com/anbox/anbox-modules.git}
\item
Go into the cloned directory
\item
Run \type{./INSTALL.sh} (or follow the manual instructions on the
tutorial)
\stopitemize
\item
Reboot the machine
\item
Open a new terminal
\item
Install Snap by running:
\startitemize[packed]
\item
\type{sudo apt install snapd}
\stopitemize
\stopitemize
Now you will follow their other tutorial from here:
\useURL[url1743][https://github.com/anbox/anbox/blob/master/docs/install.md]\from[url1743]
\useURL[url1744][https://web.archive.org/web/https://github.com/anbox/anbox/blob/master/docs/install.md][][{[}Archive.org{]}]\from[url1744]:
\startitemize
\item
Install AnBox by running:
\startitemize[packed]
\item
\type{snap install --devmode --beta anbox}
\stopitemize
\item
To update AnBox later, run:
\startitemize[packed]
\item
\type{snap refresh --beta --devmode anbox}
\stopitemize
\item
Reboot the machine
\item
Open a terminal again and start the emulator by running:
\startitemize[packed]
\item
\type{anbox.appmgr}
\stopitemize
\stopitemize
This should pop up an Android interface. Sometimes it will crash, and
you might have to run it twice to make it work.
If you want to install apps on this emulator:
\startitemize
\item
Install ADB by running:
\startitemize[packed]
\item
\type{sudo apt install android-tools-adb}
\stopitemize
\item
First start Anbox (run \type{anbox.appmgr})
\item
Grab the APK of any app you want to install
\item
Now install any APK by running:
\startitemize[packed]
\item
\type{adb install my-app.apk}
\stopitemize
\stopitemize
That's it, you should now have an Android Qube over Tor (or anything
else) capable of running pretty much any App you can sideload with ADB.
This is, for now, the easiest way to get Android emulation on Qubes OS.
\subsubsection[title={KeePassXC:},reference={keepassxc-1}]
You will need somewhere to store your data (logins/passwords,
identities, and TOTP\footnote{Wikipedia, TOTP
\useURL[url1745][https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm]\from[url1745]
\useURL[url1746][https://wikiless.org/wiki/Time-based_One-time_Password_algorithm][][{[}Wikiless{]}]\from[url1746]
\useURL[url1747][https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm][][{[}Archive.org{]}]\from[url1747]}
information).
For this purpose, KeePassXC is recommended because of its integrated
TOTP feature. This is the ability to create entries for 2FA\footnote{Wikipedia,
Multi-Factor Authentication
\useURL[url1748][https://en.wikipedia.org/wiki/Multi-factor_authentication]\from[url1748]
\useURL[url1749][https://wikiless.org/wiki/Multi-factor_authentication][][{[}Wikiless{]}]\from[url1749]
\useURL[url1750][https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication][][{[}Archive.org{]}]\from[url1750]}
authentication with the authenticator feature.
In the context of Qubes OS you should store your sensitive information
within the vault Qube:
\startitemize
\item
First, click the Applications icon (upper left) and select the vault
Qube.
\item
Click Qubes Settings
\item
Select the Applications tab
\item
From the list of available applications, add KeePassXC to the list of
selected applications.
\stopitemize
You are done and can now skip the rest to go to the
\quotation{\goto{Creating your anonymous online
identities}[creating-new-identities]} part.
\subsubsection[title={Tutorial for installing Windows based VMs on Qubes
OS:},reference={tutorial-for-installing-windows-based-vms-on-qubes-os}]
See their tutorial here:
\useURL[url1751][https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools41.md]\from[url1751]
\useURL[url1752][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools41.md][][{[}Archive.org{]}]\from[url1752]
\section[title={Quick note: Correlation vs
Attribution},reference={quick-note-correlation-vs-attribution}]
{\bf Correlation} is a relationship between two or more variables or
{\bf \useURL[url1753][https://www.digitalshadows.com/blog-and-research/cyber-attacks-the-challenge-of-attribution-and-response/][][attributes]\from[url1753]}.
How are attributions determined? During digital forensic and incident
response (DFIR), analysts typically look for indicators of compromise
(IoCs) following events that call them to act. These indicators usually
consist of IP addresses, names, databases; all of which can prescribe a
certain behavioral \quotation{tag} to an individual or group. This is
called attribution. A principal in statistics is that
\quotation{correlation does not infer causality}. What this means is
that, while you may leave certain traces on certain areas of a device or
network, that only shows presence of action, i.e., not explicitly your
presence. It doesn't show who you are, it only resolves that something
occurred and {\em someone} has done {\em something}.
Attribution is required to prove fault or guilt, and is the prime reason
why people using the Tor network to access the dark web have been
compromised: they left traces that were shown to be connected to their
real identities. Your IP can be --- but is usually not --- a large
enough indicator to attribute guilt. This is shown in the infamous
NotPetya cyber attacks against the U.S., which were later also released
upon Ukraine. Though the White House never {\em said} it was Russia's
doing, they attributed the attack to Russia's
\useURL[url1754][https://www.reuters.com/article/us-britain-russia-gru-factbox/what-is-russias-gru-military-intelligence-agency-idUSKCN1MF1VK][][(GRU)]\from[url1754]
which is a direct office housing the Russian deniable warfare\footnote{Wikipedia,
Plausible Deniability
\useURL[url1755][https://en.wikipedia.org/wiki/Plausible_deniability]\from[url1755]
\useURL[url1756][https://wikiless.org/wiki/Plausible_deniability][][{[}Wikiless{]}]\from[url1756]
\useURL[url1757][https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability][][{[}Archive.org{]}]\from[url1757]}
cyber divisions, uncommonly referred to as \quotation{spy makers} in the
intelligence community (IC).
{\em What is the point}, you may ask? Well, bluntly speaking, this a
perfect example because NotPetya, which is now undoubtedly the work of
Russian cyber operations against foreign countries and governments, has
still never been formally attributed to Russia, only to a known group
within Russia (colloquially dubbed
\useURL[url1758][https://wikiless.org/wiki/Cozy_Bear][][Cozy
Bear]\from[url1758]) which can not be confirmed nor denied given that it
is highly compartmentalized within the structure of Russia's military.
And it's also in part because of the efforts used to disguise itself as
a common Ransomware, and because it routinely used the servers of hacked
foreign assets not linked to Russia or to its internal networks.
It's all to show you the lengths that state actors will go to. You may
not be aware of it, but foreign governments use concealment techniques
such as the ones discussed in the sections of this guide. They routinely
use Tor, VPNs to conceal traffic; they use hacked devices and access to
stolen equipment to perform cyber espionage every day and it makes
attribution incredibly difficult, if not improbable, from a forensic
examiner's point of view. The problem of correlation is trivial, and you
can solve it by simply using IP hiding tools such as a VPN and the Tor
network, but still be connected to your IRL name and IP through data
leaks or other factors. You can not easily be attributed to your
activities if you carefully follow and adopt the given techniques and
skills discussed below.
\section[title={Creating your anonymous online
identities:},reference={creating-your-anonymous-online-identities}]
\subsection[title={Understanding the methods used to prevent anonymity
and verify
identity:},reference={understanding-the-methods-used-to-prevent-anonymity-and-verify-identity}]
\subsubsection[title={Captchas:},reference={captchas}]
{\externalfigure[./tex2pdf.-1a34188c73046814/d2d7a46a2008590aac1d17ab621aba1862b88100.png]}{\externalfigure[./tex2pdf.-1a34188c73046814/d95b67fc7103589e5e710e081a879f94777c384b.png]}
(Illustrations by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5)
Captcha\footnote{Wikipedia, Captcha
\useURL[url1759][https://en.wikipedia.org/wiki/CAPTCHA]\from[url1759]
\useURL[url1760][https://wikiless.org/wiki/CAPTCHA][][{[}Wikiless{]}]\from[url1760]
\useURL[url1761][https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA][][{[}Archive.org{]}]\from[url1761]}
stands for \quotation{Completely Automated Public Turing test to tell
Computers and Humans Apart} are Turing tests\footnote{Wikipedia, Turing
Test
\useURL[url1762][https://en.wikipedia.org/wiki/Turing_test]\from[url1762]
\useURL[url1763][https://wikiless.org/wiki/Turing_test][][{[}Wikiless{]}]\from[url1763]
\useURL[url1764][https://web.archive.org/web/https://en.wikipedia.org/wiki/Turing_test][][{[}Archive.org{]}]\from[url1764]}
puzzles you need to complete before accessing a form/website. You will
mostly encounter those provided by Google (reCAPTCHA service\footnote{Google
reCAPTCHA
\useURL[url1765][https://www.google.com/recaptcha/about/]\from[url1765]
\useURL[url1766][https://web.archive.org/web/https://www.google.com/recaptcha/about/][][{[}Archive.org{]}]\from[url1766]})
and Cloudflare (hCaptcha\footnote{hCaptcha
\useURL[url1767][https://www.hcaptcha.com/]\from[url1767]
\useURL[url1768][https://web.archive.org/web/https://www.hcaptcha.com/][][{[}Archive.org{]}]\from[url1768]}).
hCaptcha is used on 15\letterpercent{} of the internet by their own
metrics\footnote{hCaptcha, hCaptcha Is Now the Largest Independent
CAPTCHA Service, Runs on 15\letterpercent{} Of The Internet
\useURL[url1769][https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service]\from[url1769]
\useURL[url1770][https://web.archive.org/web/https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service][][{[}Archive.org{]}]\from[url1770]}.
They are designed to separate bots from humans but are also clearly used
to deter anonymous and private users from accessing services.
If you often use VPNs or Tor, you will quickly encounter many captchas
everywhere\footnote{Nearcyan.com, You (probably) don't need ReCAPTCHA
\useURL[url1771][https://nearcyan.com/you-probably-dont-need-recaptcha/]\from[url1771]
\useURL[url1772][https://web.archive.org/web/https://nearcyan.com/you-probably-dont-need-recaptcha/][][{[}Archive.org{]}]\from[url1772]}.
Quite often when using Tor, even if you succeed in solving all the
puzzles (sometimes dozens in a row), you will still be denied after
solving the puzzles.
See
\useURL[url1773][https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor]\from[url1773]
\useURL[url1774][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor][][{[}Archive.org{]}]\from[url1774]
While most people think those puzzles are only about solving a little
puzzle, it is important to understand that it is much more complex, and
that modern Captchas uses advanced machine learning and risk analysis
algorithms to check if you are human\footnote{ArsTechnica,
\quotation{Google's reCAPTCHA turns}invisible," will separate bots
from people without challenges"
\useURL[url1775][https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/]\from[url1775]
\useURL[url1776][https://web.archive.org/web/https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/][][{[}Archive.org{]}]\from[url1776]}:
\startitemize
\item
They check your browser, cookies, and browsing history using Browser
fingerprinting\footnote{BlackHat Asia 2016, \quotation{I'm not a
human: Breaking the Google reCAPTCHA}
\useURL[url1777][https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf]\from[url1777]
\useURL[url1778][https://web.archive.org/web/https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf][][{[}Archive.org{]}]\from[url1778]}.
\item
They track your cursor movements (speed, accuracy) and use algorithms
to decide if it is \quotation{human/organic}.
\item
They track your behavior before/during/after the tests to ensure you
are \quotation{human}\footnote{Google Blog
\useURL[url1779][https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html]\from[url1779]
\useURL[url1780][https://web.archive.org/web/https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html][][{[}Archive.org{]}]\from[url1780]}.
\stopitemize
It is also highly likely that those platforms could already reliably
identify you based on the unique way you interact with those puzzles.
This could work despite obfuscation of your IP address / Browser and
clearing all cookies.
Watch for example this DEF CON 25 presentation:
\useURL[url1781][https://www.youtube.com/watch?v=1nvYGi7-Lxo][][DEF CON
25 - Svea Eckert, Andreas Dewes - Dark Data]\from[url1781]
\useURL[url1782][https://yewtu.be/watch?v=1nvYGi7-Lxo][][{[}Invidious{]}]\from[url1782]
You will often experience several in a row (sometimes endlessly) and
sometimes exceedingly difficult ones involving reading undecipherable
characters or identifying various objects on endless pictures sets. You
will also have more captchas if you use an ad-blocking system (uBlock
for example) or if your account was flagged for any reason for using
VPNs or Tor previously.
You will also have (in my experience) more Captchas (Google's reCAPTCHA)
if you do not use a Chromium-based browser. But this can be mitigated by
using a Chromium-based browsers such as Brave. There is also a Browser
extension called Buster that could help you those
\useURL[url1783][https://github.com/dessant/buster]\from[url1783]
\useURL[url1784][https://web.archive.org/web/https://github.com/dessant/buster][][{[}Archive.org{]}]\from[url1784].
As for Cloudflare (hCaptcha), you could also use their Accessibility
solution here
(\useURL[url1785][https://www.hcaptcha.com/accessibility]\from[url1785]
\useURL[url1786][https://web.archive.org/web/https://www.hcaptcha.com/accessibility][][{[}Archive.org{]}]\from[url1786])
which would allow you to sign-up (with your anonymous identity created
later) and set a cookie within your Browser that would allow you to
bypass their captchas. Another solution to mitigate hCaptcha would be to
use their own solution called \quotation{Privacy Pass}\footnote{Cloudflare
Blog, Cloudflare supports Privacy Pass
\useURL[url1787][https://blog.cloudflare.com/cloudflare-supports-privacy-pass/]\from[url1787]
\useURL[url1788][https://web.archive.org/web/https://blog.cloudflare.com/cloudflare-supports-privacy-pass/][][{[}Archive.org{]}]\from[url1788]}
\useURL[url1789][https://privacypass.github.io/]\from[url1789]
\useURL[url1790][https://web.archive.org/web/https://privacypass.github.io/][][{[}Archive.org{]}]\from[url1790]
in the form of a Browser extension you could install in your VM Browser.
You should therefore deal with those carefully and force yourself to
alter the way you are solving them (speed/movement/accuracy/\ldots{}) to
prevent \quotation{Captcha Fingerprinting}.
Fortunately, as far as we are aware, these are not yet
officially/publicly used to de-anonymize users for third parties.
To not have those issues, you should consider using a VPN over Tor. And
the best option to avoid those is likely to use a self-hosted VPN/Proxy
over Tor on a cash/Monero paid VPS server.
\subsubsection[title={Phone
verification:},reference={phone-verification}]
Phone verification is advertised by most platforms to verify you are
human. But do not be fooled, the main reason for phone verification is
not only to check if you are human but also to be able to de-anonymize
you if needed.
Most platforms (including the privacy-oriented ones such as
Signal/Telegram/Proton will require a phone number to register, and most
countries now make it mandatory to submit a proof of ID to
register\footnote{Privacy International, Timeline of SIM Card
Registration Laws
\useURL[url1791][https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws]\from[url1791]
\useURL[url1792][https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws][][{[}Archive.org{]}]\from[url1792]}.
Fortunately, this guide explained earlier how to get a number for these
cases: \goto{Getting an anonymous Phone
number}[getting-an-anonymous-phone-number].
\subsubsection[title={E-Mail
verification:},reference={e-mail-verification}]
E-Mail verification is what used to be enough but is not anymore in most
cases. What is important to know is that open e-mail providers
(disposable e-mail providers for instance) are flagged as much as open
proxies (like Tor).
Most platforms will not allow you to register using an
\quotation{anonymous} or disposable e-mail. As they will not allow you
to register using an IP address from the Tor network.
The key thing to this is that it is becoming increasingly difficult to
sign-up for a free e-mail account anywhere without providing (you
guessed it) \ldots{} a cell phone number. That same cell phone number
can be used conveniently to track you down in most places.
It is possible that those services (Proton for instance) might require
you to provide an e-mail address for registration. In that case, we
would recommend you create an e-mail address from these providers:
\startitemize
\item
MailFence: \useURL[url1793][https://mailfence.com/]\from[url1793]
\item
Disroot: \useURL[url1794][https://disroot.org]\from[url1794]
\item
Autistici: \useURL[url1795][https://autistici.org]\from[url1795]
\item
Envs.net: \useURL[url1796][https://envs.net/]\from[url1796]
\stopitemize
Keep in mind that those do not provide a zero-access design (a
zero-access design is where only you can access your e-mail - not even
the service's admins can read your messages). This means they can access
your e-mail at rest in their database.
\subsubsubsection[title={A note about
Riseup:},reference={a-note-about-riseup}]
RiseUp's warrant canary has been renewed late, with their Twitter
posting a cryptic message seeming to tell users not to trust them. Due
to the suspicious situation, this guide can no longer recommend them.
{\em Also see:
\useURL[url1797][https://forums.whonix.org/t/riseup-net-likely-compromised/3195]\from[url1797]}
For the \useURL[url1798][https://riseup.net]\from[url1798]
\useURL[url1799][http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/][][{[}Tor
Mirror{]}]\from[url1799] (It has come to my attention that the site now,
unfortunately, requires an invitation from a current registered user)
\subsubsubsection[title={Protecting your anonymous online identities
e-mails using Aliasing
services:},reference={protecting-your-anonymous-online-identities-e-mails-using-aliasing-services}]
If you want to avoid communicating your anonymous e-mail addresses to
various parties. We would strongly suggest considering using e-mail
aliasing services such as:
\startitemize
\item
\useURL[url1800][https://simplelogin.io/]\from[url1800] (preferred
first choice due to more options available to the free tier)
\item
\useURL[url1801][https://anonaddy.com/]\from[url1801]
\stopitemize
These services will allow creating random aliases for your anonymous
e-mail (on Proton for example) and could increase your general privacy
if you do not want to disclose that e-mail for any purpose. They are
both recommended by Privacyguides.org and Privacytools.io. I'm
recommending them as well.
\subsubsection[title={User details
checking:},reference={user-details-checking}]
Obviously, Reddit does not do this (yet), but Facebook most likely does
and will look for \quotation{suspicious} things in your details (which
could include face recognition).
Some examples:
\startitemize
\item
IP address from a country different than your profile country.
\item
Age in the profile not matching the picture age.
\item
Ethnicity in the profile not matching the picture ethnicity.
\item
Language not matching the country language.
\item
Unknown in anyone else contacts (Meaning nobody else knows you).
\item
Locking down privacy settings after signing up.
\item
Name that does not match the correct ethnicity/language/country?
\stopitemize
\subsubsection[title={Proof of ID
verification:},reference={proof-of-id-verification}]
The deal-breaker in most cases. As far as we know, only Facebook and
LinkedIn (outside of financial services) have requested such
verifications which involve sending pictures of some form of
identification (passport, national ID card, driver's license \ldots{}).
The only way to do this would involve creating fake official documents
(forgery) using some decent Photoshop skills and this might be illegal
in most places.
Therefore, this is a line we are not going to help you cross within this
guide. Some services are offering such services online, but we think
they are {\em bad actors} and are overstepping their boundaries.
In many countries, only law enforcement, some specific processes (such
as GDPR requests), and some well-regulated financial services may
request proof of identification. So, the legality of asking for such
documents is debatable and we beieve such platforms should not be
allowed to require those.
In few countries (like Germany), this practice is illegal and online
platforms such as Facebook or LinkedIn are legally bound to allow you to
use a pseudonym and remain anonymous.
\subsubsection[title={IP Filters:},reference={ip-filters}]
As stated previously in this guide, many platforms will apply filters on
the IPs of the users. Tor exit nodes are publicly listed, and VPN exit
servers are \quotation{well known}. There are many commercial and free
services providing the ability to block those IPs with ease (hi
Cloudflare).
Many platforms' operators and administrators do not want traffic from
these IPs as they often drive a lot of unlawful/malicious/unprofitable
traffic to their platforms. These platforms usually argue using one of
the following points:
\startitemize[packed]
\item
\quotation{Think of the children!};
\item
\quotation{Terrorism!};
\item
\quotation{Russian troll propaganda!};
\item
\quotation{Well, it's noise in the data we sell to advertisers!}
(e.g., AdSense or Facebook Ads).
\stopitemize
\quotation{Yet we still pay traffic for them so let us just deny them
all instead.}
Fortunately, those systems are not perfect, and you will (still) be able
to get around those restrictions by switching identities (in the case of
Tor) and trying to access the website each time until you find an Exit
Node that is not yet blacklisted.
Some platforms will allow you to log in with a Tor IP but not to sign up
(See
\useURL[url1802][https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor]\from[url1802]
\useURL[url1803][https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor][][{[}Archive.org{]}]\from[url1803]).
Those platforms will keep a convenient, permanent log of the IP which
you used during sign-up - And some will keep such logs indefinitely,
e.g., all the IPs which you have used to log in (hi Facebook).
The tolerance is much higher with VPNs as they are not considered
\quotation{open proxies}, but that will not stop many platforms from
making them hard to use by forcing increasingly difficult CAPTCHAs on
most VPN users.
For this reason, this guide does recommend the use of VPN over Tor (and
not Tor over VPN) in certain use cases. {\bf Remember that the best
option to avoid those is to use a self-hosted VPN/Proxy over Tor on a
cash/Monero paid VPS}.
\subsubsection[title={Browser and Device
Fingerprinting:},reference={browser-and-device-fingerprinting}]
Many platforms (like Google\footnote{Developers Google Blog, Guidance to
developers affected by our effort to block less secure browsers and
applications
\useURL[url1804][https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html]\from[url1804]
\useURL[url1805][https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html][][{[}Archive.org{]}]\from[url1805]})
will check your browser for various capabilities and settings and block
browsers they do not like. This is one of the reasons we recommend using
Chromium-based browsers such as Brave Browser over Tor Browser within
this VM.
Here are some of the things they check within recent browsers:
\startitemize
\item
User-Agent: This is your Browser name and Version.
\item
HTTP_ACCEPT Headers: This is the type of content your Browser can
handle.
\item
Time Zone and Time Zone Offset: Your time zone.
\item
Screen Size and Color Depth: The resolution of your screen.
\item
System Fonts: The typing fonts installed on your system.
\item
Cookies support: If your browser supports cookies or not.
\item
Hash of Canvas fingerprint and Hash of WebGL fingerprint: These are
generated unique IDs based on your graphic rendering capabilities.
\item
WebGL Vendor & Renderer: Name of your Video card
\item
Do-Not-Track enabled or not: Well, yes, they can use your DNT
information to track you
\item
Language: The language of your Browser
\item
Platform: The Operating System you are using
\item
Touch Support: If your system supports touch (such as a phone/tablet
or touchscreen-enabled laptop)
\item
Ad Blocking use: If your browser block ads
\item
AudioContext fingerprint: Like the Canvas and WebGL fingerprints these
will fingerprint your audio capabilities.
\item
CPU: What kind of CPU you are using and how many of them
\item
Memory: How much memory you have in your System
\item
Browser Permissions: Is your browser allowing some things like
geolocation or microphone/webcam access.
\stopitemize
Most of the time, those fingerprints will, unfortunately, be unique or
nearly unique to your browser/system. This means that even If you log
out from a website and then log back in using a different username, your
fingerprint might remain the same if you did not take precautionary
measures. An adversary could then use such fingerprints to track you
across multiple services even if you have no account on any of them and
are using adblocking. These fingerprints could in turn be used to
de-anonymize you if you keep the same fingerprint between services.
Here are services you can use to check your browser fingerprints:
\startitemize
\item
\useURL[url1806][https://abrahamjuliot.github.io/creepjs/]\from[url1806]
(Probably the best overall)
\item
\useURL[url1807][https://coveryourtracks.eff.org/]\from[url1807]
\item
\useURL[url1808][https://amiunique.org]\from[url1808]
\item
\useURL[url1809][https://browserleaks.com/]\from[url1809]
\item
\useURL[url1810][https://www.deviceinfo.me/]\from[url1810]
\item
(Chromium based browsers only)
\useURL[url1811][https://z0ccc.github.io/extension-fingerprints/\#]\from[url1811]
\stopitemize
Chances are you will find your browser fingerprint unique no matter what
you do.
\subsubsection[title={Human interaction:},reference={human-interaction}]
Some platforms will add this as a bonus step and require you to have an
actual human interaction with a customer care representative. Usually by
e-mail but sometimes by chat/phone. They will want to verify that you
exist by asking you to reply to an e-mail/chat/phone call.
It is annoying but quite easy to deal with in our case. We are not
making bots. This guide is for humans making human accounts.
\subsubsection[title={User Moderation:},reference={user-moderation}]
Many platforms will delegate and rely on their users to moderate the
others and their content. These are the \quotation{report} features that
you will find on most platforms.
Getting reported thousands of times does not matter when you are Donald
Trump or Kim Kardashian but if you as a sole \quotation{friendless}
anonymous user gets reported even once, you might get
suspended/flagged/banned instantly.
\subsubsection[title={Behavioral
Analysis:},reference={behavioral-analysis}]
See \goto{Your Digital Fingerprint, Footprint, and Online
Behavior}[your-digital-fingerprint-footprint-and-online-behavior].
\subsubsection[title={Financial
transactions:},reference={financial-transactions}]
Simple and efficient, some platforms will require you to perform a
financial transaction to verify your account sometimes under the pretext
of verifying your age. This could be a credit card verification or an
exceedingly small amount bank wire. Some will accept a donation in a
main cryptocurrency like Bitcoin or Ethereum.
While this might seem innocent, this is obviously an ID verification and
de-anonymization method. This is just indirectly relying on third-party
financial KYC\footnote{Wikipedia, KYC
\useURL[url1812][https://en.wikipedia.org/wiki/Know_your_customer]\from[url1812]
\useURL[url1813][https://wikiless.org/wiki/Know_your_customer][][{[}Wikiless{]}]\from[url1813]
\useURL[url1814][https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer][][{[}Archive.org{]}]\from[url1814]}
regulations.
This is for instance now the case on YouTube for some European
Users\footnote{Google Help, Access age-restricted content & features
\useURL[url1815][https://support.google.com/accounts/answer/10071085]\from[url1815]
\useURL[url1816][https://web.archive.org/web/https://support.google.com/accounts/answer/10071085][][{[}Archive.org{]}]\from[url1816]}
but also used by services like Amazon that requires a valid payment
method for creating an account.
\placefigure{image36}{\externalfigure[./tex2pdf.-1a34188c73046814/6abef583a82ae896d7a4d535564864d136a79111.png]}
\subsubsection[title={Sign-in with some
platform:},reference={sign-in-with-some-platform}]
\quotation{Why do this user-verification ourselves when we can just ask
others to deal with it?}
You will notice this, and you probably already encountered this. Some
apps/platforms will ask/require you to sign in with a well-known and
well-used reputable platform instead of their own system (Sign-in with
Google/Facebook/Apple/Twitter).
This option is often presented as the \quotation{default one}, hiding
away the \quotation{Sign-in with e-mail and password} with clever Dark
Patterns\footnote{Wikipedia, Dark Pattern
\useURL[url1817][https://en.wikipedia.org/wiki/Dark_pattern]\from[url1817]
\useURL[url1818][https://wikiless.org/wiki/Dark_pattern][][{[}Wikiless{]}]\from[url1818]
\useURL[url1819][https://web.archive.org/web/https://en.wikipedia.org/wiki/Dark_pattern][][{[}Archive.org{]}]\from[url1819]}
and unfortunately sometimes needed.
This method will delegate the verification process on those platforms
instead of assuming that you will not be able to create an anonymous
Google/Facebook/Apple/Twitter account with ease.
Fortunately, it is still possible to this day to create those.
\subsubsection[title={Live Face recognition and biometrics
(again):},reference={live-face-recognition-and-biometrics-again}]
This is a common method used on some Crypto trading platforms and some
dating Apps.
Some platforms/apps will require you to take a live picture of yourself
either doing something (a wink, holding an arm up \ldots{}) or showing a
custom piece of information (a handwritten text, a passport, or ID)
within the picture. Sometimes the platform/app will require several
pictures to increase their certainty.
\placefigure{image37}{\externalfigure[./tex2pdf.-1a34188c73046814/6f4b39fdeaff3ec0d38d54195d9222a4a7360d38.png]}
This guide will not cover this one (yet) as it is mainly used on
financial platforms (that will be able to identify you with other means
anyway) and some dating apps like Tinder\footnote{The Verge, Tinder will
give you a verified blue check mark if you pass its catfishing test
\useURL[url1820][https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight]\from[url1820]
\useURL[url1821][https://web.archive.org/web/https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight][][{[}Archive.org{]}]\from[url1821]}.
Unfortunately, this method is now also sometimes being used on
Facebook\footnote{DigitalInformationWorld, Facebook will now require you
to Create a Video Selfie for Identity Verification
\useURL[url1822][https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html]\from[url1822]
\useURL[url1823][https://web.archive.org/web/https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html][][{[}Archive.org{]}]\from[url1823]}
and Instagram as part of their verification methods (tho we did not face
it yet so far).
\placefigure{image38}{\externalfigure[./tex2pdf.-1a34188c73046814/6ebbe83efdf8b825bf4e449fe99ff6fb4ad6c612.png]}
In some cases, these verifications must be done from your Smartphone and
with an \quotation{in-app} camera to prevent you from sending a
previously saved (edited) image.
Recently even platforms such as PornHub decided to implement similar
measures in the future\footnote{Vice.com, PornHub Announces
\quote{Biometric Technology} to Verify Users
\useURL[url1824][https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id]\from[url1824]
\useURL[url1825][https://web.archive.org/web/https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id][][{[}Archive.org{]}]\from[url1825]}.
This verification is extremely hard to defeat but possible. A method to
possibly defeat those would be to use \quotation{deep fake} technology
software such as the open-source FaceSwap
\useURL[url1826][https://github.com/deepfakes/faceswap]\from[url1826]
\useURL[url1827][https://web.archive.org/web/https://github.com/deepfakes/faceswap][][{[}Archive.org{]}]\from[url1827]
to generate the required verification pictures using a randomly
computer-generated face that would be swapped over the picture of a
complicit model (or a stock photo).
Unfortunately, some apps require direct access to a smartphone camera to
process the verification. In that case, you will need to find a way to
do such \quotation{face swaps} on the fly using a filter and another way
to feed this into the camera used by the app. A possible approach would
be similar to this impressive project
\useURL[url1828][https://github.com/iperov/DeepFaceLive]\from[url1828]
\useURL[url1829][https://web.archive.org/web/https://github.com/iperov/DeepFaceLive][][{[}Archive.org{]}]\from[url1829].
\subsubsection[title={Manual reviews:},reference={manual-reviews}]
These can be triggered by any of the above and just means someone
(usually specialized employees) will review your profile manually and
decide whether it is real or not based on their subjective opinion.
Some countries have even developed hotlines where you can report any
subversive content\footnote{Variety, China Launches Hotline to Report
Online Comments That \quote{Distort} History or \quote{Deny} Its
Cultural Excellence
\useURL[url1830][https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/]\from[url1830]
\useURL[url1831][https://web.archive.org/web/https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/][][{[}Archive.org{]}]\from[url1831]}.
Pros: Usually that verdict is \quotation{final}, and you will probably
avoid further issues if you are good.
Cons: Usually that verdict is \quotation{final}, and you will probably
be banned without any appeal possibility if you are not good. Sometimes
those reviews end up on the platform just ghosting you and cancel you
without any reason whatsoever. Any appeal will be left unanswered,
ignored, or will generate some random dark pattern bug when trying to
appeal that specific identity (this happens on Instagram for instance
where if your account gets \quotation{suspended} obviously by some
manual review, trying to complete the appeal form will just throw an
error and tell you to try again later (We have been trying this same
appeal for that identity for the past 6 months at least).
\subsection[title={Getting Online:},reference={getting-online}]
Now that you have a basic understanding of all the ways you can be
de-anonymized, tracked, and verified. Let us get started at evading
these while staying anonymous. Remember:
\startitemize
\item
You cannot trust ISPs
\item
You cannot trust VPS providers
\item
You cannot trust public Wi-Fi providers
\item
You cannot trust Mobile Network providers
\item
You cannot trust VPN providers
\item
You cannot trust any Online Platform
\item
You cannot trust Tor
\item
You cannot trust your Operating System
\item
You cannot trust your Laptop
\item
You cannot trust your Smartphone (especially Android)
\item
You cannot trust your Smart devices
\item
Above all, you cannot trust people
\stopitemize
So what? Well instead of not trusting anyone or anything, we would
advise to {\bf \quotation{Trust but verify}}\footnote{Wikipedia, Trust
but verify
\useURL[url1832][https://en.wikipedia.org/wiki/Trust,_but_verify]\from[url1832]
\useURL[url1833][https://wikiless.org/wiki/Trust,_but_verify][][{[}Wikiless{]}]\from[url1833]
\useURL[url1834][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify][][{[}Archive.org{]}]\from[url1834]}
(or \quotation{Never trust, always verify} if you are more hardcore
about it and want to apply Zero-Trust Security\footnote{Wikipedia,
Zero-trust Security Model
\useURL[url1835][https://en.wikipedia.org/wiki/Zero_trust_security_model]\from[url1835]
\useURL[url1836][https://wikiless.org/wiki/Zero_trust_security_model][][{[}Wikiless{]}]\from[url1836]
\useURL[url1837][https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model][][{[}Archive.org{]}]\from[url1837]})
instead.
{\bf Do not start this process unless:}
\startitemize
\item
{\bf You consulted your local law for compliance and the legality of
your actions.}
\item
{\bf You are aware of your threat model.}
\item
{\bf You are in a safe place with public Wi-Fi without your smartphone
or any other smart device on you. And preferably in a place without
CCTV filming you (remember to \goto{Find some safe places with decent
public Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi]}
{\bf and \goto{Appendix Q: Using long-range Antenna to connect to
Public Wi-Fis from a safe
distance}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance])}
\item
{\bf You are fully done and preparing one of the routes.}
\item
{\bf Again, it is crucially important to understand that you will be
unable to create most accounts without a valid phone number.
Therefore, most of your anonymity on mainstream platforms depends on
the anonymity of your online phone number and/or the burner phone with
its pre-paid SIM card (if you use one). If your phone number is not
anonymous or your burner phone can be traced back to you then you can
be de-anonymized. If you cannot get this anonymous phone number and/or
a physical SIM with a Burner phone, then you will have to restrict
yourself to platforms not asking for phone number verification.}
\stopitemize
{\bf Remember to see \goto{Appendix N: Warning about smartphones and
smart devices}[appendix-n-warning-about-smartphones-and-smart-devices]}
\subsubsection[title={Creating new
identities:},reference={creating-new-identities}]
This is the fun part where you will now create your identities from thin
air. These identities do not exist but should be plausible and look
\quotation{organic}. They should ideally have a story, a
\quotation{legend} (yes this is the real term for this\footnote{Wikipedia,
Espionage, Organization
\useURL[url1838][https://en.wikipedia.org/wiki/Espionage\#Organization]\from[url1838]
\useURL[url1839][https://wikiless.org/wiki/Espionage][][{[}Wikiless{]}]\from[url1839]
\useURL[url1840][https://web.archive.org/web/https://en.wikipedia.org/wiki/Espionage][][{[}Archive.org{]}]\from[url1840]}).
What is a legend? Well, it is a full back-story for your character:
\startitemize
\item
Age
\item
Sex
\item
Gender
\item
Ethnicity
\item
Place of Birth and date of Birth
\item
Place of residence
\item
Country of origin
\item
Visited Countries (for travels for instance)
\item
Interests and hobbies
\item
Education History
\item
Work experience
\item
Health information
\item
Religion if any
\item
Goals
\item
Family history
\item
Family composition if any (Children? Spouse? Husband?)
\item
Relationship Status if any (Married? Single?)
\item
Spoken Languages
\item
Personality traits (Introvert, Extrovert \ldots{})
\item
\ldots{}
\stopitemize
All these should be crafted carefully for every single identity, and you
should be incredibly careful to stick to the details of each legend when
using those identities. Nothing can leak that could lead to your real
persona. Nothing could leak that could compromise the consistency of
your legend. Everything should always be consistent.
Tools that can help with this:
\startitemize
\item
\useURL[url1841][https://www.fakenamegenerator.com/]\from[url1841]
\item
\useURL[url1842][https://thispersondoesnotexist.com/]\from[url1842]
\item
\useURL[url1843][https://generated.photos/face-generator]\from[url1843]
({\bf Generated pictures using this tool have a watermark that you
might need to remove using image editing software such as Gimp})
\startitemize[packed]
\item
{\bf Warning:} This tool requires JavaScript to function and does a
lot of fingerprinting. Most of it is being sent to Microsoft
Clarity. Even with uBlock installed and on safer level, Tor Browser
wasn't efficient at blocking the fingerprinting. This obviously does
not work on Safest level. On our tests, only Brave with agressive
fingerprinting/ad shields did not send analytics.
\stopitemize
\stopitemize
Now is also the moment where you could finally consider getting an
online phone number as explained in the \goto{Online Phone Number (less
recommended)}[online-phone-number] section.
We will help you bit by listing a few tips we learned while researching
over the years {\bf (disclaimer: this is based on my individual
experiences alone)}:
\startitemize
\item
\quotation{Some animals are more equal than others}.
\startitemize
\item
Ethnicity is important and you will have fewer issues and attract
less attention to verification algorithms if your identity is
Caucasian/East-Asian than if it is Arabic/Black (yes, we tested this
extensively and it is definitely an issue).
\item
Age is important and you will have fewer issues if you are young
(18-22) than if you are middle-aged or older. Platforms seem to be
more lenient in not imposing restrictions on new younger audiences.
\item
Sex/Gender is important, and you will have fewer issues if you are a
female than if you are a male.
\item
Country of origin is important, and you will have fewer issues if
your identity is Norwegian than if it is Ukrainian, Nigerian, or
Mexican.
\item
Country of residence is important, and you will have fewer issues if
your identity has its residence in Oslo or Paris than if you decide
to live in Kyiv or Cairo.
\item
Language is important and you will have fewer issues if you speak
English or the language of your Identity than if you use a
non-related language. Do not make a Norwegian-born Arabic
20-year-old female that speaks Ukrainian or Arabic.
\stopitemize
\item
Identities that are \quotation{EU residents} with an \quotation{EU IP}
(VPN/Tor Exit IP) will benefit from GDPR protections on many
platforms. Others will not. GDPR is your friend in most cases, and you
should take this into account.
\item
Similarly, origin IP geolocation (your IP/location when you go to
\quotation{whatsmyipaddress.com}) should match your identity location
as much as possible (When using a VPN over Tor, you can pick this in
the VPN client if you use the VPN over Tor approach or just create a
new identity in Tor Browser or Brave Tor Tab until you get an
appropriate Exit node, or configure Tor to restrict your Exit Nodes).
Consider excluding any exit IP that is not located in Western
Europe/US/Canada/Japan/South Korea/Australia/New Zealand as you will
have fewer issues. Ideally, you should get a European Union IP to get
additional GDPR protection and if possible, a German exit IP due to
their legal stance on using anonymous accounts on online platforms.
\item
Brave Browser (Chromium-based) with a Private Tor Tab has a better
acceptance level than Tor Browser (Firefox based). You will experience
fewer issues with captchas and online platforms\footnote{Developers
Google Blog, Guidance to developers affected by our effort to block
less secure browsers and applications
\useURL[url1844][https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html]\from[url1844]
\useURL[url1845][https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html][][{[}Archive.org{]}]\from[url1845]}
if you use Brave than if you use Tor Browser (feel free to try this
yourself).
\item
For every identity, you should have a matching profile picture
associated with it. For this purpose, we recommend you just go to
\useURL[url1846][https://thispersondoesnotexist.com/]\from[url1846] or
\useURL[url1847][https://generated.photos/face-generator]\from[url1847]*
and generate a computer-generated profile picture (Do note that
algorithms have been developed\footnote{Medium.com, Kyle McDonald, How
to recognize fake AI-generated images
\useURL[url1848][https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842]\from[url1848]\useURL[url1849][https://scribe.rip/@kcimc/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842][][{[}Scribe.rip{]}]\from[url1849]
\useURL[url1850][https://web.archive.org/web/https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842][][{[}Archive.org{]}]\from[url1850]}'\footnote{Jayway
Blog, Using ML to detect fake face images created by AI
\useURL[url1851][https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/]\from[url1851]
\useURL[url1852][https://web.archive.org/web/https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/][][{[}Archive.org{]}]\from[url1852]}
to detect these and it might not work 100\letterpercent{} of the
time). You can also generate such pictures yourself from your computer
if you prefer by using the open-source StyleGan project here
\useURL[url1853][https://github.com/NVlabs/stylegan2]\from[url1853]
\useURL[url1854][https://web.archive.org/web/https://github.com/NVlabs/stylegan2][][{[}Archive.org{]}]\from[url1854].
Just refresh the page until you find a picture that matches your
identity in all aspects (age, sex, and ethnicity) and save that
picture. It would be even better to have several pictures associated
with that identity, butWedo not have an \quotation{easy way} of doing
that yet.
\stopitemize
*{\bf Warning:} https://generated.photos/face-generator requires
JavaScript to function and does a lot of fingerprinting. Most of it is
being sent to Microsoft Clarity. Even with uBlock installed and on safer
level, Tor Browser wasn't efficient at blocking the fingerprinting. This
obviously does not work on Safest level. On our tests, only Brave with
agressive fingerprinting/ad shields did not send analytics.
\startitemize
\item
{\bf Bonus}, you could also make it more real by using this service
(with an anonymous identity)
\useURL[url1855][https://www.myheritage.com/deep-nostalgia]\from[url1855]
\useURL[url1856][https://web.archive.org/web/https://www.myheritage.com/deep-nostalgia][][{[}Archive.org{]}]\from[url1856]
to make a picture more lifelike. Here is an example:
\item
Original:
\stopitemize
\placefigure{image39}{\externalfigure[./tex2pdf.-1a34188c73046814/3f1dd7d8f22bd7d274405fae575f7fe26b9710c8.png]}
\startitemize[packed]
\item
Result (see Online because PDFs do not work well with embedded media):
\stopitemize
\placefigure{after-gif}{\externalfigure[./tex2pdf.-1a34188c73046814/2df2d0b5bf2e5009139a3a2be98c1222bad392e1.png]}
Slight issue tho: {\bf MyHeritrage.com bans Tor Exit nodes so you might
have again to consider VPN over Tor for this.}
You could also achieve the same result without using MyHeritage and by
doing it yourself using for example
\useURL[url1857][https://github.com/AliaksandrSiarohin/first-order-model]\from[url1857]
\useURL[url1858][https://web.archive.org/web/https://github.com/AliaksandrSiarohin/first-order-model][][{[}Archive.org{]}]\from[url1858]
but this will require more manual operations ({\bf and requires an
NVIDIA GPU}). Other commercial products will soon be available such as:
\useURL[url1859][https://www.d-id.com/talkingheads/]\from[url1859]
\useURL[url1860][https://web.archive.org/web/https://www.d-id.com/talkingheads/][][{[}Archive.org{]}]\from[url1860]
with examples here:
\useURL[url1861][https://www.youtube.com/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos]\from[url1861]
\useURL[url1862][https://yewtu.be/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos][][{[}Invidious{]}]\from[url1862].
Note: If you make several pictures of the same identity using some of
the tools mentioned above, be sure to compare the similarities using the
Microsoft Azure Face Verification tool at
\useURL[url1863][https://azure.microsoft.com/en-us/services/cognitive-services/face/\#demo]\from[url1863].
\startitemize
\item
Create in advance and store in KeePassXC each identity details that
should include some crafted details as mentioned earlier.
\item
Do not pick an occupation at a well-known private corporation/company
as they have people in their HR departments monitoring activities in
platforms such as LinkedIn and will report your profile as being fake
if it does not match their database. Instead, pick an occupation as a
freelancer or at a large public institution where you will face less
scrutiny due to their decentralized nature.
\item
Keep track (write down) of the background stories of your Identities.
You should always use the same dates and answers everywhere.
Everything should always match up. Even the stories you tell about
your imaginary life should always match. If you say you work as an
intern at the Department of Health one day and later on another
platform, say you work as an intern at the Department of
Transportation, people might question your identity. Be consistent.
\item
Use a different phone number for each identity. Online platforms do
keep track of phone number usage and if one identity/number gets
flagged for violating Community Guidelines or Terms of Services, it
might also get the other identities using the same number
flagged/banned as well.
\item
Adapt your language/writing to the identity to not raise suspicions
and lower your chances of being fingerprinted by online platforms. Be
especially careful with using pedantic words and figures of
speech/quotes that could allow some people to guess your writing is
very similar to that person with this Twitter handle or this Reddit
user. See \goto{Appendix A4: Counteracting Forensic
Linguistics}[appendix-a4-counteracting-forensic-linguistics].
\item
{\bf Always use TOTP 2FA (not SMS to prevent Sim Swapping
attacks}\footnote{Wikipedia, Sim Swapping
\useURL[url1864][https://en.wikipedia.org/wiki/SIM_swap_scam]\from[url1864]
\useURL[url1865][https://wikiless.org/wiki/SIM_swap_scam][][{[}Wikiless{]}]\from[url1865]
\useURL[url1866][https://web.archive.org/web/https://en.wikipedia.org/wiki/SIM_swap_scam][][{[}Archive.org{]}]\from[url1866]}
{\bf and to keep your identity working when your pre-paid card
expires) using KeePassXC when available to secure your logins to
various platforms.}
\item
Remember \goto{Appendix A2: Guidelines for passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases].
\stopitemize
Here is also a good guide on this specific topic:
\useURL[url1867][https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual\#.22Real.22_names]\from[url1867]
\useURL[url1868][https://web.archive.org/web/https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual][][{[}Archive.org{]}]\from[url1868]
Note: If you are having trouble finding an exit node in the country of
your choice you can force using specific countries for Exit Nodes (and
therefore exit countries) on Tor by editing the torrc file on the Whonix
Gateway or even the Tor Browser:
\startitemize
\item
Whonix/Tails: Create/Edit a file
\type{/usr/local/etc/torrc.d/50_user.conf}\footnote{Whonix
Documentation, Tor Configuration
\useURL[url1869][https://www.whonix.org/wiki/Tor\#Edit_Tor_Configuration]\from[url1869]
\useURL[url1870][https://web.archive.org/web/https://www.whonix.org/wiki/Tor][][{[}Archive.org{]}]\from[url1870]}.
\item
On Tor Browser: Edit the torrc file located at
\type{Browser/TorBrowser/Data/Tor}\footnote{Tor Browser Documentation,
Editing Torrc
\useURL[url1871][https://support.torproject.org/tbb/tbb-editing-torrc/]\from[url1871]
\useURL[url1872][https://web.archive.org/web/https://support.torproject.org/tbb/tbb-editing-torrc/][][{[}Archive.org{]}]\from[url1872]}.
\stopitemize
Once you are in the file, you can do the following:
\startitemize
\item
Specify the Exit Nodes by adding those two lines (which will require
an Exit Node in China/Russia/Ukraine:
\startitemize
\item
\mono{ExitNodes \{CH\},\{RU\},\{UA\}}
\item
\type{StrictNodes 1}
\stopitemize
\item
Exclude specific Exit Nodes by adding this line (which will exclude
all Exit Nodes from France/Germany/USA/UK):
\startitemize[packed]
\item
\mono{ExcludeNodes \{FR\},\{DE\},\{US\},\{UK\}}
\stopitemize
\stopitemize
Always use uppercase letters for any setting.
{\bf Please note that this is restricting Onion Routing could limit your
Anonymity if you are too restrictive. You can see a visualized list of
available Exit Nodes here:
\useURL[url1873][https://www.bigdatacloud.com/insights/tor-exit-nodes]\from[url1873]}
\useURL[url1874][https://web.archive.org/web/https://www.bigdatacloud.com/insights/tor-exit-nodes][][{[}Archive.org{]}]\from[url1874]
Here is the list of possibilities (this is a general list and many of
those countries might not have Exit nodes at all):
\useURL[url1875][https://web.archive.org/web/https://b3rn3d.herokuapp.com/blog/2014/03/05/tor-country-codes/]\from[url1875]
\subsubsection[title={Checking if your Tor Exit Node is
terrible:},reference={checking-if-your-tor-exit-node-is-terrible}]
{\bf Skip this if you are using a VPN/Proxy over Tor (tho you can also
do the same checks with a VPN exit node if you want).}
Not all Tor Exit nodes are equal. This is mostly due to what type of
\quotation{exit policy} their operator applies to them. Some Tor Exit
nodes are seen are more or less \quotation{clean} and will only show up
in the Tor Exit nodes lists. Some other Tor Exit nodes are seen as
\quotation{dirty} and will show up in dozens of various blacklists. So
how do you know if you are on a clean one or a bad one? It is not that
simple.
\subsubsubsection[title={This process is very
easy:},reference={this-process-is-very-easy}]
This works whether you're using Tor Browser on a Host OS, in a VM, with
Whonix or Qubes OS.
\startitemize
\item
Go on the target website you want to sign up for in a tab
\item
Click the Tor Circuit icon to the left of the \quotation{lock} icon in
the upper left corner to view your route through the Tor network.
\item
Look at the third IP (Exit IP) you are using in that tab for that
website. (You can't copy the IP address, but you can type it into the
browser address bar if needed.)
\item
Open a new tab and go to MX Toolbox.
\useURL[url1876][https://mxtoolbox.com/blacklists.aspx]\from[url1876]
\item
Put the Exit IP from the first tab in the search box. You will likely
see \quotation{We notice you are on a blacklist.}
\item
Check the amount of blacklists the Tor Exit node is in. Ideally, it
should only be in two. If it is in other lists, such as Spamhaus ZEN,
you might run into issues:
\startitemize
\item
DAN TOR
\item
DAN TOREXIT
\stopitemize
\stopitemize
If the Exit Node is \quotation{clean} (in few lists), proceed to go back
to the first tab and open the site you want to use to sign up.
\subsubsection[title={The Real-Name
System:},reference={the-real-name-system}]
Unfortunately, not using your real identity is against the Terms of
Services (\quotation{TOS}) of many services, especially those owned by
Microsoft and Facebook. But don't despair, as explained in the
\goto{Requirements}[pre-requisites-and-limitations], it's still legal in
Germany where the courts have upheld the legality of not using real
names on online platforms (§13 VI of the German Telemedia Act of
2007\footnote{English translation of German Telemedia Act
\useURL[url1877][https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf]\from[url1877]
\useURL[url1878][https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf][][{[}Archive.org{]}]\from[url1878].
Section 13, Article 6, \quotation{The service provider must enable the
use of Telemedia and payment for them to occur anonymously or via a
pseudonym where this is technically possible and reasonable. The
recipient of the service is to be informed about this possibility.}.}'\footnote{Wikipedia,
Real-Name System Germany
\useURL[url1879][https://en.wikipedia.org/wiki/Real-name_system\#Germany]\from[url1879]
\useURL[url1880][https://wikiless.org/wiki/Real-name_system][][{[}Wikiless{]}]\from[url1880]
\useURL[url1881][https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system][][{[}Archive.org{]}]\from[url1881]}).
{\bf Fortunately, ToS cannot override laws} {\bf (yet)}.
This does not mean that it is illegal in other places but that it might
be a breach of their TOS if you do not have the law on your side.
{\bf Remember this guide only endorses this for German users residing in
Germany.}
On my side, we strongly condemn this type of real-name policy. See for
instance this Wikipedia article giving some examples:
\useURL[url1882][https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy]\from[url1882]
\useURL[url1883][https://wikiless.org/wiki/Facebook_real-name_policy_controversy][][{[}Wikiless{]}]\from[url1883]
\useURL[url1884][https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy][][{[}Archive.org{]}]\from[url1884]
Here are some more references about the German case for reference:
\startitemize
\item
\useURL[url1885][https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html]\from[url1885]
\useURL[url1886][https://web.archive.org/web/https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html][][{[}Archive.org{]}]\from[url1886]
\item
\useURL[url1887][https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules]\from[url1887]
\useURL[url1888][https://web.archive.org/web/https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules][][{[}Archive.org{]}]\from[url1888]
\item
\useURL[url1889][https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal]\from[url1889]
\useURL[url1890][https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal][][{[}Archive.org{]}]\from[url1890]
\item
\useURL[url1891][https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf]\from[url1891]
\useURL[url1892][https://web.archive.org/web/https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf][][{[}Archive.org{]}]\from[url1892]
\item
\useURL[url1893][https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal]\from[url1893]
\useURL[url1894][https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal][][{[}Archive.org{]}]\from[url1894]
\item
\useURL[url1895][https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI]\from[url1895]
\useURL[url1896][https://web.archive.org/web/https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI][][{[}Archive.org{]}]\from[url1896]
\stopitemize
Alternatively, you could be an adult resident of any other country where
you can confirm and verify the legality of this yourself. Again, this is
not legal advice, and we are not lawyers. {\bf Do this at your own
risk.}
Other countries where this was ruled illegal:
\startitemize
\item
South Korea (see
\useURL[url1897][https://en.wikipedia.org/wiki/Real-name_system\#South_Korea]\from[url1897]
\useURL[url1898][https://wikiless.org/wiki/Real-name_system][][{[}Wikiless{]}]\from[url1898]
\useURL[url1899][https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system][][{[}Archive.org{]}]\from[url1899])
\item
If you know any other, please let me know with references in the
GitHub issues.
\stopitemize
Some platforms are bypassing this requirement altogether by requiring a
valid payment method instead (see \goto{Financial
transactions:}[financial-transactions]). While this does not directly
require a real name through their ToS, this has the same results as they
usually only accept mainstream (not Monero/Cash) payment methods (such
as Visa/MasterCard/Maestro or PayPal) which do require a real-name
legally as part of their KYC\footnote{Wikipedia, KYC
\useURL[url1900][https://en.wikipedia.org/wiki/Know_your_customer]\from[url1900]
\useURL[url1901][https://wikiless.org/wiki/Know_your_customer][][{[}Wikiless{]}]\from[url1901]
\useURL[url1902][https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer][][{[}Archive.org{]}]\from[url1902]}
regulations. The result is the same and even better than a simple
real-name policy you could ignore in some countries such as Germany.
\subsubsection[title={About paid
services:},reference={about-paid-services}]
If you intend to use paid services, privilege those accepting cash
payments or Monero payments which you can do directly and safely while
keeping your anonymity.
If the service you intend to buy does not accept those but accepts
Bitcoin (BTC), consider the following appendix: \goto{Appendix Z: Paying
anonymously online with BTC (or any other
cryptocurrency)}[appendix-z-online-anonymous-payments-using-cryptocurrencies].
\subsubsection[title={Overview:},reference={overview}]
This section will show you an overview of the current various
requirements on some platforms:
\startitemize
\item
{\bf Consider using the recommended tools on
\useURL[url1903][https://privacyguides.org]\from[url1903]}
\useURL[url1904][https://web.archive.org/web/https://privacyguides.org][][{[}Archive.org{]}]\from[url1904]
{\bf for better privacy instead of the usual mainstream ones.}
\item
{\bf Consider using the recommended tools on
\useURL[url1905][https://www.whonix.org/wiki/Documentation]\from[url1905]}
\useURL[url1906][https://web.archive.org/web/https://www.whonix.org/wiki/Documentation][][{[}Archive.org{]}]\from[url1906]
{\bf as well instead of the usual mainstream ones such as E-mail
providers:
\useURL[url1907][https://www.whonix.org/wiki/E-Mail\#Anonymity_Friendly_Email_Provider_List]\from[url1907]}
\useURL[url1908][https://web.archive.org/web/https://www.whonix.org/wiki/E-Mail\#Anonymity_Friendly_Email_Provider_List][][{[}Archive.org{]}]\from[url1908]
\stopitemize
{\bf The following overview does not mention the privacy practices of
those platforms but only their requirements for registering an account.
If you want to use privacy-aware tools and platforms, head on to
\useURL[url1909][https://privacyguides.org]\from[url1909]}
\useURL[url1910][https://web.archive.org/web/https://privacyguides.org/][][{[}Archive.org{]}]\from[url1910]{\bf .}
Legend:
\startitemize
\item
\quotation{Unclear}: Unclear due to lack of information or confusing
information.
\item
\quotation{Maybe}: It did happen in a minority of my tests.
\item
\quotation{Likely}: It did happen in most of my tests.
\item
\quotation{Yes} or \quotation{No}: This either happened or never
happened systematically in all my tests.
\item
\quotation{Easy}: The overall experience was straightforward with
little to no obstacles.
\item
\quotation{Medium}: The overall experience has some obstacles, but it
is still doable without too much hassle.
\item
\quotation{Hard}: The overall experience is a painful struggle with
many obstacles.
\item
\quotation{N/A}: Not Applicable because it was not possible to test
within the context of this guide
\item
\quotation{Indirectly}: This means they do require something but
indirectly through a third-party system (Financial KYC for example).
\stopitemize
Service
Against ToS
Requires Phone
Requires E-Mail
VPN Sign-up
Tor Sign-up
Captchas
ID or
Financial Checks
Facial Checks
Manual Checks
Overall difficulty
Amazon
No
No
Yes
Yes
Yes
No
Yes*
No
Unclear
N/A
Apple
Yes*
Yes
Yes
Yes
Yes
No
No
No
No
Medium
Binance
Yes*
No
Yes
Yes
No
Yes
No
No
No
Medium
Briar
No
No
No
Yes
Yes
No
No
No
No
Easy
Discord
No
No
Yes
Yes
Yes
Yes
No
No
No
Medium
Element
No
No
No
Yes
Yes
Yes
No
No
No
Easy
Facebook
Yes*
Yes
Yes
Maybe
Maybe
Yes
Maybe
Maybe
Maybe
Hard
GitHub
No
No
Yes
Yes
Yes
Yes
No
No
No
Easy
GitLab
No
No
Yes
Yes
Yes
Yes
No
No
No
Easy
Google
No
Likely
Likely
Yes
Yes
Yes
Maybe
No
Maybe
Medium
HackerNews
No
No
No
Yes
Yes
Yes
No
No
No
Easy
Instagram
Unclear
Likely
Yes
Yes
Yes
Yes
No
Maybe
Maybe
Medium
Jami
No
No
No
Yes
No
No
No
No
No
Easy
iVPN
No
No
No
Yes
Yes
No
No
No
No
Easy
Kraken
Yes*
No
Yes
Yes
No
No
No
No
No
Medium
LinkedIn
Yes*
Yes
Yes
Yes
Yes
Yes
Maybe
Maybe
Maybe
Hard
MailFence
No
No
Yes
Yes
Maybe
Yes
No
No
No
Medium
Medium
No
No
Yes
Yes
Yes
No
No
No
No
Easy
Microsoft
Yes*
Maybe
Maybe
Yes
Yes
Yes
No
No
No
Medium
Mullvad
No
No
No
Yes
Yes
No
No
No
No
Easy
Njalla
No
No
No
Yes
Yes
No
No
No
No
Easy
OnionShare
No
No
No
Yes
Yes
No
No
No
No
Easy
OnlyFans
No
No
Yes
Yes
Yes
Yes
Yes (for full functionalities)
No
No
Hard (for full functionalities)
Proton Mail
No
Maybe
Likely
Yes
Yes
Yes
No
No
No
Medium
Proton VPN
No
No
Yes
Yes
Yes
No
No
No
No
Medium
Reddit
No
No
No
Yes
Yes
No
No
No
No
Easy
Slashdot
Yes*
No
No
Yes
Yes
Yes
No
No
No
Medium
Telegram
No
Yes
No
Yes
Yes
No
No
No
No
Easy
Tutanota
No
No
No
Maybe
No
Yes
No
No
No
Hard
Twitch
No
No
Yes
Yes
Yes
Yes
No
No
No
Easy
Twitter
No
Yes
Yes
Yes
Yes
Yes
No
No
Maybe
Medium
WhatsApp
Yes*
Yes
No
Yes
Yes
No
No
No
No
Medium
4chan
No
No
No
No
No
Yes
No
No
No
Hard
\startitemize[packed]
\item
{\bf See \goto{The Real-Name
System}[checking-if-your-tor-exit-node-is-terrible] for essential
information. See below for details.}
\stopitemize
\subsubsubsubsection[title={Below you'll find a list of
\quotation{problematic services}. If they're not below, it means there
are no issues at all with anything (like Briar for
example)},reference={below-youll-find-a-list-of-problematic-services.-if-theyre-not-below-it-means-there-are-no-issues-at-all-with-anything-like-briar-for-example}]
\subsubsubsection[title={Amazon:},reference={amazon}]
\startitemize[packed]
\item
Is this against their ToS? No, but yes
\useURL[url1911][https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280]\from[url1911]
\useURL[url1912][https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280][][{[}Archive.org{]}]\from[url1912]
\stopitemize
"1. Amazon Services, Amazon Software
A. Use of Amazon Services on a Product. To use certain Amazon Services
on a Product, you must have your own Amazon.com account, be logged in to
your account on the Product, {\bf and have a valid payment method
associated with your account.} "
While it does not technically require a real name. It does require a
valid payment method. Unfortunately, it will not accept \quotation{cash}
or \quotation{Monero} as a payment method. So instead, they are relying
on financial KYC (where a real-name policy is pretty much enforced
everywhere).
\startitemize
\item
Will they require a phone number? Yes, but see below
\item
Can you create accounts through Tor? Yes, but see below
\stopitemize
Because of this valid payment method requirement, we could not test
this. While this is seemingly not against their ToS, it is not possible
within the context of this guide unless you manage to obtain a valid KYC
payment method anonymously which AFAIK is pretty much impossible or
extremely difficult.
So, AFAIK, it is not possible to create an anonymous Amazon account.
\subsubsubsection[title={Apple:},reference={apple}]
\startitemize[packed]
\item
Is this against their ToS? Yes
\useURL[url1913][https://www.apple.com/legal/internet-services/icloud/en/terms.html]\from[url1913]
\useURL[url1914][https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html][][{[}Archive.org{]}]\from[url1914]
\stopitemize
"IV. Your Use of the Service
A. Your Account
In order to use the Service, you must enter your Apple ID and password
to authenticate your Account{\bf . You agree to provide accurate and
complete information when you register with, and as you use, the Service
(\quotation{Service Registration Data}), and you agree to update your
Service Registration Data to keep it accurate and complete".}
\startitemize
\item
Will they require a phone number? Yes
\item
Can you create accounts through Tor? Yes
\stopitemize
Note that this account will not allow you to set up an Apple mail
account. For that, you will need an Apple device.
\subsubsubsection[title={Binance:},reference={binance}]
\startitemize
\item
Is this against their ToS? Yes
\useURL[url1915][https://www.binance.com/en/terms]\from[url1915]
\useURL[url1916][https://web.archive.org/web/https://www.binance.com/en/terms][][{[}Archive.org{]}]\from[url1916]
\item
Will they require a phone number? No, they do require an e-mail
\item
Can you create accounts through Tor? No
\stopitemize
\subsubsubsection[title={Discord:},reference={discord}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1917][https://discord.com/terms]\from[url1917]
\useURL[url1918][https://web.archive.org/web/https://discord.com/terms][][{[}Archive.org{]}]\from[url1918]
\item
Will they require a phone number? No, but they do require an e-mail
\item
Can you create accounts through Tor? We had no issues with that so far
using the Desktop Client
\stopitemize
You might encounter more issues using the Web Client (Captchas).
Especially with Tor Browser.
I suggest using the Discord Client app on a VM through Tor or ideally
through VPN/Proxy over Tor to mitigate such issues.
\subsubsubsection[title={Element:},reference={element}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1919][https://element.io/terms-of-service]\from[url1919]
\useURL[url1920][https://web.archive.org/web/https://element.io/terms-of-service][][{[}Archive.org{]}]\from[url1920]
\item
Will they require a phone number? No, they do not even require an
e-mail
\item
Can you create accounts through Tor? Yes
\stopitemize
Expect some Captchas during account creation on some homeservers.
\subsubsubsection[title={Facebook:},reference={facebook}]
\startitemize[packed]
\item
Is this against their ToS? Yes
\useURL[url1921][https://www.facebook.com/terms.php]\from[url1921]
\useURL[url1922][https://web.archive.org/web/https://www.facebook.com/terms.php][][{[}Archive.org{]}]\from[url1922]
\stopitemize
"1. Who can use Facebook
When people stand behind their opinions and actions, our community is
safer and more accountable. For this reason, you must:
\startitemize
\item
Use the same name that you use in everyday life.
\item
Provide accurate information about yourself.
\item
Will they require a phone number? Yes, and probably more later
\item
Can you create accounts through Tor? Yes, but it is very difficult and
their onion address\footnote{Facebook Onion Website
\useURL[url1923][http://facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/]\from[url1923]}
will not help. In most cases, you'll just have a random error at
sign-up and your account suspended after sign-in."
\stopitemize
But this clause of their ToS is illegal in Germany (see
\goto{Requirements}[pre-requisites-and-limitations]).
Facebook is one of the most aggressive platforms with identity
verification and is pushing hard their \quotation{real name policy}. It
is why this guide is only advised to German residents.
Over our tests tho we were able to pinpoint a few tips:
\startitemize
\item
It will be easier if you have an Instagram account first.
\item
Signing up through Tor is almost impossible (even using their .onion
address which is a joke) and will only succeed if you are " very
lucky" (I assume if you are using an exit node that is not yet known
by Facebook verification systems). In most cases, it will not allow
registration at all and will just fail with \quotation{An error has
occurred during registration}.
\item
Signing up through VPNs is more likely to succeed but might still
result in the same error. So, you must be ready for a lot of trial and
error here.
\item
Signing up through a Self-Hosted VPN/Proxy is your best bet but make
sure your profile/identity matches the IP geolocation.
\item
My earlier entry in the guide about the Orwellian quote from Animal
Farm is in full effect on Facebook. You will experience huge variation
in acceptance depending on age/sex/ethnicity/nationality/\ldots{} This
is where you will have far fewer issues if you are making an account
of a Young European Caucasian Female. You will almost certainly fail
if you try making a Middle-Aged Male where my other accounts are still
unsuspended/unbanned to this day.
\item
Logging-in (after you sign-up) however works fine with VPN and Tor but
might still trigger an account suspension for violating Community
Guidelines or Terms of Services (despite you not using the account at
all for anything else than signing-up/logging-in). Ideally, you should
log-in back with the same IP from a self-hosted VPN/Proxy.
\stopitemize
I also suspect strongly based on my test that the following points have
an impact on your likelihood of being suspended over time:
\startitemize
\item
Not having friends
\item
Not having interests and an \quotation{organic activity}
\item
Not being in the contacts of any other user
\item
Not being on other platforms (such as Instagram/WhatsApp)
\item
Restricting your profile privacy settings too soon after signing-up
\stopitemize
If your account gets suspended, you will need to appeal the decision
through a quite simple form that will require you to submit a
\quotation{proof of ID}. However, that proof of ID verification system
is more lenient than LinkedIn and will allow you to send various
documents which require far less Photoshop skills.
It is also possible that they ask you to take a selfie video or
picture-making certain gestures to prove your identity. If that is the
case, we are afraid it is a dead-end for now unless you use a deepfake
face swapping technique.
If you do file an appeal, you will have to wait for Facebook to review
it (I do not know whether this is automatic or human) and you will have
to wait and hope for them to unsuspend your account.
\subsubsubsection[title={GitHub:},reference={github}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1924][https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service]\from[url1924]
\useURL[url1925][https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service][][{[}Archive.org{]}]\from[url1925]
\item
Will they require a phone number? Nope, all good
\item
Can you create accounts through Tor? Yes, but expect some captchas
\stopitemize
GitHub is straightforward and requires no phone number.
Be sure to go into Settings > E-Mail and make your e-mail private as
well as block any push that would reveal your e-mail.
\subsubsubsection[title={GitLab:},reference={gitlab}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1926][https://about.gitlab.com/handbook/legal/subscription-agreement/]\from[url1926]
\useURL[url1927][https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/][][{[}Archive.org{]}]\from[url1927]
\item
Will they require a phone number? Nope, all good
\item
Can you create accounts through Tor? Yes, but expect captchas
\stopitemize
GitLab is straightforward and requires no phone number.
\subsubsubsection[title={Google:},reference={google}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1928][https://policies.google.com/terms]\from[url1928]
\useURL[url1929][https://web.archive.org/web/https://policies.google.com/terms][][{[}Archive.org{]}]\from[url1929]
\item
Will they require a phone number? Yes, they will. There is no escape
here.
\item
Can you create accounts through Tor? Yes, but expect some captchas and
your phone number will be required
\stopitemize
Proton is good \ldots{} but to appear less suspicious, it is simply
better to also have a mainstream Google Mail account.
As Proton, Google will also most likely require a phone number during
sign-up as part of their verification process. However contrary to
Proton, Google will store that phone number during the sign-up process
and will also limit the number of accounts that can be created during
the sign-up\footnote{Google Help
\useURL[url1930][https://support.google.com/accounts/answer/114129?hl=en]\from[url1930]
\useURL[url1931][https://web.archive.org/web/https://support.google.com/accounts/answer/114129?hl=en][][{[}Archive.org{]}]\from[url1931]}'\footnote{Google
Help, Customer Matching Process
\useURL[url1932][https://support.google.com/google-ads/answer/7474263?hl=en]\from[url1932]
\useURL[url1933][https://web.archive.org/web/https://support.google.com/google-ads/answer/7474263?hl=en][][{[}Archive.org{]}]\from[url1933]}.
From my experience during my research, this count is limited to three
accounts/phone numbers. If you are unlucky with your number (if it was
previously used by another mobile user), it might be less.
You should therefore use again your online phone number OR your burner
phone and pre-paid SIM card to create the account. Do not forget to use
the identity details you made up earlier (birthdate). When the account
is created, please do take some time to do the following:
\startitemize
\item
{\bf (Trick)} Log into Google Mail on desktop and go into the Gmail
Quick Settings > See all Setting > Forwarding and POP/IMAP > Add a
forwarding address > Verify (using Proton) > Go back to Gmail and set
the forwarding to forward and delete Google copy > Save. This step
will allow you to check your Google Mail using Proton instead and will
allow you to avoid triggering Google Security checks by Logging in
from various VPN/Tor exit IP addresses in the future while storing
your sensitive e-mail at Proton instead. This trick will allow you to
receive all the e-mails from your Gmail addresses on your Proton (or
other) address without needing to login into your Google accounts
(reducing risks of it being suspended, especially if you use Tor).
\item
Enable 2FA within the Google account settings. First, you will have to
enable 2FA using the phone number. Then you will see the option appear
to enable 2FA using an Authenticator app. Use that option and set it
up with a new KeePassXC TOTP entry. When it is done, remove the phone
2FA from the Google account. This will prevent someone from using that
phone number in the future (when you do not have it anymore) to
recover/gain access to that account.
\item
Add Proton as a recovery e-mail address for the account.
\item
Remove the phone number from the account details as a recovery option.
\item
Upload a Google profile picture you made earlier during the identity
creation step.
\item
Review the Google Privacy settings to disable as much as you can:
\startitemize
\item
Activity logging
\item
YouTube
\stopitemize
\item
Log out and do not touch it unless needed (as mentioned, you will use
Proton to check your Gmail).
\stopitemize
Keep in mind that there are different algorithms in place to check for
weird activity. If you receive any mail (on Proton) prompting about a
Google Security Warning. Click it and click the button to say,
\quotation{Yes it was me}. It helps.
Do not use that account for \quotation{sign-up with Google} anywhere
unless necessary.
Be extremely careful if you decide to use the account for Google
activities (such as Google Maps reviews or YouTube Comments) as those
can easily trigger some checks (Negative reviews, Comments breaking
Community Guidelines on YouTube).
If your account gets suspended \footnote{Google, Your account is
disabled
\useURL[url1934][https://support.google.com/accounts/answer/40695]\from[url1934]
\useURL[url1935][https://web.archive.org/web/https://support.google.com/accounts/answer/40695][][{[}Archive.org{]}]\from[url1935]}
(this can happen on sign-up, after signing-up or after using it in some
Google services), you can still get it unsuspended by
submitting\footnote{Google, Request to restore the account
\useURL[url1936][https://support.google.com/accounts/contact/disabled2]\from[url1936]
\useURL[url1937][https://web.archive.org/web/https://support.google.com/accounts/contact/disabled2][][{[}Archive.org{]}]\from[url1937]}
an appeal/verification (which will again require your Phone number and
possibly an e-mail contact with Google support with the reason).
{\bf Suspension of the account does not disable the e-mail forwarding,
but the suspended account will be deleted after a while.}
After suspension, if your Google account is restored, you should be
fine.
If your account gets banned, you will have no appeal and the forwarding
will be disabled. Your phone number will be flagged, and you will not be
able to use it to sign-up on a different account. Be careful when using
those to avoid losing them. They are precious.
It is also possible that Google will require an ID check through
indirect financial KYC or ID picture check if you try to access/publish
mature content on their platform\footnote{Google Help, Update your
account to meet age requirements
\useURL[url1938][https://support.google.com/accounts/answer/1333913?hl=en]\from[url1938]
\useURL[url1939][https://web.archive.org/web/https://support.google.com/accounts/answer/1333913?hl=en][][{[}Archive.org{]}]\from[url1939]}.
\subsubsubsection[title={Instagram:},reference={instagram}]
\startitemize[packed]
\item
Is this against their ToS? {\bf Maybe?} We are not sure
\useURL[url1940][https://help.instagram.com/581066165581870?ref=dp]\from[url1940]
\useURL[url1941][https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp][][{[}Archive.org{]}]\from[url1941]
\stopitemize
"{\bf You can't impersonate others or provide inaccurate information.
You do not have to disclose your identity on Instagram, but you must
provide us with accurate and up-to-date information (including
registration information)}. {\bf Also, you may not impersonate someone
you are not, and you can't create an account for someone else unless you
have their express permission".}
This one is a bit of an Oxymoron don't you think? So, we are not sure
whether it is allowed or not.
\startitemize
\item
Will they require a phone number? Maybe but less likely over VPN and
very likely over Tor
\item
Can you create accounts through Tor? Yes, but expect some captchas and
your phone number will be required
\stopitemize
It is also possible that they ask you to take a selfie video or
picture-making certain gestures to prove your identity (within the app
or through an e-mail request). If that is the case, we are afraid it is
a dead-end for now.
It is no secret that Instagram is part of Facebook however it is more
lenient than Facebook when it comes to user verification. It is quite
unlikely you will get suspended or banned after signing up. But it could
help.
For instance, we noticed that you will face fewer issues creating a
Facebook account if you already have a valid Instagram account. You
should always create an Instagram account before trying Facebook.
Unfortunately, there are some limitations when using the web version of
Instagram. For instance, you will not be able to enable Authenticator
2FA from the web for a reason we do not know.
After sign-up, do the following:
\startitemize
\item
Upload a picture of your generated identity if you want.
\item
Go into your Settings
\item
Make the account private (initially at least)
\item
Do not show activity status
\item
Do not allow sharing
\stopitemize
\subsubsubsection[title={Jami:},reference={jami}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1942][https://jami.net/privacy-policy/]\from[url1942]
\useURL[url1943][https://web.archive.org/web/https://jami.net/privacy-policy/][][{[}Archive.org{]}]\from[url1943]
\item
Will they require a phone number? No, they do not even require an
e-mail
\item
Can you create accounts through Tor? Nope it does not work for some
technical reason
\stopitemize
\subsubsubsection[title={Kraken:},reference={kraken}]
\startitemize
\item
Is this against their ToS? Yes
\useURL[url1944][https://www.kraken.com/legal]\from[url1944]
\useURL[url1945][https://web.archive.org/web/https://www.kraken.com/legal][][{[}Archive.org{]}]\from[url1945]
\item
Will they require a phone number? No, they do require an e-mail
\item
Can you create accounts through Tor? Yes
\stopitemize
\subsubsubsection[title={LinkedIn:},reference={linkedin}]
\startitemize[packed]
\item
Is this against their ToS? Yes
\useURL[url1946][https://www.linkedin.com/legal/user-agreement]\from[url1946]
\useURL[url1947][https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement][][{[}Archive.org{]}]\from[url1947]
\stopitemize
\quotation{To use the Services, you agree that: (1) you must be
the}{\em Minimum Age}" (described below) or older; (2) {\bf you will
only have one LinkedIn account, which must be in your real name}; and
(3) you are not already restricted by LinkedIn from using the Services.
{\bf Creating an account with false information is a violation of our
terms}, including accounts registered on behalf of others or persons
under the age of sixteen. "
But this clause of their ToS is illegal in Germany (see
\goto{Requirements}[pre-requisites-and-limitations]).
\startitemize
\item
Will they require a phone number? Yes, they will.
\item
Can you create accounts through Tor? Yes, but expect some captchas and
your phone number will be required
\stopitemize
LinkedIn is far less aggressive than twitter but will nonetheless
require a valid e-mail (preferably again your Gmail) and a phone number
in most cases (tho not always).
LinkedIn however is relying a lot on reports and user/customer
moderation. You should not create a profile with an occupation inside a
private corporation or a small startup company. The company employees
are monitoring LinkedIn activity and receive notifications when new
people join. They can then report your profile as fake, and your profile
will then be suspended or banned pending appeal.
LinkedIn will then require you to go through a verification process that
will, unfortunately, require you to send an ID proof (identity card,
passport, driver's license). This ID verification is processed by a
company called Jumio\footnote{Jumio, ID verification features
\useURL[url1948][https://www.jumio.com/features/]\from[url1948]
\useURL[url1949][https://web.archive.org/web/https://www.jumio.com/features/][][{[}Archive.org{]}]\from[url1949]}
that specializes in ID proofing. This is most likely a dead end as this
would force you to develop some strong Photoshop skills.
Instead, you are far less likely to be reported if you just stay vague
(say you are a student/intern/freelance) or pretend you work for a large
public institution that is too large for anyone to care or check.
As with Twitter and Google, you should do the following after signing
up:
\startitemize
\item
Disable ads
\item
Disable notifications
\item
Disable lookup by phone/e-mail
\item
Upload a picture of your identity
\stopitemize
\subsubsubsection[title={MailFence:},reference={mailfence}]
\startitemize
\item
Is this against their ToS? No
\item
Will they require a phone number? No, but they require an e-mail
\item
Can you create accounts through Tor? Maybe. From my tests, the
signing-up verification e-mails are not sent when using Tor to
sign-up. No issues however when using a VPN over Tor or a Proxy over
Tor.
\stopitemize
\subsubsubsection[title={Medium:},reference={medium}]
\startitemize
\item
Is this against their ToS? No, unless it is about crypto
\useURL[url1950][https://policy.medium.com/medium-terms-of-service-9db0094a1e0f]\from[url1950]
\useURL[url1951][https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f][][{[}Archive.org{]}]\from[url1951]
\item
Will they require a phone number? No, but they require an e-mail
\item
Can you create accounts through Tor? No issues with that so far
\stopitemize
Signing-in does require an e-mail every time.
\subsubsubsection[title={Microsoft:},reference={microsoft}]
\startitemize[packed]
\item
Is this against their ToS? Yes
\useURL[url1952][https://www.microsoft.com/en/servicesagreement/]\from[url1952]
\useURL[url1953][https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/][][{[}Archive.org{]}]\from[url1953]
\stopitemize
"i. Creating an Account. You can create a Microsoft account by signing
up online. {\bf You agree not to use any false, inaccurate, or
misleading information when signing up for your Microsoft account".}
But this clause of their ToS is illegal in Germany (see
\goto{Requirements}[pre-requisites-and-limitations]).
\startitemize
\item
Will they require a phone number? Likely but not always. Depending on
your luck with your Tor exit node, they may only require e-mail
verification. If you use a VPN over Tor, they will likely only ask for
an e-mail.
\item
Can you create accounts through Tor? Yes, you can but expect captchas,
at least e-mail verification, {\bf and likely phone verification.}
\stopitemize
So yes, it is still possible to create an MS account without a phone
number and using Tor or VPN, but you might have to cycle through a few
exit nodes to achieve this.
After signing up you should set up 2FA authentication within the
security options and using KeePassXC TOTP.
\subsubsubsection[title={OnlyFans:},reference={onlyfans}]
\startitemize
\item
Is this against their ToS? No, it looks fine
\useURL[url1954][https://onlyfans.com/terms]\from[url1954]
\useURL[url1955][https://web.archive.org/web/https://onlyfans.com/terms][][{[}Archive.org{]}]\from[url1955]
\item
Will they require a phone number? No, they do require an e-mail
\item
Can you create accounts through Tor? Yes, you can
\stopitemize
Unfortunately, you will be extremely limited with that account and to do
anything you will need dot complete their verification process which
requires a KYC type financial transaction check. So, not very useful.
\subsubsubsection[title={Proton:},reference={proton}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1956][https://proton.me/legal/terms]\from[url1956]
\useURL[url1957][https://web.archive.org/web/https://proton.me/legal/terms][][{[}Archive.org{]}]\from[url1957]
\item
Will they require a phone number? Maybe. This depends on the IP you
are coming from. If you come from Tor, it is likely. From a VPN, it is
less likely.
\item
Can you create accounts through Tor? Yes, but highly likely that a
phone number will be required when only an e-mail or a captcha will be
required over a VPN. They even have a \quotation{.onion} address at
\useURL[url1958][http://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/]\from[url1958].
\stopitemize
You obviously need an e-mail for your online identity and disposable
e-mails are pretty much banned everywhere.
Proton is a free e-mail provider based in Switzerland that advocates
security and privacy.
They are recommended by Privacyguides.org\footnote{Privacyguides.org
recommended E-mail Providers
\useURL[url1959][https://www.privacyguides.org/email/]\from[url1959]
\useURL[url1960][https://web.archive.org/web/https://www.privacyguides.org/email/][][{[}Archive.org{]}]\from[url1960]}.
Their only apparent issue is that they do require (in most cases) a
phone number or another e-mail address for registration (when you try to
register from a VPN or Tor at least).
They claim they do not store/link the phone/e-mail associated with the
registration but only store a hash that is not linked to the
account\footnote{Proton Registration Human Verification
\useURL[url1961][https://proton.me/support/human-verification/]\from[url1961]
\useURL[url1962][https://web.archive.org/web/https://proton.me/support/human-verification][][{[}Archive.org{]}]\from[url1962]}.
If their claim is true and the hash is not linked to your account, and
that you followed my guide about the phone number, you should be
reasonably safe from tracking.
This e-mail account can be used for creating a Google/Gmail account.
\subsubsubsection[title={Reddit:},reference={reddit}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1963][https://www.redditinc.com/policies]\from[url1963]
\useURL[url1964][https://web.archive.org/web/https://www.redditinc.com/policies][][{[}Archive.org{]}]\from[url1964]
\item
Will they require a phone number? No, they will not.
\item
Can you create accounts through Tor? Yes
\stopitemize
Reddit is simple. All you need to register is a valid username and a
password. Normally they do not even require an e-mail (you can skip the
e-mail when registering, leaving it blank).
No issues whatsoever signing up over Tor or VPN besides the occasional
Captchas.
Consider reading this reddit post:
\useURL[url1965][https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/]\from[url1965]
\useURL[url1966][https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/][][{[}Archive.org{]}]\from[url1966]
\subsubsubsection[title={Slashdot:},reference={slashdot}]
\startitemize[packed]
\item
Is this against their ToS? Yes
\useURL[url1967][https://slashdotmedia.com/terms-of-use/]\from[url1967]
\useURL[url1968][https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/][][{[}Archive.org{]}]\from[url1968]
\stopitemize
"8. Registration; Use of Secure Areas and Passwords
Some areas of the Sites may require you to register with us. When and if
you register, you agree to (a) provide accurate, current, and complete
information about yourself as prompted by our registration form
(including your e-mail address) and (b) to maintain and update your
information (including your e-mail address) to keep it accurate,
current, and complete. You acknowledge that should any information
provided by you be found to be untrue, inaccurate, not current, or
incomplete, we reserve the right to terminate this Agreement with you
and your current or future use of the Sites (or any portion thereof)".
\startitemize
\item
Will they require a phone number? No
\item
Can you create accounts through Tor? Yes
\stopitemize
\subsubsubsection[title={Telegram:},reference={telegram}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1969][https://telegram.org/tos]\from[url1969]
\useURL[url1970][https://web.archive.org/web/https://telegram.org/tos][][{[}Archive.org{]}]\from[url1970]
\item
Will they require a phone number? Yes unfortunately
\item
Can you create accounts through Tor? Yes, but sometimes you randomly
get banned without any reason
\stopitemize
Telegram is quite straightforward, and you can download their portable
Windows app to sign-up and log in.
It will require a phone number (that can only be used once) and nothing
else.
In most cases, we had no issues whether it was over Tor or VPN, but we
had a few cases where our telegram account was just banned for violating
terms of services (not sure which one?). This again despite not using
them for anything.
They provide an appeal process through e-mail, but we had no success
with getting any answer.
Their appeal process is just sending an e-mail to
\useURL[url1971][mailto:recover@telegram.org][][recover@telegram.org]\from[url1971]
\useURL[url1972][https://web.archive.org/web/mailto:recover@telegram.org][][{[}Archive.org{]}]\from[url1972]
stating your phone number and issue and hope they answer.
After signing up you should do the following:
\startitemize
\item
Go into Edit profile
\item
Set a Username
\item
Go into Settings (Desktop App)
\item
Set the Phone Number visibility to Nobody
\item
Set Last Seen & Online to Nobody
\item
Set Forwarded Messages to Nobody
\item
Set Profile photos to Contacts
\item
Set Calls to Contacts
\item
Set Group & Channels to Contacts
\stopitemize
\subsubsubsection[title={Tutanota:},reference={tutanota}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1973][https://tutanota.com/terms/]\from[url1973]
\useURL[url1974][https://web.archive.org/web/https://tutanota.com/terms/][][{[}Archive.org{]}]\from[url1974]
\item
Will they require a phone number? No, but they do require an e-mail.
\item
Can you create accounts through Tor? Not really, almost all Tor Exit
nodes are banned AFAIK
\stopitemize
\subsubsubsection[title={Twitter:},reference={twitter}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1975][https://twitter.com/en/tos]\from[url1975]
\item
Will they require a phone number? Extremely likely, possibly now a
requirement in all cases.
\item
Can you create accounts through Tor? Yes, but expect some captchas and
your phone number will be required after a while.
\stopitemize
Twitter is extremely aggressive in preventing anonymity on its network.
You should sign-up using e-mail and password (not phone) and not using
\quotation{Sign-in with Google}. Use your Gmail as the e-mail address.
More than likely, your account will be suspended immediately during the
sign-up process and will require you to complete a series of automated
tests to unlock. This will include a series of captchas, confirmation of
your e-mail and Twitter handle, or other information. In some cases, it
will also require your phone number.
In some cases, despite you selecting a text verification, the Twitter
verification system will call the phone no matter what. In that case,
you will have to pick up and hear the verification code. We suspect this
is another method of preventing automated systems and malicious users
from selling text receiving services over the internet.
Twitter will store all this information and link it to your account
including your IP, e-mail, and phone number. You will not be able that
phone number to create a different account.
Once the account is restored, you should take some time to do the
following:
\startitemize
\item
Upload the identity profile picture.
\item
Enable 2FA from the security settings using a new KeePassXC TOTP
entry, save the security codes in KeePassXC as well.
\item
Disable Photo tagging
\item
Disable E-mail lookup
\item
Disable Phone lookup
\item
Disable all personalized advertising settings
\item
Disable geolocation of tweets
\item
{\bf Caution:} Remove the phone number from the account (at your own
risk, this often leads to suspension of the account)
\item
Follow some people based
\item
Log out and leave it be.
\stopitemize
After about a week, you should check Twitter again and the chances are
quite high that it will be suspended again for \quotation{suspicious
activity} or \quotation{violating community guidelines} despite you not
using it at all (not even a single tweet/follow/like/retweet or DM) but
this time by another system. We call this the \quotation{Double-tap}.
This time you will need to submit an appeal using a form\footnote{Twitter
Appeal Form
\useURL[url1976][https://help.twitter.com/forms/general]\from[url1976]},
provide a good reason and wait for the appeal to be processed by
Twitter. During that process, you may receive an e-mail (on Proton)
asking you to reply to a customer service ticket to prove that you do
have access to your e-mail and that it is you. This will be directed
toward your Gmail address but will arrive on your Proton.
Do not reply from Proton as this will raise suspicions, you must sign in
to Gmail (unfortunately) and compose a new mail from there copy-pasting
the E-Mail, Subject, and Content from Proton. As well as a reply
confirming you have access to that e-mail.
After a few days, your account should get unsuspended \quotation{for
good}. No issues after that but keep in mind they can still ban your
account for any reason if you violate the community guidelines. The
phone number and e-mail will then be flagged, and you will have no other
option but to get a new identity with a new number to sign-up again. Do
not use this account for trolling.
\subsubsubsection[title={Twitch:},reference={twitch}]
\startitemize
\item
Is this against their ToS? No
\useURL[url1977][https://www.twitch.tv/p/en/legal/terms-of-service/]\from[url1977]
\useURL[url1978][https://web.archive.org/web/https://www.twitch.tv/p/en/legal/terms-of-service/][][{[}Archive.org{]}]\from[url1978]
\item
Will they require a phone number? No, but they do require an e-mail.
\item
Can you create accounts through Tor? Yes
\stopitemize
Note that you will not be able to enable 2FA on Twitch using only
e-mail. This feature requires a phone number to enable.
\subsubsubsection[title={WhatsApp:},reference={whatsapp}]
\startitemize[packed]
\item
Is this against their ToS? {\bf Yes}
\useURL[url1979][https://www.whatsapp.com/legal/updates/terms-of-service-eea]\from[url1979]
\useURL[url1980][https://web.archive.org/web/https://www.whatsapp.com/legal/updates/terms-of-service-eea][][{[}Archive.org{]}]\from[url1980]
\stopitemize
\quotation{{\bf Registration}. You must register for our Services
{\bf using accurate information}, provide your current mobile phone
number, and, if you change it, update your mobile phone number using our
in-app change number feature. You agree to receive text messages and
phone calls (from us or our third-party providers) with codes to
register for our Services}.
\startitemize
\item
Will they require a phone number? Yes, they do.
\item
Can you create accounts through Tor? No issues with that so far.
\stopitemize
\subsubsubsection[title={4chan:},reference={chan}]
\startitemize
\item
Is this against their ToS? No
\item
Will they require a phone number? No, they will not.
\item
Can you post there with Tor or VPN? Not likely.
\stopitemize
4chan is 4chan \ldots{} This guide will not explain 4chan to you. They
block Tor exit nodes and known VPN IP ranges.
You are going to have to find a separate way to post there using at
least seven proxies\footnote{KnowYourMeme, Good Luck, I'm Behind 7
Proxies
\useURL[url1981][https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies]\from[url1981]
\useURL[url1982][https://web.archive.org/web/https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies][][{[}Archive.org{]}]\from[url1982]}
that are not known by 4chan blocking system (hint: Anonymous VPS using
Monero is probably your best option).
\placefigure{image40}{\externalfigure[./tex2pdf.-1a34188c73046814/209a5add37a22e27eb7b941aaaffd5a9933f6d07.png]}
\subsubsubsection[title={Crypto Wallets:},reference={crypto-wallets}]
Use any crypto wallet app within the Windows Virtual Machine. But be
careful not to transfer anything toward an Exchange or a known Wallet.
Crypto is in most cases NOT anonymous and can be traced back to you when
you buy/sell any (remember the \goto{Your Cryptocurrencies
transactions}[your-cryptocurrencies-transactions] section).
{\bf If you really want to use Crypto, use Monero which is the only one
with reasonable privacy/anonymity.}
Ideally, you should find a way to buy/sell crypto with cash from an
unknown person.
\subsubsubsection[title={What about those mobile-only apps
(WhatsApp/Signal)?},reference={what-about-those-mobile-only-apps-whatsappsignal}]
There are only three ways of securely using those anonymously (that we
would recommend). Using a VPN on your phone is not one of those ways.
All of those are, unfortunately, \quotation{tedious} to say the least.
\startitemize
\item
Use an Android Emulator within the Windows VM and run the App through
your multi-layer of Tor/VPN. The drawback is that such emulators are
usually quite resource-hungry and will slow down your VM and use more
battery. Here is also an (outdated) guide on this matter:
\useURL[url1983][https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/]\from[url1983]
\useURL[url1984][https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/][][{[}Archive.org{]}]\from[url1984].
As for myself, we will recommend the use of:
\startitemize
\item
Android-x86 on Virtualbox (see
\useURL[url1985][https://www.android-x86.org/documentation/virtualbox.html]\from[url1985]
\useURL[url1986][https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html][][{[}Archive.org{]}]\from[url1986])
that you can also set up easily.
\item
AnBox (\useURL[url1987][https://anbox.io]\from[url1987]
\useURL[url1988][https://web.archive.org/web/https://anbox.io/][][{[}Archive.org{]}]\from[url1988])
that you can also set up rather easily including on the Whonix
Workstation, see
\useURL[url1989][https://www.whonix.org/wiki/Anbox]\from[url1989]
\useURL[url1990][https://web.archive.org/web/https://www.whonix.org/wiki/Anbox][][{[}Archive.org{]}]\from[url1990]
\stopitemize
\item
{\bf Not recommended:} Using a non-official app (such as Wassapp for
WhatsApp) to connect from the Windows VM to the app. Use at your own
risk as you could get banned for violating the terms of services by
using a non-official App.
\item
{\bf Not recommended and most complicated:} Have a burner Smartphone
that you will connect to the VM layered network through
Tethering/Sharing of the connection through Wi-Fi. We will not detail
this here, but it is an option.
\stopitemize
There is no way to reliably set a decent multi-layered connectivity
approach easily on an Android phone (it is not even possible on IOS as
far as we know). By reliable, we mean being sure that the smartphone
will not leak anything such as geolocation or anything else from booting
up to shutting down.
\subsubsubsection[title={Anything else:},reference={anything-else}]
You should use the same logic and security for any other platform.
It should work in most cases with most platforms. {\bf The hardest
platform to use with full anonymity is Facebook.}
This will obviously not work with banks and most financial platforms
(such as PayPal or Crypto Exchanges) requiring actual real official and
existing identification. This guide will not help you there as this
would be illegal in most places.
\subsubsection[title={How to share files privately and/or chat
anonymously:},reference={how-to-share-files-privately-andor-chat-anonymously}]
There are plenty of messaging apps everywhere. Some have excellent UI
and UX and terrible Security/Privacy. Some have excellent
Security/Privacy but terrible UI and UX. It is not easy to pick the ones
that you should use for sensitive activities. So, this section will help
you do that.
Before going further, there are also some key basic concepts you should
understand:
\subsubsubsection[title={End-to-end
Encryption:},reference={end-to-end-encryption}]
End-to-end Encryption\footnote{Wikipedia, end-to-end encryption
\useURL[url1991][https://en.wikipedia.org/wiki/End-to-end_encryption]\from[url1991]
\useURL[url1992][https://wikiless.org/wiki/End-to-end_encryption][][{[}Wikiless{]}]\from[url1992]
\useURL[url1993][https://web.archive.org/web/https://en.wikipedia.org/wiki/End-to-end_encryption][][{[}Archive.org{]}]\from[url1993]}
(aka e2ee) is a rather simple concept. It just means only you and your
destination know each-others public encryption keys and no one in
between that would be eavesdropping would be able to decrypt the
communication.
However, the term is often used differently depending on the provider:
\startitemize
\item
Some providers will claim e2ee but forget to mention what is covered
by their protocols. For instance, is metadata also protected within
their e2ee protocol? Or is it just the content of the messages?
\item
Some providers do provide e2ee but only as an opt-in option (disabled
by default).
\item
Some providers do offer e2ee with 1 to 1 messaging but not with group
messaging.
\item
Some providers will claim the use of e2ee, but their proprietary apps
are closed source where no one can verify the claim and the strength
of the encryption used.
\stopitemize
For these reasons, it is always important to check the claims of various
apps. Open-Source apps should always be preferred to verify what kind of
encryption they are using and if their claims are true. If not open
source, such apps should have an openly available independent (made by a
reputable third party) report confirming their claims.
\subsubsubsection[title={Roll your own
crypto:},reference={roll-your-own-crypto}]
See the \goto{Bad Cryptography}[bad-cryptography] section at the start
of this guide.
{\bf Always be cautious of apps rolling their own crypto until it has
been reviewed by many in the crypto community (or even better published
and peer-reviewed academically)}. Again, this is harder to verify with
closed-source proprietary apps.
It is not that rolling your own crypto is bad in essence, it is that
good cryptography needs real peer-reviewing, auditing, testing\ldots{}
And since you are probably not a cryptanalyst (and we are not either),
chances are high we are not competent to assess the cryptography of some
apps.
\subsubsubsection[title={Forward Secrecy:},reference={forward-secrecy}]
Forward Secrecy\footnote{Wikipedia, Forward Secrecy
\useURL[url1994][https://en.wikipedia.org/wiki/Forward_secrecy]\from[url1994]
\useURL[url1995][https://wikiless.org/wiki/Forward_secrecy][][{[}Wikiless{]}]\from[url1995]
\useURL[url1996][https://web.archive.org/web/https://en.wikipedia.org/wiki/Forward_secrecy][][{[}Archive.org{]}]\from[url1996]}
(FS aka PFS for Perfect Forward Secrecy) is a property of the key
agreement protocol of some of those messaging apps and is a companion
feature of e2ee. This happens before you establish communication with
the destination. The \quotation{Forward} refers to the future in time
and means that every time you establish a new e2ee communication, a new
set of keys will be generated for that specific session. The goal of
forward secrecy is to maintain the secrecy of past communications
(sessions) even if the current one is compromised. If an adversary
manages to get hold of your current e2ee keys, that adversary will then
be limited to the content of the single session and will not be able to
easily decrypt past ones.
This has some user experience drawbacks like for instance, a new device
could not be able to conveniently access the remotely stored chat
history without additional steps.
{\bf So, in short, Forward Secrecy protects past sessions against future
compromises of keys or passwords.}
More on this topic on this YouTube video:
\useURL[url1997][https://www.youtube.com/watch?v=zSQtyW_ywZc]\from[url1997]
\useURL[url1998][https://yewtu.be/watch?v=zSQtyW_ywZc][][{[}Invidious{]}]\from[url1998]
Some providers and apps claiming to offer e2ee do not offer FS/PFS
sometimes for usability reasons (group messaging for instance is more
complex with PFS). It is therefore important to prefer open-source apps
providing forward secrecy to those that do not.
\subsubsubsection[title={Zero-Access Encryption at
rest:},reference={zero-access-encryption-at-rest}]
Zero-Access Encryption\footnote{Proton Blog, What is zero-access
encryption?
\useURL[url1999][https://proton.me/blog/zero-access-encryption/]\from[url1999]
\useURL[url2000][https://web.archive.org/web/https://proton.me/blog/zero-access-encryption/][][{[}Archive.org{]}]\from[url2000]}
at rest is used when you store data at some provider (let us say your
chat history or chat backups) but this history or backup is encrypted on
your side and cannot be read or decrypted by the provider hosting it.
Zero-Access encryption is an added feature/companion to e2ee but is
applied mainly to data at rest and not communications.
Examples of this issue would be iMessage and WhatsApp, see the
\goto{Your Cloud backups/sync services}[your-cloud-backupssync-services]
at the start of this guide.
So again, it is best to prefer Apps/Providers that do offer Zero-Access
Encryption at rest and cannot read/access any of your data/metadata even
at rest and not only limited to communications.
Such a feature would have prevented important hacks such as the
Cambridge Analytica scandal\footnote{Wikipedia, Cambridge Analytica
Scandal
\useURL[url2001][https://en.wikipedia.org/wiki/Facebook\%E2\%80\%93Cambridge_Analytica_data_scandal][][https://en.wikipedia.org/wiki/Facebook\letterpercent{}E2\letterpercent{}80\letterpercent{}93Cambridge_Analytica_data_scandal]\from[url2001]
\useURL[url2002][https://wikiless.org/wiki/Facebook\%E2\%80\%93Cambridge_Analytica_data_scandal][][{[}Wikiless{]}]\from[url2002]
\useURL[url2003][https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook\%E2\%80\%93Cambridge_Analytica_data_scandal][][{[}Archive.org{]}]\from[url2003]}
if it were implemented.
\subsubsubsection[title={Metadata
Protection:},reference={metadata-protection}]
Remember the \goto{Your Metadata including your
Geo-Location}[your-metadata-including-your-geo-location] section.
End-to-end Encryption is one thing, but it does not necessarily protect
your metadata.
For Instance, WhatsApp might not know what you are saying but they might
know who you are talking to, how long and when you have been talking to
someone, who else is in groups with you, and if you transferred data
with them (such as large files).
End-to-end Encryption does not in itself protect an eavesdropper from
harvesting your metadata.
This data can also be protected/obfuscated by some protocols to make
metadata harvesting substantially harder for eavesdroppers. This is the
case for instance with the Signal Protocol which does offer some added
protection with features like:
\startitemize
\item
The Sealed Sender option\footnote{Signal Blog, Technology preview:
Sealed sender for Signal
\useURL[url2004][https://signal.org/blog/sealed-sender/]\from[url2004]
\useURL[url2005][https://web.archive.org/web/https://signal.org/blog/sealed-sender/][][{[}Archive.org{]}]\from[url2005]}.
\item
The Private Contact Discovery\footnote{Signal Blog, Private Contact
Discovery
\useURL[url2006][https://signal.org/blog/private-contact-discovery/]\from[url2006]
\useURL[url2007][https://web.archive.org/web/https://signal.org/blog/private-contact-discovery/][][{[}Archive.org{]}]\from[url2007]}.
\item
The Private Group System\footnote{Signal Blog, Private Group System
\useURL[url2008][https://signal.org/blog/signal-private-group-system/]\from[url2008]
\useURL[url2009][https://web.archive.org/web/https://signal.org/blog/signal-private-group-system/][][{[}Archive.org{]}]\from[url2009]}.
\stopitemize
Other Apps like Briar or OnionShare will protect metadata by using the
Tor Network as a shield and storing everything locally on-device.
Nothing is stored remotely, and all communications are either direct
using proximity wi-fi/Bluetooth or remotely through the Tor network.
Most apps however and especially closed-source proprietary commercial
apps will collect and retain your metadata for various purposes. And
such metadata alone is enough to figure out a lot of things about your
communications.
Again, it is important to prefer open-source apps with privacy in mind
and various methods in place to protect not only the content of
communications but all the associated metadata.
\subsubsubsection[title={Open-Source:},reference={open-source}]
Finally, Open-Source apps should always be preferred because they allow
third parties to check actual capabilities and weaknesses vs claims of
marketing departments. Open-Source does not mean the app should be free
or non-commercial. It just means transparency.
\subsubsubsection[title={Comparison:},reference={comparison}]
App0
e2ee1
Roll Your Own Crypto
Perfect
Forward Secrecy
Zero-Access Encryption at-rest5
Metadata Protection (obfuscation, encryption\ldots{})
Open-Source
Default Privacy Settings
Native Anonymous Sign-up (no e-mail or phone)
Possible through Tor
Privacy and Security Track Record ***
De-centralized
Additional notes
Berty
(avoid)
Yes
No
Yes
Yes
Yes
Yes 13
Good
Yes
Yes
Good
Yes (peer to peer)
Not sufficiently reviewed by this project, cannot recommend
Briar (preferred)
Yes
No 1
Yes
Yes
Yes (strong)
Yes
Good
Yes
Natively3
Good
Yes (peer to peer)
Cwtch
(preferred)
Yes
No
Yes
Yes
Yes (strong)
Yes
Good
Yes
Natively
Good
Yes (peer to peer)
Discord
(avoid)
No
Closed-source7
No
No
No
No
Bad
E-Mail Required
Virtualization
Bad
No
Element / Matrix.org (preferred)
Yes (opt-in)
No
Yes
Yes
Poor2
Yes
Good
Yes
Via Proxy3 or Virtualization
Good
Partial (federated servers)
Facebook Messenger (avoid)
Partial (Only 1to1 / opt-in)
Closed-source7
Yes
No
No
No
Bad
E-Mail and Phone required
Virtualization
Bad
No
OnionShare (preferred)
Yes
No
TBD8
TBD8
Yes (strong)
Yes
Good
Yes
Natively
Good
Yes (peer to peer)
Apple Messages (aka iMessage)
Yes
Closed-source7
No
Partial
No
No
Good
Apple device Required
Maybe Virtualization using real Apple device ID
Bad
No
IRC
Yes (OTR plugins)
No
No
No
No
Yes
Bad
Yes
Via Proxy3 or Virtualization
Good
No
Jami
(preferred)
Yes
No3
Yes
Yes
Partial
Yes
Good
Yes
Via Proxy3 or Virtualization9
Good
Partial
Tor breaks some features
KakaoTalk (avoid)
Yes
Closed-source7
No4
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
Keybase
Yes
No
Partial (exploding message)
No
No
Yes
Good
E-Mail Required
No
Kik (avoid)
No
Closed-source7
No
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
Line (avoid)
Partial (opt-in)
Closed-source7
No
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
Pidgin with OTR (avoid)
Yes (OTR5)
No
Yes
No
No
Yes
Bad
Yes
Via Proxy3 or Virtualization
Bad6
No
Tox (avoid)
Yes
No
No
No
No
Yes
Good
Yes
Via Proxy3 or Virtualization
Medium7
Yes
Known cryptographic weaknesses14
Session
(Preferred only on iOS)
Yes
No
No
Yes
Yes
Yes
Good
Yes
Via Proxy3 or Virtualization10
Good
Yes
Lacks PFS, deniability
Signal
Yes
No
Yes
Yes
Yes (moderate)
Yes
Good
Phone Required
Virtualization
Good
No
Requires burner or anonymous VOIP number for anonymous usage
Skype (avoid)
Partial (Only 1to1 / opt-in)
Closed-source7
No
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
SnapChat (avoid)
No
Closed-source7
No
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
Deleted/expired messages are easily recoverable15,16
Teams (avoid)
Yes
Closed-source7
No
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
Telegram
Partial (Only 1to1 / opt-in)
Yes (MTProto8)
Partial (secret chats only)
Yes
No
Partial5
Medium (e2ee off by default)
Phone Required
Via Proxy3 or Virtualization
Medium9
No
Viber (avoid)
Partial (Only 1to1)
Closed-source7
Yes
No
No
No
Bad
No (but possible)
Virtualization
Bad
No
WeChat (avoid)
No
Closed-source7
No
No
No
No
Bad
No
Virtualization
Bad
No
WhatsApp (avoid)
Yes
Closed-source7
Yes
No
No
No
Bad
Phone Required
Virtualization
Bad
No
Wickr Me
Partial (Only 1to1)
No
Yes
No
Yes (moderate)
No
Good
Yes
Virtualization
Good
No
Gajim (XMPP) (preferred)
Yes
No
Yes
No
No
Yes
Good
Yes
Via Proxy3 or Virtualization
Good
Partial
Zoom (avoid10)
Disputed11
No
TBD8
No
No
No
Bad
E-Mail Required
Virtualization
Bad12
No
Malware risk17
Molly
Yes
No
Yes
Yes
Yes (moderate)
Yes
Good
Phone Required
Virtualization
Good
No
Requires phone number. Security hardened fork of Signal client. Security
may be delayed for up to a week
Briar Documentation, Bramble Transport Protocol version 4
https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
{[}Archive.org{]}↩︎
Serpentsec, Matrix
https://web.archive.org/web/https://serpentsec.1337.cx/matrix↩
Wikipedia, GnuTLS, https://en.wikipedia.org/wiki/GnuTLS {[}Wikiless{]}
{[}Archive.org{]}↩︎
KTH ROYAL INSTITUTE OF TECHNOLOGYSCHOOL OF ELECTRICAL ENGINEERING, A
Security and Privacy Audit of KakaoTalk's End-to-End Encryption
www.diva-portal.org/smash/get/diva2:1046438/FULLTEXT01.pdf
{[}Archive.org{]}↩︎
Wikipedia, OTR https://en.wikipedia.org/wiki/Off-the-Record_Messaging
{[}Wikiless{]} {[}Archive.org{]}↩︎
Pidgin Security Advisories,
https://www.pidgin.im/about/security/advisories/ {[}Archive.org{]}↩︎
Whonix Forum, Tox Integration
https://forums.whonix.org/t/tox-qtox-whonix-integration/1219
{[}Archive.org{]}↩︎
Telegram Documentation, MTProto Mobile Protocol
https://core.telegram.org/mtproto {[}Archive.org{]}↩︎
Wikipedia, Telegram Security Breaches,
https://en.wikipedia.org/wiki/Telegram_(software)\#Security_breaches
{[}Wikiless{]} {[}Archive.org{]}↩︎
TechCrunch, Maybe we shouldn't use Zoom after all,
https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
{[}Archive.org{]}↩︎
The Incercept, Zoom Meetings Aren't End-to-End Encrypted, Despite
Misleading Marketing
https://theintercept.com/2020/03/31/zoom-meeting-encryption/ {[}Tor
Mirror{]} {[}Archive.org{]}↩︎
Serpentsec, Secure Messaging: Choosing a chat app
https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app↩
Berty, Development, https://berty.tech↩
Tox Handshake Vulnerable to KCI,
https://github.com/TokTok/c-toxcore/issues/426↩
The Guardian, Deleted Snapchat photos recovered \quote{within days} by
forensics company,
https://www.theguardian.com/technology/2013/may/09/snapchat-photos-not-deleted↩
The Guardian, Snapchat's expired snaps are not deleted, just hidden,
https://web.archive.org/web/20131115224243/https://www.theguardian.com/media-network/partner-zone-infosecurity/snapchat-photos-not-deleted-hidden↩
The Guardian, \quote{Zoom is malware}: why experts worry about the video
conferencing platform,
https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing↩
{\bf Legend:}
\startitemize[n][stopper=.,width=2.0em]
\item
The mention \quotation{preferred} or \quotation{avoid} refers to the
use of those apps for sensitive communications. This is just my
opinion, and you can make your own using the resources above and
others. Remember \quotation{Trust but verify}.
\item
e2ee refers to \quotation{end-to-end encryption}
\item
Additional steps might be needed for securing Tor Connectivity
\item
Their ability and willingness to fight for privacy and not cooperate
with various adversaries
\item
Only the client apps are open-source, not the server-side apps
\item
This means the data is fully encrypted at rest (and not only during
transit) and unreadable by any third party without a key you only know
(including backups)
\item
Unverifiable because it is proprietary closed source.
\item
To Be Determined, unknown at the time of this writing
\item
Jami will require you to enable DHTProxy in their options to work and
it will be limited to text only.
\item
Session also uses their own Onion Routing solution called LokiNet
\stopitemize
{\bf Some apps like Threema and Wire were excluded from this comparison
due to not being free and not accepting anonymous cash methods such as
Cash/Monero.}
\subsubsubsection[title={Conclusion:},reference={conclusion-3}]
{\bf Remember: \goto{Appendix B1: Checklist of things to verify before
sharing
information}[appendix-b1-checklist-of-things-to-verify-before-sharing-information].}
We will recommend these options in that order (as also recommend by
Privacyguides.org\footnote{Privacyguides.org, File-Sharing
\useURL[url2010][https://www.privacyguides.org/file-sharing/]\from[url2010]
\useURL[url2011][https://web.archive.org/web/https://www.privacyguides.org/file-sharing/][][{[}Archive.org{]}]\from[url2011]}'\footnote{Privacyguides.org,
Real-Time Communication
\useURL[url2012][https://www.privacyguides.org/real-time-communication/]\from[url2012]
\useURL[url2013][https://web.archive.org/web/https://www.privacyguides.org/real-time-communication/][][{[}Archive.org{]}]\from[url2013]}
except for Session and Cwtch):
\startitemize
\item
macOS:
\startitemize
\item
Native Tor Onion Routing Support ({\bf preferred}):
\startitemize
\item
OnionShare version >2.3
(\useURL[url2014][https://onionshare.org/]\from[url2014]
\useURL[url2015][http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/][][{[}Tor
Mirror{]}]\from[url2015]
\useURL[url2016][https://web.archive.org/web/https://onionshare.org/][][{[}Archive.org{]}]\from[url2016])**
\item
Cwtch (\useURL[url2017][https://cwtch.im]\from[url2017]
\useURL[url2018][https://web.archive.org/web/https://cwtch.im/][][{[}Archive.org{]}]\from[url2018]
{\bf warning, this is at the alpha/beta stage})**
\stopitemize
\item
Non-Native Tor Support (needs additional steps for ideal anonymity
to proxy it through Tor through Virtualization or Proxying):
\startitemize
\item
Element/Matrix.org
(\useURL[url2019][https://element.io/]\from[url2019]
\useURL[url2020][https://web.archive.org/web/https://element.io/][][{[}Archive.org{]}]\from[url2020])
\item
Jami (\useURL[url2021][https://jami.net/]\from[url2021]
\useURL[url2022][https://web.archive.org/web/https://jami.net/][][{[}Archive.org{]}]\from[url2022])*
\item
Gajim/XMPP (\useURL[url2023][https://gajim.org/]\from[url2023]
\useURL[url2024][https://web.archive.org/web/https://gajim.org/][][{[}Archive.org{]}]\from[url2024])
\stopitemize
\stopitemize
\item
Windows:
\startitemize
\item
Native Tor Onion Routing Support ({\bf preferred}):
\startitemize
\item
OnionShare version >2.3
(\useURL[url2025][https://onionshare.org/]\from[url2025]
\useURL[url2026][http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/][][{[}Tor
Mirror{]}]\from[url2026]
\useURL[url2027][https://web.archive.org/web/https://onionshare.org/][][{[}Archive.org{]}]\from[url2027])**
\item
Cwtch (\useURL[url2028][https://cwtch.im]\from[url2028]
\useURL[url2029][https://web.archive.org/web/https://cwtch.im/][][{[}Archive.org{]}]\from[url2029]
{\bf warning, this is at the alpha/beta stage})**
\stopitemize
\item
Non-Native Tor Support (needs additional steps for ideal anonymity
to proxy it through Tor through Virtualization or Proxying):
\startitemize
\item
Element/Matrix.org
(\useURL[url2030][https://element.io/]\from[url2030]
\useURL[url2031][https://web.archive.org/web/https://element.io/][][{[}Archive.org{]}]\from[url2031])
\item
Jami (\useURL[url2032][https://jami.net/]\from[url2032]
\useURL[url2033][https://web.archive.org/web/https://jami.net/][][{[}Archive.org{]}]\from[url2033])*
\item
Gajim/XMPP (\useURL[url2034][https://gajim.org/]\from[url2034]
\useURL[url2035][https://web.archive.org/web/https://gajim.org/][][{[}Archive.org{]}]\from[url2035])
\stopitemize
\stopitemize
\item
Linux:
\startitemize
\item
Native Tor Onion Routing Support ({\bf preferred}):
\startitemize
\item
Briar (\useURL[url2036][https://briarproject.org/]\from[url2036]
\useURL[url2037][https://web.archive.org/web/https://briarproject.org/][][{[}Archive.org{]}]\from[url2037])*
\item
OnionShare version >2.3
(\useURL[url2038][https://onionshare.org/]\from[url2038]
\useURL[url2039][http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/][][{[}Tor
Mirror{]}]\from[url2039]
\useURL[url2040][https://web.archive.org/web/https://onionshare.org/][][{[}Archive.org{]}]\from[url2040])**
\item
Cwtch (\useURL[url2041][https://cwtch.im]\from[url2041]
\useURL[url2042][https://web.archive.org/web/https://cwtch.im/][][{[}Archive.org{]}]\from[url2042]
{\bf warning, this is at the alpha/beta stage})**
\stopitemize
\item
Non-Native Tor Support (needs additional steps for ideal anonymity
to proxy it through Tor through Virtualization or Proxying):
\startitemize
\item
Element/Matrix.org
(\useURL[url2043][https://element.io/]\from[url2043]
\useURL[url2044][https://web.archive.org/web/https://element.io/][][{[}Archive.org{]}]\from[url2044])
\item
Jami (\useURL[url2045][https://jami.net/]\from[url2045]
\useURL[url2046][https://web.archive.org/web/https://jami.net/][][{[}Archive.org{]}]\from[url2046])*
\item
Gajim/XMPP (\useURL[url2047][https://gajim.org/]\from[url2047]
\useURL[url2048][https://web.archive.org/web/https://gajim.org/][][{[}Archive.org{]}]\from[url2048])
\stopitemize
\stopitemize
\item
Note that for Jami to work over Tor, you will have to enable the local
DHTProxy option within Jami Settings. This will only work for text
messages and not for calls/videos)
\stopitemize
** Note that these options (Briar, Cwtch, and OnionShare) do not support
multi-devices yet. Your information is strictly stored on the device/OS
where you are setting it up. Do not use those on a non-persistent OS
unless you want ephemeral use.
Any safe options for mobile devices? {\bf Yes, but these are not
endorsed/recommended except Briar on Android. Remember also that this
guide discourages the use of smartphones for sensitive activities in
general.}
\startitemize
\item
Android:
\startitemize
\item
Briar (\useURL[url2049][https://briarproject.org/]\from[url2049]
\useURL[url2050][https://web.archive.org/web/https://briarproject.org/][][{[}Archive.org{]}]\from[url2050])
\item
Cwtch (\useURL[url2051][https://cwtch.im]\from[url2051]
\useURL[url2052][https://web.archive.org/web/https://cwtch.im/][][{[}Archive.org{]}]\from[url2052]
{\bf warning, this is at the alpha/beta stage})
\stopitemize
\item
iOS:
\startitemize[packed]
\item
Due to the lack of any better option and while it is {\bf normally
not recommended}: Session Messenger:
\useURL[url2053][https://getsession.org/]\from[url2053]
\useURL[url2054][https://web.archive.org/web/https://getsession.org/][][{[}Archive.org{]}]\from[url2054].
Why is it not recommended these days within the privacy community?
{\bf See: \goto{Appendix B7: Caution about Session
messenger}[appendix-b7-caution-about-session-messenger] to find out
why we are cautious about Session Messenger}.
\stopitemize
\stopitemize
{\bf Note that all the non-native Tor options must be used over Tor for
safety (from Tails or a guest OS running behind the Whonix Gateway such
as the Whonix Workstation or an Android-x86 VM).}
WhileWedo not recommend most of the messaging platforms for the various
reasons outlined above (phone number and e-mail requirements), this does
not mean it is not possible to use them anonymously if you know what you
are doing. You can use even Facebook Messenger anonymously by taking the
necessary precautions outlined in this guide (virtualization behind a
Tor Gateway on a non-persistent OS).
The ones that are preferred are recommended due to their stance on
privacy, their default settings, their crypto choices but also because
they allow convenient anonymous sign-up without going through the many
hassles of having a phone number/e-mail verification method and are open
source. Those should be privileged in most cases.
You can also consult the following external resources for more
comparisons ({\bf we do not necessarily endorse their opinions}):
\startitemize
\item
SecuChart,
\useURL[url2055][https://bkil.gitlab.io/secuchart/]\from[url2055]
\useURL[url2056][https://web.archive.org/web/https://bkil.gitlab.io/secuchart/][][{[}Archive.org{]}]\from[url2056]
\useURL[url2057][https://github.com/bkil/secuchart][][{[}Repository{]}]\from[url2057]
(Maintained open-source project)\crlf
\item
Wikipedia,
\useURL[url2058][https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients]\from[url2058]
\useURL[url2059][https://wikiless.org/wiki/Comparison_of_cross-platform_instant_messaging_clients][][{[}Wikiless{]}]\from[url2059]
\useURL[url2060][https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients][][{[}Archive.org{]}]\from[url2060]
\startitemize[packed]
\item
Wikipedia,
\useURL[url2061][https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols]\from[url2061]
\useURL[url2062][https://wikiless.org/wiki/Comparison_of_instant_messaging_protocols][][{[}Wikiless{]}]\from[url2062]
\useURL[url2063][https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols][][{[}Archive.org{]}]\from[url2063]
\stopitemize
\item
Whonix Documentation, Instant Messenger Chat
\useURL[url2064][https://www.whonix.org/wiki/Chat]\from[url2064]
\useURL[url2065][https://web.archive.org/web/https://www.whonix.org/wiki/Chat][][{[}Archive.org{]}]\from[url2065]
(Outdated, Unmaintained but contains insightful information)
\item
{\bf Outdated, or unmaintained, or abandoned resources scheduled for
removal from our guide in next release:}
\startitemize
\item
Secure Messaging Apps
\useURL[url2066][https://www.securemessagingapps.com/]\from[url2066]
\useURL[url2067][https://web.archive.org/web/https://www.securemessagingapps.com/][][{[}Archive.org{]}]\from[url2067]
\item
Proton Blog,
\useURL[url2068][https://proton.me/blog/whatsapp-alternatives/]\from[url2068]
\useURL[url2069][https://web.archive.org/web/2022053117143/https://proton.me/blog/whatsapp-alternatives][][{[}Archive.org{]}]\from[url2069]
\item
SecureChart.org,
\useURL[url2070][https://securechatguide.org/featuresmatrix.html]\from[url2070]
\useURL[url2071][https://web.archive.org/web/https://securechatguide.org/featuresmatrix.html][][{[}Archive.org{]}]\from[url2071]
\item
Messenger-Matrix.de at
\useURL[url2072][https://www.messenger-matrix.de/messenger-matrix-en.html]\from[url2072]
\useURL[url2073][https://web.archive.org/web/https://www.messenger-matrix.de/messenger-matrix-en.html][][{[}Archive.org{]}]\from[url2073]
\stopitemize
\stopitemize
{\bf We do not endorse or recommend some mainstream platforms for
anonymity including the much-praised Signal which to this date still
requires a phone number to register and contact others. In the context
of this guide, we strongly recommend against using Signal if possible.
The same recommendation applies to popular forks of Signal such as Molly
(\useURL[url2074][https://molly.im]\from[url2074]\useURL[url2075][https://web.archive.org/web/https://molly.im][][{[}Archive.org{]}]\from[url2075])}
\subsubsection[title={How to share files publicly but
anonymously:},reference={how-to-share-files-publicly-but-anonymously}]
{\bf Warning: before sharing anything publicly, make sure your files are
curated of any information that could compromise your identity. See
\goto{Appendix B1: Checklist of things to verify before sharing
information}[appendix-b1-checklist-of-things-to-verify-before-sharing-information].}
Consider the following platforms:
\startitemize
\item
Cryptpad.fr (\useURL[url2076][https://cryptpad.fr/]\from[url2076]):
Free tier limited to 1GB total and recommended by PrivacyGuides.org at
\useURL[url2077][https://privacyguides.org/cloud/]\from[url2077]
\useURL[url2078][https://web.archive.org/web/https://privacyguides.org/cloud/][][{[}Archive.org{]}]\from[url2078]
\item
Proton Drive
(\useURL[url2079][https://proton.me/drive/]\from[url2079]): Paid.
Requires users to have \quotation{Proton Unlimited} or \quotation{Mail
Plus}. Proton Drive is E2EE and recommended by PrivacyGuides.org
\startitemize[packed]
\item
Like Proton and Proton VPN, it's not easy to sign up anonymously.
When you try to register through Tor, they request verification
either by phone number, or by providing a donation
\stopitemize
\item
Filen (\useURL[url2080][https://filen.io/]\from[url2080]): free tier
limited to 10GB total
\stopitemize
Consider the use of IPFS\footnote{Wikipedia, IPFS
\useURL[url2081][https://en.wikipedia.org/wiki/InterPlanetary_File_System]\from[url2081]
\useURL[url2082][https://wikiless.org/wiki/InterPlanetary_File_System][][{[}Wikiless{]}]\from[url2082]
\useURL[url2083][https://web.archive.org/web/https://en.wikipedia.org/wiki/InterPlanetary_File_System][][{[}Archive.org{]}]\from[url2083]}:
\startitemize[packed]
\item
Pinata (\useURL[url2084][https://www.pinata.cloud/]\from[url2084]):
Free tier limited to 1GB total
\stopitemize
\subsubsection[title={Redacting Documents/Pictures/Videos/Audio
safely:},reference={redacting-documentspicturesvideosaudio-safely}]
You might want to self-publish some information safely and anonymously
in the form of writing, pictures, videos, \ldots{}
For all these purposes here are a few recommendations:
\startitemize
\item
Ideally, you should not use proprietary software such as Adobe
Photoshop, Microsoft Office\ldots{}
\item
Preferably, you should use open-source software instead such as
LibreOffice, Gimp\ldots{}
\stopitemize
While the commercial alternatives are feature-rich, they are also
proprietary closed-source and often have various issues such as:
\startitemize
\item
Sending telemetry information back to the company.
\item
Adding unnecessary metadata and sometimes watermarks to your
documents.
\item
These apps are not free, and any leak of any metadata could be traced
back to you since you had to buy these somewhere.
\stopitemize
It is possible to use commercial software for making sensitive
documents, but you should be extra careful with all the options in the
various Apps (commercial or free) to prevent any data leak from
revealing information about you.
Here is a comparative table of recommended/included software compiled
from various sources (PrivacyGuides.org, Whonix, Tails, Prism-Break.org,
and me). Keep in mind my recommendation considers the context of this
guide with only sporadic online presence on a need basis.
Type
Whonix
Prism-Break.org
PrivacyGuides.org
Tails
This guide
Offline Document Editing
LibreOffice
N/A
LibreOffice*
LibreOffice
LibreOffice,
Notepad++
Online Document Editing (collaboration)
N/A
Cryptpad.fr
Cryptpad.fr,
Etherpad.org,
Privatebin.net
N/A
Cryptpad.fr,
Etherpad.org,
Privatebin.net
Pictures Editing
Flameshot (L)
N/A
N/A
GIMP
GIMP
Audio Editing
Audacity
N/A
N/A
Audacity
Audacity
Video Editing
Flowblade (L)
N/A
N/A
N/A
Flowblade (L)
Olive (?)
OpenShot (?)
ShotCut (?)
Screen Recorder
Vokoscreen
N/A
N/A
N/A
Vokoscreen
Media Player
VLC
N/A
N/A
VLC
VLC
PDF Viewer
Ristretto (L)
N/A
N/A
N/A
Browser
PDF Redaction
PDF-Redact Tools (L)
N/A
N/A
PDF-Redact Tools (L)
LibreOffice,
PDF-Redact Tools (L)
{\bf Legend:} * Not recommended but mentioned. N/A = Not Included or
absence of recommendation for that software type. (L)= Linux Only but
can maybe be used on Windows/macOS through other means (HomeBrew,
Virtualization, Cygwin). (?)= Not tested but open-source and could be
considered.
{\bf In all cases, we strongly recommend only using such applications
from within a VM or Tails to prevent as much leaking as possible. If you
do not, you will have to sanitize those documents carefully before
publishing (See \goto{Removing Metadata from
Files/Documents/Pictures}[removing-metadata-from-filesdocumentspictures]).}
\subsubsection[title={Communicating sensitive information to various
known
organizations:},reference={communicating-sensitive-information-to-various-known-organizations}]
You might be interested in communicating information to some
organization such as the press anonymously.
If you must do so, you should take some steps because you cannot trust
any organization to protect your anonymity\footnote{Praxis Films, Open
Letter from Laura Poitras
\useURL[url2085][https://www.praxisfilms.org/open-letter-from-laura-poitras/]\from[url2085]
\useURL[url2086][https://web.archive.org/web/https://www.praxisfilms.org/open-letter-from-laura-poitras/][][{[}Archive.org{]}]\from[url2086]}.
See \goto{Appendix B1: Checklist of things to verify before sharing
information}[appendix-b1-checklist-of-things-to-verify-before-sharing-information].
For this, we strongly recommend the use of SecureDrop\footnote{Wikipedia,
SecureDrop
\useURL[url2087][https://en.wikipedia.org/wiki/SecureDrop]\from[url2087]
\useURL[url2088][https://wikiless.org/wiki/SecureDrop][][{[}Wikiless{]}]\from[url2088]
\useURL[url2089][https://web.archive.org/web/https://en.wikipedia.org/wiki/SecureDrop][][{[}Archive.org{]}]\from[url2089]}
(\useURL[url2090][https://securedrop.org/]\from[url2090]
\useURL[url2091][https://web.archive.org/web/https://securedrop.org/][][{[}Archive.org{]}]\from[url2091])
which is an open-source project from the Freedom of the Press
Foundation.
\startitemize
\item
Do take a moment to their read their \quotation{source guide} here:
\useURL[url2092][https://docs.securedrop.org/en/stable/source.html]\from[url2092]
\useURL[url2093][https://web.archive.org/web/https://docs.securedrop.org/en/stable/source.html][][{[}Archive.org{]}]\from[url2093]
\item
Ideally, you should use SecureDrop over Tor and you will find a
curated list of those here
\useURL[url2094][https://github.com/alecmuffett/real-world-onion-sites\#securedrop]\from[url2094]
\useURL[url2095][https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites\#securedrop][][{[}Archive.org{]}]\from[url2095]
\stopitemize
If not SecureDrop is not available, you could consider any other means
of communication, but you should privilege those that are encrypted end
to end. {\bf Do not ever do this from your real identity but only from a
secure environment using an anonymous identity.}
Without SecureDrop you could consider:
\startitemize
\item
Using e-mail with GPG encryption provided your recipient has published
a GPG key somewhere. You can look this up here:
\startitemize
\item
On their verified Social Media accounts (Twitter) if they provided
it.
\item
On \useURL[url2096][https://keybase.io]\from[url2096] (Tor address
\useURL[url2097][http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion]\from[url2097])
\item
On open PGP directories such as: {\bf (be careful as those are
public directories and anyone can upload any key for any e-mail
address, you will have to cross-check the signature with other
platforms to be sure it is theirs).}
\startitemize
\item
\useURL[url2098][https://pgp.mit.edu/]\from[url2098]
\item
\useURL[url2099][https://keyserver.ubuntu.com/]\from[url2099]
\item
\useURL[url2100][https://keys.openpgp.org]\from[url2100]
\stopitemize
\stopitemize
\item
Using any other platform (even Twitter DMs) but again using GPG to
encrypt the message for the recipient.
\stopitemize
What you should avoid:
\startitemize
\item
Do not send physical materials using the post due to the risk of
leaving DNA/Fingerprints or other traceable information (see
\goto{Cash-Paid VPN (preferred)}[cashmonero-paid-vpn]).
\item
Do not use methods linked to a phone number (even a burner one) such
as Signal/WhatsApp/Telegram.
\item
Do not use any kind of voice/video communication.
\item
Do not leak any clues about your real identity when exchanging
messages.
\item
Do not meet people in real life unless you have absolutely no other
option (this is a last resort option).
\stopitemize
If you intend to break your anonymity to protect your safety:
\startitemize
\item
Assess the risks very carefully first.
\item
Inform yourself carefully on the legality/safety of your intent and
the consequences for you and others. Think about it carefully.
\item
Possibly reach out to a {\bf trusted} lawyer before doing so.
\stopitemize
\subsubsection[title={Maintenance tasks:},reference={maintenance-tasks}]
\startitemize
\item
You should sign-up carefully into your accounts from time to time to
keep them alive.
\item
Check your e-mail regularly for security checks and any other account
notification.
\item
Check regularly the eventual appearance of compromise of any of your
identities using
\useURL[url2101][https://haveibeenpwned.com/]\from[url2101]
\useURL[url2102][https://web.archive.org/web/https://haveibeenpwned.com/][][{[}Archive.org{]}]\from[url2102]
(obviously from a safe environment).
\stopitemize
\section[title={Backing up your work
securely:},reference={backing-up-your-work-securely}]
{\bf Do not ever upload encrypted file containers with plausible
deniability (hidden containers within them) to most cloud services
(iCloud, Google Drive, OneDrive, Dropbox) without safety precautions.
This is because most cloud services keep backups/versioning of your
files, and such backups/versioning of your encrypted containers can be
used for differential analysis to prove the existence of a hidden
container.}
Instead, this guide will recommend other methods of backing up your
stuff safely.
\subsection[title={Offline Backups:},reference={offline-backups}]
These backups can be done on an external hard drive or a USB key. Here
are the various possibilities.
\subsubsection[title={Selected Files
Backups:},reference={selected-files-backups}]
\subsubsubsection[title={Requirements:},reference={requirements}]
For these back-ups, you will need a USB key or an external hard drive
with enough storage capacity to store the files you want to back up.
\subsubsubsection[title={Veracrypt:},reference={veracrypt}]
For this purpose, we will recommend the use of Veracrypt on all
platforms (Linux/Windows/macOS) for convenience, security, and
portability.
\subsubsubsection[title={Normal File
containers:},reference={normal-file-containers}]
The process is fairly simple and all you will need is to follow
Veracrypt tutorial here:
\useURL[url2103][https://www.veracrypt.fr/en/Beginner\%27s\%20Tutorial.html][][https://www.veracrypt.fr/en/Beginner\letterpercent{}27s\letterpercent{}20Tutorial.html]\from[url2103]
\useURL[url2104][https://web.archive.org/web/https://www.veracrypt.fr/en/Beginner\%27s\%20Tutorial.html][][{[}Archive.org{]}]\from[url2104]
In this container, you can then store sensitive data manually and or use
any backup utility you want to backup files from the OS to that
container.
You can then store this container anywhere safely.
\subsubsubsection[title={Hidden File containers with plausible
deniability:},reference={hidden-file-containers-with-plausible-deniability}]
The process is also fairly simple and similar to the earlier tutorial
except for this time you will use the Veracrypt wizard to create a
Hidden Veracrypt Volume instead of a Standard Veracrypt Volume.
You can create a Hidden volume within an existing Standard Volume or
just use the wizard to create a new one.
Let us say you want a container of 8GB, the Wizard will first create an
\quotation{outer volume} where you will be able to store decoy
information when prompted. Some decoy files (somewhat sensible,
plausible but not what you want to hide) should be stored in the decoy
volume.
Then Veracrypt will ask you to create a smaller hidden container (for
instance 2GB or 4GB) within the outer volume where you can store your
actual hidden files.
When you select the file for mounting in Veracrypt, depending on which
password you provide, it will mount the Outer decoy volume or the Hidden
volume.
You can then mount your hidden volume and use it to store sensitive
files normally.
{\bf Be careful when mounting the Outer decoy volume to update its
content. You should protect the hidden volume from being overwritten
when doing this as working in the decoy volume could overwrite data in
the hidden volume.}
To do this, when mounting the Decoy Volume, select Mount Options and
Check the \quotation{Protect hidden volume} option and provide the
hidden volume password on the same screen. Then mount the decoy volume.
This will protect the hidden volume from being overwritten when changing
the decoy files. This is also explained here in Veracrypt documentation:
\useURL[url2105][https://www.veracrypt.fr/en/Protection\%20of\%20Hidden\%20Volumes.html][][https://www.veracrypt.fr/en/Protection\letterpercent{}20of\letterpercent{}20Hidden\letterpercent{}20Volumes.html]\from[url2105]
\useURL[url2106][https://web.archive.org/web/https://www.veracrypt.fr/en/Protection\%20of\%20Hidden\%20Volumes.html][][{[}Archive.org{]}]\from[url2106]
{\bf Be extremely cautious with these file containers:}
\startitemize
\item
{\bf Do not store multiple versions of them or store them anywhere
where some versioning is being done (by the file system or the storage
system). These file containers should be identical everywhere you
store them. If you have a backup of such containers somewhere, it
needs to be absolutely identical to the one you are using. If you do
not take this precaution, an adversary could compare two different
versions of this container and prove the existence of hidden data.
Follow carefully the recommendations here
\useURL[url2107][https://www.veracrypt.fr/en/Security\%20Requirements\%20for\%20Hidden\%20Volumes.html][][https://www.veracrypt.fr/en/Security\letterpercent{}20Requirements\letterpercent{}20for\letterpercent{}20Hidden\letterpercent{}20Volumes.html]\from[url2107]}
\useURL[url2108][https://web.archive.org/web/https://www.veracrypt.fr/en/Security\%20Requirements\%20for\%20Hidden\%20Volumes.html][][{[}Archive.org{]}]\from[url2108]{\bf .
Remember the \goto{Local Data Leaks and
Forensics:}[local-data-leaks-and-forensics] section.}
\item
We strongly recommend storing such containers on external USB keys
that you will only mount from your guest VMs and never from your Host
OS. {\bf After each modification to the files, you should clean the
free space on the USB disk and make sure that any backup of such
containers is absolutely identical on each key and your computer. See
the \goto{How to securely delete specific files/folders/data on your
HDD/SSD and Thumb
drives}[how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives]
section of this guide for help on doing this.}
\item
If you have time, {\bf We will even recommend that you delete wipe the
keys completely before making any modification on such containers on
your computer (if you do not work from the USB key directly).} This is
to prevent an adversary that would seize your assets before you could
update the keys from having multiple versions of the containers that
could lead to proving the existence of hidden data using forensics
techniques.
\item
{\bf Do not ever store such containers on cloud storage platforms that
have backups and where you have no direct control over permanent
deletion. They might keep \quotation{old versions} of your files which
can then also be used by forensics to prove the existence of hidden
data.}
\item
If you are mounting the hidden volume from your Host OS ({\bf not
recommended}), you should erase all traces of this hidden volume
everywhere after use. There could be traces in various places (system
logs, file systems journaling, recent documents in your applications,
indexing, registry entries\ldots{}). Refer to the \goto{Some
additional measures against
forensics}[some-additional-measures-against-forensics] section of this
guide to remove such artifacts. Especially on Windows. Instead, you
should mount them on your Guest VMs. With Virtualbox for instance, you
could take a snapshot of the VM before opening/working the hidden
volume and then restore the snapshot before opening/working on it
after use. This should erase the traces of its presence and mitigate
the issue. Your Host OS might keep logs of the USB key being inserted
but not of the hidden volume usage. Therefore, we do not recommend
using these from your host OS.
\item
Do not store these on external SSD drives if you are not sure you can
use Trim on them (see the \goto{Understanding HDD vs
SSD}[understanding-hdd-vs-ssd] section).
\stopitemize
\subsubsection[title={Full Disk/System
Backups:},reference={full-disksystem-backups}]
{\bf TLDR version: Just use Clonezilla as it worked reliably and
consistently with all my tests on all operating systems except for Macs
where you should probably use native utilities (Time Machine/Disk
utility instead) to avoid compatibility issues and since you are using
Native macOS encryption. When using Windows, do not back up a partition
containing a hidden OS in case you use Plausible Deniability} (as
explained before, this backup could allow an adversary to prove the
existence of the hidden OS by comparing the last backup to the current
system where data will have changed and defeat plausible deniability,
use file containers instead).
You will have two options here:
\startitemize
\item
(Not recommended) Doing your backup from the live operating system
using a backup utility (commercial utilities such as EaseUS Todo Free,
Macrium Reflect\ldots{}) or native utilities like macOS Time Machine,
QubesOS Backup, Ubuntu Déjà Dup, or Windows Backup\ldots{}).
\startitemize
\item
This backup can be done while the Operating System is running.
\item
This backup will not be encrypted using the disk encryption but
using the Backup utility encryption algorithm (which you will have
to trust and cannot really control for most). Alternatively, you
could encrypt the backup media yourself separately (for instance
with Veracrypt). We are not aware of any free or non-free utility
that natively supports Veracrypt.
\item
Some utilities will allow for differential/incremental backups
instead of full backups.
\item
These backup utilities will not be able to restore your encrypted
drive as-is as they do not support those encrypted file systems
natively. And so, these will require more work to restore your
system in an encrypted state (re-encryption after restoring).
\stopitemize
\item
(Recommended) Doing it offline from a boot drive (such as with the
free open-source Clonezilla).
\startitemize
\item
This backup can only be done while the Operating System is not
running.
\item
This backup will back up the encrypted disk as-is and therefore will
be encrypted by default with the same mechanism (it is more like a
fire and forget solution). The restore will also restore the
encryption as-is and your system will immediately be ready to use
after a restore.
\item
This method will not allow incremental/differential back-ups
(meaning you will have to re-do a full backup every time).
\item
This method is the easiest to manage.
\stopitemize
\stopitemize
We made extensive testing using live backups utilities (Macrium Reflect,
EaseUS Todo Reflect, Déjà Dup\ldots{}) and personally we do not think it
is worth it. Instead, we would recommend that you periodically back up
your system with a simple Clonezilla image. It is much easier to
perform, much easier to restore, and usually works reliably without
issues in all cases. And contrary to many beliefs, it is not that slow
with most backups taking about an hour depending on the speed of your
destination media.
For backing up single files while you work, we recommend using file
containers or encrypted media directly and manually as explained in the
earlier section.
\subsubsubsection[title={Requirements:},reference={requirements-1}]
You will need a separate external drive with at least the same or more
free space available than your source disk. If your laptop has a 250GB
disk. You will need at least 250GB of free disk space for the full image
backup. Sometimes this will be reduced significantly with compression by
the backup utility but as a safety rule, you should have at least the
same or more space on your backup drive.
\subsubsubsection[title={Some general warnings and
considerations:},reference={some-general-warnings-and-considerations}]
\startitemize
\item
If you use Secure Boot, you will need a backup utility that supports
Secure Boot which includes Clonezilla AMD64 versions.
\item
Consider the use of exFAT as the file system for your backup drives as
those will provide better compatibility between various OSes (macOS,
Linux, and Windows) vs NTFS/HFS/ext4\ldots{}
\stopitemize
\subsubsubsection[title={Linux:},reference={linux-1}]
\subsubsubsubsection[title={Ubuntu (or any other distro of
choice):},reference={ubuntu-or-any-other-distro-of-choice}]
We will recommend the use of the open-source Clonezilla utility for
convenience and reliability but there are many other native Linux
utilities and methods you could use for this purpose.
So, you should follow the steps in \goto{Appendix E:
Clonezilla}[appendix-e-clonezilla]
\subsubsubsubsection[title={QubesOS:},reference={qubesos}]
Qubes OS recommends using their own utility for backups as documented
here
\useURL[url2109][https://www.qubes-os.org/doc/backup-restore/]\from[url2109]
\useURL[url2110][https://web.archive.org/web/https://www.qubes-os.org/doc/backup-restore/][][{[}Archive.org{]}]\from[url2110].
But it is just a hassle and provides limited added value unless you just
want to back up a single Qube. So instead, we are also recommending just
making a full image with Clonezilla which will remove all the hassle and
bring you back a working system in a few simple steps.
So, you should follow the steps in \goto{Appendix E:
Clonezilla}[appendix-e-clonezilla]
\subsubsubsection[title={Windows:},reference={windows-1}]
We will only recommend the use of the open-source and free Clonezilla
utility for this purpose. There are commercial utilities that offer the
same functionality, but we do not see any advantage in using any of them
vs Clonezilla.
Some warnings:
\startitemize
\item
If you use Bitlocker for encryption with TPM\footnote{Wikipedia, TPM
\useURL[url2111][https://en.wikipedia.org/wiki/Trusted_Platform_Module]\from[url2111]
\useURL[url2112][https://wikiless.org/wiki/Trusted_Platform_Module][][{[}Wikiless{]}]\from[url2112]
\useURL[url2113][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trusted_Platform_Module][][{[}Archive.org{]}]\from[url2113]}
enabled, you might need to save your Bitlocker Key (safely) somewhere
as well as this might be needed to restore your drive if your HDD/SSD
or other hardware parts changed. Another option would be to use
Bitlocker without the use of TPM which would not require this option.
But again, we do not recommend using Bitlocker at all.
\item
You should always have a backup of your Veracrypt rescue disk at hand
somewhere to be able to resolve some issues that might still appear
after a restore. Remember this rescue disk does not contain your
passphrase or any sensitive information. You can store it as is.
\item
If you changed the HDD/SSD after a failure, Windows 10/11 may refuse
to boot if your hard drive ID is changed. You should also save this ID
before backing up as you might need to change the ID of the new drive
as Windows 10/11 might require a matching ID before booting. See
\goto{Appendix F: Diskpart}[appendix-f-diskpart]
\item
{\bf In case you are using Plausible Deniability on Windows. DO NOT
back up the hidden OS partition as this image could be used by
Forensics to prove the existence of the hidden volume as explained
earlier. It is okay to back up the Decoy OS partition without issues,
but you should never back up the partition containing the Hidden OS.}
\stopitemize
Follow the steps in \goto{Appendix E: Clonezilla}[appendix-e-clonezilla]
\subsubsubsection[title={macOS:},reference={macos-1}]
we would recommend just using the native Time Machine backup with
encryption (and a strong passphrase that could be the same as your OS)
as per the guides provided at Apple:
\useURL[url2114][https://support.apple.com/en-ie/guide/mac-help/mh21241/mac]\from[url2114]
\useURL[url2115][https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh21241/mac][][{[}Archive.org{]}]\from[url2115]
and
\useURL[url2116][https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0]\from[url2116]
\useURL[url2117][https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0][][{[}Archive.org{]}]\from[url2117].
So, plug in an external drive and it should prompt you to use it as a
Time Machine backup.
{\bf You should however consider formatting this drive as exFAT so that
it is also usable by other OSes conveniently (Windows/Linux) without
added software using this guide:
\useURL[url2118][https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac]\from[url2118]}
\useURL[url2119][https://web.archive.org/web/https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac][][{[}Archive.org{]}]\from[url2119]
It is just simpler and will work online while you work. You will be able
to recover your data on any other Mac from the recovery options and you
will be also able to use this disk for backing up other devices.
It is possible to also use Clonezilla to clone your Mac Hard Drive, but
it could bring hardware compatibility issues and probably will not add
much in terms of security. So, for macOS, We are not specifically
recommending Clonezilla.
\subsection[title={Online Backups:},reference={online-backups}]
\subsubsection[title={Files:},reference={files}]
This is a tricky one. The problem is that it depends on your threat
model.
\startitemize
\item
{\bf TLDR: Do not store file containers with plausible deniability
(Veracrypt) online.} If you use containers with plausible deniability,
you should never store them on any platform where you do not have full
control over the deletion process as the platform will most likely
have backups of previous versions for some time. And again, these
previous versions could allow forensics to prove the existence of
hidden data and defeat plausible deniability. This includes platforms
like DropBox, Google Drive, OneDrive, or others. The only acceptable
online storage of those could be \quotation{cold storage} (meaning you
will never change those files again and just keep them away untouched
compared to any local version).
\item
If you use normally encrypted backups without plausible deniability,
you could store them pretty much anywhere if they are properly
encrypted locally before uploading (for example with Veracrypt, using
strong passphrases and encryption). {\bf Do not ever trust the
encryption of any online provider. Only trust your own local
encryption (using Veracrypt for instance).} For these cases, you could
store your backups pretty much anywhere in the accounts of your online
identities (iCloud, Google Drive, DropBox\ldots{}) if they are
strongly encrypted locally before uploading. But you could also prefer
privacy caring services such as Cryptpad.fr (1GB).
\stopitemize
Obviously do not ever do/access those backups from unsecured/unsafe
devices but only from the secure environments, you picked before.
\subsubsubsection[title={Self-hosting:},reference={self-hosting}]
Self-hosting (using Nextcloud for instance) is also a possibility
provided you do have an anonymous hosting
{\bf Please see \goto{Appendix A1: Recommended VPS hosting
providers}[appendix-a1-recommended-vps-hosting-providers].}
Please also consider \goto{Appendix B2: Monero
Disclaimer}[appendix-b2-monero-disclaimer].
\subsubsubsection[title={Cloud-hosting:},reference={cloud-hosting}]
For smaller files, consider:
\startitemize
\item
Cryptpad.fr (\useURL[url2120][https://cryptpad.fr/]\from[url2120]):
Free tier limited to 1GB total and recommended by PrivacyGuides.org at
\useURL[url2121][https://privacyguides.org/cloud/]\from[url2121]
\useURL[url2122][https://web.archive.org/web/https://privacyguides.org/cloud/][][{[}Archive.org{]}]\from[url2122]
\item
Filen (\useURL[url2123][https://filen.io/]\from[url2123]): free tier
limited to 10GB total
\stopitemize
We are currently not aware of any online storage/hosting platform
accepting cash payments unlike providers mentioned before.
If you do intend to store sensitive data on \quotation{mainstream
platforms} (Dropbox, Google Drive, OneDrive\ldots{}), {\bf remember not
to ever store plausible deniability containers on those and remember to
encrypt and check (for metadata\ldots{}) anything locally before
uploading there}. Either with software like Veracrypt or with a software
like Cryptomator
(\useURL[url2124][https://cryptomator.org/]\from[url2124]). Do not ever
upload non-encrypted files on those platforms and repeating myself, only
access them from a secure shielded VM.
\subsubsection[title={Information:},reference={information}]
If you just want to save information (text), we will recommend the use
of secure and private pastebins\footnote{Wikipedia, Pastebin
\useURL[url2125][https://en.wikipedia.org/wiki/Pastebin]\from[url2125]
\useURL[url2126][https://wikiless.org/wiki/Pastebin][][{[}Wikiless{]}]\from[url2126]
\useURL[url2127][https://web.archive.org/web/https://en.wikipedia.org/wiki/Pastebin][][{[}Archive.org{]}]\from[url2127]}.
Mostly we will stick to the ones recommended by PrivacyGuides.org
(\useURL[url2128][https://www.privacyguides.org/productivity/\#paste-services]\from[url2128]
\useURL[url2129][https://web.archive.org/web/https://www.privacyguides.org/productivity/\#paste-services][][{[}Archive.org{]}]\from[url2129]
) :
\startitemize
\item
\useURL[url2130][https://privatebin.info/]\from[url2130]
\item
\useURL[url2131][https://cryptpad.fr/pad/]\from[url2131]
\stopitemize
On these providers, you can just create a password-protected pad with
the information you want to store.
Just create a pad, protect it with a password and write your info in it.
Remember the address of the pad.
\subsection[title={Synchronizing your files between devices
Online:},reference={synchronizing-your-files-between-devices-online}]
To that, the answer is very simple and a clear consensus for everyone:
\useURL[url2132][https://syncthing.net/]\from[url2132]
\useURL[url2133][https://web.archive.org/web/https://syncthing.net/][][{[}Archive.org{]}]\from[url2133]
Just use SyncThing, it is the safest and most secure way to synchronize
between devices, it is free and open-source, and it can easily be used
in a portable way without install from a container that needs syncing.
\section[title={Covering your tracks:},reference={covering-your-tracks}]
\subsection[title={Understanding HDD vs
SSD:},reference={understanding-hdd-vs-ssd}]
\placefigure{image41}{\externalfigure[./tex2pdf.-1a34188c73046814/f714cdfaa68a568871b0d69fadeb3d0807ee782e.png]}
If you intend to wipe your whole HDD laptop, the process is rather
straightforward. The data is written at a precise location on a magnetic
(hard) platter (why it is called a hard drive) and your OS knows
precisely where it is on the platter, where to delete it, and where to
overwrite it for secure deletion using simple processes (like just
overwriting that location over and over until no traces are left).
On the other hand, if you are using an SSD drive, the process is not as
simple as the drive uses several internal mechanisms to extend its
lifespan and performance. Three of those processes are of particular
interest when it comes to us in this guide. SSD drives are divided
themselves into two main categories:
\startitemize
\item
ATA Drives (usually SATA and usually 2.5" format as the image above).
\item
NVMe Drives (usually M.2 format as the illustration below).
\stopitemize
Here are examples of the most common formats:
\placefigure{image42}{\externalfigure[./tex2pdf.-1a34188c73046814/eec357c2a4f93c6863432df1ca7e8ddf486f7007.png]}
All of these are sold as internal and external drives within enclosures.
The methods and utilities to manage/wipe them will vary depending on the
type of drive you are using. So, it is important you know which one you
have inside your laptop.
{\bf On most recent laptops, chances are high that it will be one of the
middle options (M.2 SATA or M.2 NVMe).}
\subsubsection[title={Wear-Leveling.},reference={wear-leveling.}]
These drives use a technique called wear leveling\footnote{Wikipedia,
Wear Leveling
\useURL[url2134][https://en.wikipedia.org/wiki/Wear_leveling]\from[url2134]
\useURL[url2135][https://wikiless.org/wiki/Wear_leveling][][{[}Wikiless{]}]\from[url2135]
\useURL[url2136][https://web.archive.org/web/https://en.wikipedia.org/wiki/Wear_leveling][][{[}Archive.org{]}]\from[url2136]}.
At a high level, wear leveling works as follows. The space on every disk
is divided into blocks that are themselves divided into pages, like the
chapters in a book are made of pages. When a file is written to disk, it
is assigned to a certain set of pages and blocks. If you wanted to
overwrite the file in an HDD, then all you would have to do is tell the
disk to overwrite those blocks. But in SSDs and USB drives, erasing and
re-writing the same block can wear it out. Each block can only be erased
and rewritten a limited number of times before that block just will not
work anymore (the same way if you keep writing and erasing with a pencil
and paper, eventually the paper might rip and be useless). To counteract
this, SSDs and USB drives will try to make sure that the number of times
each block has been erased and rewritten is about the same so that the
drive will last as long as possible (thus the term wear leveling). As a
side effect, sometimes instead of erasing and writing the block, a file
was originally stored on, the drive will instead leave that block alone,
mark it as invalid, and just write the modified file to a different
block. This is like leaving the chapter in the book unchanged, writing
the modified file on a different page, and then just updating the book's
table of contents to point to the new location. All of this occurs at a
very low level in the electronics of the disk, so the operating system
does not even realize it has happened. This means, however, that even if
you try to overwrite a file, there is no guarantee the drive will
actually overwrite it, and that's why secure deletion with SSDs is so
much harder.
Wear-leveling alone can therefore be a disadvantage for security and an
advantage for adversaries such as forensics examiners. This feature
makes classic \quotation{secure deletion} counter-productive and useless
and is why this feature was removed on some Operating Systems like macOS
(as from version 10.11 El Capitan) where you could enable it before on
the Recycle Bin.
Most of those old secure deletion utilities were written with HDD in
mind and have no control over wear-leveling and are completely pointless
when using an SSD. Avoid them on an SSD drive.
\subsubsection[title={Trim Operations:},reference={trim-operations}]
So, what now? Well here comes the Trim\footnote{Wikipedia, Trim
\useURL[url2137][https://en.wikipedia.org/wiki/Write_amplification\#TRIM]\from[url2137]
\useURL[url2138][https://wikiless.org/wiki/Write_amplification][][{[}Wikiless{]}]\from[url2138]
\useURL[url2139][https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification][][{[}Archive.org{]}]\from[url2139]}
operation. When you delete data on your SSD, your OS should support what
is called a Trim operation command and {\bf could (should)} issue this
Trim command to the SSD drive periodically (daily, weekly,
monthly\ldots{}). This Trim command will then let know the SSD drive
controller that there are pages within blocks containing data that are
now free to be really deleted without deleting anything itself.
Trim should be enabled by default on all modern Operating Systems
detecting an SSD drive covered in this guide (macOS, Windows 10/11,
Ubuntu, Qubes OS 4.1.x \ldots{}).
If Trim operations are not done regularly (or at all), then the data is
never deleted pro-actively and at some point, all the blocks and pages
will be occupied by data. Your OS will not see this and will just see
free space as you delete files, but your SSD controller will not (this
is called Write Amplification\footnote{Wikipedia, Write Amplification
\useURL[url2140][https://en.wikipedia.org/wiki/Write_amplification]\from[url2140]
\useURL[url2141][https://wikiless.org/wiki/Write_amplification][][{[}Wikiless{]}]\from[url2141]
\useURL[url2142][https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification][][{[}Archive.org{]}]\from[url2142]}).
This will then force the SSD controller to erase those pages and blocks
on the fly which will reduce the write performance. This is because
while your OS/SSD can write data to any free page in any bock, erasure
is only possible on entire blocks, therefore, forcing your SSD to
perform many operations to write new data. Overwriting is just not
possible. This will defeat the wear-leveling system and cause
performance degradation of your SSD over time. Every time you delete a
file on an SSD, your OS should issue a Trim command along with the
deletion to let the SSD controller know the pages containing the file
data are now free for deletion.
{\bf So, Trim itself does not delete any data but just marks it for
deletion.} Data deleted without using Trim (if Trim has been
disabled/blocked/delayed for instance) will still be deleted at some
point by the SSD garbage collection or if you want to overwrite what the
OS sees at free space. But it might stick around for a bit longer than
if you use Trim.
Here is an illustration from Wikipedia showing how it works on an SSD
drive:
\placefigure{image43}{\externalfigure[./tex2pdf.-1a34188c73046814/83059567ea6b8d9938d0c0df3a7cd07e84a78ba1.png]}
As you can see in the above illustration, data (from a file) will be
written to the four first pages of Block X. Later new data will be
written to the remaining pages and the data from the first files will be
marked as invalid (for instance by a Trim operation when deleting a
file). As explained on
\useURL[url2143][https://en.wikipedia.org/wiki/Trim_(computing)]\from[url2143]
\useURL[url2144][https://wikiless.org/wiki/Trim_(computing)][][{[}Wikiless{]}]\from[url2144]
\useURL[url2145][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)][][{[}Archive.org{]}]\from[url2145];
the erase operation can only be done on entire blocks (and not on single
pages).
In addition to marking files for deletion (on reputable SSD drives),
Trim usually makes those unreadable using a method called
\quotation{Deterministic Read After Trim} or \quotation{Deterministic
Zeroes After Trim}. This means that if an adversary tries to read data
from a trimmed page/block and somehow manages to disable garbage
collection, the controller will not return any meaningful data.
{\bf Trim is your ally and should always be enabled when using an SSD
drive and should offer sufficient reasonable protection}. And this is
also the reason you should not use Veracrypt Plausible deniability on a
Trim enabled SSD as this feature is incompatible with Trim\footnote{Wikipedia,
Trim Disadvantages
\useURL[url2146][https://en.wikipedia.org/wiki/Trim_(computing)\#Disadvantages]\from[url2146]
\useURL[url2147][https://wikiless.org/wiki/Trim_(computing)][][{[}Wikiless{]}]\from[url2147]
\useURL[url2148][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)][][{[}Archive.org{]}]\from[url2148]}.
\subsubsection[title={Garbage
Collection:},reference={garbage-collection}]
Garbage collection\footnote{Wikipedia, Garbage Collection
\useURL[url2149][https://en.wikipedia.org/wiki/Write_amplification\#Garbage_collection]\from[url2149]
\useURL[url2150][https://wikiless.org/wiki/Write_amplification][][{[}Wikiless{]}]\from[url2150]
\useURL[url2151][https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification][][{[}Archive.org{]}]\from[url2151]}
is an internal process running within your SSD drive that looks for data
marked for erasure. This process is done by the SSD controller, and you
have no control over it. If you go back to the illustration above, you
will see that Garbage collection is the last step and will notice that
some pages are marked for deletion in a specific block, then copy the
valid pages (not marked for deletion) to a different free destination
block and then will be able to erase the source block entirely.
Garbage collection in itself does NOT require Trim to function, but it
will be much faster and more efficient if Trim is performed. Garbage
collection is one of the processes that will actually erase data from
your SSD drive permanently.
\subsubsection[title={Conclusion:},reference={conclusion-4}]
So, the fact is that it is very unlikely\footnote{Techgage, Too TRIM?
When SSD Data Recovery is Impossible
\useURL[url2152][https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/]\from[url2152]
\useURL[url2153][https://web.archive.org/web/https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/][][{[}Archive.org{]}]\from[url2153]}\quote{\footnote{ResearchGate,
Live forensics method for acquisition on the Solid-State Drive (SSD)
NVMe TRIM function
\useURL[url2154][https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function]\from[url2154]
\useURL[url2155][https://web.archive.org/web/https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function][][{[}Archive.org{]}]\from[url2155]}
and difficult for a forensic examiner to be able to recover data from a
Trimmed SSD but it is not completely impossible either\footnote{ElcomSoft,
Life after Trim: Using Factory Access Mode for Imaging SSD Drives
\useURL[url2156][https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/]\from[url2156]
\useURL[url2157][https://web.archive.org/web/https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/][][{[}Archive.org{]}]\from[url2157]}}\footnote{Forensic
Focus, Forensic Acquisition Of Solid State Drives With Open Source
Tools
\useURL[url2158][https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/]\from[url2158]
\useURL[url2159][https://web.archive.org/web/https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/][][{[}Archive.org{]}]\from[url2159]}'\footnote{ResearchGate,
Solid State Drive Forensics: Where Do We Stand?
\useURL[url2160][https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand]\from[url2160]
\useURL[url2161][https://web.archive.org/web/https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand][][{[}Archive.org{]}]\from[url2161]}
if they are fast enough and have access to extensive equipment, skills,
and motivation\footnote{BleepingComputer, Firmware attack can drop
persistent malware in hidden SSD area
\useURL[url2162][https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/]\from[url2162]
\useURL[url2163][https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/][][{[}Archive.org{]}]\from[url2163]}.
Within the context of this guide which also uses full disk encryption.
Deletion and Trim should be reasonably secure enough on any SSD drive
and will be recommended as the standard method of deletion.
\subsection[title={How to securely wipe your whole Laptop/Drives if you
want to erase
everything:},reference={how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything}]
\placefigure{image44}{\externalfigure[./tex2pdf.-1a34188c73046814/e527d2bd40752c865c72d972115864784dfee63f.png]}
So, you want to be sure. To achieve 100\letterpercent{} secure deletion
on an SSD drive, you will need to use specific SSD techniques (If you
are using an HDD drive, skip this part and go to your OS of choice):
\startitemize
\item
Easy options for less experienced users:
\startitemize
\item
If available, just use the Secure Erase option available from your
BIOS/UEFI (ATA/NVME Secure Erase or Sanitize).
\startitemize[packed]
\item
It's worth noting that this relies on your drive's firmware. Some
drive manufacturers have messed up the implementation, causing
data to still be recoverable.
\stopitemize
\item
Just re-install a fresh operating system (delete/quick format the
drive) and re-encrypt it. The full disk encryption process should
erase all previous data from the disk.
\item
Buy PartedMagic\footnote{Wikipedia, Parted Magic
\useURL[url2164][https://en.wikipedia.org/wiki/Parted_Magic]\from[url2164]
\useURL[url2165][https://wikiless.org/wiki/Parted_Magic][][{[}Wikiless{]}]\from[url2165]
\useURL[url2166][https://web.archive.org/web/https://en.wikipedia.org/wiki/Parted_Magic][][{[}Archive.org{]}]\from[url2166]}
for 11\$ and use it to erase any disk.
\stopitemize
\item
Technical options for more advanced users:
\startitemize
\item
Overwrite the entire drive's contents
\startitemize[packed]
\item
HDDs:
\startitemize[packed]
\item
Overwrite the drive's contents using a tool like
\useURL[url2167][https://www.howtogeek.com/425232/how-to-securely-delete-files-on-linux/][][srm]\from[url2167],
\useURL[url2168][https://linux.die.net/man/1/wipe][][wipe]\from[url2168],
\useURL[url2169][https://recoverit.wondershare.com/harddrive-tips/format-and-wipe-linux-disk.html][][shred,
etc.]\from[url2169]. Ideally you want to use the Gutmann method,
which was created for most effective data erasure on all drives.
This method also works on SSDs, although it is overkill.
\item
Simply overwriting the drive's contents is not always enough.
Dedicated secure deletion tools are designed to perform multiple
passes to more effectively wipe data. This is expecially
important on older drives. we recommend using either \type{wipe}
or \type{srm}.
\startitemize[packed]
\item
If using \type{wipe}, just use its default options
(\type{wipe /dev/sdX}), as the defaults are tuned to most
effectively wipe data on HDDs.
\item
If using \type{srm}, make sure to manually specify that it
should perform a Gutmann wipe (\type{srm -G /dev/sdX}).
\stopitemize
\stopitemize
\item
SSDs:
\startitemize[packed]
\item
Overwrite the drive's contents. Tools like wipe or shred are
often overkill, as they perform up to 35 passes. While they
work, most SSDs require no more than a couple passes.
\item
Use \type{wipe} with only a couple passes:
\type{wipe -qQ2 /dev/sdX}.
\startitemize[packed]
\item
\type{-qQ2} means 2 passes. Replace \type{2} with the desired
number of passes.
\stopitemize
\item
Use \type{srm} with a 3-pass overwrite: \type{srm -P /dev/sdX}.
\item
Use \type{dd}:
\type{dd if=/dev/urandom of=/dev/sdX bs=8M status=progress conv=fsync}.
This command will overwrite the drive with random data. To
perform multiple passes (I recommend at least 2), simply run the
command again until you're satisfied.
\startitemize[packed]
\item
The reason you run it twice is because SSDs have hidden
(\quotation{overprovisioned}) storage which can contain
remnants of deleted data. Wiping twice forces the drive to
wipe its overprovisioned storage. This is only guaranteed to
work if each pass writes different data (which is why we wipe
with random data on each pass).
\item
\type{bs=8M} writes 8MiB blocks at a time. This doesn't affect
the quality of the data deletion, but adjusting it could
affect how long it takes to wipe the drive.
\stopitemize
\stopitemize
\stopitemize
\item
ATA/NVMe Secure Erase: This method will remove the mapping table
that keeps track of allocated data on the storage Blocks but does
not destroy the actual data.
\item
ATA/NVMe Sanitize Crypto Scramble (aka Instant Secure Erase, Crypto
Erase), which applies to self-encrypting SSD drives: This method
will change the encryption key of the self-encrypting SSD drive and
render all the data stored in it unreadable.
\item
ATA/NVMe Sanitize Block Erase: This method performs an actual block
erase on every storage block and will destroy the data and change
the encryption key if present.
\item
ATA/NVMe Sanitize Overwrite {\bf (terribly slow, could be dangerous
and not recommended)}: This method performs a block erase and then
overwrite every storage block (it is the same as Block Erase but
will overwrite data in addition). This method is overkill and not
necessary.
\stopitemize
\item
Physical Destruction:
\startitemize
\item
HDDs:
\startitemize[n][stopper=.]
\item
Open the drive (with a screwdriver, usually Torx T8)
\item
Remove platters (with a screwdriver, usually Torx T6)
\item
Rub the platters with a rare earth magnet
\item
Break/Deform/Crush the platters
\item
Burn the platters or cook them in an oven ({\bf do not} skip this
step)
\item
Separate the debris
\item
Throw away in separate places
\stopitemize
\item
SSDs:
\startitemize[packed]
\item
Ideally you should wipe the drive through other means first, as
this method alone is not known to be secure against all attackers
\stopitemize
\startitemize[n][stopper=.]
\item
Open the drive
\item
Break/Crush the board and memory cells
\item
Burn them
\item
Separate the debris
\item
Throw away in separate places
\stopitemize
\item
Bonus: See
\useURL[url2170][https://www.youtube.com/watch?v=-bpX8YvNg6Y]\from[url2170]
\useURL[url2171][https://yewtu.be/watch?v=-bpX8YvNg6Y][][{[}Invidious{]}]\from[url2171]
\stopitemize
\stopitemize
For maximum overkill paranoia security, Sanitize Block Erase option
should be preferred but Secure Erase is probably more than enough when
considering your drive is already encrypted. Unfortunately, are no
{\bf free} easy (bootable with a graphical menu) all-in-one tools
available and you will be left with either going with drive
manufacturers provided tools, the free manual hdparm\footnote{Wikipedia,
hdparm
\useURL[url2172][https://en.wikipedia.org/wiki/Hdparm]\from[url2172]
\useURL[url2173][https://wikiless.org/wiki/Hdparm][][{[}Wikiless{]}]\from[url2173]
\useURL[url2174][https://web.archive.org/web/https://en.wikipedia.org/wiki/Hdparm][][{[}Archive.org{]}]\from[url2174]}
, and nvme-cli\footnote{GitHub, nvme-cli
\useURL[url2175][https://github.com/linux-nvme/nvme-cli]\from[url2175]
\useURL[url2176][https://web.archive.org/web/https://github.com/linux-nvme/nvme-cli][][{[}Archive.org{]}]\from[url2176]}
utilities or going with a commercial tool such as PartedMagic.
This guide will therefore recommend the use of the free utilities hdparm
and nvme-cli using a Live System Rescue system.
If you can afford it, just buy Parted Magic for 11\$ which provides an
easy-to-use graphical tool for wiping SSD drives using the option of
your choice\footnote{PartedMagic Secure Erase
\useURL[url2177][https://partedmagic.com/secure-erase/]\from[url2177]
\useURL[url2178][https://web.archive.org/web/https://partedmagic.com/secure-erase/][][{[}Archive.org{]}]\from[url2178]}'\footnote{Partedmagic
NVMe Secure Erase
\useURL[url2179][https://partedmagic.com/nvme-secure-erase/]\from[url2179]
\useURL[url2180][https://web.archive.org/web/https://partedmagic.com/nvme-secure-erase/][][{[}Archive.org{]}]\from[url2180]}.
{\bf Note:} {\bf Again, before proceeding, you should check your BIOS as
some will offer a built-in tool to securely erase your drive (ATA/NVMe
Secure Erase or ATA/NVMe Sanitize). If this is available, you should use
that, and the following steps will not be necessary. Check this before
going ahead to avoid the hassle, see \goto{Appendix M: BIOS/UEFI options
to wipe disks in various
Brands}[appendix-m-biosuefi-options-to-wipe-disks-in-various-brands]).}
\subsubsection[title={Linux (all versions including Qubes
OS):},reference={linux-all-versions-including-qubes-os}]
\subsubsubsection[title={System/Internal
SSD:},reference={systeminternal-ssd}]
\startitemize
\item
Option A: Check if your BIOS/UEFI has a built-in option to do so and
if it does, use the correct option (\quotation{ATA/NVMe Secure Erase}
or \quotation{ATA/NVMe Sanitize}). Do not use wipe with passes on an
SSD drive.
\item
Option B: See \goto{Appendix D: Using System Rescue to securely wipe
an SSD
drive.}[appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive.]
\item
Option C: Wipe your disk and re-install Linux with new full disk
encryption to overwrite all sectors with new encrypted data. {\bf This
method will be terribly slow compared to Option A and B as it will
slowly overwrite your whole SSD. Also, note that this might not be the
default behavior when using LUKS. You might have to check the option
to also encrypt the empty space for this effectively wipe the drive.}
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={External SSD:},reference={external-ssd}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
Trim should be sufficient in most cases and you could just use the
blkdiscard command to force an entire device trim as explained here:
\useURL[url2181][https://wiki.archlinux.org/index.php/Solid_state_drive\#Trim_an_entire_device]\from[url2181]
\useURL[url2182][https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive][][{[}Archive.org{]}]\from[url2182]
If your USB controller and USB SSD disk support Trim and ATA/NVMe secure
erase, you could wipe them cautiously using hdparm using the same method
as the System Disk above except you will not install Linux on it
obviously. Keep in mind tho that this is not recommended (see
Considerations above).
If it does not support Trim and/or ATA secure erase, you could (not
securely) wipe the drive normally (without passes like an HDD) and
re-encrypt it completely using your utility of choice (LUKS or Veracrypt
for instance). The full disk decryption and re-encryption process will
overwrite the entirety of the SSD disk and should ensure a secure wipe.
Alternatively, you could also (not securely) wipe the disk normally and
then fill it completely with pseudorandom data which should also ensure
secure deletion (this can be done with BleachBit
\useURL[url2183][https://www.bleachbit.org/download/linux]\from[url2183]
\useURL[url2184][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2184]
or from the command line using secure-delete using this tutorial
\useURL[url2185][https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux]\from[url2185]
\useURL[url2186][https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux][][{[}Archive.org{]}]\from[url2186]).
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={Internal/System
HDD:},reference={internalsystem-hdd}]
\startitemize
\item
Option A: Check if your BIOS/UEFI has a built-in option and use them
and if it does, use the correct option (Wipe + Passes in the case of
an HDD).
\item
Option B: See \goto{Appendix I: Using ShredOS to securely wipe an HDD
drive}[appendix-i-using-shredos-to-securely-wipe-an-hdd-drive]
\item
Option C: Wipe your disk and re-install Linux with new full disk
encryption to overwrite all sectors with new encrypted data. {\bf This
method will be terribly slow compared to Option A and B as it will
slowly overwrite your whole HDD.}
\stopitemize
\subsubsubsection[title={External/Secondary HDD and Thumb
Drives:},reference={externalsecondary-hdd-and-thumb-drives}]
\startitemize
\item
Option A: Follow one of these tutorials:
\startitemize
\item
\useURL[url2187][https://linuxhint.com/completely_wipe_hard_drive_ubuntu/]\from[url2187]
\useURL[url2188][https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/][][{[}Archive.org{]}]\from[url2188]
\item
\useURL[url2189][https://linoxide.com/linux-command/commands-wipe-disk-linux/]\from[url2189]
\useURL[url2190][https://web.archive.org/web/https://linoxide.com/linux-command/commands-wipe-disk-linux/][][{[}Archive.org{]}]\from[url2190]
\item
\useURL[url2191][https://wiki.archlinux.org/index.php/Securely_wipe_disk]\from[url2191]
\useURL[url2192][https://web.archive.org/web/https://wiki.archlinux.org/index.php/Securely_wipe_disk][][{[}Archive.org{]}]\from[url2192]
\stopitemize
\stopitemize
I recommend using dd or shred for this purpose.
\startitemize
\item
Option B: Install and use BleachBit
\useURL[url2193][https://www.bleachbit.org/download/linux]\from[url2193]
\useURL[url2194][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2194]
or follow this EFF tutorial
\useURL[url2195][https://ssd.eff.org/en/module/how-delete-your-data-securely-linux]\from[url2195]
\useURL[url2196][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux][][{[}Archive.org{]}]\from[url2196]
\item
Option C: See \goto{Appendix I: Using ShredOS to securely wipe an HDD
drive}[appendix-i-using-shredos-to-securely-wipe-an-hdd-drive]
\stopitemize
\subsubsection[title={Windows:},reference={windows-2}]
Unfortunately, you will not be able to wipe your Host OS using the
Microsoft built-in tools within the settings. This is because your
bootloader was modified with Veracrypt and will make the operation fail.
In addition, this method would not be effective with an SSD drive.
\subsubsubsection[title={System/Internal
SSD:},reference={systeminternal-ssd-1}]
\startitemize
\item
Option A: Check if your BIOS/UEFI has a built-in option to do so and
if it does, use the correct option (\quotation{ATA/NVMe Secure Erase}
or \quotation{ATA/NVMe Sanitize}). Do not use wipe with passes on an
SSD drive.
\item
Option B: Check \goto{Appendix J: Manufacturer tools for Wiping HDD
and SSD
drives.}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives]
\item
Option C: See \goto{Appendix D: Using System Rescue to securely wipe
an SSD
drive.}[appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive.]
\item
Option D: Wipe your disk and re-install Windows before performing new
full disk encryption (using Veracrypt or Bitlocker) to overwrite all
sectors with new encrypted data. {\bf This method will be slower
compared to Option A and B as it will overwrite your whole SSD.}
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={External SSD:},reference={external-ssd-1}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
Use the manufacturer-provided tools if possible. Those tools should
provide support for safe secure erase or sanitize over USB and are
available for most brands: See \goto{Appendix J: Manufacturer tools for
Wiping HDD and SSD
drives.}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives]
If you are not sure about the Trim support on your USB disk, (not
securely) wipe it normally (simple quick format will do) and then
encrypt the disk again using Veracrypt or Bitlocker. The full disk
decryption and re-encryption process will overwrite the entirety of the
SSD disk and should ensure a secure wipe.
Alternatively, you could also (not securely) wipe the disk normally and
then fill it completely with pseudorandom data which should also ensure
secure deletion (this can be done with BleachBit or PrivaZer free space
erase options). See \goto{Extra Tools Cleaning}[extra-tools-cleaning].
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={Internal/System
HDD:},reference={internalsystem-hdd-1}]
\startitemize
\item
Option A: Check if your BIOS/UEFI has a built-in option to do so and
if it does, use the correct option (Wipe + Passes).
\item
Option B: Check \goto{Appendix J: Manufacturer tools for Wiping HDD
and SSD
drives}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives]
\item
Option C: See \goto{Appendix I: Using ShredOS to securely wipe an HDD
drive}[appendix-i-using-shredos-to-securely-wipe-an-hdd-drive]
\stopitemize
\subsubsubsection[title={External/Secondary HDD and Thumb
Drives:},reference={externalsecondary-hdd-and-thumb-drives-1}]
\startitemize
\item
Option A: Check \goto{Appendix J: Manufacturer tools for Wiping HDD
and SSD
drives}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives]
\item
Option B: Use external tools such as:
\startitemize
\item
Eraser (open-source):
\useURL[url2197][https://eraser.heidi.ie/download/]\from[url2197]
\useURL[url2198][https://web.archive.org/web/https://eraser.heidi.ie/download/][][{[}Archive.org{]}]\from[url2198]
\item
KillDisk Free:
\useURL[url2199][http://killdisk.com/killdisk-freeware.htm]\from[url2199]
\useURL[url2200][https://web.archive.org/web/http://killdisk.com/killdisk-freeware.htm][][{[}Archive.org{]}]\from[url2200]
\stopitemize
\item
Option C: See \goto{Appendix I: Using ShredOS to securely wipe an HDD
drive}[appendix-i-using-shredos-to-securely-wipe-an-hdd-drive]
\stopitemize
\subsubsection[title={macOS:},reference={macos-2}]
\subsubsubsection[title={System/Internal
SSD:},reference={systeminternal-ssd-2}]
Unfortunately, the macOS Recovery disk utility will not be able to
perform a secure erase of your SSD drive as stated in Apple
documentation
\useURL[url2201][https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac]\from[url2201]
\useURL[url2202][https://web.archive.org/web/https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac][][{[}Archive.org{]}]\from[url2202].
In most cases, if your disk was encrypted with Filevault and you just
perform a normal erase, it should be \quotation{enough} according to
them. It is not according to me, so you have no option besides
re-installing macOS again and re-encrypt it with Filevault again after
re-installing. This should perform a \quotation{crypto erase} by
overwriting your earlier install and encryption. This method will be
quite slow, unfortunately.
If you want to do a faster secure erase (or have no time to perform a
re-install and re-encryption), you can try using the method described in
\goto{Appendix D: Using System Rescue to securely wipe an SSD
drive}[appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive.]
{\bf (This will not work on M1 Macs)}. {\bf Be careful tho as this will
also erase your recovery partition which is needed to reinstall macOS.}
\subsubsubsection[title={External SSD:},reference={external-ssd-2}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
If your USB controller and USB SSD disk support Trim and ATA secure
erase, and if Trim is enabled on the disk by macOS, you can just wipe
the whole disk normally and data should not be recoverable on recent
disks.
If you are not sure about Trim support or want more certainty, you can
(not securely) wipe it using macOS disk utility before fully
re-encrypting them again using these two tutorials from Apple:
\startitemize
\item
\useURL[url2203][https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac]\from[url2203]
\useURL[url2204][https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac][][{[}Archive.org{]}]\from[url2204]
\item
\useURL[url2205][https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac]\from[url2205]
\useURL[url2206][https://web.archive.org/web/https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac][][{[}Archive.org{]}]\from[url2206]
or using Veracrypt full disk encryption.
\stopitemize
The full disk re-encryption process will overwrite the entirety of the
SSD disk and should ensure a secure wipe.
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={External HDD and Thumb
Drives:},reference={external-hdd-and-thumb-drives}]
Follow this tutorial:
\useURL[url2207][https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac]\from[url2207]
\useURL[url2208][https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac][][{[}Archive.org{]}]\from[url2208]
and use the secure erase option from Disk Utility which should work fine
on HDD and Thumb drives.
\subsection[title={How to securely delete specific files/folders/data on
your HDD/SSD and Thumb
drives:},reference={how-to-securely-delete-specific-filesfoldersdata-on-your-hddssd-and-thumb-drives}]
The same principles from the earlier chapters apply to this one. The
same issues arise too.
With an HDD drive, you can securely delete files by just deleting them
and then apply one or more \quotation{passes} to overwrite the data in
question. This can be done with many utilities on all OSes.
With an SSD drive, however, again everything becomes a bit complicated
because you are never sure anything is really deleted due to wear
leveling, reliance on the Trim operation, and garbage collection of the
drive. An adversary that has the decryption key of your SSD (whether it
is LUKS, Filevault 2, Veracrypt, or Bitlocker) could unlock your drive
and then attempt a recovery using classic recovery utilities\footnote{UFSExplorer,
Can I recover data from an encrypted storage?
\useURL[url2209][https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php]\from[url2209]
\useURL[url2210][https://web.archive.org/web/https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php][][{[}Archive.org{]}]\from[url2210]}
and could succeed if the data were not trimmed properly. But this is
again highly unlikely.
Since the Trim operation is not continuous on most recent hard drives
but scheduled, simply forcing a Trim operation should be enough. But
again, the only way to be 100\letterpercent{} sure a file is securely
deleted from your unlocked encrypted SSD is to again overwrite all the
free space after deletion of the files in question or to
decrypt/re-encrypt the drive. But this is overkill and not necessary. A
simple disk-wide Trim should be sufficient.
{\bf Remember tho that no matter the deletion method you use for any
file on any medium (HDD drive, SSD, USB Thumb drive). It will probably
leave other traces (logs, indexing, shellbags \ldots{}) within your
system and those traces will also need to be cleaned. Also, remember
that your drives should be fully encrypted and so this is most likely an
extra measure. More on that later in the \goto{Some additional measures
against forensics}[some-additional-measures-against-forensics] section.}
\subsubsection[title={Windows:},reference={windows-3}]
{\bf Remember you cannot use Trim at all if you are using Plausible
Deniability on an SSD drive against all recommendations.}
\subsubsubsection[title={System/Internal SSD
drive:},reference={systeminternal-ssd-drive}]
At this stage, and just delete the file permanently (empty the recycle
bin) and trim/garbage collection will do the rest. This should be
sufficient.
If you do not want to wait for the periodic Trim (set to Weekly by
default in Windows 10/11), you could also force a disk-wide Trim using
the Windows native Optimize tool (see \goto{Appendix H: Windows Cleaning
Tools}[appendix-h-windows-cleaning-tools]).
If data were deleted by some utility (for instance by Virtualbox when
reverting a snapshot), you could also issue a disk-wide Trim to clean
anything remaining using the same Optimize tool.
Just open Windows Explorer, Right Click on your System Drive and click
Properties. Select Tools. Click Optimize and then Optimize again to
force a Trim. You are done. That is probably enough in my opinion.
\placefigure{image45}{\externalfigure[./tex2pdf.-1a34188c73046814/f7d944af668902072796d24866daeb5ea33ef361.png]}
If you want more security and do not trust the Trim operation, then you
will have no option but to either:
\startitemize
\item
Decrypt and re-encrypt (using Veracrypt or Bitlocker) the whole drive
to overwrite all free space after data deletion. This will ensure
overwriting of all the free space.
\item
Trim and then fill up the entire free space of the disk using a
utility such as BleachBit or PrivaZer.
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={Internal/External HDD or a USB Thumb
Drive:},reference={internalexternal-hdd-or-a-usb-thumb-drive}]
Please refer to \goto{Appendix H: Windows Cleaning
Tools}[appendix-h-windows-cleaning-tools] and pick a utility before
going ahead.
The process is quite simple depending on the tool you picked from the
Appendix:
\startitemize
\item
Right-click a file/folder:
\startitemize
\item
PrivaZer: Delete without a trace
\item
BleachBit: Shred with BleachBit (or see this tutorial from the EFF
\useURL[url2211][https://ssd.eff.org/en/module/how-delete-your-data-securely-windows]\from[url2211]
\useURL[url2212][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-windows][][{[}Archive.org{]}]\from[url2212])
\stopitemize
\stopitemize
In the case of USB thumb drives, consider wiping free space using one of
the above utilities after file deletion or wiping them completely using
Eraser / KillDisk as instructed previously.
\subsubsubsection[title={External SSD
drive:},reference={external-ssd-drive}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
If Trim is supported and enabled by Windows for your external SSD drive.
There should be no issue in securely deleting data normally just with
normal delete commands. Additionally, you could also force a Trim using
the Windows native Optimize tool (see \goto{Appendix H: Windows Cleaning
Tools}[appendix-h-windows-cleaning-tools]):
Just open Windows Explorer, Right Click on your System Drive and click
Properties. Select Tools. Click Optimize and then Optimize again to
force a Trim. You are done. That is probably enough in my opinion.
If Trim is not supported or you are not sure, you might have to ensure
secure data deletion by:
\startitemize
\item
Filling up all the free space after any deletion (using BleachBit or
PrivaZer for instance).
\item
Decrypt and Re-encrypt the disk with a different key after each
deletion (using Veracrypt or Bitlocker).
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsection[title={Linux (non-Qubes
OS):},reference={linux-non-qubes-os}]
\subsubsubsection[title={System/Internal SSD
drive:},reference={systeminternal-ssd-drive-1}]
Just permanently delete the file (and empty recycle bin) and it should
be unrecoverable due to Trim operations and garbage collection.
If you do not want to wait for the periodic Trim (set to Weekly by
default in Ubuntu), you could also force a disk-wide Trim by running
\type{fstrim --all} from a terminal. This will issue an immediate trim
and should ensure sufficient security. This utility is part of the
\type{util-linux} package on Debian/Ubuntu and should be installed by
default on Fedora.
If you want more security and do not trust the Trim operation, then you
will have no option but to either:
\startitemize
\item
Decrypt and re-encrypt (using LUKS for instance following this
tutorial
\useURL[url2213][https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption\#Re-encrypting_devices]\from[url2213]
\useURL[url2214][https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption][][{[}Archive.org{]}]\from[url2214])
the whole drive to overwrite all free space after data deletion. This
will ensure overwriting of all the free space.
\item
Trim using \type{fstrim --all} and then fill up the entire free space
of the disk using a utility such as:
\startitemize
\item
BleachBit
\useURL[url2215][https://www.bleachbit.org/download/linux]\from[url2215]
\useURL[url2216][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2216]
\item
Install secure-delete package and use sfill on the root of the
drive:
\startitemize[packed]
\item
\type{sudo sfill -l -l /} for instance should do the trick (this
will take a substantial amount of time)
\stopitemize
\item
Use the old school dd method (taken from this answer
\useURL[url2217][https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux]\from[url2217]
\useURL[url2218][https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux][][{[}Archive.org{]}]\from[url2218])
run these commands on the drive you want to fill:
\startitemize
\item
\type{dd if=/dev/zero of=zero.small.file bs=1024 count=102400}
\item
\type{dd if=/dev/zero of=zero.file bs=1024}
\item
\type{sync ; sleep 60 ; sync}
\item
\type{rm zero.small.file}
\item
\type{rm zero.file}
\stopitemize
\stopitemize
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={Internal/External HDD drive or a Thumb
Drive:},reference={internalexternal-hdd-drive-or-a-thumb-drive}]
\startitemize
\item
You can do this the graphical way with BleachBit following this
tutorial from the EFF:
\useURL[url2219][https://ssd.eff.org/en/module/how-delete-your-data-securely-linux]\from[url2219]
\useURL[url2220][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux][][{[}Archive.org{]}]\from[url2220]
\item
Or you can do this from the command line following this tutorial:
\useURL[url2221][https://linuxhint.com/completely_wipe_hard_drive_ubuntu/]\from[url2221]
\useURL[url2222][https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/][][{[}Archive.org{]}]\from[url2222]
(For this purpose we recommend wipe and shred).
\stopitemize
\subsubsubsection[title={External SSD
drive:},reference={external-ssd-drive-1}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
If Trim is supported and enabled by your Linux Distribution for your
external SSD drive. There should be no issue in securely deleting data
normally and just issue an \type{fstrim --all} from the terminal to trim
the drive. This utility is part of the \quotation{util-linux} package on
Debian/Ubuntu and should be installed by default on Fedora.
If Trim is not supported or you want to be sure, you might have to
ensure secure data deletion by filling up the entire free space of the
disk using a utility such as:
\startitemize
\item
Decrypt and re-encrypt (using LUKS using this tutorial
\useURL[url2223][https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption\#Re-encrypting_devices]\from[url2223]
\useURL[url2224][https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption][][{[}Archive.org{]}]\from[url2224]
or Veracrypt from the graphical interface for instance) the whole
drive to overwrite all free space after data deletion. This will
ensure overwriting of all the free space.
\item
Fill the free space using one of those methods:
\startitemize
\item
BleachBit
\useURL[url2225][https://www.bleachbit.org/download/linux]\from[url2225]
\useURL[url2226][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2226]
\item
Install secure-delete package and use sfill on the root of the
drive:
\startitemize[packed]
\item
\type{sudo sfill -l -l /} for instance should do the trick (this
will take a substantial amount of time)
\stopitemize
\item
Use the old school dd method (taken from this answer
\useURL[url2227][https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux]\from[url2227]
\useURL[url2228][https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux][][{[}Archive.org{]}]\from[url2228])
run these commands:
\startitemize
\item
\type{dd if=/dev/zero of=zero.small.file bs=1024 count=102400}
\item
\type{dd if=/dev/zero of=zero.file bs=1024}
\item
\type{sync ; sleep 60 ; sync}
\item
\type{rm zero.small.file}
\item
\type{rm zero.file}
\stopitemize
\stopitemize
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsection[title={Linux (Qubes OS):},reference={linux-qubes-os}]
\subsubsubsection[title={System/Internal SSD
drive:},reference={systeminternal-ssd-drive-2}]
As with other Linux distros, normal deletion and trim should be
sufficient on most SSD drives. So just permanently delete the file (and
empty any recycle bin) and it should be unrecoverable due to periodic
Trim operations and garbage collection.
Please follow this documentation to Trim within Qubes OS:
\useURL[url2229][https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md]\from[url2229]
\useURL[url2230][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md][][{[}Archive.org{]}]\from[url2230]
As with other Linux Systems, if you want more security and do not trust
the Trim operation then you will have no option but to either:
\startitemize
\item
Decrypt and re-encrypt the whole drive to overwrite all free space
after data deletion. This will ensure overwriting of all the free
space. We didn't find a reliable tutorial on how to do this safely on
Qubes OS but it is possible this tutorial could work:
\useURL[url2231][https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption\#Re-encrypting_devices]\from[url2231]
\useURL[url2232][https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption][][{[}Archive.org{]}]\from[url2232]
(at your own risk, this has not been tested yet).
\item
Refer to this Documentation
(\useURL[url2233][https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md]\from[url2233]
\useURL[url2234][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md][][{[}Archive.org{]}]\from[url2234])
and then trim using \quotation{fstrim --all} and then fill up the
entire free space of the disk using a utility such as:
\startitemize
\item
BleachBit
\useURL[url2235][https://www.bleachbit.org/download/linux]\from[url2235]
\useURL[url2236][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2236]
\item
Install secure-delete package and use sfill on the root of the
drive:
\startitemize[packed]
\item
\type{sudo sfill -l -l /} for instance should do the trick (this
will take a substantial amount of time)
\stopitemize
\item
Use the old school dd method (taken from this answer
\useURL[url2237][https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux]\from[url2237]
\useURL[url2238][https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux][][{[}Archive.org{]}]\from[url2238])
run these commands on the drive you want to fill:
\startitemize
\item
\type{dd if=/dev/zero of=zero.small.file bs=1024 count=102400}
\item
\type{dd if=/dev/zero of=zero.file bs=1024}
\item
\type{sync ; sleep 60 ; sync}
\item
\type{rm zero.small.file}
\item
\type{rm zero.file}
\stopitemize
\stopitemize
\stopitemize
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsubsection[title={Internal/External HDD drive or a Thumb
Drive:},reference={internalexternal-hdd-drive-or-a-thumb-drive-1}]
Use the same method as Linux from a Qube connected to that specific USB
device
\startitemize
\item
You can do this the graphical way with BleachBit following this
tutorial from the EFF:
\useURL[url2239][https://ssd.eff.org/en/module/how-delete-your-data-securely-linux]\from[url2239]
\useURL[url2240][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux][][{[}Archive.org{]}]\from[url2240]
\item
Or you can do this from the command line following this tutorial:
\useURL[url2241][https://linuxhint.com/completely_wipe_hard_drive_ubuntu/]\from[url2241]
\useURL[url2242][https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/][][{[}Archive.org{]}]\from[url2242]
(For this purpose we recommend wipe and shred).
\stopitemize
\subsubsubsection[title={External SSD
drive:},reference={external-ssd-drive-2}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
If Trim is supported and enabled by your Linux Distribution for your
external SSD drive. There should be no issue in securely deleting data
normally and just issue a \quotation{fstrim --all} from the terminal to
trim the drive. Refer to this Documentation
(\useURL[url2243][https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md]\from[url2243]
\useURL[url2244][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md][][{[}Archive.org{]}]\from[url2244])
to enable trim on a drive.
If Trim is not supported or you want to be sure, you might have to
ensure secure data deletion by filling up the entire free space of the
disk using a utility from a Qube connected to the USB device in
question:
\startitemize
\item
Decrypt and re-encrypt (using LUKS using this tutorial
\useURL[url2245][https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption\#Re-encrypting_devices]\from[url2245]
\useURL[url2246][https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption][][{[}Archive.org{]}]\from[url2246]
or Veracrypt from the graphical interface for instance) the whole
drive to overwrite all free space after data deletion. This will
ensure overwriting of all the free space.
\item
Fill the free space using one of those methods:
\startitemize
\item
BleachBit
\useURL[url2247][https://www.bleachbit.org/download/linux]\from[url2247]
\useURL[url2248][https://web.archive.org/web/https://www.bleachbit.org/download/linux][][{[}Archive.org{]}]\from[url2248]
\item
Install secure-delete package and use sfill on the root of the
drive:
\startitemize[packed]
\item
\type{sudo sfill -l -l /} for instance should do the trick (this
will take a substantial amount of time)
\stopitemize
\item
Use the old school dd method (taken from this answer
\useURL[url2249][https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux]\from[url2249]
\useURL[url2250][https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux][][{[}Archive.org{]}]\from[url2250])
run these commands:
\startitemize
\item
\type{dd if=/dev/zero of=zero.small.file bs=1024 count=102400}
\item
\type{dd if=/dev/zero of=zero.file bs=1024}
\stopitemize
\stopitemize
\stopitemize
Repeat these steps on any other partition if there are separate
partitions on the same SSD drive before deleting the files.
\startitemize
\item
\type{sync ; sleep 60 ; sync}
\item
\type{rm zero.small.file}
\item
\type{rm zero.file}
\stopitemize
Repeat these steps on any other partition if there are separate
partitions on the same SSD drive.
{\bf Keep in mind all these options need to be applied on the entire
physical drive and not on a specific partition/volume. If you do not,
wear-leveling mechanisms might prevent this from working properly.}
\subsubsection[title={macOS:},reference={macos-3}]
\subsubsubsection[title={System/Internal SSD
drive:},reference={systeminternal-ssd-drive-3}]
Just permanently delete the file (and empty recycle bin) and it should
be unrecoverable due to trim operations and garbage collection.
\startitemize[packed]
\item
If your file system is APFS, you do not need to worry about Trim, it
happens asynchronously as the OS writes data\footnote{Apple Developer
Documentation
\useURL[url2251][https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html]\from[url2251]
\useURL[url2252][https://web.archive.org/web/https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html][][{[}Archive.org{]}]\from[url2252]}
according to their documentation.
\stopitemize
"Does Apple File System support TRIM operations?
Yes. TRIM operations are issued asynchronously from when files are
deleted or free space is reclaimed, which ensures that these operations
are performed only after metadata changes are persisted to stable
storage".
\startitemize[packed]
\item
If your file system is HFS+, you could run First Aid on your System
Drive from the Disk Utility which should perform a Trim operation in
the details
(\useURL[url2253][https://support.apple.com/en-us/HT210898]\from[url2253]
\useURL[url2254][https://web.archive.org/web/https://support.apple.com/en-us/HT210898][][{[}Archive.org{]}]\from[url2254])
\stopitemize
\placefigure{image46}{\externalfigure[./tex2pdf.-1a34188c73046814/f9e0d691359d2b48fa315e60f32965192acbe83f.png]}
\subsubsubsection[title={System/Internal, External HDD drive or a Thumb
Drive:},reference={systeminternal-external-hdd-drive-or-a-thumb-drive}]
Unfortunately, Apple has removed the secure erase options from the trash
bin even for HDD drives\footnote{EFF, How to: Delete Your Data Securely
on macOS
\useURL[url2255][https://ssd.eff.org/en/module/how-delete-your-data-securely-macos]\from[url2255]
\useURL[url2256][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos][][{[}Archive.org{]}]\from[url2256]}.
So, you are left with using other tools:
\startitemize
\item
Permanent Eraser
\useURL[url2257][http://www.edenwaith.com/products/permanent\%20eraser/][][http://www.edenwaith.com/products/permanent\letterpercent{}20eraser/]\from[url2257]
\useURL[url2258][https://web.archive.org/web/http://www.edenwaith.com/products/permanent\%20eraser/][][{[}Archive.org{]}]\from[url2258]
\item
From the terminal, you can use the \quotation{rm --P filename} command
which should erase the file and overwrite it as explained in this EFF
tutorial
\useURL[url2259][https://ssd.eff.org/en/module/how-delete-your-data-securely-macos]\from[url2259]
\useURL[url2260][https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos][][{[}Archive.org{]}]\from[url2260].
\stopitemize
In the case of USB thumb drives, consider wiping them completely using
Disk Utility as instructed previously.
\subsubsubsection[title={External SSD
drive:},reference={external-ssd-drive-3}]
First please see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]
If Trim is supported and enabled by macOS for your external SSD drive.
There should be no issue in securely deleting data.
If Trim is not supported, you might have to ensure secure data deletion
by:
\startitemize
\item
Filling up all the free space after any deletion using the Linux
Method above (dd).
\item
Decrypt and Re-encrypt the disk with a different key after each
deletion (using Disk Utility or Veracrypt).
\stopitemize
\subsection[title={Some additional measures against
forensics:},reference={some-additional-measures-against-forensics}]
Note that the same SSD issue discussed in the earlier section will arise
here. You can never really be 100\letterpercent{} sure your SSD data is
deleted when you ask it to do so unless you wipe the whole drive using
specific methods above.
We are not aware of any 100\letterpercent{} reliable method to delete
single files selectively and securely on SSD drives unless overwriting
ALL the free space (which might reduce the lifespan of your SSD) after
Deletion + Trim of these files. Without doing that, you will have to
trust the SSD Trim operation {\bf which in my opinion is enough}.
{\bf It is reasonable and again very unlikely that forensics will be
able to restore your files after a Deletion with Trim.}
In addition, most of these measures here should not be needed since your
whole drive should be encrypted and therefore your data should not be
accessible for forensic analysis through SSD/HDD examination anyway. So,
these are just \quotation{bonus measures} for weak/unskilled
adversaries.
Consider also reading this documentation if you're going with Whonix
\useURL[url2261][https://www.whonix.org/wiki/Anti-Forensics_Precautions]\from[url2261]
\useURL[url2262][https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions][][{[}Archive.org{]}]\from[url2262]
as well as their general hardening tutorial for all platforms here
\useURL[url2263][https://www.whonix.org/wiki/System_Hardening_Checklist]\from[url2263]
\useURL[url2264][https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist][][{[}Archive.org{]}]\from[url2264]
\subsubsection[title={Removing Metadata from
Files/Documents/Pictures:},reference={removing-metadata-from-filesdocumentspictures}]
\subsubsubsection[title={Pictures and
videos:},reference={pictures-and-videos}]
On Windows, macOS, and Linux we would recommend ExifTool
(\useURL[url2265][https://exiftool.org/]\from[url2265]
\useURL[url2266][https://web.archive.org/web/https://exiftool.org/][][{[}Archive.org{]}]\from[url2266])
and/or ExifCleaner
(\useURL[url2267][https://exifcleaner.com/]\from[url2267]
\useURL[url2268][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2268])
that allows viewing and/or removing those properties.
{\bf ExifTool is natively available on Tails and Whonix Workstation.}
\subsubsubsubsection[title={ExifCleaner:},reference={exifcleaner}]
Just install it from
\useURL[url2269][https://exifcleaner.com/]\from[url2269]
\useURL[url2270][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2270],
run and drag and drop the files into the GUI.
\subsubsubsubsection[title={ExifTool:},reference={exiftool}]
It is actually simple, just install exiftool and run:
\startitemize
\item
To display metadata: \type{exiftool filename.jpg}
\item
To remove all metadata: \type{exiftool -All= filename.jpg}
\stopitemize
{\bf Remember that ExifTool is natively available on Tails and Whonix
Workstation.}
\subsubsubsubsection[title={Windows Native
tool:},reference={windows-native-tool}]
Here is a tutorial to remove metadata from a Picture using OS provided
tools:
\useURL[url2271][https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos]\from[url2271]
\useURL[url2272][https://web.archive.org/web/https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos][][{[}Archive.org{]}]\from[url2272]
\subsubsubsubsection[title={Cloaking/Obfuscating to prevent picture
recognition:},reference={cloakingobfuscating-to-prevent-picture-recognition}]
Consider the use of Fawkes
\useURL[url2273][https://sandlab.cs.uchicago.edu/fawkes/]\from[url2273]
\useURL[url2274][https://web.archive.org/web/https://sandlab.cs.uchicago.edu/fawkes/][][{[}Archive.org{]}]\from[url2274]
(\useURL[url2275][https://github.com/Shawn-Shan/fawkes]\from[url2275]
\useURL[url2276][https://web.archive.org/web/https://github.com/Shawn-Shan/fawkes][][{[}Archive.org{]}]\from[url2276])
to cloak the images from picture recognition tech on various platforms.
Or if you want online versions, consider:
\startitemize
\item
\useURL[url2277][https://lowkey.umiacs.umd.edu/]\from[url2277]
\useURL[url2278][https://web.archive.org/web/https://lowkey.umiacs.umd.edu/][][{[}Archive.org{]}]\from[url2278]
\item
\useURL[url2279][https://adversarial.io/]\from[url2279]
\useURL[url2280][https://web.archive.org/web/https://adversarial.io/][][{[}Archive.org{]}]\from[url2280]
\stopitemize
\subsubsubsection[title={PDF Documents:},reference={pdf-documents}]
\subsubsubsubsection[title={PDFParanoia
(Linux/Windows/macOS/QubesOS):},reference={pdfparanoia-linuxwindowsmacosqubesos}]
Consider using
\useURL[url2281][https://github.com/kanzure/pdfparanoia]\from[url2281]
\useURL[url2282][https://web.archive.org/web/https://github.com/kanzure/pdfparanoia][][{[}Archive.org{]}]\from[url2282]
which will remove metadata and watermarks on any PDF.
\subsubsubsubsection[title={ExifCleaner
(Linux/Windows/macOS/QubesOS):},reference={exifcleaner-linuxwindowsmacosqubesos}]
Just install it from
\useURL[url2283][https://exifcleaner.com/]\from[url2283]
\useURL[url2284][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2284],
run and drag and drop the files into the GUI.
\subsubsubsubsection[title={ExifTool
(Linux/Windows/macOS/QubesOS):},reference={exiftool-linuxwindowsmacosqubesos}]
It is actually simple, just install exiftool and run:
\startitemize
\item
To display metadata: \type{exiftool filename.pdf}
\item
To remove all metadata: \type{exiftool -All= filename.pdf}
\stopitemize
\subsubsubsection[title={MS Office
Documents:},reference={ms-office-documents}]
First, here is a tutorial to remove metadata from Office documents:
\useURL[url2285][https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f]\from[url2285]
\useURL[url2286][https://web.archive.org/web/https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f][][{[}Archive.org{]}]\from[url2286].
Make sure however that you do use the latest version of Office with the
latest security updates.
Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend
ExifTool (\useURL[url2287][https://exiftool.org/]\from[url2287]
\useURL[url2288][https://web.archive.org/web/https://exiftool.org/][][{[}Archive.org{]}]\from[url2288])
and/or ExifCleaner
(\useURL[url2289][https://exifcleaner.com/]\from[url2289]
\useURL[url2290][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2290])
that allows viewing and/or removing those properties
\subsubsubsubsection[title={ExifCleaner:},reference={exifcleaner-1}]
Just install it from
\useURL[url2291][https://exifcleaner.com/]\from[url2291]
\useURL[url2292][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2292],
run and drag and drop the files into the GUI.
\subsubsubsubsection[title={ExifTool:},reference={exiftool-1}]
It is actually simple, just install exiftool and run:
\startitemize
\item
To display metadata: \type{exiftool filename.docx}
\item
To remove all metadata: \type{exiftool -All= filename.docx}
\stopitemize
\subsubsubsection[title={LibreOffice
Documents:},reference={libreoffice-documents}]
\startitemize
\item
select Files in the upper menu
\startitemize
\item
Select Properties
\item
Uncheck \quotation{Apply User Data}
\item
Uncheck \quotation{Save Preview image with the Document}
\item
Click \quotation{Reset Properties}
\item
Make sure there is nothing on the Description and Custom Properties
tabs
\stopitemize
\item
Select Tools in the upper menu
\startitemize
\item
Select Options
\item
Select Security
\item
Click \quotation{Security Options and Warning}
\item
Check:
\startitemize
\item
\quotation{When printing}
\item
\quotation{When saving or sending}
\item
\quotation{When creating PDF files}
\item
\quotation{Remove personal information on saving}
\stopitemize
\stopitemize
\stopitemize
In addition, on Windows, macOS, Qubes OS, and Linux we would recommend
ExifTool (\useURL[url2293][https://exiftool.org/]\from[url2293]
\useURL[url2294][https://web.archive.org/web/https://exiftool.org/][][{[}Archive.org{]}]\from[url2294])
and/or ExifCleaner
(\useURL[url2295][https://exifcleaner.com/]\from[url2295]
\useURL[url2296][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2296])
that allows viewing and/or removing additional properties
\subsubsubsubsection[title={ExifCleaner:},reference={exifcleaner-2}]
Just install it from
\useURL[url2297][https://exifcleaner.com/]\from[url2297]
\useURL[url2298][https://web.archive.org/web/https://exifcleaner.com/][][{[}Archive.org{]}]\from[url2298],
run and drag and drop the files into the GUI.
\subsubsubsubsection[title={ExifTool:},reference={exiftool-2}]
It is actually simple, jut install exiftool and run:
\startitemize
\item
To display metadata: \type{exiftool filename.odt}
\item
To remove all metadata: \type{exiftool -All= filename.odt}
\stopitemize
\subsubsubsection[title={All-in-one Tool:},reference={all-in-one-tool}]
Another option good tool to remove metadata from various documents is
the open-source mat2 recommended by privacyguides.org\footnote{Privacyguides.org,
Productivity tools
\useURL[url2299][https://privacyguides.org/productivity/]\from[url2299]
\useURL[url2300][https://web.archive.org/web/https://privacyguides.org/productivity/][][{[}Archive.org{]}]\from[url2300]}
(\useURL[url2301][https://0xacab.org/jvoisin/mat2]\from[url2301]
\useURL[url2302][https://web.archive.org/web/https://0xacab.org/jvoisin/mat2][][{[}Archive.org{]}]\from[url2302])
which you can use on Linux quite easily. I never managed to make it work
properly within Windows due to various dependencies issues despite the
provided instructions. It is however very straightforward to install and
use on Linux.
So, we would suggest creating a small Debian VM within Virtualbox
(behind your Whonix Gateway) which you can then use from your other VMs
to analyze various files from a convenient web interface. For this see
\goto{Appendix L: Creating a mat2-web guest VM for removing metadata
from
files}[appendix-l-creating-a-mat2-web-guest-vm-for-removing-metadata-from-files]
\placefigure{image47}{\externalfigure[./tex2pdf.-1a34188c73046814/b2f67a77185443adc8917dde05f91affaa9ed0ba.png]}
Mat2 is also pre-installed on the Whonix Workstation VM\footnote{Whonix
Documentation, Scrubbing Metadata
\useURL[url2303][https://www.whonix.org/wiki/Metadata]\from[url2303]
\useURL[url2304][https://web.archive.org/web/https://www.whonix.org/wiki/Metadata][][{[}Archive.org{]}]\from[url2304]}
and available on Tails by default\footnote{Tails documentation, MAT
\useURL[url2305][https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/]\from[url2305]
\useURL[url2306][https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/][][{[}Archive.org{]}]\from[url2306]}.
\subsubsection[title={Tails:},reference={tails}]
Tails is great for this; you have nothing to worry about even if you use
an SSD drive. Shut it down and it is all gone as soon as the memory
decays.
\subsubsection[title={Whonix:},reference={whonix-1}]
Note that it's possible to run Whonix in Live mode leaving no traces
when you shut down the VMs, consider reading their documentation here
\useURL[url2307][https://www.whonix.org/wiki/VM_Live_Mode]\from[url2307]
\useURL[url2308][https://web.archive.org/web/https://www.whonix.org/wiki/VM_Live_Mode][][{[}Archive.org{]}]\from[url2308]
and here
\useURL[url2309][https://www.whonix.org/wiki/Warning\#Whonix_.E2.84.A2_Persistence_vs_Live_vs_Amnesic]\from[url2309]
\useURL[url2310][https://web.archive.org/web/https://www.whonix.org/wiki/Warning][][{[}Archive.org{]}]\from[url2310].
\subsubsection[title={macOS:},reference={macos-4}]
\subsubsubsection[title={Guest OS:},reference={guest-os}]
Revert to an earlier snapshot on Virtualbox (or any other VM software
you are using) and perform a Trim command on your Mac using Disk Utility
by executing a first-aid on the Host OS again as explained at the end of
the next section.
\subsubsubsection[title={Host OS:},reference={host-os}]
Most of the info from this section can also be found at this nice guide
\useURL[url2311][https://github.com/drduh/macOS-Security-and-Privacy-Guide]\from[url2311]
\useURL[url2312][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url2312]
\subsubsubsubsection[title={Quarantine Database (used by Gatekeeper and
XProtect):},reference={quarantine-database-used-by-gatekeeper-and-xprotect}]
macOS (up to and including Big Sur) keeps a Quarantine SQL Database of
all the files you ever downloaded from a Browser. This database is
located at
\type{~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2}.
You can query it yourself by running the following command from
terminal:
\type{sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 "select * from LSQuarantineEvent"}
This is a goldmine for forensics, and you should disable this:
\startitemize
\item
Run the following command to clear the database completely:
\type{:>~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2}
\item
Run the following command to lock the file and prevent further
download history from being written there:
\type{sudo chflags schg ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2}
\stopitemize
Lastly, you can also disable Gatekeeper altogether by issuing the
following command in the terminal\footnote{GitHub, Disable Gatekeeper on
macOS Big Sur (11.x)
\useURL[url2313][https://disable-gatekeeper.github.io/]\from[url2313]
\useURL[url2314][https://web.archive.org/web/https://disable-gatekeeper.github.io/][][{[}Archive.org{]}]\from[url2314]}:
\startitemize[packed]
\item
\type{sudo spctl --master-disable}
\stopitemize
Refer to this section of this guide for further information
\useURL[url2315][https://github.com/drduh/macOS-Security-and-Privacy-Guide\#gatekeeper-and-xprotect]\from[url2315]
\useURL[url2316][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url2316]
In addition to this convenient database, each saved file will also carry
detailed file system HFS+/APFS attributes showing for instance when it
was downloaded, with what, and from where.
You can view these just by opening a terminal and typing
\type{mdls filename} and \type{xattr -l filename} on any downloaded file
from any browser.
To remove such attributes, you will have to do it manually from the
terminal:
\startitemize
\item
Run \type{xattr -d com.apple.metadata:kMDItemWhereFroms filename} to
remove the origin
\startitemize[packed]
\item
You can also just use -dr to do it recursively on a whole
folder/disk
\stopitemize
\item
Run \type{xattr -d com.apple.quarantine filename} to remove the
quarantine reference
\startitemize[packed]
\item
You can also just use -dr to do it recursively on a whole
folder/disk
\stopitemize
\item
Verify by running \type{xattr --l filename} and there should be no
output
\stopitemize
(Note that Apple has removed the convenient xattr --c option that would
just remove all attributes at once so you will have to do this for each
attribute on each file)
{\bf These attributes and entries will stick even if you clear your
browser history, and this is obviously bad for privacy (right?), and we
are not aware of any convenient tool that will deal with those at the
moment.}
Fortunately, there are some mitigations for avoiding this issue in the
first place as these attributes and entries are set by the browsers. So,
we tested various browsers (On macOS Catalina, Big Sur, and Monterey),
and here are the results as of the date of this guide:
\startplacetable[location=none]
\startxtable
\startxtablehead[head]
\startxrow
\startxcell {\bf Browser} \stopxcell
\startxcell {\bf Quarantine DB Entry} \stopxcell
\startxcell {\bf Quarantine File Attribute} \stopxcell
\startxcell {\bf Origin File Attribute} \stopxcell
\stopxrow
\stopxtablehead
\startxtablebody[body]
\startxrow
\startxcell {\bf Safari (Normal)} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Safari (Private Window)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Firefox (Normal)} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Firefox (Private Window)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Chrome (Normal)} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\startxcell {\bf Yes} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Chrome (Private Window)} \stopxcell
\startxcell {\bf Partial (timestamp only)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Brave (Normal)} \stopxcell
\startxcell {\bf Partial (timestamp only)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Brave (Private Window)} \stopxcell
\startxcell {\bf Partial (timestamp only)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\startxrow
\startxcell {\bf Brave (Tor Window)} \stopxcell
\startxcell {\bf Partial (timestamp only)} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\stopxtablebody
\startxtablefoot[foot]
\startxrow
\startxcell {\bf Tor Browser} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\startxcell {\bf No} \stopxcell
\stopxrow
\stopxtablefoot
\stopxtable
\stopplacetable
As you can see for yourself the easiest mitigation is to just use
Private Windows. These do not write those origin/quarantine attributes
and do not store the entries in the QuarantineEventsV2 database.
Clearing the QuarantineEventsV2 is easy as explained above. Removing the
attributes takes some work. {\bf Brave is the only tested browser that
will not store those attributes by default in normal operations.}
\subsubsubsubsection[title={Various
Artifacts:},reference={various-artifacts}]
In addition, macOS keeps various logs of mounted devices, connected
devices, known networks, analytics, documents revisions\ldots{}
See this section of this guide for guidance on where to find and how to
delete such artifacts:
\useURL[url2317][https://github.com/drduh/macOS-Security-and-Privacy-Guide\#metadata-and-artifacts]\from[url2317]
\useURL[url2318][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url2318]
Many of those can be deleted using various commercial third-party tools
but we would personally recommend using the free and well-known Onyx
which you can find here:
\useURL[url2319][https://www.titanium-software.fr/en/onyx.html]\from[url2319]
\useURL[url2320][https://web.archive.org/web/https://www.titanium-software.fr/en/onyx.html][][{[}Archive.org{]}]\from[url2320].
Unfortunately, it is closed-source, but it is notarized, signed, and has
been trusted for many years.
\subsubsubsubsection[title={Force a Trim operation after
cleaning:},reference={force-a-trim-operation-after-cleaning}]
\startitemize
\item
If your file system is APFS, you do not need to worry about Trim, it
happens asynchronously as the OS writes data.
\item
If your file system is HFS+ (or any other than APFS), you could run
First Aid on your System Drive from the Disk Utility which should
perform a Trim operation in the details
(\useURL[url2321][https://support.apple.com/en-us/HT210898]\from[url2321]
\useURL[url2322][https://web.archive.org/web/https://support.apple.com/en-us/HT210898][][{[}Archive.org{]}]\from[url2322]).
\stopitemize
\placefigure{image46}{\externalfigure[./tex2pdf.-1a34188c73046814/f9e0d691359d2b48fa315e60f32965192acbe83f.png]}
\subsubsection[title={Linux (Qubes OS):},reference={linux-qubes-os-1}]
Please consider their guidelines
\useURL[url2323][https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md]\from[url2323]
\useURL[url2324][https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md][][{[}Archive.org{]}]\from[url2324]
If you are using Whonix on Qubes OS, please consider following some of
their guides:
\startitemize
\item
Whonix System Hardening guide
\useURL[url2325][https://www.whonix.org/wiki/System_Hardening_Checklist]\from[url2325]
\useURL[url2326][https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist][][{[}Archive.org{]}]\from[url2326]
\item
Enabling App Armor on Qubes
\useURL[url2327][https://www.whonix.org/wiki/Qubes/AppArmor]\from[url2327]
\useURL[url2328][https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor][][{[}Archive.org{]}]\from[url2328]
\item
Also, consider the use of Linux Kernel Guard
\useURL[url2329][https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG]\from[url2329]
\useURL[url2330][https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG][][{[}Archive.org{]}]\from[url2330]
\stopitemize
\subsubsection[title={Linux (non-Qubes):},reference={linux-non-qubes}]
\subsubsubsection[title={Guest OS:},reference={guest-os-1}]
Revert to an earlier snapshot of the Guest VM on Virtualbox (or any
other VM software you are using) and perform a trim command on your
laptop using \type{fstrim --all}. This utility is part of the
\type{util-linux} package on Debian/Ubuntu and should be installed by
default on Fedora. Then switch to the next section.
\subsubsubsection[title={Host OS:},reference={host-os-1}]
Normally you should not have traces to clean within the Host OS since
you are doing everything from a VM if you follow this guide.
Nevertheless, you might want to clean some logs. Consider having a look
this convenient (but unfortunately unmaintained) tool:
\useURL[url2331][https://github.com/sundowndev/covermyass]\from[url2331]
\useURL[url2332][https://web.archive.org/web/https://github.com/sundowndev/covermyass][][{[}Archive.org{]}]\from[url2332]
After cleaning up, make sure you have the fstrim utility installed
(should be by default on Fedora) and part of the \type{util-linux}
package on Debian/Ubuntu. Then just run \type{fstrim --all} on the Host
OS. This should be sufficient on SSD drives as explained earlier.
Consider the use of Linux Kernel Guard as an added measure
\useURL[url2333][https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG]\from[url2333]
\useURL[url2334][https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG][][{[}Archive.org{]}]\from[url2334]
\subsubsection[title={Windows:},reference={windows-4}]
\subsubsubsection[title={Guest OS:},reference={guest-os-2}]
Revert to an earlier snapshot on Virtualbox (or any other VM software
you are using) and perform a trim command on your Windows using the
Optimize as explained at the end of the next section
\subsubsubsection[title={Host OS:},reference={host-os-2}]
Now that you had a bunch of activities with your VMs or Host OS, you
should take a moment to cover your tracks. {\bf Most of these steps
should not be undertaken on the Decoy OS in case of the use of plausible
deniability. This is because you want to keep decoy/plausible traces of
sensible but not secret activities available for your adversary. If
everything is clean, then you might raise suspicion.}
\subsubsubsubsection[title={Diagnostic Data and
Telemetry:},reference={diagnostic-data-and-telemetry}]
First, let us get rid of any diagnostic data that could still be there:
\startitemize[packed]
\item
After each use of your Windows devices, go into Settings, Privacy,
Diagnostic & Feedback, and Click Delete.
\stopitemize
Then let us re-randomize the MAC addresses of your Virtual Machines and
the Bluetooth Address of your Host OS.
\startitemize
\item
After each shutdown of your Windows VM, change its MAC address for
next time by going into Virtualbox > Select the VM > Settings >
Network > Advanced > Refresh the MAC address.
\item
After each use of your Host OS Windows (your VM should not have
Bluetooth at all), Go into the Device Manager, Select Bluetooth,
Disable the Device and Re-Enable the device (this will force a
randomization of the Bluetooth Address).
\stopitemize
\subsubsubsubsection[title={Event logs:},reference={event-logs}]
Windows Event logs will keep many various pieces of information that
could contain traces of your activities such as the devices that were
mounted (including Veracrypt NTFS volumes for instance\footnote{Veracrypt
Documentation, Data Leaks
\useURL[url2335][https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\%20Leaks.html][][https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\letterpercent{}20Leaks.html]\from[url2335]
\useURL[url2336][https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data\%20Leaks.html][][{[}Archive.org{]}]\from[url2336]}),
your network connections, app crash information, and various errors. It
is always best to clean those up regularly. Do not do this on the Decoy
OS.
\startitemize
\item
Start, search for Event Viewer, and launch Event Viewer:
\startitemize
\item
Go into Windows logs.
\item
Select and clear all five logs using a right-click.
\stopitemize
\stopitemize
\subsubsubsubsection[title={Veracrypt
History:},reference={veracrypt-history}]
By default, Veracrypt saves a history of recently mounted volumes and
files. You should make sure Veracrypt never saves History. Again, do not
do this on the Decoy OS if you are using plausible deniability for the
OS. We need to keep the history of mounting the decoy Volume as part of
the plausible deniability:
\startitemize
\item
Launch Veracrypt
\item
Make sure the \quotation{Never saves history} checkbox is checked
(this should not be checked on the Decoy OS)
\stopitemize
Now you should clean the history within any app that you used including
Browser history, Cookies, Saved Passwords, Sessions, and Form History.
\subsubsubsubsection[title={Browser
History:},reference={browser-history}]
\startitemize
\item
Brave (in case you did not enable cleaning on exit)
\startitemize
\item
Go into Settings
\item
Go into Shields
\item
Go into Clear Browsing Data
\item
Select Advanced
\item
Select \quotation{All Time}
\item
Check all the options
\item
Clear Data
\stopitemize
\item
Tor Browser
\startitemize[packed]
\item
Just close the Browser and everything is cleaned
\stopitemize
\stopitemize
\subsubsubsubsection[title={Wi-Fi History:},reference={wi-fi-history}]
Now it is time to clear the history of the Wi-Fi you connect to.
Unfortunately, Windows keeps storing a list of past Networks in the
registry even if you \quotation{forgot} those in the Wi-Fi settings. As
far as we know, no utilities clean those yet (BleachBit or PrivaZer for
instance) so you will have to do it the manual way:
\startitemize
\item
Launch Regedit using this tutorial:
\useURL[url2337][https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11]\from[url2337]
\useURL[url2338][https://web.archive.org/web/https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11][][{[}Archive.org{]}]\from[url2338]
\item
Within Regedit, enter this to the address bar:
\type{Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles}
\item
There you will see a bunch of folders to the right. Each of those
folders is a \quotation{Key}. Each of those keys will contain
information about your current known Wi-Fi or past networks you used.
You can explore them one by one and see the description on the right
side.
\item
Delete all those keys.
\stopitemize
\subsubsubsubsection[title={Shellbags:},reference={shellbags}]
As explained earlier, Shellbags are basically histories of accessed
volumes/files on your computer. Remember that shellbags are
exceptionally useful sources of information for forensics\footnote{SANS,
Windows ShellBag Forensics in-depth
\useURL[url2339][https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545]\from[url2339]
\useURL[url2340][https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545][][{[}Archive.org{]}]\from[url2340]}
and you need to clean those. Especially if you mounted any
\quotation{hidden volume} anywhere. Again, you should not do this on the
Decoy OS:
\startitemize
\item
Download Shellbag Analyzer & Cleaner from
\useURL[url2341][https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php]\from[url2341]
\useURL[url2342][https://web.archive.org/web/https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php][][{[}Archive.org{]}]\from[url2342]
\startitemize
\item
Launch it
\item
Analyze
\item
Click Clean and select:
\startitemize
\item
Deleted Folders
\item
Folders on Network / External devices
\item
Search Results
\stopitemize
\item
Select advanced
\startitemize
\item
Check all except the two backup options (do not backup)
\item
Select SSD cleanup (if you have an SSD)
\item
Select one pass (All zero)
\item
Clean
\stopitemize
\stopitemize
\stopitemize
\subsubsubsubsection[title={Extra Tools
Cleaning:},reference={extra-tools-cleaning}]
After cleaning those earlier traces, you should also use third-party
utilities that can be used to clean various traces. These include the
traces of the files/folders you deleted.
Please refer to \goto{Appendix H: Windows Cleaning
Tools}[appendix-h-windows-cleaning-tools] before continuing.
\subsubsubsubsubsection[title={PrivaZer:},reference={privazer}]
Here are the steps for PrivaZer:
\startitemize
\item
Download and install PrivaZer from
\useURL[url2343][https://privazer.com/en/download.php]\from[url2343]
\useURL[url2344][https://web.archive.org/web/https://privazer.com/en/download.php][][{[}Archive.org{]}]\from[url2344]
\startitemize
\item
Run PrivaZer after install
\item
Do not use their Wizard
\item
Select Advanced User
\item
Select Scan in Depth and pick your Target
\item
Select Everything you want to Scan and push Scan
\item
Select What you want to be cleaned (skip the shell bag part since
you used the other utility for that)
\startitemize[packed]
\item
{\bf You should just skip the free space cleaning part if using an
SSD and instead just use the native Windows Optimize function (see
below) which should be more than enough. We would only use this on
an HDD drive.}
\stopitemize
\item
(If you did select Free Space cleaning) Select Clean Options and
make sure your type of Storage is well detected (HDD vs SSD).
\item
(If you did select Free Space cleaning) Within Clean Options
{\bf (Be careful with this option as it will erase all the free
space on the selected partition, especially if you are running the
decoy OS. Do not erase the free space or anything else on the second
partition as you risk destroying your Hidden OS)}
\startitemize
\item
If you have an SSD drive:
\startitemize
\item
Secure Overwriting Tab: We would just pick Normal Deletion +
Trim (Trim itself should be enough\footnote{St Cloud State
University, Forensic Research on Solid State Drives using Trim
Analysis
\useURL[url2345][https://web.archive.org//web/20220612095503/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds]\from[url2345]
\useURL[url2346][https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds][][{[}Archive.org{]}]\from[url2346]}).
Secure Deletion with Trim\footnote{Wikipedia, Trim
\useURL[url2347][https://en.wikipedia.org/wiki/Trim_(computing)]\from[url2347]
\useURL[url2348][https://wikiless.org/wiki/Trim_(computing)][][{[}Wikiless{]}]\from[url2348]
\useURL[url2349][https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)][][{[}Archive.org{]}]\from[url2349]}
(1 pass) might be redundant and overkill here if you intend to
overwrite the free space anyway.
\item
Free Space Tab: Personally, and again \quotation{just to be
sure}, we would select Normal Cleanup which will fill the entire
free space with Data. We do not really trust Smart Cleanup as it
does not actually fill all the free space of the SSD with Data.
But again, this is probably not needed and overkill in most
cases.
\stopitemize
\item
If you have an HDD drive:
\startitemize
\item
Secure Overwriting Tab: We would just pick Secure Deletion (1
pass).
\item
Free Space: We would just pick Smart Cleanup as there is no
reason to overwrite sectors without data on an HDD drive.
\stopitemize
\stopitemize
\item
Select Clean and Pick your flavor:
\startitemize
\item
Turbo Cleanup will only do normal deletion (on HDD/SSD) and will
not clean free space. It is not secure on an HDD nor an SSD.
\item
Quick Cleanup will do secure deletion (on HDD) and normal deletion
+ trim (on SSD) but will not clean free space. This is secure
enough for SSD but not for HDD.
\item
Normal Cleanup will do secure deletion (on HDD) and normal
deletion + trim (on SSD) and will then clean the whole free space
(Smart Cleanup on HDD and Full Cleanup on SSD) and should be
secure. This option is the best for HDD but completely overkill
for SSD.
\stopitemize
\item
Click Clean and wait for cleaning to finish. Could take a while and
will fill your whole free space with data.
\stopitemize
\stopitemize
\subsubsubsubsubsection[title={BleachBit:},reference={bleachbit}]
Here are the steps for BleachBit:
\startitemize
\item
Get and install the latest version from BleachBit here
\useURL[url2350][https://www.bleachbit.org/download]\from[url2350]
\useURL[url2351][https://web.archive.org/web/https://www.bleachbit.org/download][][{[}Archive.org{]}]\from[url2351]
\item
Run BleachBit
\item
Clean at least everything within those sections:
\startitemize
\item
Deep Scan
\item
Windows Defender
\item
Windows Explorer (including Shellbags)
\item
System
\item
Select any other traces you want to remove from their list
\startitemize[packed]
\item
Again, as with the earlier utility, we would not clean the free
space on an SSD drive because we think the Windows native
\quotation{optimize} utility is enough (see below) and that
filling up the free space on a trim enabled SSD is just completely
overkill and unnecessary.
\stopitemize
\item
Click Clean and wait. This will take a while and will fill your
whole free space with data on both HDD and SSD drives.
\stopitemize
\stopitemize
\subsubsubsubsection[title={Force a Trim with Windows Optimize (for SSD
drives):},reference={force-a-trim-with-windows-optimize-for-ssd-drives}]
With this Native Windows 10/11 utility, you can just trigger a Trim on
your SSD which should be more than enough to securely clean all deleted
files that somehow would have escaped Trim when deleting them.
Just open Windows Explorer, Right Click on your System Drive and click
Properties. Select Tools. Click Optimize and Defragment. You are done as
this will not defragment but only optimize. Meaning it will initiate a
Trim operation
(\useURL[url2352][https://en.wikipedia.org/wiki/Trim_(computing)]\from[url2352]
\useURL[url2353][https://wikiless.org/wiki/Trim_(computing)][][{[}Wikiless{]}]\from[url2353]
\useURL[url2354][https://web.archive.org/web/20220804150134/https://en.wikipedia.org/wiki/Trim_(computing)][][{[}Archive.org{]}]\from[url2354]).
\placefigure{image45}{\externalfigure[./tex2pdf.-1a34188c73046814/f7d944af668902072796d24866daeb5ea33ef361.png]}
\subsection[title={Removing some traces of your identities on search
engines and various
platforms:},reference={removing-some-traces-of-your-identities-on-search-engines-and-various-platforms}]
Chances are your actions (such as posts on various platforms, your
profiles) will be indexed (and cached) by many search engines.
Contrary to widespread belief, it is possible to have some but not all
this information removed by following some steps. While this might not
remove the information on the websites themselves, it will make it
harder for people to find it using search engines:
\startitemize
\item
First, you will have to delete your identities from the platform
themselves if you can. Most will allow this but not all. For some, you
might have to contact their support/moderators and for others, there
will be readily available forms to do so.
\item
If they do not allow the removal/deletion of profiles, there might be
a possibility for you to rename your identity. Change the username if
you can and all account information with bogus information including
the e-mail.
\item
If allowed, you can also sometimes edit past posts to remove the
information within those.
\stopitemize
You can check some useful information about how to and get delete
various accounts on these websites:
\startitemize
\item
\useURL[url2355][https://justdeleteme.xyz/]\from[url2355]
\useURL[url2356][https://web.archive.org/web/https://justdeleteme.xyz/][][{[}Archive.org{]}]\from[url2356]
\item
\useURL[url2357][https://justgetmydata.com/]\from[url2357]
\useURL[url2358][https://web.archive.org/web/https://justgetmydata.com/][][{[}Archive.org{]}]\from[url2358]
\stopitemize
When you are done with this part, you should now handle search engines
and while you may not be able to have the information deleted, you can
ask them to update/remove outdated information which could then remove
some cached information.
\subsubsection[title={Google:},reference={google-1}]
{\bf Unfortunately, this will require you to have a Google account to
request the update/removal (however this can be done with any Google
account from anyone). There is no way around this except waiting.}
Go to their \quotation{Remove outdated content from Google Search} page
here:
\useURL[url2359][https://search.google.com/search-console/remove-outdated-content]\from[url2359]
\useURL[url2360][https://web.archive.org/web/https://search.google.com/search-console/remove-outdated-content][][{[}Archive.org{]}]\from[url2360]
and submit a request accordingly.
If your profile/username was deleted/changed, they should re-index the
content and update accordingly, and remove these traces.
These requests might take several days to process. Be patient.
\subsubsection[title={Bing:},reference={bing}]
{\bf Unfortunately, this will require you to have a Microsoft account to
request the update/removal (however this can be done with any Microsoft
account from any identity). There is no way around this except waiting.}
Go to their \quotation{Content Removal} page here:
\useURL[url2361][https://www.bing.com/webmasters/tools/contentremoval]\from[url2361]
\useURL[url2362][https://web.archive.org/web/https://www.bing.com/webmasters/tools/contentremoval][][{[}Archive.org{]}]\from[url2362]
and submit a request accordingly.
If your profile/username was deleted/changed, they should re-index the
content and update accordingly, and remove these traces.
This might take several days to process. Be patient.
\subsubsection[title={DuckDuckGo:},reference={duckduckgo}]
DuckDuckGo does not store a cached version of pages\footnote{DuckDuckGo
help, Cache
\useURL[url2363][https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/]\from[url2363]
\useURL[url2364][https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/][][{[}Archive.org{]}]\from[url2364]}
and will instead forward you to a Google/Bing cached version if
available.
In addition, DuckDuckGo source most of their searches from Bing (and not
Google)\footnote{DuckDuckGo help, Sources
\useURL[url2365][https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/]\from[url2365]
\useURL[url2366][https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/][][{[}Archive.org{]}]\from[url2366]}
and therefore removing the content from Bing should in time have it
removed it from DuckDuckGo too.
\subsubsection[title={Yandex:},reference={yandex}]
{\bf Unfortunately, this will require you to have a Yandex account to
request removals (however this can be done with any Yandex account from
any identity). There is no way around this except waiting.}
Once have your Yandex account, head to the Yandex Webmaster tools
\useURL[url2367][https://webmaster.yandex.com]\from[url2367]
\useURL[url2368][https://web.archive.org/web/https://webmaster.yandex.com/][][{[}Archive.org{]}]\from[url2368]
and then select Tools and Delete URL
\useURL[url2369][https://webmaster.yandex.com/tools/del-url/]\from[url2369]
\useURL[url2370][https://web.archive.org/web/https://webmaster.yandex.com/tools/del-url/][][{[}Archive.org{]}]\from[url2370]
There you could input the URL that does not exist anymore if you had
them deleted.
This will only work with pages that have been deleted and therefore will
not work with removing the cache of existing records. For that
unfortunately there is no tool available to force a cache update, but
you can still try their feedback tool:
Search for the page that was changed (where your profile was
deleted/changed) and click the arrow next to the result. Select
Complain. And submit a complaint about the page not matching the search
result. Hopefully, this will force Yandex to re-crawl the page and
re-index it after some time. This could take days or weeks.
\subsubsection[title={Qwant:},reference={qwant}]
As far as we know, there is no readily available tool to force this, and
you will have to wait for the results to get updated if there is any. If
you know a way, please report this to us through the GitHub issues.
\subsubsection[title={Yahoo Search:},reference={yahoo-search}]
Yes, Yahoo Search still exists but as per their help page
\useURL[url2371][https://help.yahoo.com/kb/SLN4530.html]\from[url2371]
\useURL[url2372][https://web.archive.org/web/https://help.yahoo.com/kb/SLN4530.html][][{[}Archive.org{]}]\from[url2372],
there is no way to remove information or refresh information besides
waiting. This could take 6 to 8 weeks.
\subsubsection[title={Baidu:},reference={baidu}]
As far asWeknow, there is no readily available tool to force this unless
you control the website (and do it through their webmaster tools).
Therefore, you will have to wait for the results to get updated if there
is any. If you know a way, please report this to me through the GitHub
issues.
\subsubsection[title={Wikipedia:},reference={wikipedia}]
As far asWeknow, there is no way to remove information from Wikipedia
articles themselves but if you just want to remove traces of your
username from it (as a user that contributed), you can do so by
following these steps:
\useURL[url2373][https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing]\from[url2373]
\useURL[url2374][https://wikiless.org/wiki/Wikipedia:Courtesy_vanishing][][{[}Wikiless{]}]\from[url2374]
\useURL[url2375][https://web.archive.org/web/https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing][][{[}Archive.org{]}]\from[url2375]
This will not remove any information about your online identities that
could appear in other articles but only your own identity on Wikipedia
as a user.
\subsubsection[title={Archive.today:},reference={archive.today}]
Some information can sometimes be removed on demand (sensitive
information for example) as you can see many examples here:
\useURL[url2376][https://blog.archive.today/archive]\from[url2376]
This is done through their \quotation{ask} page here:
\useURL[url2377][https://blog.archive.today/ask]\from[url2377]
\subsubsection[title={Internet Archive:},reference={internet-archive}]
You can remove pages from internet archives but {\bf only if you own the
website in question} and contact them about it. Most likely you will not
be able to remove archives from say \quotation{Reddit posts} or anything
alike. But you could still ask and see what they answer.
As per their help page
\useURL[url2378][https://help.archive.org/hc/en-us/articles/360004651732-Using-The-Wayback-Machine]\from[url2378]
"How can we exclude or remove my site's pages from the Wayback Machine?
You can send an e-mail request for us to review to info@archive.org with
the URL (web address) in the text of your message".
\subsubsection[title={Others:},reference={others}]
Have a look at those websites:
\startitemize
\item
\useURL[url2379][https://justdeleteme.xyz/]\from[url2379]
\item
\useURL[url2380][https://inteltechniques.com/workbook.html]\from[url2380]
\useURL[url2381][https://web.archive.org/web/https://inteltechniques.com/workbook.html][][{[}Archive.org{]}]\from[url2381]
\stopitemize
\section[title={Some low-tech old-school
tricks:},reference={some-low-tech-old-school-tricks}]
\subsection[title={Hidden communications in plain
sight:},reference={hidden-communications-in-plain-sight}]
You must keep in mind that using all those security measures
(encryption, plausible deniability, VPN, tor, secure operating systems
\ldots{}) can make you suspicious just by using them. Using could be the
equivalent of stating openly \quotation{I something to hide} to an
observer which could then motivate some adversaries to
investigate/survey you further.
So, there are other ways you could exchange or send messages online to
others in case of need without disclosing your identity or establishing
direct communication with them. These have been in use by various
organizations for decades and can be of help if you do not want to
attract attention by using secure tech while still communicating some
sensitive information without attracting attention.
A commonly used technique that combines the idea of a Dead
Drop\footnote{Wikipedia, Dead Drop
\useURL[url2382][https://en.wikipedia.org/wiki/Dead_drop]\from[url2382]
\useURL[url2383][https://wikiless.org/wiki/Dead_drop][][{[}Wikiless{]}]\from[url2383]
\useURL[url2384][https://web.archive.org/web/https://en.wikipedia.org/wiki/Dead_drop][][{[}Archive.org{]}]\from[url2384]}
and Secure Communication Obfuscation\footnote{Wikipedia, Secure
Communication Obfuscation
\useURL[url2385][https://en.wikipedia.org/wiki/Obfuscation\#Secure_communication]\from[url2385]
\useURL[url2386][https://wikiless.org/wiki/Obfuscation][][{[}Wikiless{]}]\from[url2386]
\useURL[url2387][https://web.archive.org/web/https://en.wikipedia.org/wiki/Obfuscation][][{[}Archive.org{]}]\from[url2387]}
through Steganography\footnote{Wikipedia, Steganography
\useURL[url2388][https://en.wikipedia.org/wiki/Steganography]\from[url2388]
\useURL[url2389][https://wikiless.org/wiki/Steganography][][{[}Wikiless{]}]\from[url2389]
\useURL[url2390][https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography][][{[}Archive.org{]}]\from[url2390]}
and/or Kleptography\footnote{Wikipedia, Kleptography
\useURL[url2391][https://en.wikipedia.org/wiki/Kleptography]\from[url2391]
\useURL[url2392][https://wikiless.org/wiki/Kleptography][][{[}Wikiless{]}]\from[url2392]
\useURL[url2393][https://web.archive.org/web/https://en.wikipedia.org/wiki/Kleptography][][{[}Archive.org{]}]\from[url2393]}
and has many names such as Koalang\footnote{Wikipedia, Koalang
\useURL[url2394][https://en.wikipedia.org/wiki/Koalang]\from[url2394]
\useURL[url2395][https://wikiless.org/wiki/Koalang][][{[}Wikiless{]}]\from[url2395]
\useURL[url2396][https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang][][{[}Archive.org{]}]\from[url2396]}
or \quotation{Talking Around} or even \quotation{Social Steganography}.
This technique is very old and still widely used nowadays by teenagers
to bypass parental control. It is hiding in plain sight.
Here is one example if you want to let someone know something is wrong
and they should go dark? That they should immediately wipe all their
data, get rid of their burner phones and sensitive information?
What if you want to let someone you trust (friends, family, lawyers,
journalists \ldots{}) know that you are in trouble, and they should look
out for you?
All this without revealing the identity of the person you are sending
the message to nor disclosing the content of that message to any third
party and without raising suspicions and without using any of the secure
methods mentioned above.
Well, you could just use any online public platform for this (Instagram,
Twitter, Reddit, any forum, YouTube \ldots{}) by using in-context (of
the chosen platform/media) agreed upon (between you and your contact)
coded messages that only your contact would understand.
This could be a set of specific emojis or a specifically worded mundane
comment. Or even just a like on a specific post from a known influencer
you usually watch and like. While this would look completely normal to
anyone, this could mean a lot to a knowledgeable reader who could then
take appropriate agreed-upon actions. You could also hide the message
using Steganography using for instance
\useURL[url2397][https://stegcloak.surge.sh/]\from[url2397].
You do not even have to go that far. A simple \quotation{Last seen} time
on a specific account could be enough to trigger a message agreed upon.
If your interlocutor sees that this account was online. It could mean
there is an issue.
\subsection[title={How to spot if someone has been searching your
stuff:},reference={how-to-spot-if-someone-has-been-searching-your-stuff}]
There are some old tricks that you can use to spot if people have been
messing with your stuff while you were away.
One trick for instance is quite simple and just requires a wire/cable.
Simply lay objects on your desk/night table or in your drawers following
a straight line. You can use a simple USB cable as a tool to align them.
Make a line with your cable and place objects along the line. When you
are back, just check those places and check if the objects are still
placed along the line. This allows you not to remember precisely where
your things were without taking pictures.
Fortunately, modern technology has made this even simpler. If you
suspect someone might be looking through your stuff while you are away,
you can just take a picture of the area with your phone before leaving.
When you are back, just compare the areas with your pictures and
everything should be exactly where you left it. If anything moved, then
someone was there.
It will be extremely hard and time-consuming for an adversary to search
through your stuff and then replace it exactly as you left it with
complete precision.
What if it is a printed document or book and you want to know if someone
read it? Even simpler. Just carefully make a note within the document
with a pencil. And then erase it with any pencil eraser as if you wanted
to correct it. The trick is to carefully leave the eraser
traces/residues on the area you erased/pencil written areas and close
the document. You could also take a picture of the residues before
closing the document.
Most likely if someone went through your document to read it and
re-placed it carefully, this residue will fall off or be moved
significantly. It is a simple old-school trick that could tell you
someone searched a document you had.
\section[title={Some last OPSEC
thoughts:},reference={some-last-opsec-thoughts}]
Wait, what is OPSEC? Well, OPSEC means Operations Security\footnote{Wikipedia,
OPSEC
\useURL[url2398][https://en.wikipedia.org/wiki/Operations_security]\from[url2398]
\useURL[url2399][https://wikiless.org/wiki/Operations_security][][{[}Wikiless{]}]\from[url2399]
\useURL[url2400][https://web.archive.org/web/https://en.wikipedia.org/wiki/Operations_security][][{[}Archive.org{]}]\from[url2400]}.
The basic definition is: \quotation{OPSEC is the process of protecting
individual pieces of data that could be grouped together to give the
bigger picture.}
The important step here, and probably the easiest one, is a lesson you
can take from the movie Fight Club: the first rule is that you {\bf do
not} talk about Fight Club. This applies to many aspects of your online
operational security or OPSEC. Taking your time to go through this guide
will reward you with the tools and knowledge to embrace a fuller, more
secure experience on the internet. Rest assured that this guide will
reveal things to you that will frustrate your enemy. You will learn how
to protect your operating systems and lockdown your critical information
and ensure mission success. But the one thing you must adhere to is this
rule of thumb - do not talk about operation details. The biggest
adversarial threat to you is OSINT (discussed below and throughout the
document). The enemy will gather information on you based on what they
observe about you and your activities online and in real life.
Adversaries take many forms. To some, they are actors of a foreign
government, while to others they may be simply a rival company's
employee looking to find disgruntled workers to target for further
pressuring. To most, the general task of OPSEC is that this is your ship
- you must not do anything or say anything to sink your own ship. Simply
expressing your frustration with your boss or your work conditions or
your equipment, might be enough to generate not only a behavior profile
but also a vector of attack. A disgruntled employee, in this example, is
what generally provides enough information to warrant pressuring of that
employee for further information and possibly even extortion, blackmail,
or worse. Failure to implement basic OPSEC can lead to failure at
various points. It can lead to serious injury or even death if your
threat model is a determined attacker, foreign actor, and so on.
You must live by the simple rule that \quotation{loose lips sink ships}
- but also that they are usually your lips which will do the sinking.
OPSEC is often just applying common sense and being cautious about your
activities including in the physical world:
\subsection[title={Digital and Online
OPSEC},reference={digital-and-online-opsec}]
\startitemize
\item
{\bf Remember to use passphrases or suits of words instead of short
passwords and use a different one for each service. See \goto{Appendix
A2: Guidelines for passwords and
passphrases}[appendix-a2-guidelines-for-passwords-and-passphrases].}
\item
Make sure you are not keeping a copy of this guide anywhere unsafe
after. The sole presence of this guide will most likely defeat all
your plausible deniability possibilities.
\item
OSINT \quotation{yourself} and your identities from time to time by
looking for them yourself online using various search engines to
monitor your online identities. You can even automate the process
somewhat using various tools such as Google Alerts
\useURL[url2401][https://www.google.com/alerts]\from[url2401]
\useURL[url2402][https://web.archive.org/web/https://www.google.com/alerts][][{[}Archive.org{]}]\from[url2402].
\item
Do not ever use biometrics alone to safeguard your secrets. Biometrics
can be used without your consent.
\item
Do check the signatures and hashes of software and documents you
download before installing/viewing them.
\item
Do not have the same behavior such as visiting the same links on the
clearnet then visit the same with the your anoynous online identity.
Watch this DEF CON 25 presentation if you didn't before:
\useURL[url2403][https://www.youtube.com/watch?v=1nvYGi7-Lxo][][DEF
CON 25 - Svea Eckert, Andreas Dewes - Dark Data]\from[url2403]
\useURL[url2404][https://yewtu.be/watch?v=1nvYGi7-Lxo][][{[}Invidious{]}]\from[url2404].
\item
Encrypt everything but do not take it for granted. Remember the 5\$
wrench.
\stopitemize
\subsection[title={Physical and IRL
OPSEC},reference={physical-and-irl-opsec}]
\startitemize
\item
Remember the \goto{\quotation{Physically Tamper protect your
laptop}}[physically-tamper-protect-your-laptop] section.
\item
See \goto{\quotation{Appendix B4: Important notes about evil-maid and
tampering}}[appendix-b4-important-notes-about-evil-maid-and-tampering]
\item
Remember the \goto{How to spot if someone has been searching your
stuff}[how-to-spot-if-someone-has-been-searching-your-stuff] section.
\item
Consider the use of Haven
\useURL[url2405][https://guardianproject.github.io/haven/]\from[url2405]
\useURL[url2406][https://web.archive.org/web/https://guardianproject.github.io/haven/][][{[}Archive.org{]}]\from[url2406]
on some old android phone to keep watch on your home/room while you
are away.
\item
Remember \goto{Appendix N: Warning about smartphones and smart
devices}[appendix-n-warning-about-smartphones-and-smart-devices]. Do
not forget your smart devices can compromise your anonymity.
\item
Do not ever travel with those devices if you must pass strong border
checks and where they could be illegal or raise suspicion.
\item
Do not plug any equipment in that laptop unless you trust it. Use a
USB data blocker for charging.
\item
Remember the first rule of fight club and do not talk to anyone about
your sensitive activities using your real identity.
\item
Keep a normal life and do not be weird. If you spend all your online
time using Tor to access the internet and have no social network
accounts at all \ldots{} You are already suspicious and attracting
unnecessary attention.
\item
Keep plausible deniability as an option but remember it will not help
against the 5\$ wrench either.
\item
Never ever leave your laptop unattended/on/unlocked anywhere when
conducting sensitive activities. Remember the story of Ross Ulbricht
and his arrest
\useURL[url2407][https://en.wikipedia.org/wiki/Ross_Ulbricht\#Silk_Road,_arrest_and_trial]\from[url2407]
\useURL[url2408][https://wikiless.org/wiki/Ross_Ulbricht][][{[}Wikiless{]}]\from[url2408]
\useURL[url2409][https://web.archive.org/web/https://en.wikipedia.org/wiki/Ross_Ulbricht][][{[}Archive.org{]}]\from[url2409].
\item
Check for tampering regularly (not only your devices but also your
home/room).
\item
If you can, do not talk to the police/authorities (at least if you are
in the US)
\useURL[url2410][https://www.youtube.com/watch?v=d-7o9xYp7eE]\from[url2410]
\useURL[url2411][https://yewtu.be/watch?v=d-7o9xYp7eE][][{[}Invidious{]}]\from[url2411]
without a lawyer. Remain silent.
\item
Know and always have at your disposal the details of a lawyer that
could help you as a last resort in case things go wrong.
\item
Keep your situation awareness high but not too high as to appear
suspicious.
\item
Consider using a physical security key (e.g., YubiCo YubiKey) for
various protections against account compromise. {\bf (Not covered in
this version of the guide but is a work in progress for later
versions.)}
\item
Read the tips here
\useURL[url2412][https://www.whonix.org/wiki/DoNot]\from[url2412]
\useURL[url2413][https://web.archive.org/web/https://www.whonix.org/wiki/DoNot][][{[}Archive.org{]}]\from[url2413]
\item
{\bf Have common sense, do not be dumb, look and learn from others'
mistakes, watch/read these:}
\startitemize
\item
Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep
Making
\useURL[url2414][https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c]\from[url2414]
\useURL[url2415][https://scribe.rip/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c][][{[}Scribe.rip{]}]\from[url2415]
\useURL[url2416][https://web.archive.org/web/https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c][][{[}Archive.org{]}]\from[url2416]
\item
2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still
Matters
\useURL[url2417][https://www.youtube.com/watch?v=IqZZU9lFlF4]\from[url2417]
\useURL[url2418][https://yewtu.be/watch?v=IqZZU9lFlF4][][{[}Invidious{]}]\from[url2418]
\item
2020, RSA Conference 2020, When Cybercriminals with Good OpSec
Attack
\useURL[url2419][https://www.youtube.com/watch?v=zXmZnU2GdVk]\from[url2419]
\useURL[url2420][https://yewtu.be/watch?v=zXmZnU2GdVk][][{[}Invidious{]}]\from[url2420]
\item
2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How
People Got Caught
\useURL[url2421][https://www.youtube.com/watch?v=eQ2OZKitRwc]\from[url2421]
\useURL[url2422][https://yewtu.be/watch?v=eQ2OZKitRwc][][{[}Invidious{]}]\from[url2422]
(\useURL[url2423][https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf][][Slides]\from[url2423]
\useURL[url2424][https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf][][{[}Archive.org{]}]\from[url2424])
\item
2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman
Seleznev
\useURL[url2425][https://www.youtube.com/watch?v=6Chp12sEnWk]\from[url2425]
\useURL[url2426][https://yewtu.be/watch?v=6Chp12sEnWk][][{[}Invidious{]}]\from[url2426]
\item
2017,
\useURL[url2427][https://www.youtube.com/watch?v=1nvYGi7-Lxo][][DEF
CON 25 - Svea Eckert, Andreas Dewes - Dark Data]\from[url2427]
\useURL[url2428][https://yewtu.be/watch?v=1nvYGi7-Lxo][][{[}Invidious{]}]\from[url2428]
\item
2015, DEF CON 22, Zoz, Don't Fuck It Up!
\useURL[url2429][https://www.youtube.com/watch?v=J1q4Ir2J8P8]\from[url2429]
\useURL[url2430][https://yewtu.be/watch?v=J1q4Ir2J8P8][][{[}Invidious{]}]\from[url2430]
\item
2020, Bad Opsec, How Tor Users Got Caught,
\useURL[url2431][https://www.youtube.com/watch?v=GR_U0G-QGA0]\from[url2431]
\useURL[url2432][https://yewtu.be/watch?v=GR_U0G-QGA0][][{[}Invidious{]}]\from[url2432]
\item
2022, Master of OpSec Masters: A View Through the Prism of Time,
\useURL[url2433][https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q]\from[url2433]
\useURL[url2434][https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q][][{[}Archive.org{]}]\from[url2434]
\item
2022, How can you become a one-man-army OSINT specialist?
\useURL[url2435][https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws]\from[url2435]
\useURL[url2436][https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws][][{[}Archive.org{]}]\from[url2436]
\stopitemize
\stopitemize
It is recommended that you learn about the common ways people mess up
OPSEC
\useURL[url2437][https://dan-kir.github.io/2022/05/26/OPSEC-notes.html]\from[url2437]
\useURL[url2438][https://web.archive.org/web/20220717064253/https://dan-kir.github.io/2022/05/26/OPSEC-notes.html][][{[}Archive.org{]}]\from[url2438].
Whatever you do, take OPSEC seriously, and
\useURL[url2439][https://www.youtube.com/watch?v=J1q4Ir2J8P8][][Don't
Fuck It Up!]\from[url2439]
{\bf FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY
SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE
ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL IDENTITY
ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. MOST
OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER
THAN TECHNICAL FAILURES.}
\section[title={What to do if you detected tampering or searching
?},reference={what-to-do-if-you-detected-tampering-or-searching}]
\startitemize
\item
In the case of a laptop, they likely placed a key-logger, and possible
network and gps capabilities. We recommend to open your laptop take
the drive (which should be fully encrypted) and leave for a safe place
and abandonning the laptop. Do not try to remove the \quotation{bug}
as this could put you in physical danger.
\item
If you detected searching of your room, home\ldots{} Again we
recommend leaving for a safe place while abandoning everything in the
room that could also be \quotation{bugged}.
\item
Do your best to not let your adversary suspect or know you detected
the search and/or the tampering. Be creative. Call a friend for
example just to tell you're gonna go to the supermarket to buy food.
\stopitemize
\section[title={{\bf If you think you got
burned:}},reference={if-you-think-you-got-burned}]
\subsection[title={If you have some
time:},reference={if-you-have-some-time}]
\startitemize
\item
Don't Panic.
\item
Delete everything you can from the internet related to that specific
identity (accounts, comments \ldots{}).
\item
Delete everything offline you have related to that identity including
the backups.
\item
(If using a physical SIM) Destroy the SIM card and trash it in a
random trash can somewhere.
\item
(If using a physical Burner Phone) Erase then destroy the Burner phone
and trash it in a random trashcan somewhere.
\item
Securely erase the laptop hard drive and then ideally proceed to
physically destroy the HDD/SSD/Laptop and trash it somewhere.
\item
Do the same with your backups.
\item
Keep the details of your lawyer nearby or if needed, call them in
advance to prepare your case if needed.
\item
Return to your normal activities and hope for the best.
\stopitemize
\subsection[title={If you have no
time:},reference={if-you-have-no-time}]
\startitemize
\item
Don't Panic.
\item
Try to shut down/hibernate the laptop as soon as possible and hope for
the best. If you are fast enough, your memory should decay or be
cleaned, and your data should be mostly safe for the time being.
\item
Contact a lawyer if possible and hope for the best and if you cannot
contact one (yet), {\bf try to remain silent (if your country allows
it) until you have a lawyer to help you and if your law allows you to
remain silent.}
\stopitemize
Keep in mind that many countries have specific laws to compel you to
reveal your passwords that could override your \quotation{right to
remain silent}. See this Wikipedia article:
\useURL[url2440][https://en.wikipedia.org/wiki/Key_disclosure_law]\from[url2440]
\useURL[url2441][https://wikiless.org/wiki/Key_disclosure_law][][{[}Wikiless{]}]\from[url2441]
\useURL[url2442][https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law][][{[}Archive.org{]}]\from[url2442]
and this other visual resource with law references
\useURL[url2443][https://www.gp-digital.org/world-map-of-encryption/]\from[url2443]
\useURL[url2444][https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/][][{[}Archive.org{]}]\from[url2444].
\section[title={A small final editorial
note:},reference={a-small-final-editorial-note}]
After reading this whole guide, we hope you will have gained some
additional beneficial insight about privacy and anonymity. It is clear
now, in my humble opinion, that the world we live in has only a few safe
harbors remaining where one could have a reasonable expectation of
privacy and even less so anonymity. Many will often say that 1984 by
George Orwell was not meant to be an instruction book. Yet today this
guide and its many references should, we hope, reveal to you how far
down we are in the rabbit hole.
You should also know that most of the digital information described in
length in this guide can be forged or tampered with by a motivated
adversary for any purpose. Even if you do manage to keep secrets from
prying eyes, anyone can fabricate anything to fit their narrative:
\startitemize
\item
IP logs, DNS logs, Geolocation logs, and Connection logs can be forged
or tampered with by anyone using a simple text editor without leaving
traces.
\item
Files and their properties can be created, altered, and timestamped by
anyone using simple utilities without leaving traces.
\item
EXIF information of pictures and videos can be altered by anyone using
simple utilities without leaving traces.
\item
Digital Evidence (Pictures, Videos, Voice Recordings, E-Mails,
Documents\ldots{}) be crafted, placed, removed, or destroyed with ease
without leaving traces.
\stopitemize
You should not hesitate to question this type of information from any
source in this age of disinformation.
{\bf \quotation{A lie can travel halfway around the world while the
truth is putting on its shoes}}\footnote{Quote Investigator, A Lie Can
Travel Halfway Around the World While the Truth Is Putting On Its
Shoes
\useURL[url2445][https://quoteinvestigator.com/2014/07/13/truth/]\from[url2445]
\useURL[url2446][https://web.archive.org/web/https://quoteinvestigator.com/2014/07/13/truth/][][{[}Archive.org{]}]\from[url2446]}
Please keep thinking for yourself, use critical thinking, and keep an
open mind. \quotation{Sapere Aude} (Dare to know!).
{\bf \quotation{In the end the Party would announce that two and two
made five, and you would have to believe it} -- George Orwell, 1984,
Book One, Chapter Seven.}
Consider helping others (see \goto{Helping others staying
anonymous}[helping-others-staying-anonymous])
\section[title={Donations:},reference={donations}]
{\bf This project has no funding or sponsoring, and donations are more
than welcome.}
See:
\useURL[url2447][https://anonymousplanet.org/donations.html]\from[url2447]
{\bf (Please do verify the checksum and GPG signature of this file for
authenticity, this is explained in the README of the repository if you
do not know how to do that)}.
\section[title={Helping others staying
anonymous:},reference={helping-others-staying-anonymous}]
If you want to give a hand to users facing censorship and oppression,
please consider helping them by helping the Tor Network. You can do so
in several ways:
\startitemize
\item
The Easiest:
\startitemize[packed]
\item
Using the Snowflake addon on your browser
(\useURL[url2448][https://snowflake.torproject.org/]\from[url2448]
\useURL[url2449][https://web.archive.org/web/https://snowflake.torproject.org/][][{[}Archive.org{]}]\from[url2449])
\stopitemize
\item
Slightly more work:
\startitemize
\item
Running a Tor relay node
(\useURL[url2450][https://community.torproject.org/relay/]\from[url2450]
\useURL[url2451][https://web.archive.org/web/https://community.torproject.org/relay/][][{[}Archive.org{]}]\from[url2451])
\startitemize
\item
See {[}Recommended VPS hosting providers{]}
\item
Additional Tutorial:
\useURL[url2452][https://torrelay.ca/]\from[url2452]
\useURL[url2453][https://web.archive.org/web/https://torrelay.ca/][][{[}Archive.org{]}]\from[url2453]
\stopitemize
\stopitemize
\stopitemize
If you want a bit more challenge, you can also run a Tor Exit node
anonymously using the recommended VPS providers above.
For this, see
\useURL[url2454][https://blog.torproject.org/tips-running-exit-node]\from[url2454]
\useURL[url2455][https://web.archive.org/web/https://blog.torproject.org/tips-running-exit-node][][{[}Archive.org{]}]\from[url2455]
This project for instance is running several Tor Exit nodes using
donations to fund. You can see them here:
\useURL[url2456][https://metrics.torproject.org/rs.html\#search/family:970814F267BF3DE9DFF2A0F8D4019F80C68AEE26]\from[url2456]
\section[title={Acknowledgments:},reference={acknowledgments}]
\startitemize
\item
{\bf Very Special Thanks to Edward Snowden and who inspired me to
write this guide (buy and read his book please
\useURL[url2457][https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)]\from[url2457]}
\useURL[url2458][https://wikiless.org/wiki/Permanent_Record_(autobiography)][][{[}Wikiless{]}]\from[url2458]
\useURL[url2459][https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)][][{[}Archive.org{]}]\from[url2459]{\bf )}
\item
{\bf Huge thanks to the people who donated to this project
anonymously}
\item
{\bf Special Thanks to LiJu09 for helping with the Light theme of the
website
(}\useURL[url2460][https://github.com/LiJu09]\from[url2460]{\bf )}
\item
{\bf Special Thanks to Simplelogin.io people for providing a free
lifetime premium access to their service}
\item
Thanks to GitHub for hosting this project and the many people who
starred it
\item
Thanks to Njal.la for providing a domain name and VPS hosting
anonymously
\item
Thanks to 1984.is for providing VPS hosting anonymously
\item
Thanks to all the people who contributed and shared this guide with
others
\item
Thanks to the people at the Internet Archive and Archive.today
projects
\item
Thanks to the people at the Monero project
\item
Thanks to the people at the Zcash project
\item
Thanks to the people at the Wikipedia project
\item
Thanks to the people at the Tails project
\item
Thanks to the people at the HiddenVM project
\item
Thanks to the people at the Whonix project
\item
Thanks to the people at the Qubes OS project
\item
Thanks to the people at the Veracrypt project
\item
Thanks to the people at the Tor and OONI Projects
\item
Thanks to the people at the Briar project
\item
Thanks to the people at the OnionShare project
\item
Thanks to the people at the Element/Matrix project
\item
Thanks to the people at the Jami project
\item
Thanks to the people at the KeePass and KeePassXC projects
\item
Thanks to the people at the Fawkes project
\item
Thanks to the people at the VirtualBox project
\item
Thanks to the people at the ExifCleaner, Mat2, and ExifTool projects
\item
Thanks to the people at the Go Incognito Project from Techlore
\item
Thanks to Didier Stevens for his pdf-tools
\item
Thanks to the people at the EFF
\item
Thanks to the people at the SANS
\item
Thanks to the people at the OWASP Project
\item
Thanks to the people at the Privacyguides.org project
\item
Thanks to the people at BlackHat, DEF CON, and CCC
\item
Thanks to the people at Bellingcat and other OSINT/Forensics
researchers {\bf (and sorry for making their life more difficult with
this guide)}
\item
Thanks to the makers of the Social Dilemma documentary {\bf (go watch
it if you did not yet)}
\item
Thanks to Michael Bazzell and his great OSINT books which we recommend
you {\bf buy} at
\useURL[url2461][https://inteltechniques.com]\from[url2461]
\item
Thanks to Randall Munroe at XKCD for his great and insightful
webcomics.
\item
Thanks to the people at the various few commercial entities who do
take privacy seriously
\item
Thanks to the whole open-source community and especially the Linux
community
\item
Thanks to the many researchers, journalists, lawyers, and individuals
referenced in this guide for their various research and projects
\item
Thanks to the following individuals for their input and help:
\startitemize
\item
NobodySpecial,
\useURL[url2462][https://git.envs.net/NobodySpecial/whoami]\from[url2462]
\item
Mahanihaka
\stopitemize
\stopitemize
\section[title={Appendix A: Windows
Installation},reference={appendix-a-windows-installation}]
This is the Windows 10/11 installation process that should be valid for
any Windows 10/11 install within this guide.
\subsubsection[title={Windows 10 (See below for Windows
11)},reference={windows-10-see-below-for-windows-11}]
\subsection[title={Installation:},reference={installation-5}]
DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS
(This will allow us to create a Local Account and not use a Microsoft
account and it will also prevent any telemetry from being sent out
during the install process).
\startitemize
\item
(Only for VirtualBox VM Install) Go into the VirtualBox Machine
Settings menu. Select network. Unplug the cable.
\item
Click \quotation{Install Now}
\item
Select \quotation{I don't have a product key}
\item
Select the flavor you want:
\startitemize
\item
Host OS: Use
\startitemize
\item
You intend to use Plausible Deniability: Windows Home
\item
You do not intend to use Plausible Deniability: Windows Pro
\stopitemize
\item
VM OS: Use Windows Pro or Windows Pro N
\stopitemize
\item
Select Custom
\item
Storage:
\startitemize
\item
If this is a simple OS installation (Host OS with Simple Encryption)
or VM without encryption, {\bf select the whole disk} and proceed
with the installation (skip the next step).
\item
If this is part of a plausible deniability encryption set up on the
Host OS:
\startitemize
\item
If you are installing Windows for the first time (Hidden OS):
\startitemize
\item
Delete the current partitions
\item
Create the First partition with at least 50GB of disk space
(about a third of the total disk space).
\item
Create a second partition with the remaining two-thirds of the
total disk space.
\stopitemize
\item
If you are installing Windows for the second time (Decoy OS):
\startitemize
\item
Do not Delete the current partitions
\item
Install Windows on the first partition you created during the
first install.
\stopitemize
\item
Proceed with the install in the first partition
\stopitemize
\stopitemize
\item
Start the install process
\item
Select the Region \quotation{United States}
\item
Skip the additional Keyboard Layout
\item
Select \quotation{I don't have internet}
\item
Select \quotation{Continue with limited setup}
\item
Create a username of your choice.
\item
Use a password of your choice.
\item
Select all three security questions and answer whatever you want (not
real data).
\item
Do not use Online Speech Recognition
\item
Do not let the app use your location
\item
Do not enable \quotation{find my device}
\item
Only send \quotation{required diagnostic data}
\item
Do not improve Inking and Typing
\item
Do not get any improved tailored experience.
\item
Do not let apps use Advertising ID
\item
Select \quotation{Now} at the Cortana prompt
\stopitemize
\subsection[title={Privacy Settings:},reference={privacy-settings}]
\startitemize
\item
When the install is finished, get into Settings > Go on the top left
menu icon and sekect Privacy and Security
\startitemize
\item
When the install is finished, get into Settings > Privacy and do the
following:
\item
General: All Off
\item
Speech: Off
\item
Inking and Typing: Off
\item
Diagnostic: Required level at off, options on OFF, {\bf Delete your
data}, frequency set to Never
\item
Activity History: all Off and Clear the history
\item
Location, all Off (change button) and clear it
\item
Camera: Disable it (change button)
\item
Microphone: Disable it (change button)
\item
Voice Activation: All Off
\item
Notification: Disable it (change button)
\item
Account info: Disable it (change button)
\item
Contact info: Disable it (change button)
\item
Calendar access: Disable it (change button)
\item
Phone calls: Disable it (change button)
\item
Call History: Disable it (change button)
\item
E-mail: Disable it (change button)
\item
Tasks: Disable it (change button)
\item
Messaging: Disable it (change button)
\item
Radios: Disable it (change button)
\item
Other devices: Set to Off
\item
Background Apps: Disable it (change button)
\item
App Diagnostics: Disable it (change button)
\item
Automatic file download disabled
\item
Documents: Disable it (change button)
\item
Pictures: Disable it (change button)
\item
Videos: Disable it (change button) and set to off
\item
File system: Disable it (change button)
\item
Disable File Indexing by going into the \quotation{Indexing Options}
(Go into Windows 11 Control Panel, Switch the view to
\quotation{Large Icons} and select Indexing Options.
\item
Modify the list and remove all locations.
\item
Go into Advanced and click Rebuild.
\item
(Host OS only) Disable Bluetooth in the settings:
\item
Go into Settings
\item
Go into Devices
\item
Select Bluetooth and turn it off
\stopitemize
\item
(Host OS Only) Tape the Webcam and Microphone anyway for extra
paranoia.
\item
(Host OS Only) Go into Settings > Network & Internet > Wi-Fi and
Enable Random Hardware Address.
\stopitemize
\subsubsection[title={Windows 11},reference={windows-11}]
\subsection[title={Installation:},reference={installation-6}]
DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS
(This will allow us to create a Local Account and not use a Microsoft
account and it will also prevent any telemetry from being sent out
during the install process).
\startitemize
\item
(Only for VirtualBox VM Install) Go into the VirtualBox Machine
Settings menu. Select network. Unplug the cable. For this task, you
can also follow this excellent tutorial by Oracle
\useURL[url2463][https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox]\from[url2463]
\useURL[url2464][https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox][][{[}Archive.org{]}]\from[url2464]
\item
Select your language, currency and keyboard layout
\item
Click \quotation{Install Now}
\item
(Only for VirtualBox VM Install) Push Shift and F10 at the same time
\item
(Only for VirtualBox VM Install) Launch \quotation{regedit} in the
command prompt
\item
(Only for VirtualBox VM Install) When the Registry Editor opens,
navigate to \type{HKEY_LOCAL_MACHINE\SYSTEM\Setup}, right-click on the
\quotation{Setup} key and select \quotation{New => Key}. When prompted
to name the key, enter \quotation{LabConfig} and press enter.
\item
(Only for VirtualBox VM Install) Now right-click on the
\quotation{LabConfig} key and select \quotation{New => DWORD (32-bit)}
value and create a value named \quotation{BypassTPMCheck}, and set its
data to \quotation{1}. With the same steps create the
\quotation{BypassRAMCheck} and \quotation{BypassSecureBootCheck}
\item
Select \quotation{I don't have a product key}
\item
Accept the agreement
\item
Select the flavor you want:
\startitemize
\item
Host OS: Use
\startitemize
\item
You intend to use Plausible Deniability: Windows Home
\item
You do not intend to use Plausible Deniability: Windows Pro
\stopitemize
\item
VM OS: Use Windows Pro or Windows Pro N
\stopitemize
\item
Select Custom Install
\item
Storage:
\startitemize
\item
If this is a simple OS installation (Host OS with Simple Encryption)
or VM without encryption, {\bf select the whole disk} and proceed
with the installation (skip the next step).
\item
If this is part of a plausible deniability encryption set up on the
Host OS:
\startitemize
\item
If you are installing Windows for the first time (Hidden OS):
\startitemize
\item
Delete the current partitions
\item
Create the First partition with at least 50GB of disk space
(about a third of the total disk space).
\item
Create a second partition with the remaining two-thirds of the
total disk space.
\stopitemize
\item
If you are installing Windows for the second time (Decoy OS):
\startitemize
\item
Do not Delete the current partitions
\item
Install Windows on the first partition you created during the
first install.
\stopitemize
\item
Proceed with the install in the first partition
\stopitemize
\stopitemize
\item
Start the install process
\item
Select the Region \quotation{United States}
\item
Select the Keyboard Layout and skip a second layout
\item
Select \quotation{I don't have internet}
\item
Select \quotation{Continue with limited setup}
\item
Create a username of your choice.
\item
Use a password of your choice.
\item
Select all three security questions and answer whatever you want (not
real data).
\item
Ddisable Location
\item
Disable find my device
\item
Disable optional diagnostic data
\item
Only send \quotation{required diagnostic data}
\item
Do not improve Inking and Typing
\item
Disable the tailored experience.
\item
Disable the Advertising ID
\item
Click Accept
\stopitemize
\subsection[title={Privacy Settings:},reference={privacy-settings-1}]
\startitemize
\item
When the install is finished, get into Settings > Privacy and do the
following:
\startitemize
\item
General: All Off
\item
Speech: Off
\item
Inking and Typing: Off
\item
Diagnostic: Required level at off, options on OFF, {\bf Delete your
data}, frequency set to Never
\item
Activity History: all Off and Clear the history
\item
Location, all Off (change button) and clear it
\item
Camera: Disable it (change button)
\item
Microphone: Disable it (change button)
\item
Voice Activation: All Off
\item
Notification: Disable it (change button)
\item
Account info: Disable it (change button)
\item
Contact info: Disable it (change button)
\item
Calendar access: Disable it (change button)
\item
Phone calls: Disable it (change button)
\item
Call History: Disable it (change button)
\item
E-mail: Disable it (change button)
\item
Tasks: Disable it (change button)
\item
Messaging: Disable it (change button)
\item
Radios: Disable it (change button)
\item
Other devices: Set to Off
\item
Background Apps: Disable it (change button)
\item
App Diagnostics: Disable it (change button)
\item
Automatic file download disabled
\item
Documents: Disable it (change button)
\item
Music Library: Disable it (change button)
\item
Pictures: Disable it (change button)
\item
Videos: Disable it (change button) and set to off
\item
File system: Disable it (change button)
\item
Disable File Indexing by going into the \quotation{Indexing Options}
(Go into Windows 11 Control Panel, Switch the view to
\quotation{Large Icons} and select Indexing Options.
\item
Modify the list and remove all locations.
\item
Go into Advanced and click Rebuild.
\item
(Host OS only) Disable Bluetooth in the settings:
\item
Go into Settings
\item
Go into Devices
\item
Select Bluetooth and turn it off
\stopitemize
\item
(Host OS Only) Tape the Webcam and Microphone anyway for extra
paranoia.
\item
(Host OS Only) Go into Settings > Network & Internet > Wi-Fi and
Enable Random Hardware Address.
\stopitemize
\section[title={Appendix B: Windows Additional Privacy
Settings},reference={appendix-b-windows-additional-privacy-settings}]
As written earlier in this guide and as noted by
PrivacyGuides.org\footnote{Privacyguides.org, Operating Systems
\useURL[url2465][https://www.privacyguides.org/tools/\#operating-systems]\from[url2465]
\useURL[url2466][https://web.archive.org/web/https://www.privacyguides.org/tools/\#operating-systems][][{[}Archive.org{]}]\from[url2466]},
Windows 10/11 is a privacy nightmare. And disabling everything during
and after the installation using the settings available to you is not
enough. The amount of telemetry data collected by Microsoft is
staggering and could defeat your attempts at keeping secrets. You will
need to download and use a couple of utilities to (hopefully) force
Windows 10/11 into not sending data back to Microsoft.
Here are the steps in detail:
\startitemize
\item
{\bf DO NOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you are, you
should be re-installing this Windows Machine without connecting to a
network and use a local account instead.}
\item
Do these steps from a different computer. Do not connect Windows 10/11
to the internet before those settings are applied. You can download
and copy those to the USB key (for transfer onto a Windows 10/11 fresh
installation) or if it is a VM, you can transfer them to the VM within
Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable
Host to Guest).
\item
(For more advanced users) Download and install W10Privacy from
\useURL[url2467][https://www.w10privacy.de/english-home/]\from[url2467]
\useURL[url2468][https://web.archive.org/web/https://www.w10privacy.de/english-home/][][{[}Archive.org{]}]\from[url2468]
\startitemize[packed]
\item
Open the app as Administrator (right-click > more > run as
administrator)
\item
Check all the recommended (Green) settings and save.
\item
Optional but recommended (but could break things, use at your own
risk), also check the orange/red settings, and save.
\item
Reboot
\stopitemize
\item
Download and run WindowsSpyBlocker from
\useURL[url2469][https://crazymax.dev/WindowsSpyBlocker/download/]\from[url2469]
\useURL[url2470][https://web.archive.org/web/https://crazymax.dev/WindowsSpyBlocker/download/][][{[}Archive.org{]}]\from[url2470]
\startitemize[packed]
\item
Type 1 and go into Telemetry
\item
Type 1 and go into Firewall
\item
Type 2 and add Spy Rules
\item
Reboot
\stopitemize
\item
Also, consider using ShutUp10++ from
\useURL[url2471][https://www.oo-software.com/en/shutup10]\from[url2471]
\useURL[url2472][https://web.archive.org/web/https://www.oo-software.com/en/shutup10][][{[}Archive.org{]}]\from[url2472]
\startitemize[packed]
\item
Enable at least all the recommended settings
\stopitemize
\item
Finally, again for users with moderate skills, consider installing
Safing Portmaster from
\useURL[url2473][https://safing.io/portmaster/]\from[url2473]
\useURL[url2474][https://web.archive.org/web/https://safing.io/portmaster][][{[}Archive.org{]}]\from[url2474]
{\bf (Warning: there might be issues with some VPN clients. See:
\useURL[url2475][https://docs.safing.io/portmaster/install/status/vpn-compatibility]\from[url2475]}
\useURL[url2476][https://web.archive.org/web/https://safing.io/portmaster/][][{[}Archive.org{]}]\from[url2476]
\item
Go back one last time to the settings to delete Diagnostic and Delete
all Data.
\stopitemize
These measures added to the settings during installation should be
hopefully sufficient to prevent Microsoft from snooping on your OS.
{\bf You will need to update and re-run those utilities frequently and
after any Windows major update as they tend to silently re-enable
telemetry using those updates.}
{\bf As a bonus, it could be interesting to also consider Hardening your
Windows Host OS somewhat. See
\useURL[url2477][https://github.com/beerisgood/windows10_hardening]\from[url2477]}
\useURL[url2478][https://web.archive.org/web/https://github.com/beerisgood/windows10_hardening][][{[}Archive.org{]}]\from[url2478]
(This is a security guide, not a privacy guide. If you use this guide,
do not enable Hyper-V as it does not play well with Virtualbox, and do
not enable features that were specifically disabled for privacy reasons
earlier. Such as SmartScreen, cloud protection\ldots{})
\section[title={Appendix C: Windows Installation Media Creation (Windows
10) or Download (Windows
11)},reference={appendix-c-windows-installation-media-creation-windows-10-or-download-windows-11}]
\subsection[title={Windows 10},reference={windows-10}]
These are the steps to create a Windows 10 (21H1) Installation Media
using this tool and instructions:
\useURL[url2479][https://www.microsoft.com/en-us/software-download/windows10]\from[url2479]
\useURL[url2480][https://web.archive.org/web/https://www.microsoft.com/en-us/software-download/windows10][][{[}Archive.org{]}]\from[url2480]
\startitemize
\item
Download the tool and execute it from your Download folder.
\item
Agree to the terms
\item
Select the process to Create an installation Media.
\item
Select Windows 10 64 Bits edition with the language of your choice.
\item
Pick which process you want:
\startitemize
\item
If installing on a physical computer: Select USB Flash Drive.
\item
If installing on a Virtual Machine: Select ISO file and save it.
\stopitemize
\item
Proceed
\stopitemize
\subsection[title={Windows 11},reference={windows-11-1}]
\startitemize[packed]
\item
Go to https://www.microsoft.com/software-download/windows11 and
download the ISO.
\stopitemize
\section[title={Appendix D: Using System Rescue to securely wipe an SSD
drive.},reference={appendix-d-using-system-rescue-to-securely-wipe-an-ssd-drive.}]
These instructions are valid for all Operating Systems:
\startitemize
\item
System Rescue:
\startitemize
\item
Create a System Rescue USB disk following these instructions
\useURL[url2481][https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/]\from[url2481]
\useURL[url2482][https://web.archive.org/web/https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/][][{[}Archive.org{]}]\from[url2482]
(download the ISO and write to a USB stick with Rufus).
\item
Disable Secure Boot in your BIOS/UEFI settings and change the boot
order to the USB disk (System Rescue bootloader is not signed and
will not boot with secure boot enabled).
\item
Follow the instructions to change the keyboard layout by typing
\quotation{stkmap}.
\item
(optional) Run startx afterward to start a graphical environment.
\stopitemize
\item
SATA SSD:
\startitemize
\item
(If you ran startx) Open a terminal
\item
ATA Secure Erase:
\startitemize
\item
Follow one of these tutorials
\startitemize
\item
\useURL[url2483][https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing]\from[url2483]
\useURL[url2484][https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing][][{[}Archive.org{]}]\from[url2484]
\item
\useURL[url2485][https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase]\from[url2485]
\useURL[url2486][https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase][][{[}Archive.org{]}]\from[url2486]
\item
\useURL[url2487][https://tinyapps.org/docs/wipe_drives_hdparm.html]\from[url2487]
\useURL[url2488][https://web.archive.org/web/https://tinyapps.org/docs/wipe_drives_hdparm.html][][{[}Archive.org{]}]\from[url2488]
\stopitemize
\stopitemize
\item
ATA Sanitize:
\startitemize[packed]
\item
Follow this tutorial
\useURL[url2489][https://tinyapps.org/docs/ata_sanitize_hdparm.html]\from[url2489]
\useURL[url2490][https://web.archive.org/web/https://tinyapps.org/docs/ata_sanitize_hdparm.html][][{[}Archive.org{]}]\from[url2490]
\stopitemize
\stopitemize
\item
NVMe SSD:
\startitemize
\item
(If you ran startx) Open a terminal
\item
Follow one of these tutorials:
\startitemize
\item
\useURL[url2491][https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing]\from[url2491]
\useURL[url2492][https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing][][{[}Archive.org{]}]\from[url2492]
\item
\useURL[url2493][https://tinyapps.org/docs/nvme-secure-erase.html]\from[url2493]
\useURL[url2494][https://web.archive.org/web/https://tinyapps.org/docs/nvme-secure-erase.html][][{[}Archive.org{]}]\from[url2494]
\item
\useURL[url2495][https://tinyapps.org/docs/nvme-sanitize.html]\from[url2495]
\useURL[url2496][https://web.archive.org/web/https://tinyapps.org/docs/nvme-sanitize.html][][{[}Archive.org{]}]\from[url2496]
\stopitemize
\stopitemize
\stopitemize
\section[title={Appendix E:
Clonezilla},reference={appendix-e-clonezilla}]
\startitemize
\item
Get Clonezilla by just following these instructions:
\useURL[url2497][https://clonezilla.org/liveusb.php]\from[url2497]
\useURL[url2498][https://web.archive.org/web/https://clonezilla.org/liveusb.php][][{[}Archive.org{]}]\from[url2498]
(I recommend the Alternative version AMD64 that should work with most
recent laptops)
\item
Boot from Clonezilla
\item
Follow these steps to make a backup:
\useURL[url2499][https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image]\from[url2499]
\useURL[url2500][https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image][][{[}Archive.org{]}]\from[url2500]
\startitemize
\item
{\bf If you are backing up a disk with simple Encryption, encryption
of the backup is not required since you are backing up an already
encrypted disk, but you can still encrypt the backup anyway if you
want additional security (and slower backup).}
\item
{\bf If you intend to back up a device with plausible deniability
encryption, we strongly recommend against it as this backup image
could be used to prove the existence of the hidden volume using
forensics techniques as explained earlier. Do not make an image
backup of the partition containing your hidden OS.}
\stopitemize
\item
You are done, if you need to restore, follow these instructions:
\useURL[url2501][https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image]\from[url2501]
\useURL[url2502][https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image][][{[}Archive.org{]}]\from[url2502]
\stopitemize
Each backup could take a while depending on the speed of your laptop and
the speed of your external drive. In my experience, expect about 1 hour
per backup depending on the drive size and the write speed of your
backup media (my tests were done backing up 256GB SSDs on a USB 3.0
7200rpm HDD).
\section[title={Appendix F: Diskpart},reference={appendix-f-diskpart}]
Diskpart is a Windows utility that can be used to perform various
operations on your hard drive. In this case, You will use Diskpart to
show the Disk ID but also change it if necessary.
This could be needed if you restore a backup on a new HDD/SSD that has
an ID that differs from the one backed up and Windows could refuse to
boot.
Diskpart can be run from any Windows environment using a command prompt.
This includes recovery disks created by utilities such as Macrium
Reflect, any Windows Installation media, EaseUS Todo Free rescue disks.
\startitemize
\item
{\bf Displaying the disk ID}
\startitemize
\item
Run Diskpart to enter the Diskpart utility
\item
Issue the \type{list disk} command to list the disks
\item
Issue the \type{sel disk x} (replace x with your system disk) to
select your system disk
\item
Issue the \type{detail disk} to show the details of this disk
\item
Take note of the disk ID (this should be done BEFORE backing up your
disks).
\stopitemize
\item
{\bf Changing the disk ID}
\startitemize
\item
This step should only be done if, after restoring a full disk backup
to a new hard drive, Windows refuses to boot
\item
Issue the same commands as above on the target new disk
\item
Issue, in addition, the command \type{uniqueid disk id=02345678}
(where you replace the id by the one you noted before)
\stopitemize
\stopitemize
\section[title={Appendix G: Safe Browser on the Host
OS},reference={appendix-g-safe-browser-on-the-host-os}]
\subsection[title={If you can use
Tor:},reference={if-you-can-use-tor-2}]
This guide will {\bf only recommend} using Tor Browser within the host
OS because it has the best protection by default. The only other
acceptable option in my opinion would be to use Brave Browser with a Tor
tab {\bf but keep in mind that Brave themselves recommend the use of Tor
Browser if you feel your safety depends on being anonymous}
\useURL[url2503][https://web.archive.org/web/https://www.whonix.org/wiki/Chat][][{[}Archive.org{]}]\from[url2503]{\bf :
\quotation{If your personal safety depends on remaining anonymous, we
highly recommend using Tor Browser instead of Brave Tor windows.}.}
This Browser on the host OS will only be used to download various
utilities and will never be used for actual sensitive activities.
Refer to \goto{Appendix Y: Installing and using desktop Tor
Browser}[appendix-y-installing-and-using-desktop-tor-browser].
If you are experiencing issues connecting to Tor due to Censorship or
Blocking, you might consider using Tor bridges as explained here:
\useURL[url2504][https://bridges.torproject.org/]\from[url2504]
\useURL[url2505][https://web.archive.org/web/https://bridges.torproject.org/][][{[}Archive.org{]}]\from[url2505]
{\bf Use this browser for all the next steps within the host OS unless
instructed otherwise.}
\subsection[title={If you cannot use
Tor:},reference={if-you-cannot-use-tor-7}]
Because it is too dangerous/risky/suspicious. We would recommend as a
last resort using Firefox, or Brave only using Private Windows for now.
See \goto{Appendix P: Accessing the internet as safely as possible when
Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
before continuing.
Only do this from a different safe public Wi-Fi every time (See
\goto{Find some safe places with decent public
Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi]) and using a
long-range connection (See \goto{Appendix Q: Using long-range Antenna to
connect to Public Wi-Fis from a safe
distance:}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance]).
Clean all the data from the browser after each use.
{\bf Use this method for all the next steps within the host OS unless
instructed otherwise.}
\section[title={Appendix H: Windows Cleaning
Tools},reference={appendix-h-windows-cleaning-tools}]
In this guide we will recommend two-third native tools and two
third-party tools:
\startitemize
\item
Native Tools:
\startitemize[packed]
\item
Windows 10/11 Disk Cleanup Utility:
\useURL[url2506][https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68]\from[url2506]
\useURL[url2507][https://web.archive.org/web/https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68][][{[}Archive.org{]}]\from[url2507]
\stopitemize
\stopitemize
\startblockquote
This tool will clean up a bunch of things natively. It is not enough,
and we instead recommend using the third-party tools below to clean more
stuff. PrivaZer for instance will use the disk cleanup utility directly
itself and BleachBit will use its own mechanisms.
\stopblockquote
\startitemize[packed]
\item
Windows 10/11 Optimize Utility (Defrag on HDD Drives):
\useURL[url2508][https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a]\from[url2508]
\useURL[url2509][https://web.archive.org/web/https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a][][{[}Archive.org{]}]\from[url2509]
(yes the tutorial is for Windows 10 but should work on 11 too)
\stopitemize
\startblockquote
For security, this tool is particularly useful on SSD drives at this
\quotation{Optimize} function will in fact force a Disk wide Trim
operation to occur. This will most likely be more than enough to make
sure any deleted data that was not trimmed before for any reason will be
this time. Deleted data with Trim is very unlikely to be recovered as
explained before in this guide.
\stopblockquote
\startitemize
\item
Third-Party Tools:
\startitemize
\item
The open-source utility BleachBit
\useURL[url2510][https://www.bleachbit.org/]\from[url2510]
\useURL[url2511][https://web.archive.org/web/https://www.bleachbit.org/][][{[}Archive.org{]}]\from[url2511]
\item
The closed-source utility PrivaZer
\useURL[url2512][https://privazer.com/]\from[url2512]
\useURL[url2513][https://web.archive.org/web/https://privazer.com/][][{[}Archive.org{]}]\from[url2513]
\stopitemize
\stopitemize
I prefer PrivaZer because it has more customization and smarter
features, but we would understand if you do not trust them and prefer
open-source software in which case we would recommend BleachBit which
offers a bit less customization but similar functionalities.
Both these tools can be used for cleaning many things such as:
\startitemize
\item
The Windows USN journal which stores plenty of information.
\item
The Windows System Resource Usage Monitor (SRUM)\footnote{Medium.com,
Digging into the System Resource Usage Monitor (SRUM)
\useURL[url2514][https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375]\from[url2514]
\useURL[url2515][https://scribe.rip/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375][][{[}Scribe.rip{]}]\from[url2515]
\useURL[url2516][https://web.archive.org/web/https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375][][{[}Archive.org{]}]\from[url2516]}.
\item
Various histories of various programs (such as the recent lists).
\item
Various logs
\item
The free (unallocated) space of your hard drive{]}\footnote{SANS,
Timestamped Registry & NTFS Artifacts from Unallocated Space
\useURL[url2517][https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/]\from[url2517]
\useURL[url2518][https://web.archive.org/web/https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/][][{[}Archive.org{]}]\from[url2518]}.
\item
Secure deletion of files
\item
Secure wiping of USB drives
\stopitemize
Both these utilities can delete files and can overwrite the free space
after deletion to improve secure deletion even on SSD drives. Remember
this can reduce the lifespan of your SSD drives a bit.
\section[title={Appendix I: Using ShredOS to securely wipe an HDD
drive:},reference={appendix-i-using-shredos-to-securely-wipe-an-hdd-drive}]
Several utilities are recommended (like the old unmaintained
DBAN\footnote{DBAN, \useURL[url2519][https://dban.org/]\from[url2519]
\useURL[url2520][https://web.archive.org/web/https://dban.org/][][{[}Archive.org{]}]\from[url2520]}
or System Rescue CD
(\useURL[url2521][https://www.system-rescue.org/]\from[url2521]
\useURL[url2522][https://web.archive.org/web/https://www.system-rescue.org/][][{[}Archive.org{]}]\from[url2522]))
for this but we will recommend the use of ShredOS.
Feel free to go with DBAN instead if you want (using this tutorial:
\useURL[url2523][https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148]\from[url2523]
\useURL[url2524][https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148][][{[}Archive.org{]}]\from[url2524]),
the process is basically the same but will not work out of the box with
UEFI laptops.
If you want to go with System-Rescue, just head to their website and
follow the instructions.
\subsection[title={Windows:},reference={windows-5}]
\startitemize
\item
Download ShredOS from
\useURL[url2525][https://github.com/PartialVolume/shredos.x86_64]\from[url2525]
\useURL[url2526][https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64][][{[}Archive.org{]}]\from[url2526]
\item
Unzip the ISO file
\item
Download Rufus from \useURL[url2527][https://rufus.ie/]\from[url2527]
\useURL[url2528][https://web.archive.org/web/https://rufus.ie/][][{[}Archive.org{]}]\from[url2528]
\item
Launch Rufus
\item
Select the ShredOS IMG file
\item
Write it to a USB key
\item
When done, reboot and boot the USB key (you might have to go into your
BIOS settings to change the boot order for this).
\item
Follow the instructions on the screen
\stopitemize
\subsection[title={Linux:},reference={linux-2}]
\startitemize
\item
Follow instructions on
\useURL[url2529][https://github.com/PartialVolume/shredos.2020.02]\from[url2529]
\useURL[url2530][https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64][][{[}Archive.org{]}]\from[url2530]
\item
Reboot and boot the USB key
\item
Follow the instructions on the screen
\stopitemize
\section[title={Appendix J: Manufacturer tools for Wiping HDD and SSD
drives:},reference={appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives}]
{\bf Always check your laptop BIOS/UEFI for native utilities first.}
{\bf Be sure to use the right wipe mode for the right disk. Wipe and
Passes are for HDD drives. There are specific options for SSD drives
(such as ATA Secure Erase or Sanitize).}
Unfortunately, most of these tools are Windows only.
\subsection[title={Tools that provide a boot disk for wiping from
boot:},reference={tools-that-provide-a-boot-disk-for-wiping-from-boot}]
\startitemize
\item
SanDisk DashBoard:
\useURL[url2531][https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information]\from[url2531]
\useURL[url2532][https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information][][{[}Archive.org{]}]\from[url2532]
\item
Seagate SeaTools:
\useURL[url2533][https://www.seagate.com/support/downloads/seatools/]\from[url2533]
\useURL[url2534][https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/][][{[}Archive.org{]}]\from[url2534]
\item
Samsung Magican:
\useURL[url2535][https://www.samsung.com/semiconductor/minisite/ssd/download/tools/]\from[url2535]
\useURL[url2536][https://web.archive.org/web/https://www.samsung.com/semiconductor/minisite/ssd/download/tools/][][{[}Archive.org{]}]\from[url2536]
\item
Kingston SSD Manager:
\useURL[url2537][https://www.kingston.com/unitedstates/en/support/technical/ssdmanager]\from[url2537]
\useURL[url2538][https://web.archive.org/web/https://www.kingston.com/unitedstates/en/support/technical/ssdmanager][][{[}Archive.org{]}]\from[url2538]
\item
Lenovo:
\startitemize
\item
Most likely native utility available within the BIOS/UEFI, please
check
\item
Drive Erase Utility:
\useURL[url2539][https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad]\from[url2539]
\useURL[url2540][https://web.archive.org/web/https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad][][{[}Archive.org{]}]\from[url2540]
\stopitemize
\item
Crucial Storage Executive:
\useURL[url2541][https://www.crucial.com/support/storage-executive]\from[url2541]
\useURL[url2542][https://web.archive.org/web/https://www.crucial.com/support/storage-executive][][{[}Archive.org{]}]\from[url2542]
\item
Western Digital Dashboard:
\useURL[url2543][https://support.wdc.com/downloads.aspx?p=279]\from[url2543]
\useURL[url2544][https://web.archive.org/web/https://support.wdc.com/downloads.aspx?p=279][][{[}Archive.org{]}]\from[url2544]
\item
HP: Follow instructions on
\useURL[url2545][https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd]\from[url2545]
\useURL[url2546][https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd][][{[}Archive.org{]}]\from[url2546]
\item
Transcend SSD Scope:
\useURL[url2547][https://www.transcend-info.com/Support/Software-10/]\from[url2547]
\useURL[url2548][https://web.archive.org/web/https://www.transcend-info.com/Support/Software-10/][][{[}Archive.org{]}]\from[url2548]
\item
Dell:
\startitemize[packed]
\item
Most likely native utility available within the BIOS/UEFI, please
check
\useURL[url2549][https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt]\from[url2549]
\useURL[url2550][https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt][][{[}Archive.org{]}]\from[url2550]
\stopitemize
\stopitemize
\subsection[title={Tools that provide only support from running OS (for
external
drives).},reference={tools-that-provide-only-support-from-running-os-for-external-drives.}]
\startitemize[packed]
\item
Toshiba Storage Tools:
\useURL[url2551][https://www.toshiba-storage.com/downloads/]\from[url2551]
\useURL[url2552][https://web.archive.org/web/https://www.toshiba-storage.com/downloads/][][{[}Archive.org{]}]\from[url2552]
\stopitemize
\section[title={Appendix K: Considerations for using external SSD
drives},reference={appendix-k-considerations-for-using-external-ssd-drives}]
{\bf I do not recommend using external SSDs due to the uncertainty about
their support for Trim, ATA Secure Erase, and Sanitize options through
USB controllers. Instead, we recommend using external HDD disks which
can be cleaned/wiped safely and securely without hassle (albeit much
slower than SSD drives).}
Please do not buy or use gimmicky self-encrypting devices such as these:
\useURL[url2553][https://syscall.eu/blog/2018/03/12/aigo_part1/]\from[url2553]
\useURL[url2554][https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/][][{[}Archive.org{]}]\from[url2554]
Some might be very efficient\footnote{NYTimes, Lost Passwords Lock
Millionaires Out of Their Bitcoin Fortunes
\useURL[url2555][https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html]\from[url2555]
\useURL[url2556][https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html][][{[}Archive.org{]}]\from[url2556]}
but many are gimmicky gadgets.
If you want to use an external SSD drive for sensitive storage:
\startitemize
\item
Please consider the support for:
\startitemize
\item
Trim operations and ATA/NVMe secure erase operations from your
Laptop USB controller.
\item
Trim operations and ATA/NVMe secure erase operations from your USB
SSD disk itself.
\stopitemize
\item
Always use full disk encryption on those disks
\item
{\bf Use the manufacturer-provided tools to securely erase them if
possible (see \goto{Appendix K: Considerations for using external SSD
drives}[appendix-k-considerations-for-using-external-ssd-drives]).}
\item
Consider manually wiping data on them after use by doing a full
decryption/encryption or filling them completely with random data.
\stopitemize
So how to check if your external USB SSD supports Trim and other
ATA/NVMe operations from your Host OS?
\subsection[title={Windows:},reference={windows-6}]
\subsubsection[title={Trim Support:},reference={trim-support}]
It is possible Windows will detect your external SSD properly and enable
Trim by default. Check if Optimize Works using the Windows Native disk
utility as explained in the internal SSD section of Windows.
\subsubsection[title={ATA/NVMe Operations (Secure
Erase/Sanitize):},reference={atanvme-operations-secure-erasesanitize}]
{\bf Use the manufacturer-provided tools to check and perform these
operations} \ldots{} It is pretty much the only way to be sure it is not
only supported but actually works. Some utilities can tell you whether
it is supported or not like CrystalDiskInfo
\useURL[url2557][https://web.archive.org/web/https://element.io/][][{[}Archive.org{]}]\from[url2557]
but will not actually check if it is working. See \goto{Appendix J:
Manufacturer tools for Wiping HDD and SSD
drives}[appendix-j-manufacturer-tools-for-wiping-hdd-and-ssd-drives].
If it does not work. Just decrypt and re-encrypt the whole drive or fill
up the free space as instructed in the guide. There is no other way
AFAIK. Besides booting up a System Rescue Linux CD and see the next
section.
\subsection[title={Linux:},reference={linux-3}]
\subsubsection[title={Trim Support:},reference={trim-support-1}]
Follow this good tutorial:
\useURL[url2558][https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux]\from[url2558]
\useURL[url2559][https://web.archive.org/web/https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux][][{[}Archive.org{]}]\from[url2559]
\subsubsection[title={ATA/NVMe Operations (Secure
Erase/Sanitize):},reference={atanvme-operations-secure-erasesanitize-1}]
{\bf It is not \quotation{recommended}. Please read the disclaimers here
\useURL[url2560][https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase]\from[url2560]}
\useURL[url2561][https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase][][{[}Archive.org{]}]\from[url2561]
{\bf and here
\useURL[url2562][https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing]\from[url2562]}
\useURL[url2563][https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing][][{[}Archive.org{]}]\from[url2563]
But this seems to be based on anecdotal experiences. So, if you are sure
your external SSD supports Trim (see vendor documentation). You could
just {\bf try at your own risk} to use nvme-cli or hdparm to issue
secure erases.
See also this tutorial
\useURL[url2564][https://code.mendhak.com/securely-wipe-ssd/]\from[url2564]
\useURL[url2565][https://web.archive.org/web/https://code.mendhak.com/securely-wipe-ssd/][][{[}Archive.org{]}]\from[url2565]
{\bf Your mileage may vary. Use at your own risk.}
\subsection[title={macOS:},reference={macos-5}]
\subsubsection[title={Trim Support:},reference={trim-support-2}]
According to Apple Documentation\footnote{Wikipedia, Koalang
\useURL[url2566][https://en.wikipedia.org/wiki/Koalang]\from[url2566]
\useURL[url2567][https://wikiless.org/wiki/Koalang][][{[}Wikiless{]}]\from[url2567]
\useURL[url2568][https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang][][{[}Archive.org{]}]\from[url2568]},
Trim is supported on APFS (asynchronously) and HFS+ (through period trim
or first-aid).
So, if it is supported (and enabled on your external SSD), you should be
able to issue a Trim on a non-APFS drive using Disk Utility and First
Aid which should issue a Trim.
If your disk supports it but it is not enabled in macOS. You could try
issuing a \quotation{sudo trimforce enable} command from the Terminal
and see if it enables Trim on your external SSD. And then again check
the first aid command if it is not APFS (see this Tutorial for info
\useURL[url2569][https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789]\from[url2569]
\useURL[url2570][https://web.archive.org/web/https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789][][{[}Archive.org{]}]\from[url2570])
If it does not work, we are not aware of any reliable method to enable
TRIM besides the commercial utility Trim Enabler here
\useURL[url2571][https://cindori.org/trimenabler/]\from[url2571]
\useURL[url2572][https://web.archive.org/web/https://cindori.org/trimenabler/][][{[}Archive.org{]}]\from[url2572]
which claims support for external drives.
\subsubsection[title={ATA/NVMe Operations (Secure
Erase/Sanitize):},reference={atanvme-operations-secure-erasesanitize-2}]
We are not aware of any method of doing so reliably and safely on macOS.
So, you will have to try one of these options:
\startitemize
\item
Use a bootable System Rescue USB Linux to do it
\item
Just decrypt and re-encrypt the drive using Disk Utility or Veracrypt
\item
Fill up the free space of the disk using the Linux method (dd)
\stopitemize
\section[title={Appendix L: Creating a mat2-web guest VM for removing
metadata from
files},reference={appendix-l-creating-a-mat2-web-guest-vm-for-removing-metadata-from-files}]
Download the latest Debian testing amd64 netinst ISO from
\useURL[url2573][https://www.debian.org/CD/netinst/]\from[url2573]
\useURL[url2574][https://web.archive.org/web/https://www.debian.org/CD/netinst/][][{[}Archive.org{]}]\from[url2574]
{\bf (Get testing to get the latest mat2 release, stable is a few
versions back)}
This is very lightweight, and we recommend doing it from a VM (VM inside
a VM) to benefit from Whonix Tor Gateway. While it is possible to put
this VM directly behind a Whonix Gateway, Whonix will not easily allow
communications between VMs on its network by default. You could also
just leave it on Clearnet during the install process and then leave it
on the Host-Only network later, or install it from a VM within a VM then
move it to host OS for Host-Only usage like we show below:
\startitemize[n,packed][stopper=.,width=2.0em]
\item
Create a new machine with any name like {\bf Mat2}.
\item
Select {\bf Linux} for the Type.
\item
Select {\bf Debian (64-bit)} as the Version.
\item
Leave the default options and click {\bf Create}.
\item
Select the VM and click {\bf Settings}.
\item
Select {\bf System} and disable the {\bf Floppy disk} on the
Motherboard tab.
\item
Select the Processor tab and {\bf enable PAE/NX}.
\item
Select {\bf Audio} and {\bf disable Audio}.
\item
Select {\bf USB} and {\bf disable the USB controller}.
\item
Select {\bf Storage} and select the CD drive to mount the Debian
Netinst ISO.
\item
Select {\bf Network} and {\bf Attach to NAT}.
\item
Launch the VM.
\item
Select {\bf Install} (not Graphical install).
\item
Select {\bf Language}, {\bf Location}, and {\bf Keyboard layout} as
you wish.
\item
Wait for the network to configure (automatic DHCP). This takes a few
seconds.
\item
Pick a name like {\bf Mat2}.
\item
Leave the {\bf domain} empty.
\item
Set a {\bf root} password as you wish (preferably a good one).
\item
Create a new {\bf user} and {\bf password} as you wish (preferably a
good one).
\item
Select the {\bf Time Zone} of your choice.
\item
Select {\bf Guided - Use the entire disk}.
\item
Select the only disk available ({\bf /dev/sda} in our case).
\item
Select {\bf All files in one partition}.
\item
Confirm and write changes to the disk.
\item
Select {\bf No} to scan any other CD or DVD.
\item
Select any region and any mirror of your choice and leave {\bf proxy}
blank.
\item
Select {\bf No} to take part in any survey.
\item
Select {\bf only System Standard Utilities}. Uncheck everything else
using {\bf space}.
\item
Select {\bf Yes} to install GRUB bootloader.
\item
Select {\bf /dev/sda} and continue.
\item
Complete the install and reboot.
\item
Log in with your {\bf user} or {\bf root}. You should never use root
directly as a best security practice but in this case, it is okay.
\item
Update your install by running \type{apt upgrade}. It should be
upgraded since it is a net install, but we're double checking.
\item
Install the necessary packages for mat2 by running
\type{apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi}.
\item
Go to the {\bf /var/www} directory by running \type{cd /var/www/}.
\item
{\bf Clone mat2-web} from the mat2-web repository by issuing
\type{git clone https://0xacab.org/jvoisin/mat2-web.git}.
\item
{\bf Create a directory for uploads} by running
\type{mkdir ./mat2-web/uploads/}.
\item
{\bf Give permissions to Apache2} to read the files by running
\type{chown -R www-data:www-data ./mat2-web}.
\item
{\bf Enable apache2 uwsgi proxy} by running
\type{/usr/sbin/a2enmod proxy_uwsgi}.
\item
{\bf Upgrade pip} by running
\type{python3 -m pip install pip --upgrade}.
\item
{\bf Install these Python modules} by running
\type{python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2}.
\item
{\bf Move to the config directory} of mat2 by running
\type{cd /var/www/mat2-web/config/}.
\item
{\bf Copy the apache2 config file} to {\bf /etc} by running
\type{cp apache2.config /etc/apache2/sites-enabled/apache2.conf}.
\item
{\bf Remove the default config file} by running
\type{rm /etc/apache2/sites-enabled/000-default.conf}.
\item
{\bf Edit the apache2 config file} provided by mat2-web by running
\type{nano /etc/apache2/sites-enabled/apache2.conf}.
\item
{\bf Remove the first line} \type{Listen 80} by typing {\bf Ctrl+K} to
cut the line.
\item
{\bf Change the uwsgi path} from
\type{/var/www/mat2-web/mat2-web.sock} to \type{/run/uwsgi/uwsgi.sock}
and type {\bf Ctrl+X} to exit, followed by {\bf Y} then {\bf Enter}.
\item
{\bf Copy the uwsgi config file} to {\bf /etc} by running
\type{cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini}.
\item
{\bf Edit the uwsgi config file} by typing
\type{nano /etc/uwsgi/apps-enabled/uwsgi.ini} and change {\bf uid} and
{\bf guid} to \type{nobody} and \type{nogroup} respectively. Save and
exit with {\bf Ctrl+X}, followed by {\bf Y}, then {\bf Enter}.
\item
Run \type{chown -R 777 /var/www/mat2-web} to change ownership to
{\bf mat2-web}.
\item
{\bf Restart uwsgi} by running \type{systemctl restart uwsgi}. There
should be no errors.
\item
{\bf Restart apache2} by running \type{systemctl restart apache2}.
There should be no errors.
\item
Now navigate to {\bf Settings} > {\bf Network} > {\bf Attached to} and
{\bf select Host-only Adapter}. Click {\bf OK} to save.
\item
Reboot the VM via {\bf Machine} > {\bf Reset}. Confirm the reset.
\item
Log into the VM as the {\bf user} from {\bf Step 19} and type
\type{ip a}. Note the IP address it was assigned under link/ether, the
one that has {\bf 192.168.*.*}.
\item
From the VM Host OS, {\bf open a Browser} and navigate to the IP of
your Debian VM. It will be something like: {\bf http://192.168.1.55}.
\item
You should now see a Mat2-Web website running smoothly.
\item
{\bf Shutdown the Mat2 guest VM} by running \type{shutdown -h now} to
halt the machine.
\item
{\bf Take a snapshot of the VM} within Virtualbox while the guest VM
is shutdown.
\stopitemize
{\bf Restart the Mat2 VM* and you are ready to use Mat2-web to remove
metadata from most files!}
After use, shut down the VM and revert to the snapshot to remove traces
of the uploaded files. This VM does not require any internet access
unless you want to update it, in which case, you need to place it back
on the {\bf NAT network} and do the next steps.
For updates of Debian, {\bf start the VM} and run \type{apt update}
followed by \type{apt upgrade}.
For updates of mat2-web, type \type{cd /var/www/mat2-web} and run
\type{git pull}.
After updates, shutdown, change to the {\bf Host-only Adapter}, take a
new snapshot, remove the earlier one.
You are done.
Now you can just start this small Mat2 VM when needed. Browse to it from
your Guest VM and use the interface to remove any metadata from most
files. After each use of this VM, you should revert to the Snapshot to
erase all traces.
{\bf Do not ever expose this VM to any network unless temporarily for
updates. This web interface is not suitable for any direct external
access.}
\section[title={Appendix M: BIOS/UEFI options to wipe disks in various
Brands},reference={appendix-m-biosuefi-options-to-wipe-disks-in-various-brands}]
Here are some links on how to securely wipe your drive (HDD/SSD) from
the BIOS for various brands:
\startitemize
\item
Lenovo ThinkPads:
\useURL[url2575][https://support.lenovo.com/be/en/solutions/migr-68369]\from[url2575]
\useURL[url2576][https://web.archive.org/web/https://support.lenovo.com/be/en/solutions/migr-68369][][{[}Archive.org{]}]\from[url2576]
\item
HP (all):
\useURL[url2577][https://support.hp.com/gb-en/document/c06204100]\from[url2577]
\useURL[url2578][https://web.archive.org/web/https://support.hp.com/gb-en/document/c06204100][][{[}Archive.org{]}]\from[url2578]
\item
Dell (all):
\useURL[url2579][https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe]\from[url2579]
\useURL[url2580][https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe][][{[}Archive.org{]}]\from[url2580]
\item
Acer (Travelmate only):
\useURL[url2581][https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks]\from[url2581]
\useURL[url2582][https://web.archive.org/web/https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks][][{[}Archive.org{]}]\from[url2582]
\item
Asus: no option AFAIK except maybe for some ROG models.
\item
Gigabyte: no option AFAIK
\item
Honor: no option AFAIK
\item
Huawei: no option AFAIK
\stopitemize
\section[title={Appendix N: Warning about smartphones and smart
devices},reference={appendix-n-warning-about-smartphones-and-smart-devices}]
When conducting sensitive activities, remember that:
\startitemize
\item
{\bf You should not bring your real smartphone or smart devices with
you (even turned off).} Correlation attacks are possible on the Cell
Networks to find which phone \quotation{turned off} before your burner
phone \quotation{turned on}. While this might not work the first time,
after a few times, the net will tighten, and you will get compromised.
It is better to leave your main smartphone at home online (see this
article (Russian, use Google Translate link):
\useURL[url2583][https://biboroda.livejournal.com/4894724.html]\from[url2583]
\useURL[url2584][https://translate.google.com/translate?hl=&sl=ru&tl=en&u=https\%3A\%2F\%2Fbiboroda.livejournal.com\%2F4894724.html&anno=2][][{[}Google
Translate{]}]\from[url2584]
\useURL[url2585][https://web.archive.org/web/https://biboroda.livejournal.com/4894724.html][][{[}Archive.org{]}]\from[url2585]{\bf )}
\item
{\bf Again, do not take them with you unless it is absolutely
necessary.} {\bf If you really must,} you could consider powering it
off and removing the battery or, if not possible, the use of a faraday
cage\footnote{Wikipedia, Faraday Cage,
\useURL[url2586][https://en.wikipedia.org/wiki/Faraday_cage]\from[url2586]
\useURL[url2587][https://wikiless.org/wiki/Faraday_cage][][{[}Wikiless{]}]\from[url2587]
\useURL[url2588][https://web.archive.org/web/https://en.wikipedia.org/wiki/Faraday_cage][][{[}Archive.org{]}]\from[url2588]}
bag to store your devices. There are many such faraday
\quotation{signal blocking} bags available for sale and some of these
have been studied\footnote{Edith Cowan University, A forensic
examination of several mobile device Faraday bags & materials to
test their effectiveness materials to test their effectiveness
\useURL[url2589][https://web.archive.org/web/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf]\from[url2589]
\useURL[url2590][https://web.archive.org/web/20211011220410/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf][][{[}Archive.org{]}]\from[url2590]}
for their effectiveness. If you cannot afford such bags, you can
probably achieve a \quotation{decent result} with one or several
sheets of aluminum foil (as shown in the previously linked study).
\startitemize
\item
Warning: consider that sensor data itself can also be reliably used
to track you\footnote{arXiv, Deep-Spying: Spying using Smartwatch
and Deep Learning
\useURL[url2591][https://arxiv.org/pdf/1512.05616.pdf]\from[url2591]
\useURL[url2592][https://web.archive.org/web/https://arxiv.org/pdf/1512.05616.pdf][][{[}Archive.org{]}]\from[url2592]}'\footnote{Acm.org,
Privacy Implications of Accelerometer Data: A Review of Possible
Inferences
\useURL[url2593][https://dl.acm.org/doi/pdf/10.1145/3309074.3309076]\from[url2593]
\useURL[url2594][https://web.archive.org/web/https://dl.acm.org/doi/pdf/10.1145/3309074.3309076][][{[}Archive.org{]}]\from[url2594]}.
\item
Consider leaving your smart devices at home online and doing
something (watching YouTube/Netflix or something similar) instead of
taking them with you powered off. This will mitigate tracking
efforts but also create digital traces that could indicate you were
at home.
\item
{\bf This could also include your car which could for example have a
cell network device (including at least an IMEI) and a functionality
to call emergency services}
\stopitemize
\stopitemize
Additionally, if using a smartphone as a burner, know that they send a
lot of diagnostics by default. Enough to potentially identify you based
on your device usage patterns (a technique known as biometric
profiling). You should avoid using your burner unless absolutely
necessary, to minimize the information that can be collected and used to
identify you.
{\bf Lastly, you should also consider this useful sheet from the NSA
about Smartphone security:
\useURL[url2595][https://web.archive.org/web/20210728204533/https://s3.documentcloud.org/documents/21018353/nsa-mobile-device-best-practices.pdf]\from[url2595].}
{\bf Note: Please do not consider commercial gimmicky all-in devices for
anonymity. The only way to achieve proper OPSEC is by doing it yourself.
See those examples to see why it is not a clever idea:}
\startitemize
\item
{\bf AN0M:
\useURL[url2596][https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history]\from[url2596]}
\useURL[url2597][https://web.archive.org/web/https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history][][{[}Archive.org{]}]\from[url2597]
\item
{\bf Encrochat:
\useURL[url2598][https://en.wikipedia.org/wiki/EncroChat]\from[url2598]}
\useURL[url2599][https://wikiless.org/wiki/EncroChat][][{[}Wikiless{]}]\from[url2599]
\useURL[url2600][https://web.archive.org/web/https://en.wikipedia.org/wiki/EncroChat][][{[}Archive.org{]}]\from[url2600]
\item
{\bf Sky ECC:
\useURL[url2601][https://en.wikipedia.org/wiki/Sky_ECC]\from[url2601]}
\useURL[url2602][https://wikiless.org/wiki/Sky_ECC][][{[}Wikiless{]}]\from[url2602]
\useURL[url2603][https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC][][{[}Archive.org{]}]\from[url2603]
\stopitemize
{\bf You should never rely on an external commercial service to ensure
your first line of anonymity. But you will see that paid services can
still be used later from an already anonymous identity if bought
anonymously while observing good operational security.}
\section[title={Appendix O: Getting an anonymous
VPN/Proxy},reference={appendix-o-getting-an-anonymous-vpnproxy}]
If you follow our advice, you will also need a VPN subscription but this
time you will need an anonymous one that cannot be tied to you by the
financial system. Meaning you will need to buy a VPN subscription with
cash or a reasonably private cryptocurrency (for example Monero). You
will later be able to use this VPN to connect to various services
anonymously but {\bf never directly from your IP}. This VPN can never be
used in any other non-anonymous context without jeopardzing your
anonymity.
There are, two viable options:
\subsection[title={Cash/Monero-Paid
VPN:},reference={cashmonero-paid-vpn}]
There are three VPN companies recommended by PrivacyGuides.org
(\useURL[url2604][https://www.privacyguides.org/vpn/]\from[url2604]
\useURL[url2605][https://web.archive.org/web/https://www.privacyguides.org/vpn/][][{[}Archive.org{]}]\from[url2605])
that accept cash payments: Mullvad, iVPN, and Proton VPN.
Here are their logging policies:
\startitemize[packed]
\item
Mullvad:
\useURL[url2606][https://mullvad.net/en/help/no-logging-data-policy/]\from[url2606]
\useURL[url2607][https://web.archive.org/web/https://mullvad.net/en/help/no-logging-data-policy/][][{[}Archive.org{]}]\from[url2607]
\item
iVPN: \useURL[url2608][https://www.ivpn.net/privacy/]\from[url2608]
\useURL[url2609][https://web.archive.org/web/https://www.ivpn.net/privacy/][][{[}Archive.org{]}]\from[url2609]
\item
ProtonVPN:
\useURL[url2610][https://protonvpn.com/support/no-logs-vpn/]\from[url2610]
\useURL[url2611][https://web.archive.org/web/https://protonvpn.com/support/no-logs-vpn/][][{[}Archive.org{]}]\from[url2611]
\stopitemize
In addition, we will also mention a newcomer to watch: Safing SPN
\useURL[url2612][https://safing.io/]\from[url2612]
\useURL[url2613][https://web.archive.org/web/https://safing.io/][][{[}Archive.org{]}]\from[url2613])
which (while still in the alpha stage at the time of this writing) which
also accepts cash and has a very distinct new concept for a VPN which
provides benefits similar to Tor Stream isolation with their
\quotation{SPN}). Note that Safing SPN is not available on macOS at the
moment. This possibility is \quotation{provisional} and at your own
risk, but we think was worth mentioning.
Personally, for now, we would recommend Mullvad due to personal
experience.
{\bf We would not recommend Proton VPN as much because they do require
an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also
has a tendency to require phone number verification for users who
register over Tor.}
How does this work?
\startitemize
\item
Access the VPN website with a Safe Browser (see \goto{Appendix G: Safe
Browser}[appendix-g-safe-browser-on-the-host-os])
\item
Go to iVPN, Mullvad, or Safing website and create a new Account ID (on
the login page).
\item
This page will give you an account ID, a token ID (for payment
reference), and the details of where to send the money by post.
\item
Send the required cash amount for the subscription you want in a
sealed postal envelope to their offices, including a paper with the
Token ID without a return address, or pay with Monero if available. If
they do not accept Monero but do accept BTC, consider \goto{Appendix
Z: Paying anonymously online with
BTC}[appendix-y-installing-and-using-desktop-tor-browser]
\item
Wait for them to receive the payment and enable your account (this can
take a while).
\item
Open Tor Browser.
\item
Check your account status and proceed when your account is active.
\stopitemize
For extra-security consider:
\startitemize
\item
Wearing gloves while manipulating anything to avoid leaving
fingerprints\footnote{YouTube, Fingerprinting Paper - Forensic
Education
\useURL[url2614][https://www.youtube.com/watch?v=sO98kDLkh-M]\from[url2614]
\useURL[url2615][https://yewtu.be/watch?v=sO98kDLkh-M][][{[}Invidious{]}]\from[url2615]}
and touch DNA\footnote{Wikipedia, Touch DNA,
\useURL[url2616][https://en.wikipedia.org/wiki/Touch_DNA]\from[url2616]
\useURL[url2617][https://wikiless.org/wiki/Touch_DNA][][{[}Wikiless{]}]\from[url2617]
\useURL[url2618][https://web.archive.org/web/https://en.wikipedia.org/wiki/Touch_DNA][][{[}Archive.org{]}]\from[url2618]}.
\item
A less-obvious alternative could be to put super glue on your
fingertips, to avoid making it obvious you're wearing gloves. However,
this can prevent effective use of touchscreens, as well as failing to
as effectively prevent you from touch DNA. Also, if spotted, it can be
quite suspicious to be caught with super glue on your fingers.
\item
Do not use any material/currency that was manipulated by someone that
can be related to you in any way.
\item
Do not use the currency you just got from an ATM that could record
dispensed bills serial numbers.
\item
Be careful if you print anything that it is not watermarked by your
printer (See \goto{Printing Watermarking}[printing-watermarking]).
\item
Do not lick the envelope or the stamps\footnote{TheDNAGuide, DNA from
Postage Stamps or Hair Samples? Yeeesssss\ldots{}..
\useURL[url2619][https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps]\from[url2619]
\useURL[url2620][https://web.archive.org/web/https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps][][{[}Archive.org{]}]\from[url2620]}
if you use them to avoid leaving DNA traces.
\item
Make sure there are no obvious DNA traces in or on the materials (like
hairs).
\item
Consider doing the whole operation outdoor to reduce the risks of
residual DNA traces from your environment or you contaminating the
materials.
\item
The more people frequent a space, the lower the risk, as your DNA will
be obscured by the DNA of other people as they pass through
\item
Security cameras can be a risk. Try to cover your face. Also, gait
recognition may be a concern. See \goto{Gait Recognition and Other
Long-Range
Biometrics}[gait-recognition-and-other-long-range-biometrics]
\stopitemize
{\bf Do not in any circumstance use this new VPN account unless
instructed or connect to that new VPN account using your known
connections. This VPN will only be used later in a secure way as we do
not trust VPN providers' \quotation{no-logging policies}. This VPN
provider should ideally never know your real origin IP (your home/work
one for instance).}
\subsection[title={Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for
users more familiar with
Linux):},reference={self-hosted-vpnproxy-on-a-monerocash-paid-vps-for-users-more-familiar-with-linux}]
The other alternative is setting up your own VPN/Proxy using a VPS
(Virtual Private Server) on a hosting platform that accepts Monero
(recommended).
{\bf This will offer some advantages as the chances of your IP being
block-listed somewhere are lower than known VPN providers.}
This does also offer some disadvantages as Monero is not perfect as
explained earlier in this guide and some global adversaries could maybe
still track you. You will need to get Monero from an Exchange using the
normal financial system and then pick a hosting (list here
\useURL[url2621][https://www.getmonero.org/community/merchants/\#exchanges]\from[url2621]
\useURL[url2622][https://web.archive.org/web/https://www.getmonero.org/community/merchants/][][{[}Archive.org{]}]\from[url2622])
or from a local reseller using cash from
\useURL[url2623][https://localmonero.co]\from[url2623].
{\bf Do not in any circumstance use this new VPS/VPN/Proxy using your
known connections. Only access it through Tor using Whonix Workstation
for instance (this is explained later). This VPN will only be used later
within a Virtual Machin over the Tor Network in a secure way as we do
not trust VPN providers' \quotation{no-logging policies}. This VPN
provider should never know your real origin IP.}
Please see \goto{Appendix A1: Recommended VPS hosting
providers}[appendix-a1-recommended-vps-hosting-providers]
\subsubsection[title={VPN VPS:},reference={vpn-vps}]
There are plenty of tutorials on how to do this like this one
\useURL[url2624][https://proprivacy.com/vpn/guides/create-your-own-vpn-server]\from[url2624]
\useURL[url2625][https://web.archive.org/web/https://proprivacy.com/vpn/guides/create-your-own-vpn-server][][{[}Archive.org{]}]\from[url2625]
\subsubsection[title={Socks Proxy VPS:},reference={socks-proxy-vps}]
This is also an option obviously if you prefer to skip the VPN part.
It is probably the easiest thing to set up since you will just use the
SSH connection you have to your VPS and no further configuration should
be required besides setting the browser of your guest VM to use the
proxy in question.
Here are a few tutorials on how to do this very quickly:
\startitemize
\item
(Windows/Linux/macOS)
\useURL[url2626][https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/]\from[url2626]
\useURL[url2627][https://web.archive.org/web/https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/][][{[}Archive.org{]}]\from[url2627]
\item
(Windows/Linux/macOS)
\useURL[url2628][https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel]\from[url2628]
\useURL[url2629][https://web.archive.org/web/https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel][][{[}Archive.org{]}]\from[url2629]
\item
(Windows)
\useURL[url2630][https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/]\from[url2630]
\useURL[url2631][https://web.archive.org/web/https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/][][{[}Archive.org{]}]\from[url2631]
\item
(Linux/macOS)
\useURL[url2632][https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/]\from[url2632]
\useURL[url2633][https://web.archive.org/web/https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/][][{[}Archive.org{]}]\from[url2633]
\stopitemize
Here is my basic tutorial:
\subsubsubsection[title={Linux/macOS:},reference={linuxmacos}]
Here are the steps:
\startitemize
\item
Get your anonymous VPS set-up
\item
From a terminal, SSH to your server by running:
\type{ssh -i ~/.ssh/id_rsa -D 8080 -f -C -q -N username@ip_of_your_server}
\item
Configure your browser to use localhost:8080 as a Socks Proxy for
Browsing
\item
Done!
\stopitemize
Explanation of arguments:
\startitemize
\item
-i: The path to the SSH key to be used to connect to the host
\item
-D: Tells SSH that we want a SOCKS tunnel on the specified port number
(you can choose a number between 1025 and 65536)
\item
-f: Forks the process to the background
\item
-C: Compresses the data before sending it
\item
-q: Uses quiet mode
\item
-N: Tells SSH that no command will be sent once the tunnel is up
\stopitemize
\subsubsubsection[title={Windows:},reference={windows-7}]
Here are the steps:
\startitemize
\item
Get your anonymous VPS set-up
\item
Download and install Putty from
\useURL[url2634][https://www.putty.org/]\from[url2634]
\useURL[url2635][https://web.archive.org/web/https://www.putty.org/][][{[}Archive.org{]}]\from[url2635]
\item
Set the following options in Putty and connect to your server
\stopitemize
\placefigure{image51}{\externalfigure[./tex2pdf.-1a34188c73046814/af22c16af5b6ac7d08658c7c9acd7f4f76dfa4d7.png]}
\startitemize
\item
Connect to your VPS using those settings
\item
Configure your Browser to use localhost:8080 as a Socks Proxy
\item
Done!
\stopitemize
\section[title={Appendix P: Accessing the internet as safely as possible
when Tor and VPNs are not an
option},reference={appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option}]
{\bf USE EXTREME CAUTION: THIS IS HIGHLY RISKY.}
There might be worst-case situations where using Tor and VPNs are not
possible due to extensive active censorship or blocking. Even when using
Tor Bridges (see \goto{Appendix X: Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments])
Now, there might also be situations where simply using Tor or a VPN
alone could be suspicious and could be dangerous for your safety. If
this is the case, you could be in a very hostile environment where
surveillance and control are high.
But you still want to do something anonymously without
disclosing/leaking any information.
In that case, my last resort recommendation is to connect safely
{\bf from a distance} to a Public Wi-Fi (See \goto{Find some safe places
with decent public
Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi]) using your
laptop and Tails \quotation{unsafe browser}. See
\useURL[url2636][https://tails.boum.org/contribute/design/Unsafe_Browser/]\from[url2636]
\useURL[url2637][https://web.archive.org/web/https://tails.boum.org/contribute/design/Unsafe_Browser/][][{[}Archive.org{]}]\from[url2637].
{\bf If Tor usage alone is suspicious or risky, you should NOT allow
Tails to try establishing a Tor connection at start-up by doing the
following:}
\startitemize
\item
At startup open the Additional Settings.
\item
Enable Unsafe Browser.
\item
Change the Connection from Direct to \quotation{Configure a Tor Bridge
or Local Proxy}
\item
After Start-up, Connect to a safe Network
\item
When prompted, just quit the Tor Connection Wizard (to not establish a
Tor connection)
\item
Start and use the Unsafe Browser
\stopitemize
{\bf We would strongly recommend the use of a long-range
\quotation{Yagi} type directional Antenna with a suitable USB Wi-Fi
Adapter. At least this will allow you to connect to public Wi-Fis from a
\quotation{safe distance} but keep in mind that triangulation by a
motivated adversary is still possible with the right equipment. So, this
option should not be used during an extended period (minutes at best).
See \goto{Appendix Q: Using long-range Antenna to connect to Public
Wi-Fis from a safe
distance}[appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance].}
Using Tails should prevent local data leaks (such as MAC addresses or
telemetry) and allow you to use a Browser to get what you want
(utilities, VPN account) before leaving that place as fast as possible.
You could also use the other routes (Whonix and Qubes OS without using
Tor/VPN) instead of Tails in such hostile environments if you want data
persistence but this might be riskier. We would not risk it personally
unless there was absolutely no other option. If you go for this option,
you will only do sensitive activities from a reversible/disposable VM in
all cases. Never from the Host OS.
{\bf If you resort to this, please keep your online time as short as
possible (minutes and not hours).}
{\bf Be safe and extremely cautious. This is entirely at your own risk.}
Consider reading this older but still relevant guide
\useURL[url2638][https://archive.flossmanuals.net/bypassing-censorship/index.html]\from[url2638]
\useURL[url2639][https://web.archive.org/web/https://archive.flossmanuals.net/bypassing-censorship/index.html][][{[}Archive.org{]}]\from[url2639]
\section[title={Appendix Q: Using long-range Antenna to connect to
Public Wi-Fis from a safe
distance:},reference={appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance}]
It is possible to access/connect to remote distant Public Wi-Fis from a
distance using a cheap directional Antenna that looks like this:
\placefigure{image52}{\externalfigure[./tex2pdf.-1a34188c73046814/ebc51d7d99cf460893a3a2944936d7eae6503921.png]}
These antennas are widely available on various online shops for a cheap
price (Amazon, AliExpress, Banggood \ldots{}). The only issue is that
they are not discrete, and you might have to find a way to hide it (for
instance in a Poster cardboard container in a Backpack). Or in a large
enough Bag. Optionally (but riskier) you could even consider using it
from your home if you have a nice Window view to various places where
some Public Wi-Fi is available.
Such antennas need to be combined with specific USB adapters that have
an external Antenna plug and sufficiently high power to use them.
{\bf We would recommend the AWUS036 series in the Alfa brand of adapters
(see \useURL[url2640][https://www.alfa.com.tw/]\from[url2640]}
\useURL[url2641][https://web.archive.org/web/https://www.alfa.com.tw/][][{[}Archive.org{]}]\from[url2641]{\bf ).}
But you could also go with some other brands if you want such as the
TP-Link TL-WN722 (see
\useURL[url2642][https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/]\from[url2642]
\useURL[url2643][https://web.archive.org/web/https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/][][{[}Archive.org{]}]\from[url2643]).
See this post for a comparison of various adapters:
\useURL[url2644][https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html]\from[url2644]
\useURL[url2645][https://web.archive.org/web/https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html][][{[}Archive.org{]}]\from[url2645]
(Usually those antennas are used by Penetration Testers to probe Wi-Fis
from a distance and are often discussed within the scope of the Kali
Linux distribution).
The process is simple:
\startitemize
\item
Plugin and install your USB adapter on your Host OS.
\item
{\bf Do not forget to randomize your MAC Address in case you bought
this adapter online to prevent traceability (this is enabled by
default in Tails).}
\item
Connect the Long-Range Antenna to the USB adapter (in place of the
supplied one).
\item
Get to a convenient spot where you have a distant view of a place with
Public Wi-Fi available (this can be a rooftop for instance), but you
could also imagine hiding the Antenna in some bag and just sit on a
bench somewhere.
\item
Point the Directional Antenna in the direction of the Public Wi-Fi.
\item
Connect to the Wi-Fi of your choice.
\stopitemize
{\bf Do not forget tho that this will only delay a motivated adversary.
Your signal can be triangulated easily by a motivated adversary in a
matter of minutes once they reach the physical location of the Wi-Fi
you're connecting to (for instance using a device such as AirCheck
\useURL[url2646][https://www.youtube.com/watch?v=8FV2QZ1BPnw]\from[url2646]}
\useURL[url2647][https://yewtu.be/watch?v=8FV2QZ1BPnw][][{[}Invidious{]}]\from[url2647]{\bf ,
also see their other products here
\useURL[url2648][https://www.netally.com/products/]\from[url2648]}
\useURL[url2649][https://web.archive.org/web/https://www.netally.com/products/][][{[}Archive.org{]}]\from[url2649]{\bf ).
These products can easily be deployed on mobile units (in a Car for
instance) and pinpoint your location in a matter of minutes.}
Ideally, this should \quotation{not be an issue} since this guide
provides multiple ways of hiding your origin IP using VPNs and Tor. But
if you are in a situation where VPN and Tor are not an option, then this
could be your only security.
\section[title={Appendix R: Installing a VPN on your VM or Host
OS},reference={appendix-r-installing-a-vpn-on-your-vm-or-host-os}]
Download the VPN client installer of your cash paid VPN service and
install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of
your choice (VPN over Tor):
\startitemize
\item
Whonix Tutorial (should work with any VPN provider):
\useURL[url2650][https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor]\from[url2650]
\useURL[url2651][https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor][][{[}Archive.org{]}]\from[url2651]
(use the Linux configurations below to get the necessary configuration
files)
\item
Windows Tutorials:
\startitemize
\item
Mullvad:
\useURL[url2652][https://mullvad.net/en/help/install-mullvad-app-windows/]\from[url2652]
\useURL[url2653][https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-windows/][][{[}Archive.org{]}]\from[url2653]
\item
iVPN:
\useURL[url2654][https://www.ivpn.net/apps-windows]\from[url2654]
\useURL[url2655][https://web.archive.org/web/https://www.ivpn.net/apps-windows][][{[}Archive.org{]}]\from[url2655]
\item
Safing:
\useURL[url2656][https://docs.safing.io/portmaster/install/windows]\from[url2656]
\useURL[url2657][https://web.archive.org/web/https://docs.safing.io/portmaster/install/windows][][{[}Archive.org{]}]\from[url2657]
\item
Proton VPN:
\useURL[url2658][https://protonvpn.com/support/protonvpn-windows-vpn-application/]\from[url2658]
\useURL[url2659][https://web.archive.org/web/https://protonvpn.com/support/protonvpn-windows-vpn-application/][][{[}Archive.org{]}]\from[url2659]
\stopitemize
\item
macOS:
\startitemize
\item
Mullvad:
\useURL[url2660][https://mullvad.net/en/help/install-and-use-mullvad-app-macos/]\from[url2660]
\useURL[url2661][https://web.archive.org/web/https://mullvad.net/en/help/install-and-use-mullvad-app-macos/][][{[}Archive.org{]}]\from[url2661]
\item
IVPN:
\useURL[url2662][https://www.ivpn.net/apps-macos/]\from[url2662]
\useURL[url2663][https://web.archive.org/web/https://www.ivpn.net/apps-macos/][][{[}Archive.org{]}]\from[url2663]
\item
Safing: Not available on macOS
\item
Proton VPN:
\useURL[url2664][https://protonvpn.com/support/protonvpn-mac-vpn-application/]\from[url2664]
\useURL[url2665][https://web.archive.org/web/https://protonvpn.com/support/protonvpn-mac-vpn-application/][][{[}Archive.org{]}]\from[url2665]
\stopitemize
\item
Linux:
\startitemize
\item
Mullvad:
\useURL[url2666][https://mullvad.net/en/help/install-mullvad-app-linux/]\from[url2666]
\useURL[url2667][https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-linux/][][{[}Archive.org{]}]\from[url2667]
\item
iVPN:
\useURL[url2668][https://www.ivpn.net/apps-linux/]\from[url2668]
\useURL[url2669][https://web.archive.org/web/https://www.ivpn.net/apps-linux/][][{[}Archive.org{]}]\from[url2669]
\item
Safing:
\useURL[url2670][https://docs.safing.io/portmaster/install/linux]\from[url2670]
\useURL[url2671][https://web.archive.org/web/https://docs.safing.io/portmaster/install/linux][][{[}Archive.org{]}]\from[url2671]
\item
Proton VPN:
\useURL[url2672][https://protonvpn.com/support/linux-vpn-setup/]\from[url2672]
\useURL[url2673][https://web.archive.org/web/https://protonvpn.com/support/linux-vpn-setup/][][{[}Archive.org{]}]\from[url2673]
\stopitemize
\stopitemize
{\bf Important note: Tor does not support UDP, and you should use TCP
instead with the VPN client in the Tor over VPN cases (on the VMs).}
In all cases, you should set the VPN to start from boot and enable the
\quotation{kill switch} if you can. This is an extra step since this
guide proposes solutions that all fall back on the Tor network in case
of VPN failure.
Here are some guides provided by the recommended VPN providers in this
guide:
\startitemize
\item
Windows:
\startitemize
\item
iVPN:
\useURL[url2674][https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/]\from[url2674]
\useURL[url2675][https://web.archive.org/web/https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/][][{[}Archive.org{]}]\from[url2675]
\item
Proton VPN:
\useURL[url2676][https://protonvpn.com/support/what-is-kill-switch/]\from[url2676]
\useURL[url2677][https://web.archive.org/web/https://protonvpn.com/support/what-is-kill-switch/][][{[}Archive.org{]}]\from[url2677]
\item
Mullvad:
\useURL[url2678][https://mullvad.net/en/help/using-mullvad-vpn-app/\#killswitch]\from[url2678]
\useURL[url2679][https://web.archive.org/web/https://mullvad.net/en/help/using-mullvad-vpn-app/][][{[}Archive.org{]}]\from[url2679]
\stopitemize
\item
Whonix Workstation: Coming Soon, it is certainly possible, but we did
not find a suitable and easy tutorial yet. It is also worth
remembering that if your VPN stops on Whonix, you will still be behind
the Tor Network.
\item
macOS:
\startitemize
\item
Mullvad same as Windows, the option should be in the provided VPN
client
\item
iVPN same as Windows, the option should be in the provided VPN
client
\item
Proton VPN same as Windows with the client, the option should be in
the provided VPN client
\useURL[url2680][https://protonvpn.com/blog/macos-vpn-kill-switch/]\from[url2680]
\useURL[url2681][https://web.archive.org/web/https://protonvpn.com/blog/macos-vpn-kill-switch/][][{[}Archive.org{]}]\from[url2681]
\stopitemize
\item
Linux:
\startitemize
\item
Mullvad:
\startitemize
\item
\useURL[url2682][https://mullvad.net/en/help/wireguard-and-mullvad-vpn/]\from[url2682]
\useURL[url2683][https://web.archive.org/web/https://mullvad.net/en/help/wireguard-and-mullvad-vpn/][][{[}Archive.org{]}]\from[url2683]
\item
\useURL[url2684][https://mullvad.net/en/help/linux-openvpn-installation/]\from[url2684]
\useURL[url2685][https://web.archive.org/web/https://mullvad.net/en/help/linux-openvpn-installation/][][{[}Archive.org{]}]\from[url2685]
\stopitemize
\item
Proton VPN:
\useURL[url2686][https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md\#kill-switch]\from[url2686]
\useURL[url2687][https://web.archive.org/web/https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md][][{[}Archive.org{]}]\from[url2687]
\item
iVPN:
\startitemize
\item
\useURL[url2688][https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/]\from[url2688]
\useURL[url2689][https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/][][{[}Archive.org{]}]\from[url2689]
\item
\useURL[url2690][https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/]\from[url2690]
\useURL[url2691][https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/][][{[}Archive.org{]}]\from[url2691]
\stopitemize
\stopitemize
\stopitemize
\section[title={Appendix S: Check your network for
surveillance/censorship using
OONI},reference={appendix-s-check-your-network-for-surveillancecensorship-using-ooni}]
So, what is OONI? OONI stands for Open Observatory of Network
Interference and is a sub-project of the Tor Project\footnote{Wikipedia,
OONI,
\useURL[url2692][https://en.wikipedia.org/wiki/OONI]\from[url2692]
\useURL[url2693][https://wikiless.org/wiki/OONI][][{[}Wikiless{]}]\from[url2693]
\useURL[url2694][https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI][][{[}Archive.org{]}]\from[url2694]}.
First OONI will allow you to check online for surveillance/censorship in
your country just by looking at their Explorer that features test
results from other people. This can be done here:
\useURL[url2695][https://explorer.ooni.org/]\from[url2695]
But these tests are limited and could not apply to your personal
situation. If that is the case, you could consider running the OONI
Probe yourself and running the tests yourself.
The problem is that your network providers will be able to see those
tests and your attempts at connecting to various services if the network
is monitored. The other issue is that there are solutions to prevent
OONI from working properly\footnote{GitHub, Mhinkie, OONI-Detection
\useURL[url2696][https://github.com/mhinkie/ooni-detection]\from[url2696]
\useURL[url2697][https://web.archive.org/web/https://github.com/mhinkie/ooni-detection][][{[}Archive.org{]}]\from[url2697]}.
While this might not be important in a normal environment, this could
put you at risk in a hostile environment. {\bf So, running these tests
can be risky.}
{\bf If you are in such a hostile environment where you suspect network
activity is actively monitored and the simple fact of trying to access
some resources can put you at risk, you should take some precautions
before even attempting this:}
\startitemize
\item
{\bf Do not run the tests from your home/work network.}
\item
{\bf Do not run these tests from a known device or a smartphone but
only for a secured OS on an ideally dedicated laptop.}
\startitemize
\item
{\bf You will not be able to do this from Tails as Tails will try to
connect to Tor by default}
\item
{\bf You should only do this with the Qubes OS route or the Whonix
Route of this guide after completing one of the routes.}
\stopitemize
\item
{\bf Only consider running these tests quickly from a Public Wi-Fi
from a safe distance (see \goto{Appendix P: Accessing the internet as
safely as possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]).}
\stopitemize
The probe can be found here:
\useURL[url2698][https://ooni.org/install/]\from[url2698]
\useURL[url2699][https://web.archive.org/web/https://ooni.org/install/][][{[}Archive.org{]}]\from[url2699]
for various platforms (iOS, Android, Windows, macOS, and Linux).
\section[title={Appendix T: Checking files for
malware},reference={appendix-t-checking-files-for-malware}]
\subsection[title={Integrity (if
available):},reference={integrity-if-available}]
Usually, integrity checks\footnote{Wikipedia, File Verification
\useURL[url2700][https://en.wikipedia.org/wiki/File_verification]\from[url2700]
\useURL[url2701][https://wikiless.org/wiki/File_verification][][{[}Wikiless{]}]\from[url2701]
\useURL[url2702][https://web.archive.org/web/https://en.wikipedia.org/wiki/File_verification][][{[}Archive.org{]}]\from[url2702]}
are done using hashes of files (usually stored within checksum files).
Older files could use CRC\footnote{Wikipedia, CRC
\useURL[url2703][https://en.wikipedia.org/wiki/Cyclic_redundancy_check]\from[url2703]
\useURL[url2704][https://wikiless.org/wiki/Cyclic_redundancy_check][][{[}Wikiless{]}]\from[url2704]
\useURL[url2705][https://web.archive.org/web/https://en.wikipedia.org/wiki/Cyclic_redundancy_check][][{[}Archive.org{]}]\from[url2705]},
more recently MD5\footnote{Wikipedia, MD5
\useURL[url2706][https://en.wikipedia.org/wiki/MD5]\from[url2706]
\useURL[url2707][https://wikiless.org/wiki/MD5][][{[}Wikiless{]}]\from[url2707]
\useURL[url2708][https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5][][{[}Archive.org{]}]\from[url2708]}
but those present several weaknesses (CRC, MD5 \footnote{Wikipedia, MD5
Security
\useURL[url2709][https://en.wikipedia.org/wiki/MD5\#Security]\from[url2709]
\useURL[url2710][https://wikiless.org/wiki/MD5][][{[}Wikiless{]}]\from[url2710]
\useURL[url2711][https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5][][{[}Archive.org{]}]\from[url2711]}
that make them unreliable for file integrity checks (which does not mean
they are not still widely used in other contexts).
This is because they do not prevent Collision\footnote{Wikipedia,
Collisions
\useURL[url2712][https://en.wikipedia.org/wiki/Collision_(computer_science)]\from[url2712]
\useURL[url2713][https://wikiless.org/wiki/Collision_(computer_science)][][{[}Wikiless{]}]\from[url2713]
\useURL[url2714][https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_(computer_science)][][{[}Archive.org{]}]\from[url2714]}
well enough and could allow an adversary to create a similar but
malicious file that would still produce in the same CRC or MD5 hash
despite having different content.
For this reason, it is usually recommended to use SHA-based \footnote{Wikipedia,
SHA
\useURL[url2715][https://en.wikipedia.org/wiki/Secure_Hash_Algorithms]\from[url2715]
\useURL[url2716][https://wikiless.org/wiki/Secure_Hash_Algorithms][][{[}Wikiless{]}]\from[url2716]
\useURL[url2717][https://web.archive.org/web/https://en.wikipedia.org/wiki/Secure_Hash_Algorithms][][{[}Archive.org{]}]\from[url2717]}
hashes and the most used is probably the SHA-2\footnote{Wikipedia, SHA-2
\useURL[url2718][https://en.wikipedia.org/wiki/SHA-2]\from[url2718]
\useURL[url2719][https://wikiless.org/wiki/SHA-2][][{[}Wikiless{]}]\from[url2719]
\useURL[url2720][https://web.archive.org/web/https://en.wikipedia.org/wiki/SHA-2][][{[}Archive.org{]}]\from[url2720]}
based SHA-256 for verifying file integrity. SHA is much more resistant
to collisions\footnote{Wikipedia, Collision Resistance
\useURL[url2721][https://en.wikipedia.org/wiki/Collision_resistance]\from[url2721]
\useURL[url2722][https://wikiless.org/wiki/Collision_resistance][][{[}Wikiless{]}]\from[url2722]
\useURL[url2723][https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_resistance][][{[}Archive.org{]}]\from[url2723]}
than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and
hard to compute for an adversary.
If a SHA-256 checksum is available from the source of the file, you
should not hesitate to use it to confirm the integrity of the file. Note
that SHA-1 is not recommended, but is better than not having a hash to
compare.
This checksum should itself be authenticated/trusted and should be
available from an authenticated/trusted source (obviously you should not
trust a file just because it has a checksum attached to it alone).
In the case of this guide, the SHA-256 checksums are available for each
file including the PDFs but are also authenticated using a GPG signature
allowing you to verify the authenticity of the checksum. This will bring
us to the next section about authenticity.
So how to check checksums? (In this case SHA-256 but you could change to
SHA-512
\startitemize
\item
Windows\footnote{GnuPG Gpg4win Wiki, Check integrity of Gpg4win
packages
\useURL[url2724][https://wiki.gnupg.org/Gpg4win/CheckIntegrity]\from[url2724]
\useURL[url2725][https://web.archive.org/web/https://wiki.gnupg.org/Gpg4win/CheckIntegrity][][{[}Archive.org{]}]\from[url2725]}:
\startitemize
\item
Open a Command Prompt
\item
Run \type{certutil -hashfile filename.txt sha256} (replace sha256 by
sha1 or sha512 or md5)
\item
Compare your result to one from a source you trust for that file
\stopitemize
\item
macOS :
\startitemize
\item
Open a Terminal
\item
SHA: Run \type{shasum -a 256 /full/path/to/your/file} (replace 256
by 512 or 1 for SHA-1)
\item
MD5: Run \type{md5 /full/path/to/your/file}
\item
Compare your result to one from a source you trust for that file
\stopitemize
\item
Linux:
\startitemize
\item
Open a Terminal
\item
Run \type{shasum /full/path/to/your/file} (replace shasum by
sha256sum, sha512sum or md5sum)
\item
Compare your result to one from a source you trust for that file
\stopitemize
\stopitemize
{\bf Remember that checksums are just checksums. Having a matching
checksum does not mean the file is safe.}
\subsection[title={Authenticity (if
available):},reference={authenticity-if-available}]
Integrity is one thing. Authenticity is another thing. This is a process
where you can verify some information is authentic and from the expected
source. This is usually done by signing information (using GPG\footnote{Wikipedia,
GPG
\useURL[url2726][https://en.wikipedia.org/wiki/GNU_Privacy_Guard]\from[url2726]
\useURL[url2727][https://wikiless.org/wiki/GNU_Privacy_Guard][][{[}Wikiless{]}]\from[url2727]
\useURL[url2728][https://web.archive.org/web/https://en.wikipedia.org/wiki/GNU_Privacy_Guard][][{[}Archive.org{]}]\from[url2728]}
for instance) using public-key cryptography\footnote{Wikipedia,
Public-Key Cryptography
\useURL[url2729][https://en.wikipedia.org/wiki/Public-key_cryptography]\from[url2729]
\useURL[url2730][https://wikiless.org/wiki/Public-key_cryptography][][{[}Wikiless{]}]\from[url2730]
\useURL[url2731][https://web.archive.org/web/https://en.wikipedia.org/wiki/Public-key_cryptography][][{[}Archive.org{]}]\from[url2731]}.
Signing can serve both purposes and allow you to check for both
integrity and authenticity.
If available, you should always verify the signatures of files to
confirm their authenticity.
In essence:
\startitemize
\item
Install GPG for your OS:
\startitemize
\item
Windows: gpg4win
(\useURL[url2732][https://www.gpg4win.org/]\from[url2732]
\useURL[url2733][https://web.archive.org/web/https://www.gpg4win.org/][][{[}Archive.org{]}]\from[url2733])
\item
macOS: GPGTools
(\useURL[url2734][https://gpgtools.org/]\from[url2734]
\useURL[url2735][https://web.archive.org/web/https://gpgtools.org/][][{[}Archive.org{]}]\from[url2735])
\item
Linux: It should be pre-installed in most distributions
\stopitemize
\item
Download the Signature key from a trusted source. If someone is not
giving you a key directly, you should check for multiple versions on
other websites to confirm you are using the right key (GitHub, GitLab,
Twitter, Keybase, Public Keys Servers\ldots{}).
\item
Import the trusted key (replace keyfile.asc by the filename of the
trusted key):
\startitemize
\item
Windows:
\startitemize[packed]
\item
From a Command Prompt, Run \type{gpg --import keyfile.asc}
\stopitemize
\item
macOS:
\startitemize[packed]
\item
From a Terminal, Run \type{gpg --import keyfile.asc}
\stopitemize
\item
Linux:
\startitemize[packed]
\item
From a Terminal, Run \type{gpg --import keyfile.asc}
\stopitemize
\stopitemize
\item
Verify the file signature against the imported (trusted) signature
(replace filetoverify.asc by the signature file that was associated
with the file, replace filetoverify.txt by the actual file to verify):
\startitemize
\item
Windows:
\startitemize
\item
Run
\type{gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt}
\item
The result should show the signature is good and match the trusted
signature you imported earlier.
\stopitemize
\item
macOS:
\startitemize
\item
Run
\type{gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt}
\item
The result should show the signature is good and match the trusted
signature you imported earlier.
\stopitemize
\item
Linux:
\startitemize
\item
Run
\type{gpg --verify-options show-notations --verify filetoverify.asc filetoverify.txt}
\item
The result should show the signature is good and match the trusted
signature you imported earlier.
\stopitemize
\stopitemize
\stopitemize
For some other tutorials, please see:
\startitemize
\item
\useURL[url2736][https://support.torproject.org/tbb/how-to-verify-signature/]\from[url2736]
\useURL[url2737][https://web.archive.org/web/https://support.torproject.org/tbb/how-to-verify-signature/][][{[}Archive.org{]}]\from[url2737]
\item
\useURL[url2738][https://tails.boum.org/install/vm/index.en.html]\from[url2738]
\useURL[url2739][https://web.archive.org/web/https://tails.boum.org/install/vm/index.en.html][][{[}Archive.org{]}]\from[url2739]
(See Basic OpenPGP verification).
\item
\useURL[url2740][https://www.whonix.org/wiki/Verify_the_Whonix_images]\from[url2740]
\useURL[url2741][https://web.archive.org/web/https://www.whonix.org/wiki/Verify_the_Whonix_images][][{[}Archive.org{]}]\from[url2741]
\stopitemize
All these guides should also apply to any other file with any other key.
\subsection[title={Security (checking for actual
malware):},reference={security-checking-for-actual-malware}]
{\bf Every check should ideally happen in sandboxed/hardened Virtual
Machines. This is to mitigate the possibilities for malware to access
your Host computer.}
\subsubsection[title={Anti-Virus
Software:},reference={anti-virus-software}]
You might be asking yourself, what about Anti-Virus solutions? Well, no
\ldots{} these are not perfect solutions against many modern malware and
viruses using polymorphic code\footnote{Wikipedia, Polymorphic Code
\useURL[url2742][https://en.wikipedia.org/wiki/Polymorphic_code]\from[url2742]
\useURL[url2743][https://wikiless.org/wiki/Polymorphic_code][][{[}Wikiless{]}]\from[url2743]
\useURL[url2744][https://web.archive.org/web/https://en.wikipedia.org/wiki/Polymorphic_code][][{[}Archive.org{]}]\from[url2744]}.
But it does not mean they cannot help against less sophisticated and
known attacks. It depends on how to use them as AV software can become
an attack vector in itself.
Again, this is all a matter of threat modeling. Can AV software help you
against the NSA? Probably not. Can it help you against less resourceful
adversaries using known malware? Probably.
Some will just argue against them broadly like Whonix\footnote{Whonix
Documentation, Use of AV,
\useURL[url2745][https://www.whonix.org/wiki/Malware_and_Firmware_Trojans\#The_Utility_of_Antivirus_Tools]\from[url2745]
\useURL[url2746][https://web.archive.org/web/https://www.whonix.org/wiki/Malware_and_Firmware_Trojans][][{[}Archive.org{]}]\from[url2746]}
but this topic is being discussed and disputed even at Whonix\footnote{Whonix
Forums,
\useURL[url2747][https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8]\from[url2747]
\useURL[url2748][https://web.archive.org/web/https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8][][{[}Archive.org{]}]\from[url2748]}
by other members of their community.
Contrary to popular myths perpetuating the idea that only Windows is
subject to malware and that detection tools are useless on Linux and
macOS:
\startitemize
\item
Yes, there are viruses and malware for Linux\footnote{AV-Test Security
Report 2018-2019,
\useURL[url2749][https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf]\from[url2749]
\useURL[url2750][https://web.archive.org/web/https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf][][{[}Archive.org{]}]\from[url2750]}\quote{\footnote{ZDNet,
ESET discovers 21 new Linux malware families
\useURL[url2751][https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/]\from[url2751]
\useURL[url2752][https://web.archive.org/web/https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/][][{[}Archive.org{]}]\from[url2752]}}\footnote{NakeSecurity,
EvilGnome -- Linux malware aimed at your desktop, not your servers
\useURL[url2753][https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/]\from[url2753]
\useURL[url2754][https://web.archive.org/web/https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/][][{[}Archive.org{]}]\from[url2754]}\quote{\footnote{Immunify,
HiddenWasp: How to detect malware hidden on Linux & IoT
\useURL[url2755][https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot]\from[url2755]
\useURL[url2756][https://web.archive.org/web/https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot][][{[}Archive.org{]}]\from[url2756]}}\footnote{Wikipedia,
Linux Malware
\useURL[url2757][https://en.wikipedia.org/wiki/Linux_malware]\from[url2757]
\useURL[url2758][https://wikiless.org/wiki/Linux_malware][][{[}Wikiless{]}]\from[url2758]
\useURL[url2759][https://web.archive.org/web/https://en.wikipedia.org/wiki/Linux_malware][][{[}Archive.org{]}]\from[url2759]}
\item
Yes, there are viruses and malware for macOS\footnote{Lenny Zeltser,
Analyzing Malicious Documents Cheat Sheet
\useURL[url2760][https://zeltser.com/analyzing-malicious-documents/]\from[url2760]
\useURL[url2761][https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/][][{[}Archive.org{]}]\from[url2761]}\quote{\footnote{Wikipedia,
macOS Malware
\useURL[url2762][https://en.wikipedia.org/wiki/macOS_malware]\from[url2762]
\useURL[url2763][https://wikiless.org/wiki/MacOS_malware][][{[}Wikiless{]}]\from[url2763]
\useURL[url2764][https://web.archive.org/web/https://en.wikipedia.org/wiki/MacOS_malware][][{[}Archive.org{]}]\from[url2764]}\footnote{MacWorld,
List of Mac viruses, malware and security flaws
\useURL[url2765][https://www.macworld.co.uk/feature/mac-viruses-list-3668354/]\from[url2765]
\useURL[url2766][https://web.archive.org/web/https://www.macworld.co.uk/feature/mac-viruses-list-3668354/][][{[}Archive.org{]}]\from[url2766]}}\footnote{JAMF,
The Mac Malware of 2020
\useURL[url2767][https://resources.jamf.com/documents/macmalware-2020.pdf]\from[url2767]
\useURL[url2768][https://web.archive.org/web/https://resources.jamf.com/documents/macmalware-2020.pdf][][{[}Archive.org{]}]\from[url2768]}\footnote{macOS
Security and Privacy Guide,
\useURL[url2769][https://github.com/drduh/macOS-Security-and-Privacy-Guide\#viruses-and-malware]\from[url2769]
\useURL[url2770][https://web.archive.org/web/https://www.bejarano.io/hardening-macos/][][{[}Archive.org{]}]\from[url2770]}
\stopitemize
My take on the matter is on the pragmatic side. There is still room for
some AV software for some selective and limited use. But it depends on
which one and how you use them:
\startitemize
\item
Do not use AV software with real-time protection as they often run
with administrator privileges and can become an attack vector.
\item
Do not use Commercial AV software that uses any \quotation{cloud
protection} or sends extensive telemetry and samples to their company.
\item
Do use Open-Source non-real-time offline Anti-Virus/Anti-Malware tools
as an added measure to scan some files such as:
\startitemize
\item
Windows/Linux/macOS/Qubes OS: ClamAV
(\useURL[url2771][https://www.clamav.net/]\from[url2771]
\useURL[url2772][https://web.archive.org/web/https://www.clamav.net/][][{[}Archive.org{]}]\from[url2772])
\item
Linux/Qubes OS: RFXN Linux Malware Detect
(\useURL[url2773][https://github.com/rfxn/linux-malware-detect]\from[url2773]
\useURL[url2774][https://web.archive.org/web/https://github.com/rfxn/linux-malware-detect][][{[}Archive.org{]}]\from[url2774])
\item
Linux/Qubes OS: Chkrootkit
(\useURL[url2775][http://www.chkrootkit.org/]\from[url2775]
\useURL[url2776][https://web.archive.org/web/http://www.chkrootkit.org/][][{[}Archive.org{]}]\from[url2776])
\stopitemize
\item
You could also use online services for {\bf non-sensitive files}* such
as VirusTotal
(\useURL[url2777][https://www.virustotal.com/gui/]\from[url2777]) or
Hybrid-analysis
(\useURL[url2778][https://hybrid-analysis.com/]\from[url2778]).
\startitemize
\item
You could also just check the VirusTotal database for the hash of
your file if you don't want to send it over (see
\useURL[url2779][https://developers.virustotal.com/v3.0/docs/search-by-hash]\from[url2779]
\useURL[url2780][https://web.archive.org/web/https://developers.virustotal.com/v3.0/docs/search-by-hash][][{[}Archive.org{]}]\from[url2780]
(See the \goto{Integrity (if available):}[integrity-if-available]
section again for guidance on how to generate hashes).
\item
Other tools are also available for non-sensitive files and a
convenient list is right here:
\useURL[url2781][https://github.com/rshipp/awesome-malware-analysis\#online-scanners-and-sandboxes]\from[url2781]
\useURL[url2782][https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis][][{[}Archive.org{]}]\from[url2782]
\stopitemize
\item
{\bf Please be aware that while VirusTotal might seem very practical
for scanning various files, their \quotation{privacy policy} is
problematic (see
\useURL[url2783][https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy]\from[url2783]}
\useURL[url2784][https://web.archive.org/web/https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy][][{[}Archive.org{]}]\from[url2784]{\bf )
and states:}
\stopitemize
\quotation{When you submit Samples to the Services, if you submit
Samples to the Services, You will collect all of the information in the
Sample itself and information about the act of submitting it}.
{\bf So, remember that any document you submit to them will be kept,
shared, and used commercially including the content. So, you should not
do that with sensitive information and rely on various local AV scanners
(that do not send samples online).}
So, if you are in doubt:
\startitemize
\item
For non-sensitive files, we do encourage you to check any
documents/images/videos/archives/programs you intend to open with
VirusTotal (or other similar tools) because \ldots{} Why not? (Either
by uploading or checking hashes).
\item
For sensitive files, we would recommend at least an offline
unprivileged ClamAV scan of the files.
\stopitemize
For instance, this guide's PDF files were submitted to VirusTotal
because it is meant to be public knowledge and we see no valid argument
against it. It does not guarantee the absence of malware, but it does
not hurt to add this check.
\subsubsection[title={Manual Reviews:},reference={manual-reviews-1}]
You can also try to check various files for malware using various tools.
This can be done as an extra measure and is especially useful with
documents rather than apps and various executables.
These methods require more tinkering but can be useful if you want to go
the extra length.
\subsubsubsection[title={PDF files:},reference={pdf-files}]
Again, regarding the PDFs of this guide and as explained in the README
of my repository, you could check for anomalies using PDFID which you
can download at
\useURL[url2785][https://blog.didierstevens.com/programs/pdf-tools/]\from[url2785]
\useURL[url2786][https://web.archive.org/web/https://blog.didierstevens.com/programs/pdf-tools/][][{[}Archive.org{]}]\from[url2786]:
\startitemize
\item
Install Python 3 (on Windows/Linux/macOS/Qubes OS)
\item
Download PDFID and Extract the files
\item
Run \quotation{python pdfid.py file-to-check.pdf} and you should see
these at 0 in the case of the PDF files in this repository:
\stopitemize
\starttyping
/JS 0 #This indicates the presence of Javascript
/JavaScript 0 #This indicates the presence of Javascript
/AA 0 #This indicates the presence of automatic action on opening
/OpenAction 0 #This indicates the presence of automatic action on opening
/AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript
/JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content
/RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash
/Launch 0 #This counts the launch actions
/EmbeddedFile 0 #This indicates there are embedded files within the PDF
/XFA 0 #This indicates the presence of XML Forms within the PDF
\stoptyping
Now, what if you think the PDF is still suspicious? Fear not \ldots{}
there are more things you can do to ensure it is not malicious:
\startitemize
\item
{\bf Qubes OS:} Consider using
\useURL[url2787][https://github.com/QubesOS/qubes-app-linux-pdf-converter]\from[url2787]
\useURL[url2788][https://web.archive.org/web/https://github.com/QubesOS/qubes-app-linux-pdf-converter][][{[}Archive.org{]}]\from[url2788]
which will convert your PDF into a flattened image file. This should
theoretically remove any malicious code in it. Note that this will
also render the PDF formatting useless (such as links, headings,
bookmarks, and references).
\item
{\bf (Deprecated) Linux/Qubes OS} (or possibly macOS through Homebrew
or Windows through Cygwin): Consider not using
\useURL[url2789][https://github.com/firstlookmedia/pdf-redact-tools]\from[url2789]
\useURL[url2790][https://web.archive.org/web/https://github.com/firstlookmedia/pdf-redact-tools][][{[}Archive.org{]}]\from[url2790]
which will also turn your PDF into a flattened image file. Again, this
should theoretically remove any malicious code in it. Again, this will
also render the PDF formatting useless (such as links, headings,
bookmarks, and references). {\bf Note that this tool is deprecated and
relies on a library called \quotation{ImageMagick} which is known for
several security issues}\footnote{ImageTragick.com,
\useURL[url2791][https://imagetragick.com/]\from[url2791]
\useURL[url2792][https://web.archive.org/web/https://imagetragick.com/][][{[}Archive.org{]}]\from[url2792]}{\bf .
You should not use this tool even if it is recommended in some other
guides.}
\item
{\bf Windows/Linux/Qubes/OS/macOS:} Consider using
\useURL[url2793][https://github.com/firstlookmedia/dangerzone]\from[url2793]
\useURL[url2794][https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone][][{[}Archive.org{]}]\from[url2794]
which was inspired by Qubes PDF Converted above and does the same but
is well maintained and works on all OSes. This tool also works with
Images, ODF files, and Office files (Warning: On Windows, this tool
requires Docker-Desktop installed and this might (will) interfere with
Virtualbox and other Virtualization software because it requires
enabling Hyper-V. VirtualBox and Hyper-V do not play nice
together\footnote{Oracle Virtualbox Documentation,
\useURL[url2795][https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html]\from[url2795]
\useURL[url2796][https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html][][{[}Archive.org{]}]\from[url2796]}.
Consider installing this within a Linux VM for convenience instead of
a Windows OS).
\stopitemize
\subsubsubsection[title={Other types of
files:},reference={other-types-of-files}]
Here are some various resources for this purpose where you will find
what tool to use for what type:
\startitemize
\item
{\bf For Documents/Pictures:} Consider using
\useURL[url2797][https://github.com/firstlookmedia/dangerzone]\from[url2797]
\useURL[url2798][https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone][][{[}Archive.org{]}]\from[url2798]
which was inspired by Qubes PDF Converted above and does the same but
is well maintained and works on all OSes. This tool also works with
Images, ODF files, and Office files (Warning: On Windows, this tool
requires Docker-Desktop installed and this might (will) interfere with
Virtualbox and other Virtualization software because it requires
enabling Hyper-V. VirtualBox and Hyper-V do not play nice
together\footnote{Oracle Virtualbox Documentation,
\useURL[url2799][https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html]\from[url2799]
\useURL[url2800][https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html][][{[}Archive.org{]}]\from[url2800]}.
Consider installing this within a Linux VM for convenience instead of
a Windows OS).
\item
{\bf For Videos:} Be extremely careful, use an up-to-date player in a
sandboxed environment. Remember
\useURL[url2801][https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez]\from[url2801]
\useURL[url2802][https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez][][{[}Archive.org{]}]\from[url2802]
\item
This practical cheat sheet from SANS:
\useURL[url2803][https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf]\from[url2803]
\useURL[url2804][https://web.archive.org/web/https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf][][{[}Archive.org{]}]\from[url2804]
(warning, many of those tools might be harder to use on Windows and
you might consider using them from a Linux OS such as Tails, Whonix
Workstation, or a Linux distribution of your choice as explained later
in this guide. There are also other guides out there\footnote{Lenny
Zeltser, Analyzing Malicious Documents Cheat Sheet
\useURL[url2805][https://zeltser.com/analyzing-malicious-documents/]\from[url2805]
\useURL[url2806][https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/][][{[}Archive.org{]}]\from[url2806]}
that might be of use).
\item
This GitHub repository with various resources on malware analysis:
\useURL[url2807][https://github.com/rshipp/awesome-malware-analysis]\from[url2807]
\useURL[url2808][https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis][][{[}Archive.org{]}]\from[url2808]
\item
This interesting PDF detailing which tool to use for which file type
\useURL[url2809][https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf]\from[url2809]
\useURL[url2810][https://web.archive.org/web/https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf][][{[}Archive.org{]}]\from[url2810]
\stopitemize
{\bf Even with all those resources, keep in mind you might still get
advanced malware if those are not detected by those various tools. Be
careful and remember to handle these files within isolated Virtual
Machines, if possible, to limit the attack surface and vectors.}
\section[title={Appendix U: How to bypass (some) local restrictions on
supervised
computers},reference={appendix-u-how-to-bypass-some-local-restrictions-on-supervised-computers}]
There might be situations where the only device you have at your
disposal is not really yours such as:
\startitemize
\item
Using a Work computer with restrictions in place on what you can
do/run.
\item
Misuse of Parental control features to monitor your computer usage
(despite you being a non-consenting Adult).
\item
Misuse of various monitoring apps to monitor your computer usage
against your will.
\stopitemize
The situation might look desperate, but it is not necessarily the case
as there are some safe ways to bypass these depending on how well your
adversaries did their job securing your computer.
\subsection[title={Portable Apps:},reference={portable-apps}]
There are plenty of methods you could use to bypass those restrictions
locally. One of them would be to use portable apps\footnote{Wikipedia,
Portable Applications
\useURL[url2811][https://en.wikipedia.org/wiki/Portable_application]\from[url2811]
\useURL[url2812][https://wikiless.org/wiki/Portable_application][][{[}Wikiless{]}]\from[url2812]
\useURL[url2813][https://web.archive.org/web/https://en.wikipedia.org/wiki/Portable_application][][{[}Archive.org{]}]\from[url2813]}.
Those apps do not require installation on your system and can be run
from a USB key or anywhere else.
{\bf But this is not a method we would recommend.}
This is because those portable apps will not necessarily hide themselves
(or be able to hide themselves) from the usage reports and forensic
examination. This method is just too risky and will probably arise
issues if noticed if you are in such a hostile environment.
Even the most basic controls (supervision or parental) will send out
detailed app usage to your adversary.
\subsection[title={Bootable Live
Systems:},reference={bootable-live-systems}]
This method is the one we would recommend in those cases.
It is relatively easy for your adversary to prevent this by setting up
firmware BIOS/UEFI (see \goto{Bios/UEFI/Firmware Settings of your
laptop}[biosuefifirmware-settings-of-your-laptop]) controls but usually
most adversaries will overlook this possibility which requires more
technical knowledge than just relying on Software.
This method could even decrease suspicion and increase your plausible
deniability as your adversaries think they have things under control and
that everything appears normal in their reports.
This method only depends on one security feature (that they probably did
not turn on in most cases): Boot Security.
Boot Security is divided into several types:
\startitemize
\item
Simple BIOS/UEFI password preventing the change of the boot order.
This means you cannot start such a live system in place of your
supervised OS without providing the BIOS/UEFI password.
\item
Secure Boot. This is a \quotation{standard} feature preventing you
from starting unsigned systems from your computer. While this feature
could be configured to only allow your supervised system, usually by
default it will allow running an entire range of signed systems
(signed by Microsoft or the Manufacturer for instance).
\stopitemize
Secure Boot is relatively easy to bypass as there are plenty of Live
Systems that are now Secure Boot compliant (meaning they are signed) and
will be allowed by your laptop.
The BIOS/UEFI password on the other hand is much harder to bypass
without risks. In that case, you are left with two options:
\startitemize
\item
Guess/Know the password so that you can change the boot order of your
laptop without raising suspicions
\item
Reset the password using various methods to remove the password.
{\bf we would not recommend doing this because if your adversaries
went the extra length of enabling this security feature, they probably
will be suspicious if it were disabled, and this might increase
suspicion and decrease your plausible deniability considerably.}
\stopitemize
Again, this feature is usually overlooked by most unskilled/lazy
adversaries and in my experience left disabled.
{\bf This is your best chance into bypassing local controls without
traces.}
The reason is that most of the controls are within your main Operating
System software and only monitor what happens within the Operating
System. Those measures will not be able to monitor what happened at the
Hardware/Firmware level before the Operating System loads.
\subsection[title={Precautions:},reference={precautions}]
While you might be able to bypass local restrictions easily using a Live
System such as Tails, remember that your network might also be monitored
for unusual activities.
Unusual network activities showing up from a computer at the same time
your computer is seemingly powered off might raise suspicions.
If you are to resort to this, you should never do so from a
monitored/known network but only from a safe different network. Ideally
a safe public wi-fi (See \goto{Find some safe places with decent public
Wi-Fi}[find-some-safe-places-with-decent-public-wi-fi]).
{\bf Do not use a live system on a Software supervised/monitored device
on a known network.}
{\bf Refer to the Tails route to achieve this. See \goto{The Tails
route}[the-tor-browser-route] and \goto{Appendix P: Accessing the
internet as safely as possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
sections.}
\section[title={Appendix V: What browser to use in your Guest
VM/Disposable
VM},reference={appendix-v-what-browser-to-use-in-your-guest-vmdisposable-vm}]
{\bf Temporary Important Warning: Please see \goto{Microarchitectural
Side-channel Deanonymization
Attacks:}[microarchitectural-side-channel-deanonymization-attacks] for
all browsers except Tor Browser.}
There are 6 possibilities of browser to use on your guest/disposable VM:
\startitemize
\item
Brave (Chromium-based)
\item
Edge (Chromium-based, Windows Only)
\item
Firefox
\item
Safari (macOS VM only)
\item
Tor Browser
\stopitemize
Here is a comparison table of one fingerprinting test of various
browsers with their native settings ({\bf but Javascript enabled for
usability, except for Tor Safest mode}).
{\bf Disclaimer: these tests while nice are not conclusive of the real
fingerprinting resistance. But they can help compare browsers between
each other.}
Browser
https://coveryourtracks.eff.org/
Fingerprinting Test with real Ad
Safari (Normal)*
Fail (Unique)
Safari (Private Window) *
Fail (Unique)
Edge (Normal)**
Fail (Unique)
Edge (Private Window) **
Fail (Unique)
Firefox (Normal)
Fail (Unique)
Firefox (Private Window)
Fail (Unique)
Chrome (Normal)
Fail (Unique)
Chrome (Private Window)
Fail (Unique)
Brave (Normal)
Passed (Randomized)
Brave (Private Window)
Passed (Randomized)
Brave (Tor Window)
Passed (Randomized)
Tor Browser (Normal mode)
Partial
Tor Browser (Safer mode)
Partial
Tor Browser (Safest mode)
Unknown (Result did not load)
\startitemize[packed]
\item
*: macOS only. **: Windows only.
\stopitemize
Another useful resource to be considered for comparing browsers is:
\useURL[url2814][https://privacytests.org/]\from[url2814]
\useURL[url2815][https://web.archive.org/web/https://privacytests.org/][][{[}Archive.org{]}]\from[url2815]
\subsection[title={Brave:},reference={brave}]
{\bf This is my recommended/preferred choice for a Browser within your
guest VMs. This is not my recommended choice for a Browser within your
Host OS where we strictly recommend Tor Browser as they recommend it
themselves}\footnote{Brave Help, What is a Private Window with Tor
Connectivity?
\useURL[url2816][https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor]\from[url2816]
\useURL[url2817][https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor][][{[}Archive.org{]}]\from[url2817]}{\bf .}
Why Brave despite the controversies\footnote{BlackGNU, Brave, the false
sensation of privacy
\useURL[url2818][https://blackgnu.net/brave-is-shit.html]\from[url2818]
\useURL[url2819][https://web.archive.org/web/https://blackgnu.net/brave-is-shit.html][][{[}Archive.org{]}]\from[url2819]}?
\startitemize
\item
You will encounter fewer issues later with account creations (captchas
\ldots{}). This is based on my experiences trying to create plenty of
online identities using various browsers. You will have to trust me on
that.
\item
You will enjoy native ad-blocking where none is available in others by
default without adding extensions\footnote{Brave Help Center, What is
\quotation{Shields}?
\useURL[url2820][https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields]\from[url2820]
\useURL[url2821][https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields][][{[}Archive.org{]}]\from[url2821]}.
\item
Performance is arguably better than Firefox\footnote{VentureBeat,
Browser benchmark battle January 2020: Chrome vs.~Firefox vs.~Edge
vs.~Brave
\useURL[url2822][https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/]\from[url2822]
\useURL[url2823][https://web.archive.org/web/https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/][][{[}Archive.org{]}]\from[url2823]}.
\item
Brave is arguably better at fingerprinting resistance than
others\footnote{Brave.com, Brave, Fingerprinting, and Privacy Budgets
\useURL[url2824][https://brave.com/brave-fingerprinting-and-privacy-budgets/]\from[url2824]
\useURL[url2825][https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/][][{[}Archive.org{]}]\from[url2825]}.
\item
Security of Chromium-based Browser is arguably better and more secure
than Firefox\footnote{Madaidan's Insecurities, Firefox and Chromium
\useURL[url2826][https://madaidans-insecurities.github.io/firefox-chromium.html]\from[url2826]
\useURL[url2827][https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html][][{[}Archive.org{]}]\from[url2827]}'\footnote{GrapheneOS,
Web Browsing
\useURL[url2828][https://grapheneos.org/usage\#web-browsing]\from[url2828]
\useURL[url2829][https://web.archive.org/web/https://grapheneos.org/usage\#web-browsing][][{[}Archive.org{]}]\from[url2829]}.
Within the context of this guide, security should be privileged to
prevent any vulnerability or exploit from gaining access to the VM.
\item
Comparison of both by Mozilla:
\useURL[url2830][https://www.mozilla.org/en-US/firefox/browsers/compare/brave/]\from[url2830]
\useURL[url2831][https://web.archive.org/web/https://www.mozilla.org/en-US/firefox/browsers/compare/brave/][][{[}Archive.org{]}]\from[url2831]
\item
Comparison of both by Techlore:
\useURL[url2832][https://www.youtube.com/watch?v=qkJGF3syQy4]\from[url2832]
\useURL[url2833][https://yewtu.be/watch?v=qkJGF3syQy4][][{[}Invidious{]}]\from[url2833]
\item
The whole traffic will be routed over a VPN over Tor anyway. So even
if you mistakenly opt-in for some telemetry, it is not so important.
Remember that in this anonymity threat model, we are mostly after
anonymity and security. The privacy of our online identities does not
matter that much unless the privacy issue is also a security issue
that could help deanonymize you.
\item
Brave was found to be sending no identifiable telemetry compared to
other browsers\footnote{ResearchGate, Web Browser Privacy: What Do
Browsers Say When They Phone Home?
\useURL[url2834][https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home]\from[url2834]
\useURL[url2835][https://web.archive.org/web/https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home][][{[}Archive.org{]}]\from[url2835]}.
\stopitemize
\subsection[title={Ungoogled-Chromium:},reference={ungoogled-chromium}]
{\bf This browser is considered a security liability due to their
systemic lagging on security patches}\footnote{Duck's pond,
Ungoogled-Chromium
\useURL[url2836][https://qua3k.github.io/ungoogled/]\from[url2836]
\useURL[url2837][https://web.archive.org/web/https://qua3k.github.io/ungoogled/][][{[}Archive.org{]}]\from[url2837]}{\bf .}
{\bf It is strongly advised not to use Ungoogled-Chromium.}
\subsection[title={Edge:},reference={edge}]
This is for Windows users only. Edge is a solid choice too.
\startitemize
\item
You will encounter fewer issues later with account creations (captchas
\ldots{}). This is based on my experiences trying to create plenty of
online identities using various browsers. You will have to trust me on
that.
\item
Better Security than Firefox as it is Chromium-based\footnote{Madaidan's
Insecurities, Firefox and Chromium
\useURL[url2838][https://madaidans-insecurities.github.io/firefox-chromium.html]\from[url2838]
\useURL[url2839][https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html][][{[}Archive.org{]}]\from[url2839]}'\footnote{GrapheneOS,
Web Browsing
\useURL[url2840][https://grapheneos.org/usage\#web-browsing]\from[url2840]
\useURL[url2841][https://web.archive.org/web/https://grapheneos.org/usage\#web-browsing][][{[}Archive.org{]}]\from[url2841]}.
\item
Better Performance than Firefox.
\item
The whole traffic will be router through Tor anyway.
\item
Can benefit from additional security using Microsoft Defender
Application Guard (MDAG)\footnote{Microsoft.com, Microsoft Edge
support for Microsoft Defender Application Guard
\useURL[url2842][https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard]\from[url2842]
\useURL[url2843][https://web.archive.org/web/https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard][][{[}Archive.org{]}]\from[url2843]}.
Note that this feature cannot be enabled in a Virtualbox VM
unfortunately.
\item
Native tracker blocking (Similar to Brave Shields).
\stopitemize
Cons:
\startitemize[packed]
\item
You will have to disable some telemetry within the Browser
\stopitemize
\subsection[title={Safari:},reference={safari}]
The macOS default browser.
Pros:
\startitemize[packed]
\item
It is a Browser with decent security and sandboxing capabilities.
\stopitemize
Cons:
\startitemize
\item
It is macOS only (obviously)
\item
It requires signing-in into the App Store to install extensions
(impossible within the scope of this guide since it is a VM)
\item
Even if you could, it lacks the best Extensions available for Firefox
and Chrome.
\stopitemize
Overall, we would not recommend using Safari on a macOS VM but instead,
go for another Browser such as Brave or Firefox.
\subsection[title={Firefox:},reference={firefox}]
And of course, lastly, you could go with Firefox,
Pros:
\startitemize
\item
Well, it is out of the \quotation{Chromium} world and not taking part
in expanding Chromium market share
\item
In addition to being out of the Chromium world, it is also completely
out of the Google world (despite the Mozilla Foundation being almost
entirely funded by Google\footnote{PcMag, Mozilla Signs Lucrative
3-Year Google Search Deal for Firefox
\useURL[url2844][https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox]\from[url2844]
\useURL[url2845][https://web.archive.org/web/https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox][][{[}Archive.org{]}]\from[url2845]}).
\item
An impressive amount of customization through extensions for every
possible need.
\item
Firefox can be severely hardened to almost match the security of
Chromium-based browsers.
\stopitemize
Cons:
\startitemize[packed]
\item
Poorer performance compared to Chromium.
\stopitemize
Security (especially sandboxing) of Firefox is arguably weaker than
Chromium-based browsers\footnote{Madaidan's Insecurities, Firefox and
Chromium
\useURL[url2846][https://madaidans-insecurities.github.io/firefox-chromium.html]\from[url2846]
\useURL[url2847][https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html][][{[}Archive.org{]}]\from[url2847]}.
\startitemize[packed]
\item
You will experience more captchas (this is based on my tests).
\stopitemize
\subsection[title={Tor Browser:},reference={tor-browser-1}]
If you are extra paranoid and want to use Tor Browser and have
\quotation{Tor over VPN over Tor}, you could go with Tor Browser within
the VM as well. This is completely pointless/useless.
We would not recommend this option. It is just silly.
\section[title={Appendix V1: Hardening your
Browsers:},reference={appendix-v1-hardening-your-browsers}]
In this section, we'll discuss hardening your browsers. This has a heavy
focus on the difference between Tracking Reduction and Tracking Evasion,
and the pros and cons of either. First, let's define what they are
\useURL[url2848][https://seirdy.one/posts/2022/06/25/two-types-of-privacy/][][as
described by Rohan Kumar]\from[url2848]:
\startitemize[packed]
\item
Tracking reduction (TR)
\startitemize[packed]
\item
TR aims to reduce the amount of data collected about an exposed
user. It reduces a footprint's spread primarily by blocking
trackers. Sometimes this can increase the size of a footprint.
\stopitemize
\item
Tracking evasion (TE)
\startitemize[packed]
\item
TE reduces the amount of data exposed by a user. Rather than
eliminating data collection itself, TE prevents useful data from
being made available in the first place. In other words, it reduces
a footprint's size.
\stopitemize
\stopitemize
Browsers that provide Tracking Reduction are to be used for a more
casual \goto{Threat Model}[appendix-b3-threat-modeling-resources]
whereas Tracking Evasion is more complex. But both need to be explored.
Tracking Reduction focuses on browsing with less tracking. It involves
things like content-blocking, firewalls, opt-outs, flipping telemetry
buttons, etc. If you're this far into the guide, you likely have a very
good understanding of this already. Tracking Evasion, however, involves
techniques like using the portable Tor Browser Bundle to anonymize your
footprint and online identity, avoiding identifiable extensions, and
using randomized keystroke delays. It's more about minimizing your
online footprint, to give you a less fingerprintable browsing
environment and internet usage.
A brief mention of this is necessary in determining operation needs for
both. You need a certain level of understanding in both to achieve good
standards and develop better browsing habits. This can and will overall
provide you with a more viable solution to public trackers, government
organizations looking to trace/track your browsing habits back to you,
even just trolls attempting to doxx you.
The following are the recommended safest routes for each browser
according to the current versions of their respective software and the
ability each one has to become more secure. In the guide we will provide
both Tracking Reduction & Evasion and it will not require you to write
even a single line of code.
\subsection[title={Brave:},reference={brave-1}]
\startitemize
\item
Download and install Brave browser from
\useURL[url2849][https://brave.com/download/]\from[url2849]
\useURL[url2850][https://web.archive.org/web/https://brave.com/download/][][{[}Archive.org{]}]\from[url2850]
\item
{\bf Open} Brave Browser
\item
Go into {\bf Settings} > {\bf Appearances}
(\type{brave://settings/appearance})
\startitemize
\item
{\bf Disable} \quotation{Show Top Sites}
\item
{\bf Disable} \quotation{Show Brave Suggested Sites}
\item
{\bf Disable} \quotation{Show Brave Rewards icon in address bar}
\item
{\bf Enable} \quotation{Always show full URLs}
\stopitemize
\item
Go into {\bf Settings} > {\bf Shields}
(\type{brave://settings/shields})
\startitemize
\item
Set Shields to {\bf Advanced}
\item
Set \quotation{Trackers and Ads blocking} to {\bf Aggressive}
\item
Set Upgrade connections to HTTPS to {\bf Enabled}
\item
Set Cookie blocking to {\bf Only cross-site}
\item
Set Fingerprinting blocking to {\bf Standard} or {\bf Strict}
\stopitemize
\item
Go into {\bf Settings} > {\bf Social media blocking}
(\type{brave://settings/socialBlocking})
\startitemize[packed]
\item
{\bf Uncheck} everything unless needed
\stopitemize
\item
Go to {\bf Settings} > {\bf Search engine}
(\type{brave://settings/search})
\startitemize[packed]
\item
See \goto{Appendix A3: Search Engines}[appendix-a3-search-engines]
\stopitemize
\item
Go into {\bf Settings} > {\bf Extensions}
(\type{brave://settings/extensions})
\startitemize
\item
{\bf Disable} everything except \quotation{Private Window with Tor}
\item
Set both {\bf Resolve} methods to \quotation{Ask}
\stopitemize
\item
Go into {\bf Settings} > {\bf Wallet} (\type{brave://settings/wallet})
\startitemize
\item
{\bf Disable} \quotation{Show Brave Wallet icon on toolbar}
\item
Set {\bf Default Ethereum wallet} to \quotation{None}
\item
Set {\bf Default Solana wallet} to \quotation{None}
\stopitemize
\item
Go into {\bf Settings} > {\bf Privacy and Security}
(\type{brave://settings/privacy})
\startitemize
\item
Leave {\bf WebRTC} to \quotation{Default}
\item
{\bf Disable} \quotation{Allow privacy-preserving product analytics
(P3A)}
\item
{\bf Disable} \quotation{Automatically send daily usage ping to
Brave}
\item
Go into \quotation{Clear Browsing Data}
\startitemize
\item
Select {\bf On Exit}
\item
Check all options
\item
{\bf Click} \quotation{Save}
\stopitemize
\stopitemize
\item
Open a new Tab
\item
{\bf Click} \quotation{Customize} in the lower right corner
\startitemize[packed]
\item
{\bf Disable} everything in Customize Dashboard except maybe the
clock
\stopitemize
\item
Go into {\bf Settings} > {\bf Shields} > {\bf Content filters}
(\type{brave://settings/shields/filters})
\startitemize
\item
Select any additional adblocking filter you want
\startitemize[packed]
\item
Recommended: {\bf CJX's Annoyance List}, {\bf Easylist-Cookie
List}, {\bf Fanboy Annoyances List}, {\bf Fanboy Social List},
{\bf Fanboy's Mobile Notifications List}, and {\bf uBlock
Annoyances List}
\stopitemize
\item
Add custom filter lists
\startitemize
\item
Add the
\useURL[url2851][https://raw.githubusercontent.com/DandelionSprout/adfilt/master/ClearURLs\%20for\%20uBo/clear_urls_uboified.txt][][Actually
Legitimate URL Shortener Tool]\from[url2851] which uses the rules
found in ClearURLs below
\item
Add the
\useURL[url2852][https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt][][AdGuard
URL Tracking Protection]\from[url2852] which enables generic
\type{$removeparam} rules
\stopitemize
\item
To keep all applied filters, {\bf click} \quotation{Save}
\stopitemize
\item
Do not ever enable Brave Rewards (button should be hidden on all
sites)
\stopitemize
Addons to consider on Brave if you want additional protections:
\startitemize
\item
LocalCDN
(\useURL[url2853][https://chrome.google.com/webstore/detail/localcdn/njdfdhgcmkocbgbhcioffdbicglldapd]\from[url2853])
\startitemize[packed]
\item
Alternatively, DecentralEyes
(\useURL[url2854][https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj]\from[url2854])
\stopitemize
\item
PrivacyBadger
(\useURL[url2855][https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp]\from[url2855])
\item
NoScript
(\useURL[url2856][https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm]\from[url2856])
\item
Either ClearURLs
(\useURL[url2857][https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk]\from[url2857])
{\bf OR} the custom list above
\item
LibRedirect
(\useURL[url2858][https://libredirect.github.io/]\from[url2858])
\stopitemize
That's it and you should be pretty much covered. For full paranoia, you
can also just \quotation{Block Scripts} to disable Javascript. Note that
even disabling Javascript might not protect you fully\footnote{FingerprintJS,
Demo: Disabling JavaScript Won't Save You from Fingerprinting
\useURL[url2859][https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/]\from[url2859]
\useURL[url2860][https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/][][{[}Archive.org{]}]\from[url2860]}.
\subsection[title={Ungoogled-Chromium:},reference={ungoogled-chromium-1}]
{\bf This browser is considered a security liability due to their
systemic lagging on security patches}\footnote{Duck's pond,
Ungoogled-Chromium
\useURL[url2861][https://qua3k.github.io/ungoogled/]\from[url2861]
\useURL[url2862][https://web.archive.org/web/https://qua3k.github.io/ungoogled/][][{[}Archive.org{]}]\from[url2862]}{\bf .}
{\bf It is strongly advised not to use Ungoogled-Chromium.}
\subsection[title={Edge:},reference={edge-1}]
Windows only:
\startitemize
\item
Open Edge
\item
Go into Settings
\item
Go to Profiles and make sure everything is unchecked in every section
(Personal Info, Passwords, Payment info, Profile preferences)
\item
Go to Privacy, search, and services:
\startitemize
\item
Go to Tracking Prevention:
\startitemize
\item
Set to Strict or at least Balanced
\item
Set to always use Strict with InPrivate Windows
\stopitemize
\item
Go to Privacy:
\startitemize
\item
Enable send Do Not Track
\item
Disable the options for the website to check your payment methods
\stopitemize
\item
Go to Optional Diagnostic Data:
\startitemize[packed]
\item
Disable it
\stopitemize
\item
Go to Personalize your Web Experience:
\startitemize[packed]
\item
Disable it
\stopitemize
\item
Go to Security
\startitemize[packed]
\item
Disable everything
\stopitemize
\item
Go to Services
\startitemize
\item
Disable everything
\item
In Address Bar and Search:
\startitemize[packed]
\item
Disable everything and change the search engine (see
\goto{Appendix A3: Search Engines}[appendix-a3-search-engines])
\stopitemize
\stopitemize
\item
Go to Cookies and Sites Permissions:
\startitemize
\item
Within All Permissions:
\startitemize
\item
Within Cookies, make sure \quotation{Block Third-Party Cookies}
is checked
\item
Block everything except:
\startitemize
\item
Javascript
\item
Images
\stopitemize
\stopitemize
\stopitemize
\stopitemize
\stopitemize
Enable Application Guard for Edge (only on Host OS, not possible within
a VirtualBox VM):
{\bf Skip if this is a VM}
\startitemize
\item
Open Control Panel.
\item
Click on Programs
\item
Click on Turn Windows features on or off link
\item
Check the Windows Defender Application Guard option
\item
Click OK.
\item
Click Restart.
\item
Now you can open Edge and open a new \quotation{Application Guard}
Window.
\stopitemize
That's about it for Edge but you are also free to add extensions from
the Chrome Store such as:
\startitemize
\item
uBlock Origin
(\useURL[url2863][https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm]\from[url2863])
\item
LocalCDN
(\useURL[url2864][https://chrome.google.com/webstore/detail/localcdn/njdfdhgcmkocbgbhcioffdbicglldapd]\from[url2864])
\startitemize[packed]
\item
Alternatively, DecentralEyes
(\useURL[url2865][https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj]\from[url2865])
\stopitemize
\item
PrivacyBadger
(\useURL[url2866][https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp]\from[url2866])
\item
HTTPS Everywhere
(\useURL[url2867][https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp]\from[url2867])
\item
NoScript
(\useURL[url2868][https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm]\from[url2868])
\item
ClearURLs
(\useURL[url2869][https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk]\from[url2869])
\item
LibRedirect
(\useURL[url2870][https://libredirect.github.io/]\from[url2870])
\stopitemize
\subsection[title={Safari:},reference={safari-1}]
macOS Only:
\startitemize
\item
Open Safari
\item
Click the Safari top left Menu
\item
Click Preferences
\startitemize
\item
On the General Tab:
\startitemize
\item
Change New Windows to \quotation{Empty Page}
\item
Change New Tabs to \quotation{Empty page}
\item
Change the Remove History after to \quotation{1 day}
\item
Change the Remove Download list items to \quotation{When Safari
Quits} or \quotation{When Successful Download}
\item
Uncheck \quotation{Open Safe Files After Downloading}
\stopitemize
\item
On the Security Tab:
\startitemize[packed]
\item
Disable \quotation{Warn when visiting a Fraudulent Website} (this
sends the URLs your visit to Google for screening)
\stopitemize
\item
On the Privacy Tab:
\startitemize[packed]
\item
Uncheck \quotation{Web Advertising}
\stopitemize
\item
On the Advanced Tab:
\startitemize[packed]
\item
Check the \quotation{Show full website address}
\stopitemize
\stopitemize
\stopitemize
Consider \goto{Appendix A5: Additional browser precautions with
JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled]
That's about it. Unfortunately, you will not be able to add extensions
as those will require you to sign in into the App Store which you cannot
do from a macOS VM. Again, we would not recommend sticking to Safari in
a macOS VM but instead switching to Brave or Firefox.
\subsection[title={Firefox:},reference={firefox-1}]
\subsubsection[title={Normal settings:},reference={normal-settings}]
\startitemize
\item
Open Firefox
\item
On the Firefox Home Page:
\startitemize
\item
Click Personalize
\item
Uncheck/Disable Everything
\stopitemize
\item
Open Settings:
\startitemize
\item
Go into Search
\startitemize[packed]
\item
Change the search engine (See \goto{Appendix A3: Search
Engines}[appendix-a3-search-engines])
\stopitemize
\item
Go into Privacy & Security
\startitemize
\item
Set to Custom
\startitemize
\item
Cookies: Select All Third-Party Cookies
\item
Tracking Content: In all Windows
\item
Check Cryptominers
\item
Check Fingerprinters
\stopitemize
\item
Set always send \quotation{Do Not Track}
\stopitemize
\item
Go to Logins and Passwords
\startitemize[packed]
\item
Uncheck \quotation{Ask to save logins and passwords for websites}
\stopitemize
\item
Go to Permissions
\startitemize
\item
Location: check block new requests
\item
Camera: check block new requests
\item
Microphone: check block new requests
\item
Notifications: check block new requests
\item
Autoplay: select Disable Audio and Video
\item
Virtual Reality: check block new requests
\item
Check Block Pop-ups
\item
Check Warn when websites try to install add-ons
\stopitemize
\item
Go to Firefox Data Collection and Use
\startitemize[packed]
\item
Disable everything
\stopitemize
\item
Go to HTTPS-Only Mode
\startitemize[packed]
\item
Enable it on all Windows
\stopitemize
\stopitemize
\stopitemize
\subsubsection[title={Advanced settings:},reference={advanced-settings}]
Consider
\useURL[url2871][https://github.com/arkenfox/user.js/][][Arkenfox/user.js]\from[url2871],
a heavily maintained and very easy to use browser config which uses a
\quotation{user.js} to set all the privacy settings and disk avoidance
values. Below we recommend that if you are not setting the Arkenfox
config, at least setting the {\bf about:config} values below. Arkenfox
applies many others but these are the bare minimum for your protection
while browsing. Remember: doing nothing and using a browser with its
defaults will already be leaking many identifiable and trackable
characteristics which are unique to you. See \goto{Browser and Device
Fingerprinting}[browser-and-device-fingerprinting] for more details on
why default settings in browsers are unsafe.
Those settings are explained on the following resources in order of
recommendation if you want more details about what each setting does:
\startitemize[n][stopper=.]
\item
\useURL[url2872][https://wiki.archlinux.org/title/Firefox/Privacy]\from[url2872]
\useURL[url2873][https://web.archive.org/web/https://wiki.archlinux.org/title/Firefox/Privacy][][{[}Archive.org{]}]\from[url2873]
{\bf (most recommended)}
\item
\useURL[url2874][https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide]\from[url2874]
\useURL[url2875][https://web.archive.org/web/https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide][][{[}Archive.org{]}]\from[url2875]
\stopitemize
Here are most of the steps combined from the sources above (some have
been omitted due to the extensions recommended later below):
\startitemize
\item
Navigate to \quotation{about:config} in the URL bar
\item
Click Accept the Risk and Continue
\startitemize
\item
Safe Settings (should not break anything)
\startitemize
\item
Disable Firefox Pocket
\startitemize[packed]
\item
Set \quotation{extensions.pocket.enabled} to false
\stopitemize
\item
Disable All Telemetry
\startitemize
\item
Set
\quotation{browser.newtabpage.activity-stream.feeds.telemetry}
to false
\item
Set \quotation{browser.ping-centre.telemetry} to false
\item
Set \quotation{browser.tabs.crashReporting.sendReport} to false
\item
Set \quotation{devtools.onboarding.telemetry.logged} to false
\item
Set \quotation{toolkit.telemetry.enabled} to false
\item
Search for \quotation{toolkit.telemetry.server} and clear it
\item
Set \quotation{toolkit.telemetry.unified} to false
\item
Set \quotation{beacon.enabled} to false
\stopitemize
\item
Disable Pre-Fetching
\startitemize
\item
Set \quotation{network.dns.disablePrefetch} to true
\item
Set \quotation{network.dns.disablePrefetchFromHTTPS} to true
\item
Set \quotation{network.predictor.enabled} to false
\item
Set \quotation{network.predictor.enable-prefetch} to false
\item
Set \quotation{network.prefetch-next} to false
\item
Set \quotation{browser.urlbar.speculativeConnect.enabled} to
false
\stopitemize
\item
Disable Javascript in PDFs
\startitemize[packed]
\item
Set \quotation{pdfjs.enableScripting} to false
\stopitemize
\item
Disable obsolete SSL encryption
\startitemize
\item
Set \quotation{security.ssl3.rsa_des_ede3_sha} to false
\item
Set \quotation{security.ssl.require_safe_negotiation} to true
\stopitemize
\item
Disable Firefox Accounts
\startitemize[packed]
\item
Set \quotation{identity.fxaccounts.enabled} to false
\stopitemize
\item
Disable Geolocation
\startitemize[packed]
\item
Set \quotation{geo.enabled} to false
\stopitemize
\item
Disable Web Notifications
\startitemize[packed]
\item
Set \quotation{dom.webnotifications.enabled} to false
\stopitemize
\item
Disable Copy/Paste Notifications
\startitemize[packed]
\item
Set \quotation{dom.event.clipboardevents.enabled} to false
\stopitemize
\item
Disable Microphone/Camera status fetching
\startitemize[packed]
\item
Set \quotation{media.navigator.enabled} to false
\stopitemize
\item
Enable \quotation{Do Not Track}
\startitemize[packed]
\item
Set \quotation{privacy.donottrackheader.enabled} to true
\stopitemize
\item
Disable SafeBrowsing
\startitemize
\item
Set \quotation{browser.safebrowsing.malware.enabled} to false
\item
Set \quotation{browser.safebrowsing.phishing.enabled} to false
\item
Set \quotation{browser.safebrowsing.downloads.remote.enabled} to
false
\stopitemize
\stopitemize
\item
Moderate Settings (could break some websites)
\startitemize
\item
Disable WebRTC (this will break all websites with video/audio
communications)
\startitemize
\item
Set \quotation{media.peerconnection.enabled} to false
\item
Set \quotation{media.navigator.enabled} to false
\stopitemize
\item
Disable WebGL (this will break some media intensive websites)
\startitemize[packed]
\item
Set \quotation{webgl.disabled} to true
\stopitemize
\item
Disable DRM
\startitemize
\item
Set \quotation{media.eme.enabled} to false
\item
Set \quotation{media.gmp-widevinecdm.enabled} to false
\stopitemize
\item
Set Cookiies Behavior
\startitemize
\item
Set \quotation{network.cookie.cookieBehavior} to 1
\item
Set \quotation{network.http.referer.XOriginPolicy} to 2
\stopitemize
\item
Change referer policy
\startitemize[packed]
\item
Set \quotation{network.http.referer.XOriginTrimmingPolicy} to 2
\stopitemize
\item
Change Session Storage behavior
\startitemize[packed]
\item
Set \quotation{browser.sessionstore.privacy_level} to 2
\stopitemize
\item
Disable Connection Tests for Captive Portals
\startitemize[packed]
\item
Set \quotation{network.captive-portal-service.enabled} to false
\stopitemize
\item
Disable \quotation{Trusted Recursive Resolver}
\startitemize[packed]
\item
Set/Create \quotation{network.trr.mode} and set it to 5
\stopitemize
\stopitemize
\item
Advanced (this will break some websites)
\startitemize
\item
Set \quotation{privacy.resistFingerprinting} to true
\item
Set \quotation{privacy.trackingprotection.fingerprinting.enabled}
to true
\item
Set \quotation{privacy.trackingprotection.cryptomining.enabled} to
true
\item
Set \quotation{privacy.trackingprotection.enabled} to true
\item
Set \quotation{browser.send_pings} to false
\item
Set \quotation{change privacy.firstparty.isolate} to true
\item
Set \quotation{network.http.referer.XOriginPolicy} to
\quotation{2} or use {\bf Smart Referer} below
\item
Set \quotation{change network.cookie.lifetimePolicy} to 2 (this
deletes all cookies after each session)
\stopitemize
\stopitemize
\stopitemize
\subsubsection[title={Addons to
install/consider:},reference={addons-to-installconsider}]
\startitemize
\item
uBlock Origin
(\useURL[url2872][https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/]\from[url2872])
\item
Smart Referer
(\useURL[url2873][https://addons.mozilla.org/firefox/addon/smart-referer/]\from[url2873])
\startitemize[packed]
\item
Set \quotation{network.http.referer.XOriginPolicy} value of
\quotation{2} to \quotation{0} (so the extension works).
{\bf Disable} the whitelist (uncheck the {\bf Use default whitelist}
box) and set {\bf Domain name matching} to {\bf Strict}.
\stopitemize
\item
NoScript
(\useURL[url2874][https://addons.mozilla.org/en-US/firefox/addon/noscript/]\from[url2874])
\startitemize
\item
Blocks {\bf all} scripts by default, no exceptions. Necessary in
regular browser if you want to block all script executions. Not
necessary in Tor Browser.
\item
Within the options, change {\bf Default} options to check everything
except \quotation{ping}, \quotation{unrestricted CSS}, and
\quotation{LAN}. This will re-enable JavaScript and other web
features, to prevent many websites from breaking
\stopitemize
\item
LibRedirect
(\useURL[url2875][https://libredirect.github.io/]\from[url2875])
\startitemize[packed]
\item
Redirect less privacy friendly websites like YouTube and Wikipedia
to more privacy friendly open-source alternatives
\stopitemize
\item
Skip Redirect
(\useURL[url2876][https://github.com/sblask/webextension-skip-redirect]\from[url2876])
\stopitemize
\subsubsection[title={Bonus resources:},reference={bonus-resources}]
Here are also two recent guides to harden Firefox:
\startitemize
\item
\useURL[url2877][https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/]\from[url2877]
\useURL[url2878][https://web.archive.org/web/https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/][][{[}Archive.org{]}]\from[url2878]
\item
\useURL[url2879][https://ebin.city/~werwolf/posts/firefox-hardening-guide/]\from[url2879]
\useURL[url2880][https://web.archive.org/web/https://ebin.city/~werwolf/posts/firefox-hardening-guide/][][{[}Archive.org{]}]\from[url2880]
\stopitemize
\section[title={Appendix W:
Virtualization},reference={appendix-w-virtualization}]
So, you might ask yourself, what is Virtualization\footnote{Wikipedia,
Virtualization
\useURL[url2881][https://en.wikipedia.org/wiki/Virtualization]\from[url2881]
\useURL[url2882][https://wikiless.org/wiki/Virtualization][][{[}Wikiless{]}]\from[url2882]
\useURL[url2883][https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtualization][][{[}Archive.org{]}]\from[url2883]}?
Basically, it is like the Inception movie with computers. You have
emulated software computers called Virtual Machines running on a
physical computer. And you can even have Virtual Machines running within
Virtual machines if you want to (but this will require a more powerful
laptop in some cases).
Here is a little basic illustration of what Virtualization is:
\placefigure{image53}{\externalfigure[./tex2pdf.-1a34188c73046814/58f77ec3710646c76044e70f04d744ba188a891f.png]}
Each Virtual Machine is a sandbox. Remember the reasons for using them
are to prevent the following risks:
\startitemize
\item
Mitigate local data leaks and easier clean-up in case something gets
messed up or it is suspected to be compromised.
\item
Reduce malware/exploit attack surfaces (if your VM is compromised, the
adversary still must figure out he is in a VM and then gain access to
the Host OS which is not so trivial).
\item
Mitigate online data leaks by being able to enforce strict network
rules on Virtual Machines for accessing the network (such as passing
through the Tor Network).
\stopitemize
\subsection[title={Nested virtualization
risks},reference={nested-virtualization-risks}]
{\bf There is an inherently larger attack surface when nesting
virtualization.}
Here's some host information that can be leaked through the Virtual
Machine:
\startitemize
\item
Organizationally unique identifier or OUI - the unique identifier
assigned to VMWare Guest VMs;
\item
Virtual Windows registry keys like \type{ProductID} might show the
Host Machine's environment:\crlf
\type{HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProductId XXXXX-123-1234567-12345}
\item
HDD, GPU, and mouse drivers can be exposed through:
\type{HKEY_LOCAL_MACHINE\System\CurrentControlSet\}
\item
Registry entries will show that this is a virtual mouse:
\type{%WINDIR%\system32\drivers\vmmouse.sys}
\item
Descriptor Table Registers:
\useURL[url2884][https://stackoverflow.com/questions/52505313/what-are-descriptor-registers/52505743\#52505743]\from[url2884]
\startitemize[packed]
\item
Since it's a Virtual Machine using the same CPU cores, the
descriptor values are relocated due to there only being space for
one of each identifier per CPU. This is a dead giveaway and is used
in detection by advanced malware. It's employed by malware
architects to tell when the program is being ran in a forensics
environment (e.g., Remnux or Flare VM) - popular tools/OS that are
used by experts to analyze malware.
\stopitemize
\item
Guest VMs also indirectly access the same hardware as the Host OS.
\stopitemize
See
\useURL[url2885][https://www.malwarebytes.com/blog/news/2014/02/a-look-at-malware-with-virtual-machine-detection]\from[url2885]
for more techniques used by malware to detect virtualization. These
techniques are mostly prevented by appending some settings to your VM
config file (.vmx).
\useURL[url2886][https://blog.talosintelligence.com/2009/10/how-does-malware-know-difference.html]\from[url2886]
\section[title={Appendix X: Using Tor bridges in hostile
environments},reference={appendix-x-using-tor-bridges-in-hostile-environments}]
In some environments, your ISPs might be trying to prevent you from
accessing Tor. Or accessing Tor openly might be a safety risk.
In those cases, it might be necessary to use Tor bridges to connect to
the Tor network (see Tor Documentation
\useURL[url2887][https://2019.www.torproject.org/docs/bridges]\from[url2887]
\useURL[url2888][https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges][][{[}Archive.org{]}]\from[url2888]
and Whonix Documentation
\useURL[url2889][https://www.whonix.org/wiki/Bridges]\from[url2889]
\useURL[url2890][https://web.archive.org/web/https://www.whonix.org/wiki/Bridges][][{[}Archive.org{]}]\from[url2890]).
Optionally, if you are able, you should (seriously!) consider running a
bridge
\useURL[url2891][https://blog.torproject.org/run-tor-bridges-defend-open-internet/]\from[url2891]
\useURL[url2892][https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/][][{[}Archive.org{]}]\from[url2892]
yourself, as this would greatly help reduce the amount of censorship in
the world.
Bridges are special Tor entry nodes that are not listed on the Tor
public directory. Some of those are running on people running the
Snowflake Browser extension\footnote{Tor Project, Project Snowflake
\useURL[url2893][https://snowflake.torproject.org/]\from[url2893]
\useURL[url2894][https://web.archive.org/web/https://snowflake.torproject.org/][][{[}Archive.org{]}]\from[url2894]}
while others are running on various servers around the world. Most of
those bridges are running some type of obfuscation method called
obfs4\footnote{GitHub, Obfs4 Repository
\useURL[url2895][https://github.com/Yawning/obfs4/]\from[url2895]
\useURL[url2896][https://web.archive.org/web/https://github.com/Yawning/obfs4/][][{[}Archive.org{]}]\from[url2896]}.
{\em Only available for Desktop Tor users: Recently, the Tor Project has
made it incredibly simple to access Bridges with {\bf Connection
Assist}, and it is now automatically done in hostile or censored
regions. Simply open the Tor Browser and the connection will be
configured based on your needs on any hostile network. Previously, we
had a list of options below this paragraph which were necessary to
enable and configure bridges, but now that this is done automatically
using
\useURL[url2897][https://support.torproject.org/glossary/moat/][][moat]\from[url2897].}
\useURL[url2898][https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/][][{[}Archive.org{]}]\from[url2898]
Here is the definition from the Tor Browser Manual\footnote{Tor Browser
Manual, Pluggable Transport
\useURL[url2899][https://tb-manual.torproject.org/circumvention/]\from[url2899]
\useURL[url2900][https://web.archive.org/web/https://tb-manual.torproject.org/circumvention/][][{[}Archive.org{]}]\from[url2900]}:
\quotation{obfs4 makes Tor traffic look random and prevents censors from
finding bridges by Internet scanning. obfs4 bridges are less likely to
be blocked than its predecessor, obfs3 bridges}.
Some of those are called \quotation{Meek} bridges and are using a
technique called \quotation{Domain Fronting} where your Tor client
(Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used
by other services. To a censor, it would appear you are connecting to a
normal website such as Microsoft.com. See
\useURL[url2901][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek]\from[url2901]
for more information.
As per their definition from their manual: \quotation{meek transports
make it look like you are browsing a major web site instead of using
Tor. meek-azure makes it look like you are using a Microsoft web site}.
Snowflake bridges make it appear like your connections are phone calls
to random internet users. This is a type of \quotation{domain fronting}
\footnote{Wikipedia, Domain Fronting
\useURL[url2902][https://en.wikipedia.org/wiki/Domain_fronting]\from[url2902]
\useURL[url2903][https://wikiless.org/wiki/Domain_fronting][][{[}Wikiless{]}]\from[url2903]
\useURL[url2904][https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_fronting][][{[}Archive.org{]}]\from[url2904]}.
See
\useURL[url2905][https://www.bamsoftware.com/papers/fronting/\#sec:introduction][][\quotation{domain
fronting}]\from[url2905] from the link in the previous paragraph for a
detailed explanation of these types of secret \quotation{bridges}.
Lastly, there are also bridges called Snowflake bridges that rely on
users running the snowflake extension in their browser to become
themselves entry nodes. See
\useURL[url2906][https://snowflake.torproject.org/]\from[url2906]
\useURL[url2907][https://web.archive.org/web/https://snowflake.torproject.org/][][{[}Archive.org{]}]\from[url2907].
First, you should proceed with the following checklist to make sure you
cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges
(\useURL[url2908][https://bridges.torproject.org/]\from[url2908]
\useURL[url2909][https://web.archive.org/web/https://bridges.torproject.org/][][{[}Archive.org{]}]\from[url2909]):
\startitemize
\item
(Recommended if blocked but {\bf safe}) Try to get an obfs4 bridge in
the Tor connection options.
\item
(Recommended if blocked but {\bf safe}) Try to get a snowflake bridge
in the Tor connection options.
\item
{\bf (Recommended if hostile/risky environment)} Try to get a meek
bridge in the Tor connection options (might be your only option if you
are for instance in China).
\stopitemize
\placefigure{image54}{\externalfigure[./tex2pdf.-1a34188c73046814/e2563c82e94be8ff9b5768e97f3fec315cd38aa3.png]}
(Illustration from Tor Browser Bridge Configuration)
If none of those build-in methods are working, you could try getting a
manual bridge either from:
\startitemize
\item
\useURL[url2910][https://bridges.torproject.org/bridges?transport=meek]\from[url2910]
(for a meek bridge)
\item
\useURL[url2911][https://bridges.torproject.org/bridges?transport=obfs4]\from[url2911]
(for an obfs4 bridge)
\stopitemize
This website obviously could be blocked/monitored too so you could
instead (if you have the ability) ask someone to do this for you if you
have a trusted contact and some e2e encrypted messaging app.
Finally, you could also request a bridge request by e-mail to
\useURL[url2912][mailto:bridges@torproject.org][][bridges@torproject.org]\from[url2912]
with the subject empty and the body being: \quotation{get transport
obfs4} or \quotation{get transport meek}. There is some limitation with
this method tho as it is only available from a Gmail e-mail address or
Riseup.
\startitemize[packed]
\item
See: \goto{A note about Riseup:}[a-note-about-riseup] Riseup has
potentially been compromised. Use it at your own risk.
\stopitemize
Hopefully, these bridges should be enough to get you connected even in a
hostile environment.
If not, consider \goto{Appendix P: Accessing the internet as safely as
possible when Tor and VPNs are not an
option}[appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option]
\section[title={Appendix Y: Installing and using desktop Tor
Browser},reference={appendix-y-installing-and-using-desktop-tor-browser}]
\subsection[title={Installation:},reference={installation-7}]
This is valid for Windows, Linux, and macOS.
\startitemize
\item
Download and install Tor Browser according to the instructions from
\useURL[url2913][https://www.torproject.org/download/]\from[url2913]
\useURL[url2914][https://web.archive.org/web/https://www.torproject.org/download/][][{[}Archive.org{]}]\from[url2914]
\item
Open Tor Browser
\stopitemize
\subsection[title={Usage and
Precautions:},reference={usage-and-precautions}]
\startitemize[packed]
\item
After opening Tor Browser, you will see an option to {\bf Connect}, a
checkbox to {\bf Always connect automatically} and a button to
{\bf Configure connection}. The Tor Network settings are there for you
to possibly configure Bridges to connect to Tor if you are
experiencing issues connecting to Tor due to Censorship or Blocking.
As explained here: \goto{Appendix X: Using Tor bridges in hostile
environments}[appendix-x-using-tor-bridges-in-hostile-environments],
this is now done automatically by the Tor Browser on Desktop.
\stopitemize
\placefigure{image55}{\externalfigure[./tex2pdf.-1a34188c73046814/901f25aab05bcd463af156777e4c2082069303a4.png]}
\startitemize[packed]
\item
Personally, in the case of censorship or blocking, we would recommend
using Meek-Azure bridges if needed. And Snowflake bridges as a second
option.
\stopitemize
\placefigure{image56}{\externalfigure[./tex2pdf.-1a34188c73046814/e2b3ac87b481d2d3fb02c83602f4f7b714460246.png]}
\startitemize[packed]
\item
At this point, still before connecting, you should click the little
shield Icon (upper right, next to the Address bar) and select your
Security level (see
\useURL[url2915][https://tb-manual.torproject.org/security-settings/]\from[url2915]
\useURL[url2916][https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/][][{[}Archive.org{]}]\from[url2916]
for details). Basically, there are three.
\stopitemize
\placefigure{image57}{\externalfigure[./tex2pdf.-1a34188c73046814/eb7fa739d64e0cd1e1e44df456e1231f370a4a94.png]}
\startitemize
\item
Standard (the default):
\startitemize[packed]
\item
All features are enabled (including JavaScript)
\stopitemize
\item
Safer:
\startitemize
\item
JavaScript is disabled on non-HTTPS websites
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\item
Safest:
\startitemize
\item
Javascript is disabled everywhere
\item
Some fonts and symbols are disabled
\item
Any media playback is \quotation{click to play} (disabled by
default)
\stopitemize
\stopitemize
We would recommend the \quotation{Safest} level by default. The
\quotation{Safer} level should be enabled if you think you need access
to a website not working without JavaScript. The Safest mode will most
likely break many websites that rely actively on JavaScript.
If you are extra paranoid, use the \quotation{Safest} level by default
and consider downgrading to Safer is the website is unusable because of
Javascript blocking.
{\bf Optional and not recommended by the Tor Project}: If you are not
using the \quotation{Safest} level, we will diverge from some but agree
with others (for instance the Tails project and others\footnote{GitLab,
Tor Browser Issues, Add uBlock Origin to the Tor Browser
\useURL[url2917][https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569]\from[url2917]
\useURL[url2918][https://web.archive.org/web/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569][][{[}Archive.org{]}]\from[url2918]})
and will actually recommend some modifications of the default Tor
Browser in the addition of two extensions:
\startitemize
\item
uBlock Origin (as it is the case on Tails) while leaving the extension
on the default settings:
\startitemize[packed]
\item
Head over to
\useURL[url2919][https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/]\from[url2919]
within Tor Browser and install the extension.
\stopitemize
\item
LibRedirect: This is very practical if you use the \quotation{Safest}
mode as Invidious instances require no JavaScript.
\startitemize[packed]
\item
Head over to
\useURL[url2920][https://libredirect.github.io/]\from[url2920]
within Tor Browser and install the extension.
\stopitemize
\stopitemize
Let's keep in mind that even 3 letters agencies recommend blocking ads
for their internal users in order to improve security\footnote{Vice, The
NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
\useURL[url2921][https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous]\from[url2921]
\useURL[url2922][https://web.archive.org/web/https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous][][{[}Archive.org{]}]\from[url2922]}.
If you did not go for the above {\bf personal and not officially
recommended options}, the Safer level should still be used with some
extra precautions while using some websites: see \goto{Appendix A5:
Additional browser precautions with JavaScript
enabled}[appendix-a5-additional-browser-precautions-with-javascript-enabled].
Now, you are really done, and you can now surf the web anonymously from
your desktop device.
\section[title={Appendix Z: Online anonymous payments using
cryptocurrencies},reference={appendix-z-online-anonymous-payments-using-cryptocurrencies}]
There are many services that you might want to use (VPS hosting, mail
hosting, domain names\ldots{}) but require payment of some kind.
As mentioned before in this guide multiple times, we strongly recommend
the use of services accepting cash (that you could send anonymously
through the postal services) or Monero which you can buy and use
directly and safely.
\startitemize[packed]
\item
But what if the service you want does not accept Monero but does
accept a more mainstream cryptocurrency such as Bitcoin (BTC) or
Ethereum (ETH)?
\stopitemize
{\bf Bitcoin and other \quotation{mainstream cryptocurrencies} are not
anonymous at all (Remember \goto{Your Cryptocurrencies
transactions}[your-cryptocurrencies-transactions]) and you should never
ever purchase, for example, Bitcoin from an exchange and then use these
directly for purchasing services anonymously. This will not work, and
the transaction can be traced easily.}
\startitemize
\item
{\bf Stay away from so-called \quotation{private} mixers, tumblers and
coinjoiners.} You might think this is a good idea, but not only are
they useless with cryptocurrencies such as BTC/ETH/LTC, they are also
dangerous. They take custody of your coins. Use Monero to anonymize
your crypto. Do not use a normal KYC-enabled exchange to buy/sell your
Monero (such as Kraken), since this information on your purchases and
withdrawals (for intended use) are retained in the exchange. Instead,
use a P2P exchange that doesn't require KYC such as what can be found
on \useURL[url2923][https://kycnot.me/]\from[url2923].
\item
{\bf See \goto{Warning about special tumbling, mixing, coinjoining
privacy wallets and
services}[warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg].}
\stopitemize
\subsection[title={Using Bitcoin anonymously
option:},reference={using-bitcoin-anonymously-option}]
Despite this, it is possible to safely anonymize Bitcoin through the use
of non-custodial collaborative transactions and privacy-preserving
spending tools. This is possible with a protocol called
\useURL[url2924][https://code.samourai.io/whirlpool/Whirlpool/-/blob/whirlpool/THEORY.md][][ZeroLink]\from[url2924]
and an implementation called Whirlpool which as two clients that utilize
it and provide the necessary spending tools, detailed below. So, you
might be wondering how? Well, it is actually pretty simple:
\startitemize[n][stopper=.]
\item
Purchase Bitcoin at a non-KYC exchange (such as one found on
\useURL[url2925][https://kycnot.me/]\from[url2925])
\item
Create a wallet with
\useURL[url2926][https://www.samouraiwallet.com/][][Samourai
Wallet]\from[url2926] (Android) or
\useURL[url2927][https://www.sparrowwallet.com/][][Sparrow
Wallet]\from[url2927] (Desktop). Both of these use the Whirlpool
protocol to gain the user forward-facing on-chain privacy on Bitcoin.
\item
Deposit coins into the wallet and follow the relevant instructions
(\useURL[url2928][https://docs.samourai.io/wallet/usage][][Samourai]\from[url2928],
\useURL[url2929][https://www.sparrowwallet.com/docs/mixing-whirlpool.html][][Sparrow]\from[url2929])
to remove their historic links.
\item
Funds should only be spent from the Postmix account, as that is the
account with the coins that have gained anonymity through Whirlpool.
\stopitemize
\startitemize[packed]
\item
{\bf You should run your own node when using Bitcoin and always use
that for connecting from your wallet. You do not need to purchase
separate hardware to do so, and it's simple to
\useURL[url2925][https://bitcoincoredocs.com/tor.html][][do so by
using the Tor Network]\from[url2925] as well.}
\stopitemize
\subsection[title={Using Monero anonymously
option:},reference={using-monero-anonymously-option}]
\startitemize[n][stopper=.]
\item
Purchase Monero at a non-KYC exchange (such as one found on
\useURL[url2926][https://kycnot.me/]\from[url2926])
\item
Create a Monero wallet on one of your anonymized VMs (for example, on
the Whonix Workstation which includes a Monero GUI wallet natively or
using the Monero GUI wallet from
\useURL[url2927][https://www.getmonero.org/downloads/]\from[url2927]
on other OSes)
\item
Transfer your Monero from the wallet from which you bought it to the
wallet on your VM. We cannot stress enough how import it is to have
two separate wallets for this process, even for handling Monero.
\item
On the same VM (for instance again the Whonix Workstation), create a
Bitcoin Wallet (again this is provided natively within the Whonix
Workstation)
\item
From an anonymized browser (such as Tor Browser), use a non-KYC (Know
Your Customer) service swapping service (see \goto{Appendix A8: Crypto
Swapping Services without Registration and
KYC}[appendix-a8-crypto-swapping-services-without-registration-and-kyc])
and convert your Monero to BTC and transfer those to the BTC Wallet
you have on your anonymized VM
\item
You should now have an anonymized Bitcoin wallet that can be used for
purchasing services that do not accept Monero.
\stopitemize
{\bf You should never access this wallet from a non-anonymized
environment. Always use well-thought OPSEC with your BTC transactions.
Remember those can be traced back to you.}
The origin of those BTC cannot be traced back to your real identity due
to the use of Monero {\bf unless Monero is broken} or if you consolidate
outputs from spending at separate merchants. It is recommended to use
privacy preserving wallets in the
\useURL[url2926][Using\%20Bitcoin\%20anonymously\%20option:][][Bitcoin
section]\from[url2926]. Please do read \goto{Appendix B2: Monero
Disclaimer}[appendix-b2-monero-disclaimer].
{\bf Regarding Zcash: this section previously included use of Zcash but
it has been removed in light of newer, more accurate information.}
\subsection[title={Warning about special tumbling, mixing, coinjoining
privacy wallets and services:
\useURL[url2927][https://wikiless.org/wiki/Cryptocurrency_tumbler][][Wikiless]\from[url2927]
\useURL[url2928][https://web.archive.org/web/https://wikiless.org/wiki/Cryptocurrency_tumbler][][Archive.org]\from[url2928]},reference={warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archive.org}]
Centralized \quotation{private} tumblers, mixers and coinjoiners are not
recommended since they do not provide anonymity in a way that truly
unlinks an output from its history. Here are some references about this
issue:
\startitemize[packed]
\item
\useURL[url2929][https://arxiv.org/pdf/2204.02019.pdf][][Mixing
detection on Bitcoin transactions using statistical
patterns.]\from[url2929]
\useURL[url2930][https://web.archive.org/web/https://arxiv.org/pdf/2204.02019.pdf][][Archive.org]\from[url2930]
\item
\useURL[url2931][https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail][][An
Analysis Of Bitcoin Laundry Services]\from[url2931]
\useURL[url2932][https://web.archive.org/web/https://www.researchgate.net/profile/Julio-Hernandez-Castro/publication/319944399_An_Analysis_of_Bitcoin_Laundry_Services/links/5a045d410f7e9beb177883af/An-Analysis-of-Bitcoin-Laundry-Services.pdf?origin=publication_detail][][Archive.org]\from[url2932]
\item
\useURL[url2933][https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation][][Mixing
Strategies in Cryptocurrencies and An Alternative
Implementation]\from[url2933]
\useURL[url2934][https://web.archive.org/web/https://www.researchgate.net/publication/344485520_Mixing_Strategies_in_Cryptocurrencies_and_An_Alternative_Implementation][][Archive.org]\from[url2934]
\stopitemize
Mixing BTC in this way should prevent any chain analysis on future
transactions. This will {\em not} however hide any past transactions or
the fact you purchased BTC from a KYC exchange. Instead we recommend to
use Bitcoin wallets that utilize Whirlpool or Monero (preferred).
\subsection[title={When converting from BTC to
Monero:},reference={when-converting-from-btc-to-monero}]
{\bf Now, as part of any process above, if you want to convert BTC back
to Monero}, we recommend not using a swapping service but instead
recommend using the new Monero Atomic Swap Tool:
\useURL[url2935][https://unstoppableswap.net/]\from[url2935]. This will
prevent unnecessary fees and intermediates when using a commercial
swapping service. The website is self-explanatory with detailed
instructions for all OSes.
\section[title={Appendix A1: Recommended VPS hosting
providers},reference={appendix-a1-recommended-vps-hosting-providers}]
We will only recommend providers that accept Monero as payment and here
is my personal shortlist:
\startitemize
\item
{\bf Njalla \useURL[url2936][https://njal.la/]\from[url2936] (my
personal favorite but quite expensive, recommended by
PrivacyGuides.org.}
\item
{\bf 1984.is (my second favorite, much less expensive)
\useURL[url2937][https://www.1984.is]\from[url2937].}
\item
To be considered at your own risk (untested):
\startitemize
\item
\useURL[url2938][https://cryptoho.st/]\from[url2938] (warning, this
might be against their ToS as they require personal identification
on registration)
\item
\useURL[url2939][https://www.privex.io/]\from[url2939]
\item
\useURL[url2940][https://cockbox.org/]\from[url2940] (warning, this
provider is rather \quotation{edgy} and could offend some people)
\stopitemize
\stopitemize
Also consider these lists:
\startitemize
\item
Tor Project:
\useURL[url2941][https://community.torproject.org/relay/community-resources/good-bad-isps/]\from[url2941]
\useURL[url2942][https://web.archive.org/web/https://community.torproject.org/relay/community-resources/good-bad-isps/][][{[}Archive.org{]}]\from[url2942]
\item
PrivacyGuides.org:
\useURL[url2943][https://privacyguides.org/providers/hosting/]\from[url2943]
\useURL[url2944][https://web.archive.org/web/https://privacyguides.org/providers/hosting/][][{[}Archive.org{]}]\from[url2944]
\stopitemize
Lastly, you could pick one (at your own risk) from the list here that
does accept Monero:
\useURL[url2945][https://www.getmonero.org/community/merchants/\#hosting]\from[url2945]
\useURL[url2946][https://web.archive.org/web/https://www.getmonero.org/community/merchants/][][{[}Archive.org{]}]\from[url2946]
{\bf Please do read \goto{Appendix B2: Monero
Disclaimer}[appendix-b2-monero-disclaimer].}
If the service does not accept Monero but does accept BTC, consider the
following appendix: \goto{Appendix Z: Paying anonymously online with
BTC}[appendix-y-installing-and-using-desktop-tor-browser].
\section[title={Appendix A2: Guidelines for passwords and
passphrases},reference={appendix-a2-guidelines-for-passwords-and-passphrases}]
My opinion (and the one of many\footnote{NIST, NIST Has Spoken - Death
to Complexity, Long Live the Passphrase!
\useURL[url2947][https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/]\from[url2947]
\useURL[url2948][https://web.archive.org/web/https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/][][{[}Archive.org{]}]\from[url2948]}\quote{\footnote{ZDnet,
FBI recommends passphrases over password complexity
\useURL[url2949][https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/]\from[url2949]
\useURL[url2950][https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/][][{[}Archive.org{]}]\from[url2950]}}\footnote{The
Intercept, Passphrases That You Can Memorize --- But That Even the NSA
Can't Guess
\useURL[url2951][https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/]\from[url2951]
\useURL[url2952][http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/][][{[}Tor
Mirror{]}]\from[url2952]
\useURL[url2953][https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/][][{[}Archive.org{]}]\from[url2953]}\quote{\footnote{Proton
Blog, Let's settle the password vs.~passphrase debate once and for all
\useURL[url2954][https://proton.me/blog/protonmail-com-blog-password-vs-passphrase/]\from[url2954]
\useURL[url2955][https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase][][{[}Archive.org{]}]\from[url2955]}}\footnote{YouTube,
Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO)
\useURL[url2956][https://www.youtube.com/watch?v=yzGzB-yYKcc]\from[url2956]
\useURL[url2957][https://yewtu.be/watch?v=yzGzB-yYKcc][][{[}Invidious{]}]\from[url2957]}'\footnote{YouTube,
How to Choose a Password -- Computerphile
\useURL[url2958][https://www.youtube.com/watch?v=3NjQ9b3pgIg]\from[url2958]
\useURL[url2959][https://yewtu.be/watch?v=3NjQ9b3pgIg][][{[}Invidious{]}]\from[url2959]})
is that passphrases are generally better than passwords. So instead of
thinking of better passwords, forget them altogether and use passphrases
instead (when possible). Or just use a password manager with very long
passwords (such as KeePassXC, the preferred password manager in this
guide).
The well-known shown-below XKCD
\useURL[url2960][https://xkcd.com/936/]\from[url2960]
\useURL[url2961][https://web.archive.org/web/https://xkcd.com/936/][][{[}Archive.org{]}]\from[url2961]
is still valid despite some people disputing it (See
\useURL[url2962][https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength]\from[url2962]
\useURL[url2963][https://web.archive.org/web/https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength][][{[}Archive.org{]}]\from[url2963]).
Yes, it is quite old now and is a little bit outdated and might be
misinterpreted. But generally, it is still valid and a good argument for
using passphrases instead of passwords.
\placefigure{image58}{\externalfigure[./tex2pdf.-1a34188c73046814/fd53e813bad3f6ff1a41c93677fc836106411992.png]}
(Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5)
Here are some recommendations (based on Wikipedia\footnote{Wikipedia,
Passphrase
\useURL[url2964][https://en.wikipedia.org/wiki/Passphrase\#Passphrase_selection]\from[url2964]
\useURL[url2965][https://wikiless.org/wiki/Passphrase\#Passphrase_selection][][{[}Wikiless{]}]\from[url2965]
\useURL[url2966][https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase\#Passphrase_selection][][{[}Archive.org{]}]\from[url2966]}):
\startitemize
\item
Long enough to be hard to guess (typically four words is a minimum,
five or more is better).
\item
Not a famous quotation from literature, holy books, et cetera.
\item
Hard to guess by intuition---even by someone who knows the user well.
\item
Easy to remember and type accurately.
\item
For better security, any easily memorable encoding at the user's own
level can be applied.
\item
Not reused between sites, applications, and other different sources.
\item
Do not use only \quotation{common words} (like \quotation{horse} or
\quotation{correct})
\stopitemize
Here is a nice website showing you some examples and guidelines:
\useURL[url2967][https://www.useapassphrase.com/]\from[url2967]
Watch this insightful video by Computerphile:
\useURL[url2968][https://www.youtube.com/watch?v=3NjQ9b3pgIg]\from[url2968]
\useURL[url2969][https://yewtu.be/watch?v=3NjQ9b3pgIg][][{[}Invidious{]}]\from[url2969]
{\bf Use a different one for each service/device if possible. Do not
make it easy for an adversary to access all your information because you
used the same passphrase everywhere.}
{\bf You might ask how? Simple: use a password manager such as the
recommended KeePassXC. Only remember the passphrase to unlock the
database and then store everything else in the KeePassXC database.
Within KeePassXC you can then create extremely long passwords (30+
random characters) for each different service.}
\section[title={Appendix A3: Search
Engines},reference={appendix-a3-search-engines}]
Which search engine to pick in your VMs?
We will not go into too many details. Just pick one from
PrivacyGuides.org
(\useURL[url2970][https://www.privacyguides.org/search-engines/]\from[url2970]
\useURL[url2971][https://web.archive.org/web/https://www.privacyguides.org/search-engines/][][{[}Archive.org{]}]\from[url2971]).
Personally, my favorites are:
\startitemize
\item
\useURL[url2972][https://duckduckgo.com/]\from[url2972] (because you
can easily use operators such as \quotation{!g} to google or
\quotation{!b} to Bing)
\item
\useURL[url2973][https://www.startpage.com/]\from[url2973]
\item
SearX (\useURL[url2974][https://searx.me/]\from[url2974]) instances
listed here: \useURL[url2975][https://searx.space/]\from[url2975]
\stopitemize
Note that some of those have a convenient \quotation{.onion} address:
\startitemize[packed]
\item
DuckDuckGo:
\useURL[url2976][http://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/]\from[url2976]
\stopitemize
In the end, we were often not satisfied with the results of both those
search engines and still ended up on Bing or Google.
\section[title={Appendix A4: Counteracting Forensic
Linguistics},reference={appendix-a4-counteracting-forensic-linguistics}]
{\bf Note that this information is taken and adapted from a Dread Post
available here:}
\useURL[url2977][http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/aad54fe83b33a8a45920/]\from[url2977]
No plagiarism is intended but some important adaptations and
modifications have been made to improve the source post in various ways.
\subsection[title={Introduction:},reference={introduction-1}]
Stylometry is our personal and unique writing style. No matter who you
are, you have a unique finger printable, and traceable writing style.
This has been understood for a while now, and a branch of forensics is
built off of this principle: forensic linguistics. In this field, the
particular name for forensic linguistics applied to internet crime is
called \quotation{Writeprint}. Writeprint primarily aims to determine
author identification over the internet by comparing a suspect's text to
a known collection of writer invariant (normally written) texts, and
even without comparison texts, this forensic technique can yield
personal information about an author such as gender, age, and
personality.
\subsection[title={What does an adversary look for when examining your
writing?},reference={what-does-an-adversary-look-for-when-examining-your-writing}]
\startitemize[n][stopper=.]
\item
Lexical features: analysis of word choice.
\item
Syntactic features: analysis of writing style, sentence structure,
punctuation, and hyphenation.
\item
Structural features: analysis of structure and organization of
writing.
\item
Content-specific words: analysis of contextually significant writing
such as acronyms.
\item
Idiosyncratic features: analysis of grammatical errors, this is the
most important factor to consider because it provides relatively high
accuracy in author identification
\stopitemize
\subsection[title={Examples:},reference={examples}]
You might think that this is not something that an adversary pays
attention to? Think again! There have been multiple cases where
adversaries such as law enforcement have used Writeprint techniques to
help catch and sentence people. Here are some examples:
\startitemize
\item
The OxyMonster case
(\useURL[url2978][https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/]\from[url2978]
\useURL[url2979][https://web.archive.org/web/https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/][][{[}Archive.org{]}]\from[url2979]):
\startitemize[packed]
\item
Public data revealed that Vallerius (a.k.a OxyMonster) has Instagram
and Twitter accounts. Agents compared the writing style of
\quotation{OxyMonster} on the Dream Market forum while in a senior
Moderator role to the writing style of Vallerius on his public
Instagram and Twitter accounts. Agents discovered many similarities
in the use of words and punctuation to including the word "cheers;''
double exclamation marks; frequent use of quotation marks; and
intermittent French post.
\stopitemize
\stopitemize
Do not use the same writing style for your sensitive activities as for
your normal activities. In particular, pay close attention to your use
of common phrases, and punctuations. Also, as a side note: limit the
amount of reference material that an adversary can use as comparison
text, you do not want to find yourself in trouble because of your
political Twitter post, or that Reddit post you made years ago, do you?
\startitemize[packed]
\item
Here is another example from the book American Kingpin, about how a
DEA agent investigated the writing style of DPR (Dread Pirate Roberts
a.k.a Ross Ulbricht, founder of the Silk Road Dark Market) from a
unique perspective: For one, Ross Ulbricht used the word
\quotation{epic} a lot, which showed that he was likely young. He also
used emoji smiley faces in his writing, though he never used a hyphen
as the nose, writing them as \quotation{:)} rather than the
old-fashioned \quotation{:-)}. Yet the one attribute about Ulbricht
that stood out was that rather than writing \quotation{yes} or
\quotation{yeah} on the site's forums, Ulbricht instead always typed
\quotation{yea}.
\stopitemize
Pay attention to the little things that might add up. If you usually
reply with \quotation{ok} to people, maybe try to reply with
\quotation{okay} for your sensitive activities. You should NEVER use
words or phrases from your sensitive activities (even if they are not in
a public post) for normal purposes, and vice versa. Ross Ulbricht used
\quotation{frosty} as the name for his Silk Road servers, and for his
YouTube account, which helped convince law enforcement that Dread Pirate
Roberts was in fact, Ross Ulbricht.
\subsection[title={How to counteract the efforts of your
adversary:},reference={how-to-counteract-the-efforts-of-your-adversary}]
\startitemize[n][stopper=.]
\item
Reduce the amount of comparison text for adversaries to compare you
with. This goes with having a small online footprint for your normal
activities.
\item
Use a word processor (such as LibreWriter) to fix any
grammatical/spelling errors that you regularly encounter.
\item
Reduce or change the idioms that you use while conducting sensitive
activities.
\item
Understand how your identity affects your writing style: Is your alias
younger? Older? More educated? Or less educated? If your identity is
older, maybe speak in a more JRR Tolkien style of writing.
\item
Pay attention to how your slang and spelling might identify you. If
you are from the UK, you should say \quotation{maths}, but if you are
from the US you say \quotation{math}. It does not matter how you say
\quotation{maths}, all that matters is that it can be used to profile
you. This also applies to slang as many regions each have different
and extremely particular slang. You do not ask someone from the USA
for a \quotation{rubber} and expect them to give you an
\quotation{eraser} as an example.
\item
Pay attention to your use of emoticons and emojis. In the previous
example, the DEA agent was able to make a correct assumption that
Ulbricht was likely young because he did not use a hyphen when making
a smiley emoticon.
\item
Pay attention to how you structure your writing. Do you use two spaces
after a period? Do you constantly use parenthesis in your writing? Do
you use the oxford comma?
\item
Consider what symbols you use in your writing. Do you use €, £ or \$?
Do you use \quotation{dd-mm-yyyy} or \quotation{mm-dd-yyyy} for dates?
Do you use \quotation{08:00 pm} or \quotation{20:00} for time?
\stopitemize
\subsection[title={What different linguistic choices could say about
you:},reference={what-different-linguistic-choices-could-say-about-you}]
\subsubsection[title={Emoticons:},reference={emoticons}]
\startitemize[n][stopper=.]
\item
Russians for example use \quotation{)} instead of \quotation{:-)} or
\quotation{:)} to express a smiley face.
\item
Scandinavians use \quotation{=)} instead of \quotation{:-)} or
\quotation{:)} for a smiley face.
\item
Younger people generally do not use a hyphen in their smiley faces and
just use \quotation{:)}.
\stopitemize
\subsubsection[title={Structural
features:},reference={structural-features}]
\startitemize[n][stopper=.]
\item
Two spaces after a period give off the impression that you are quite
older because this is how typing was taught to people learning to type
with typewriters.
\item
In the US people write numbers out with commas between numbers to the
left of the starting number and with periods between numbers to the
right of the starting number. This is in contrast to how people write
out numbers on the rest of the planet.
\stopitemize
US: 1,000.00\$
\startblockquote
Europe: 1.000,00€
\stopblockquote
\subsubsection[title={Spelling slang and
symbols:},reference={spelling-slang-and-symbols}]
\startitemize[n][stopper=.]
\item
Obviously, people in different nations use different slang. This is
even more pronounced when you use slang that is not as well known in
other places such as someone from the UK mentioning a
\quotation{headmaster} when in other nations it is referred to as a
\quotation{principal}.
\item
Spelling is another important factor that is similar to slang, except
it is harder to control. If you want to pretend that you are from the
USA, but you actually live in Australia, it only takes one time of
spelling \quotation{colour} as color to let people understand that
something is up.
\item
Some people also spell words in a particular way that is not regional
for example you might spell \quotation{ax} as \quotation{axe} or vice
versa.
\item
Of course, the symbols you use on your keyboard can give a lot of
information away, such as £'s or \$'s.
\stopitemize
\subsection[title={Techniques to prevent
writeprinting:},reference={techniques-to-prevent-writeprinting}]
Here are some techniques in order of use:
\subsubsection[title={Spelling and grammar
checking:},reference={spelling-and-grammar-checking}]
This helps prevent some fingerprinting done using your spelling and
grammar mistakes
\subsubsubsection[title={Offline using a word
processor:},reference={offline-using-a-word-processor}]
Use a word processor such as LibreWriter and use the spelling and
grammar checks features to fix mistakes you might have typed.
\subsubsubsection[title={Online using an online
service:},reference={online-using-an-online-service}]
If you do nothave a word processor available or don't want to use one,
you can also use an online spelling and grammar checker such as
Grammarly (this requires an e-mail and an account creation).
\subsubsection[title={Translation
technique:},reference={translation-technique}]
{\bf Disclaimer: a study archived here:
\useURL[url2980][https://web.archive.org/web/20181125133942/https://www.cs.drexel.edu/~sa499/papers/adversarial_stylometry.pdf]\from[url2980]
seems to indicate the translation technique is inefficient to prevent
stylometry. This step might be useless.}
After being done with spelling and grammar fixes. Use a website or
software such as Google Translate (or for a more privacy-friendly
version, \useURL[url2981][https://simplytranslate.org/]\from[url2981])
to translate between several different languages before translating back
to your original language. These translations back and forth will alter
your messages and make fingerprinting more difficult.
\subsubsection[title={Search and
replace:},reference={search-and-replace}]
Finally, and optionally, add some salt by purposefully adding some
mistakes to your messages.
First decide upon a list of words that you frequently do not misspell,
maybe the words \quotation{grammatical}, \quotation{symbol}, and
\quotation{pronounced} (this list should include more words). {\bf Do
not use an AutoCorrect automatic replace option for this as it might
correct when it does not make sense.} Instead, use Search and Replace
and do this manually for each word. {\bf Do not use \quotation{Replace
All} either and review each change.} This is just the first step, for
providing misinformation against linguistic fingerprinting.
Next, find a list of words that you commonly use in your writing. Let us
say that we love to use contractions when wew rite, maybe we always use
words such as: \quotation{can't}, \quotation{don't},
\quotation{shouldn't}, \quotation{won't}, or \quotation{let's}. Well,
maybe go into LibreWriter and use \quotation{Search and Replace} to
replace all contractions with the full versions of the words
(\quotation{can't} > \quotation{cannot}, \quotation{don't} >
\quotation{do not}, \quotation{shouldn't} > \quotation{should not},
\quotation{won't} > \quotation{will not}, \quotation{let's} >
\quotation{let us}). This can make a large difference in your writing
and give a difference in how people and most importantly your
adversaries perceive you. You can change most words to be different, as
an example you can change \quotation{huge} to \quotation{large}. Just
make sure these words fit with your identity.
Now, consider changing your words choices to fit a geographic location.
Maybe you live in the US, and you want to give the impression that your
identity is from the UK. For example, you can make use of location-based
spelling and lexicon. This is risky, and one mistake can give it away.
First off, you need to decide where you want to give the impression of
your location. Here is an example to give off the impression that you
are from the US, or the UK. First, you will need to understand a thing
or two about where your identity is \quotation{from}, do not pretend
that you are from the UK, yet have no idea about it other than it
exists.
After you have decided upon a good location that your identity is from,
research the differences in language between the two languages (in this
case between UK English and US English). Thanks to the internet, this is
quite easy, and you can find Wikipedia pages conveniently highlighting
the regional differences of a language between two nations. Pay
attention to how certain words are spelled (\quotation{metre} >
\quotation{meter}) and what words are exchanged with each other
(\quotation{boot} > \quotation{trunk}). Now that you have a list of
words that can be exchanged with each other, and a list of spelling that
are different, use the \quotation{Search and Replace} in your editor and
change the words such as \quotation{colour} into \quotation{color}, and
\quotation{lorry} into \quotation{truck}. {\bf Again, do not use an
AutoCorrect feature or \quotation{Replace All} as some changes might not
make sense. Review each proposed change. As an example, if you were to
use AutoCorrect or \quotation{Replace all} on the word \quotation{boot}
to change into \quotation{trunk}, this would make perfect sense in the
context of cars. But it would not make any sense in the context of
shoes.}
\subsubsection[title={Final advice:},reference={final-advice}]
Understand that you have to constantly think of what you type and how
you type while conducting sensitive activities.
Understand that altering your writing style for such purposes can
ultimately change your baseline writing style, ironically making your
writing traceable over longer periods.
Proofread yourself at least one time after you are done writing anything
to verify you made no mistakes in your process. Trust (yourself) but
verify anyway.
You might also consider the use of something like AnonyMouth
\useURL[url2982][https://web.archive.org/web/https://github.com/psal/anonymouth]\from[url2982]
\useURL[url2983][https://web.archive.org/web/https://github.com/psal/anonymouth][][{[}Archive.org{]}]\from[url2983]
which is a tool that you can use to anonymize your documents, developed
by PSAL, Drexel University's Privacy, Security, and Automation
Laboratory
\useURL[url2984][https://psal.cs.drexel.edu/index.php/Main_Page]\from[url2984]
\useURL[url2985][https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page][][{[}Archive.org{]}]\from[url2985].
Such tools can prove invaluable.
\subsection[title={Bonus links:},reference={bonus-links}]
\startitemize
\item
\useURL[url2986][https://seirdy.one/posts/2022/07/09/stylometric-fingerprinting-redux/]\from[url2986]
\useURL[url2987][https://web.archive.org/web/https://seirdy.one/posts/2022/07/09/stylometric-fingerprinting-redux/][][{[}Archive.org{]}]\from[url2987]:
Stylometric fingerprinting redux
\item
\useURL[url2988][https://www.whonix.org/wiki/Surfing_Posting_Blogging\#Stylometry]\from[url2988]
\useURL[url2989][https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging\#Stylometry][][{[}Archive.org{]}]\from[url2989]:
Whonix documentation about stylometry.
\item
\useURL[url2990][https://wikipedia.org/wiki/Forensic_linguistics]\from[url2990]
\useURL[url2991][https://wikiless.org/wiki/Forensic_linguistics][][{[}Wikiless{]}]\from[url2991]
\useURL[url2992][https://web.archive.org/web/https://wikipedia.org/wiki/Forensic_linguistics][][{[}Archive.org{]}]\from[url2992]:
Gives a brief rundown of the basics of forensic linguistics, not too
informative.
\item
\useURL[url2993][https://wikipedia.org/wiki/Writeprint]\from[url2993]
\useURL[url2994][https://wikiless.org/wiki/Writeprint][][{[}Wikiless{]}]\from[url2994]
\useURL[url2995][https://web.archive.org/web/https://wikipedia.org/wiki/Writeprint][][{[}Archive.org{]}]\from[url2995]:
Gives a brief and informative rundown of forensic linguistics applied
to internet investigations.
\item
\useURL[url2996][https://wikipedia.org/wiki/Stylometry]\from[url2996]
\useURL[url2997][https://wikiless.org/wiki/Stylometry][][{[}Wikiless{]}]\from[url2997]
\useURL[url2998][https://web.archive.org/web/https://wikipedia.org/wiki/Stylometry][][{[}Archive.org{]}]\from[url2998]:
Gives a brief overview of Stylometry.
\item
\useURL[url2999][https://wikipedia.org/wiki/Content_similarity_detection]\from[url2999]
\useURL[url3000][https://wikiless.org/wiki/Content_similarity_detection][][{[}Wikiless{]}]\from[url3000]
\useURL[url3001][https://web.archive.org/web/https://wikipedia.org/wiki/Content_similarity_detection][][{[}Archive.org{]}]\from[url3001]:
We would recommend reading this, quite informative.
\item
\useURL[url3002][https://wikipedia.org/wiki/Author_profiling]\from[url3002]
\useURL[url3003][https://wikiless.org/wiki/Author_profiling][][{[}Wikiless{]}]\from[url3003]
\useURL[url3004][https://web.archive.org/web/https://wikipedia.org/wiki/Author_profiling][][{[}Archive.org{]}]\from[url3004]:
Read through this as well if you are interested in this topic.
\item
\useURL[url3005][https://wikipedia.org/wiki/Native-language_identification]\from[url3005]
\useURL[url3006][https://wikiless.org/wiki/Native-language_identification][][{[}Wikiless{]}]\from[url3006]
\useURL[url3007][https://web.archive.org/web/https://wikipedia.org/wiki/Native-language_identification][][{[}Archive.org{]}]\from[url3007]:
This is less important if you use a translator, but if you do not use
a translator to communicate on forums that are not in your native
language, consider giving this a quick read through.
\item
\useURL[url3008][https://wikipedia.org/wiki/Computational_linguistics]\from[url3008]
\useURL[url3009][https://wikiless.org/wiki/Computational_linguistics][][{[}Wikiless{]}]\from[url3009]
\useURL[url3010][https://web.archive.org/web/https://wikipedia.org/wiki/Computational_linguistics][][{[}Archive.org{]}]\from[url3010]:
Only read through this if this topic is interesting to you.
\item
\useURL[url3011][https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf]\from[url3011]
\useURL[url3012][https://web.archive.org/web/https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf][][{[}Archive.org{]}]\from[url3012]:
Explains how authorities used forensic linguistics to help arrest
OxyMonster (pages 13 -- 14).
\item
\useURL[url3013][https://wikipedia.org/wiki/Ted_Kaczynski\#After_publication]\from[url3013]
\useURL[url3014][https://wikiless.org/wiki/Ted_Kaczynski\#After_publication][][{[}Wikiless{]}]\from[url3014]
\useURL[url3015][https://web.archive.org/web/https://wikipedia.org/wiki/Ted_Kaczynski\#After_publication][][{[}Archive.org{]}]\from[url3015]:
May have an IQ of 167, but he was caught primarily based on forensic
linguistics.
\item
\useURL[url3016][https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf]\from[url3016]
\useURL[url3017][https://web.archive.org/web/https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf][][{[}Archive.org{]}]\from[url3017]:
Explains how your writing style can be used to track you, we highly
recommend reading through these slides, or watching the accompanying
presentation on YouTube.
\item
\useURL[url3018][https://media.defcon.org/DEF\%20CON\%2026/DEF\%20CON\%2026\%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf][][https://media.defcon.org/DEF\letterpercent{}20CON\letterpercent{}2026/DEF\letterpercent{}20CON\letterpercent{}2026\letterpercent{}20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf]\from[url3018]
\useURL[url3019][https://web.archive.org/web/https://media.defcon.org/DEF\%20CON\%2026/DEF\%20CON\%2026\%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf][][{[}Archive.org{]}]\from[url3019]:
Explains how your writing style can be used to track you, we highly
recommend reading through these slides, or watching the accompanying
presentation on YouTube, this is quite similar to the last
presentation.
\item
\useURL[url3020][https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf]\from[url3020]
\useURL[url3021][https://web.archive.org/web/https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf][][{[}Archive.org{]}]\from[url3021]:
This goes over how to potentially spot deception through the internet,
and presents a checklist to see how trustworthy someone is. We would
advise reading the slides or watching the presentation on YouTube.
\stopitemize
\section[title={Appendix A5: Additional browser precautions with
JavaScript
enabled},reference={appendix-a5-additional-browser-precautions-with-javascript-enabled}]
To avoid Browser and User Fingerprinting through JavaScript but while
keeping JavaScript enabled, some additional safety measures should be
observed at least on some websites:
These recommendations are similar to the ones at the beginning of the
guide and especially valid for certain websites. Mostly, the
recommendation is to use privacy-friendly front-end instances and
alternative services for a variety of services:
\startitemize
\item
For YouTube links, use an Invidious instance
(\useURL[url3022][https://github.com/iv-org/invidious]\from[url3022]
\useURL[url3023][https://web.archive.org/web/https://github.com/iv-org/invidious][][{[}Archive.org{]}]\from[url3023])
\startitemize[packed]
\item
We recommend {[}https://yewtu.be{]}
\stopitemize
\item
For Twitter links, use a Nitter instance
(\useURL[url3024][https://github.com/zedeus/nitter]\from[url3024]
\useURL[url3025][https://web.archive.org/web/https://github.com/zedeus/nitter][][{[}Archive.org{]}]\from[url3025])
\startitemize[packed]
\item
We recommend {[}https://nitter.net{]}
\stopitemize
\item
For Wikipedia links, use a Wikiless instance
(\useURL[url3026][https://codeberg.org/orenom/wikiless]\from[url3026]
\useURL[url3027][https://web.archive.org/web/https://codeberg.org/orenom/wikiless][][{[}Archive.org{]}]\from[url3027])
\item
For Reddit, use a LibReddit instance
(\useURL[url3028][https://github.com/spikecodes/libreddit]\from[url3028]
\useURL[url3029][https://web.archive.org/web/https://github.com/spikecodes/libreddit][][{[}Archive.org{]}]\from[url3029])
\item
For Maps, consider using
\useURL[url3030][https://www.openstreetmap.org]\from[url3030]
\item
For Translation, consider using SimplyTranslate at
\useURL[url3031][https://simplytranslate.org/]\from[url3031]
\item
For Search Engines use privacy-focused search engines such as:
\startitemize
\item
StartPage:
\useURL[url3032][https://www.startpage.com/]\from[url3032]
\item
DuckDuckGo: \useURL[url3033][https://duckduckgo.com/]\from[url3033]
\item
SearX (\useURL[url3034][https://searx.me/]\from[url3034]) instances:
list available here:
\useURL[url3035][https://searx.space/]\from[url3035]
\stopitemize
\stopitemize
{\bf (Optional)} Consider the use of the
\useURL[url3036][https://libredirect.github.io/]\from[url3036]
\useURL[url3037][https://web.archive.org/web/20220509220021/https://libredirect.github.io/][][{[}Archive.org{]}]\from[url3037]
extension to automate the use of the above services.
\section[title={Appendix A6: Mirrors},reference={appendix-a6-mirrors}]
Find it online at:
\startitemize
\item
Original: \useURL[url3038][https://anonymousplanet.org]\from[url3038]
\item
Tor Onion Mirror:
\useURL[url3039][http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion]\from[url3039]
\item
Archive.org:
\useURL[url3040][https://web.archive.org/web/https://anonymousplanet.org]\from[url3040]
\item
Archive.today:
\useURL[url3041][https://archive.fo/anonymousplanet.org]\from[url3041]
\item
Archive.today over Tor:
\useURL[url3042][http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/anonymousplanet.org]\from[url3042]
\item
PDF:
\useURL[url3043][https://anonymousplanet.org/export/guide.pdf]\from[url3043]
\useURL[url3044][https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf][][{[}Archive.org{]}]\from[url3044]
\useURL[url3045][http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf][][{[}Tor
Mirror{]}]\from[url3045]
\item
OpenDocument Text (ODT) version at:
\useURL[url3046][https://anonymousplanet.org/export/guide.odt]\from[url3046]
\useURL[url3047][https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt][][{[}Archive.org{]}]\from[url3047]
\useURL[url3048][http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.odt][][{[}Tor
Mirror{]}]\from[url3048]
\stopitemize
\section[title={Appendix A7: Comparing
versions},reference={appendix-a7-comparing-versions}]
If you want to compare an older version of the PDF with a newer version,
consider these online tools (note that we do not endorse those tools in
relation to their privacy policies, but it should not matter since these
PDFs are public):
\startitemize
\item
\useURL[url3049][https://tools.pdf24.org/en/compare-pdf]\from[url3049]
\item
\useURL[url3050][https://products.aspose.app/pdf/comparison]\from[url3050]
\item
\useURL[url3051][https://draftable.com/compare]\from[url3051]
\stopitemize
If you want to compare the older version of the ODT format with a newer
version, use the LibreWriter compare features as explained here:
\useURL[url3052][https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html]\from[url3052]
\useURL[url3053][https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html][][{[}Archive.org{]}]\from[url3053]
\section[title={Appendix A8: Crypto Swapping Services without
Registration and
KYC},reference={appendix-a8-crypto-swapping-services-without-registration-and-kyc}]
\subsection[title={General Crypto
Swapping:},reference={general-crypto-swapping}]
{\bf Skip to next section for BTC to Monero. Do not use swapping
services for BTC to Monero.}
Here is a small list of non-KYC crypto swapping services, remember they
all have a cost and fees:
\startitemize
\item
\useURL[url3054][https://sideshift.ai]\from[url3054]
\item
\useURL[url3055][https://bisq.network/]\from[url3055]
\item
Kilo Swap (Onion Hidden Service):
\useURL[url3056][http://mlyusr6htlxsyc7t2f4z53wdxh3win7q3qpxcrbam6jf3dmua7tnzuyd.onion/coinswap]\from[url3056]
\stopitemize
{\bf Consider having a look at
\useURL[url3057][https://kycnot.me/]\from[url3057] which is an
open-source project listing non-KYC exchanges/swapping services
(repository at
\useURL[url3058][https://codeberg.org/pluja/kycnot.me]\from[url3058]).}
\subsection[title={BTC to Monero only:},reference={btc-to-monero-only}]
{\bf Do not use any swapping service, use their Atomic Swap feature.}
See this Monero Atomic Swap Tool:
\useURL[url3059][https://unstoppableswap.net/]\from[url3059].
This will prevent unnecessary fees and intermediates when using a
commercial swapping service. The website is self-explanatory with
detailed instructions for all OSes.
\section[title={Appendix A9: Installing a Zcash
wallet:},reference={appendix-a9-installing-a-zcash-wallet}]
Remember this should only be done on a secure environment such as VM
behind the Whonix Gateway.
\subsection[title={Debian 11 VM:},reference={debian-11-vm}]
\startitemize
\item
Load the Debian VM
\item
Open a browser
\item
Go to
\useURL[url3060][https://packages.debian.org/buster/amd64/libindicator3-7/download]\from[url3060]
and download from a listed mirror.
\item
Go to
\useURL[url3061][https://packages.debian.org/buster/amd64/libappindicator3-1/download]\from[url3061]
and download from a listed mirror.
\item
Go to the ZecWallet Lite Website to download the latest DEB package
\useURL[url3062][https://www.zecwallet.co/\#download]\from[url3062]
(change the download directory to /home/user for convenience)
\item
Open a Terminal window and run the following commands (with the
updated downloaded version if needed):
\startitemize
\item
{\bf \type{**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**}}
\item
{\bf \type{**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**}}
\item
{\bf \type{**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**}}
\stopitemize
\item
Click the upper left menu, find then launch ZecWallet Lite
\stopitemize
\subsection[title={Ubuntu 20.04/21.04/21.10
VM:},reference={ubuntu-20.0421.0421.10-vm}]
\startitemize
\item
Load the Ubuntu VM
\item
Open a browser
\item
Go to the ZecWallet Lite Website to download the latest DEB package
\useURL[url3063][https://www.zecwallet.co/\#download]\from[url3063]
\item
Open a Terminal window
\item
Go to your download directory and run the following command (with the
updated downloaded version if needed), for example:
\type{sudo apt install ./Zecwallet_Lite_1.7.5_amd64.deb}
\item
Click the upper left menu, find then launch ZecWallet Lite
\stopitemize
\subsection[title={Windows 10/11 VM:},reference={windows-1011-vm}]
\startitemize
\item
Load the Windows VM
\item
Open a browser
\item
Go to
\useURL[url3064][https://www.zecwallet.co/\#download]\from[url3064]
\item
Download and install the latest Windows installer
\item
Launch ZecWallet Lite
\stopitemize
\subsection[title={Whonix Workstation 16
VM:},reference={whonix-workstation-16-vm}]
\startitemize
\item
Load the Whonix Workstation VM
\item
Open Tor Browser
\item
Go to
\useURL[url3065][https://packages.debian.org/buster/amd64/libindicator3-7/download]\from[url3065]
and download from a listed mirror.
\item
Go to
\useURL[url3066][https://packages.debian.org/buster/amd64/libappindicator3-1/download]\from[url3066]
and download from a listed mirror.
\item
Go to the ZecWallet Lite Website to download the latest DEB package
\useURL[url3067][https://www.zecwallet.co/\#download]\from[url3067]
(change the download directory to /home/user for convenience)
\item
Open a Terminal window and run the following commands (with the
updated downloaded version if needed):
\startitemize
\item
{\bf \type{**sudo dpkg -i ./libindicator3-7_0.5.0-4_amd64.deb**}}
\item
{\bf \type{**sudo dpkg -i ./libappindicator3-1_0.4.92-7_amd64.deb**}}
\item
{\bf \type{**sudo dpkg -i ./Zecwallet_Lite_1.7.5_amd64.deb**}}
\stopitemize
\item
Click the upper left menu and go to Development, then launch ZecWallet
Lite
\stopitemize
\section[title={Appendix B1: Checklist of things to verify before
sharing
information:},reference={appendix-b1-checklist-of-things-to-verify-before-sharing-information}]
Here is a checklist of things to verify before sharing information to
anyone:
\startitemize
\item
Check the files for any metadata: see \goto{Removing Metadata from
Files/Documents/Pictures}[removing-metadata-from-filesdocumentspictures]
\item
Check the files for anything malicious: see \goto{Appendix T: Checking
files for malware}[appendix-t-checking-files-for-malware]
\item
Check the files for any watermarking: see
\goto{Watermarking}[watermarking]
\item
Check any writing for possible forensics analysis: see \goto{Appendix
A4: Counteracting Forensic
Linguistics}[appendix-a4-counteracting-forensic-linguistics]
\item
Have a look at this part of the Whonix documentation:
\useURL[url3068][https://www.whonix.org/wiki/Surfing_Posting_Blogging\#Anonymous_File_Sharing]\from[url3068]
\useURL[url3069][https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging\#Anonymous_File_Sharing][][{[}Archive.org{]}]\from[url3069]
\item
Carefully assess the potential consequences and risks of communicating
any sensitive information for you and others (legally, ethically, and
morally). Remember \ldots{} Do not be evil. Legal is not necessarily
Good.
\stopitemize
{\bf After curating the files for anything you want to leave out.
Double-check and even Triple check them. Then you could consider sending
them to an organization such as a press organization or others.}
\section[title={Appendix B2: Monero
Disclaimer},reference={appendix-b2-monero-disclaimer}]
First, please read this small introduction video to Monero:
\useURL[url3070][https://www.youtube.com/watch?v=H33ggs7bh8M]\from[url3070]
\useURL[url3071][https://yewtu.be/watch?v=H33ggs7bh8M][][{[}Invidious{]}]\from[url3071]
The anonymity of Monero depends on its crypto algorithms. If you do use
Monero from a KYC Exchange. You can be almost certain that you are safe
today. But you might not be in the long-term future if Monero algorithms
are ever broken\footnote{Monero Research Lab, Evaluating cryptocurrency
security and privacy in a post-quantum world
\useURL[url3072][https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf]\from[url3072]
\useURL[url3073][https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf][][{[}Archive.org{]}]\from[url3073]}
(think Quantum Computing). Do keep in mind that KYC regulations might
force operators (such as Crypto Exchanges) to keep your financial
records for up to 10 years and that you, therefore, need Monero
algorithms to not be broken for the next 10 years as well.
You may want to watch this insightful video for more details:
\useURL[url3074][https://www.youtube.com/watch?v=j02QoI4ZlnU]\from[url3074]
\useURL[url3075][https://yewtu.be/watch?v=j02QoI4ZlnU][][{[}Invidious{]}]\from[url3075]
Also please consider reading:
\useURL[url3076][https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md\#privacy-limitations][][Privacy
Limitations in Anonymity Networks with Monero]\from[url3076]
\useURL[url3077][https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md\#privacy-limitations][][{[}Archive.org{]}]\from[url3077]
{\bf Use these at your own risk, sending cash payments to providers
accepting cash (through the postal service) is always a better solution
if/when possible.}
\section[title={Appendix B3: Threat modeling
resources},reference={appendix-b3-threat-modeling-resources}]
Here are various threat modeling resources if you want to go deeper in
threat modeling.
We recommend the LINDDUN
\useURL[url3078][https://www.linddun.org]\from[url3078] threat modeling
method
\useURL[url3079][https://web.archive.org/web/https://www.linddun.org/][][{[}Archive.org{]}]\from[url3079]:
- Researchers created an online tool to help make your threat model at
\useURL[url3080][https://www.linddun.org/go]\from[url3080]
\useURL[url3081][https://web.archive.org/web/https://www.linddun.org/go][][{[}Archive.org{]}]\from[url3081].
- It is synergistic with STRIDE below. - It is focused on privacy but is
clearly perfectly suitable for anonymity. - It is accessible to all
skill levels including beginners (providing many tutorials) but also
suitable for highly skilled readers. - It is used in the making of the
Threat Modeling Manifesto:
\useURL[url3082][https://www.threatmodelingmanifesto.org/]\from[url3082]
\useURL[url3083][https://web.archive.org/web/https://www.threatmodelingmanifesto.org/][][{[}Archive.org{]}]\from[url3083]
LINDDUN threat modeling tutorials and resources: - {\bf We recommend the
following quick tutorial video from \quotation{The Hated One} YouTube
channel with the approval and review from LINDDUN designers:
\useURL[url3084][https://www.youtube.com/watch?v=6AXkJ3dot2s]\from[url3084]}
\useURL[url3085][https://yewtu.be/watch?v=6AXkJ3dot2s\%3E][][{[}Invidious{]}]\from[url3085]
to get started. - More resources for deeper understanding and usage:
\starttyping
- You can read more here: [A Lightweight Approach to Privacy Threat Modeling](https://sion.info/assets/pdf/publications/WuytsIWPE2020.pdf)
- Here are two videos from [Dr. K. Wuyts](https://www.semanticscholar.org/author/Kim-Wuyts/3190241) (imec-DistriNet, KU Leuven) explaining the process:
- [Privacy & prejudice: on privacy threat modeling misconceptions](https://www.youtube.com/watch?v=zI4SFyq_Xjw) <sup>[[Invidious]](https://yewtu.be/watch?v=zI4SFyq_Xjw)</sup>
- [Privacy Threat Model Using LINDDUN](https://www.youtube.com/watch?v=C9F8X1j9Zpg) <sup>[[Invidious]](https://yewtu.be/watch?v=C9F8X1j9Zpg>)</sup>
\stoptyping
{\externalfigure[./tex2pdf.-1a34188c73046814/6773ad6f3fb9b8aceee4e4a7c846cf566ccc05ae.png]}
(Illustration from
\useURL[url3086][https://lirias.kuleuven.be/retrieve/295669][][LINDDUN2015]\from[url3086])
Here are alternative resources and methodologies if LINDDUN doesn't suit
you:
\startitemize[packed]
\item
Online Operations Security:
\useURL[url3087][https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC][][https://github.com/devbret/online-OPSEC]\from[url3087]
\item
Microsoft's STRIDE:
\useURL[url3088][https://en.wikipedia.org/wiki/STRIDE_\%28security\%29][][https://en.wikipedia.org/wiki/STRIDE_\letterpercent{}28security\letterpercent{}29]\from[url3088]
\useURL[url3089][https://wikiless.org/wiki/STRIDE_\%28security\%29][][{[}Wikiless{]}]\from[url3089]
\useURL[url3090][https://web.archive.org/web/https://en.wikipedia.org/wiki/STRIDE_\%28security\%29][][{[}Archive.org{]}]\from[url3090]
\item
PASTA:
\useURL[url3091][https://versprite.com/tag/pasta-threat-modeling/]\from[url3091]
\useURL[url3092][https://web.archive.org/web/https://versprite.com/tag/pasta-threat-modeling/][][{[}Archive.org{]}]\from[url3092]
\item
Threat Modeling: 12 Available Methods:
\useURL[url3093][https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods]\from[url3093]
\useURL[url3094][https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/][][{[}Archive.org{]}]\from[url3094]
\item
Threat Modelling:
\useURL[url3095][https://www.geeksforgeeks.org/threat-modelling/]\from[url3095]
\useURL[url3096][https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/][][{[}Archive.org{]}]\from[url3096]
\stopitemize
\section[title={Appendix B4: Important notes about evil-maid and
tampering},reference={appendix-b4-important-notes-about-evil-maid-and-tampering}]
Your context needs to be taken into account.
Preventing an evil-maid attack attack or tampering might lead to bad
consequences. Your adversary might then resort to other means to obtain
the key.
On the other hand, allowing the attack but detecting it will not let
your adversary know that you are aware of the tampering. You can then
take steps safely to not reveal information and possibly leave.
See the \goto{Some last OPSEC thoughts}[some-last-opsec-thoughts]
section for some tips.
\section[title={Appendix B5: Types of CPU
attacks:},reference={appendix-b5-types-of-cpu-attacks}]
Select security issues plague many Intel CPUs, such as transient
execution attacks (formerly called speculative execution side channel
methods). Here you can check your CPU against affected micro-processors
with known bugs
\useURL[url3097][https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html]\from[url3097]
\useURL[url3098][https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html][][{[}Archive.org{]}]\from[url3098].
The Advanced Programmable Interrupt Controller (APIC) is an integrated
CPU component responsible for accepting, prioritizing, and dispatching
interrupts to logical processors (LPs). The APIC can operate in xAPIC
mode, also known as legacy mode, in which APIC configuration registers
are exposed through a memory-mapped I/O (MMIO) page.
Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks
stale data from the microarchitecture without using a side channel. It
architecturally leaks stale data incorrectly returned by reading
undefined APIC-register ranges. This novel method was revealed in the
paper {\em ÆPIC Leak: Architecturally Leaking Uninitialized Data from
the Microarchitecture} which you can read here:
\useURL[url3099][https://aepicleak.com/aepicleak.pdf][][Borrello2022AEPIC]\from[url3099]
\useURL[url3100][https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf][][{[}Archive.org{]}]\from[url3100]
Model-specific registers (MSRs) and their configuration bits can also be
detected automatically on Intel and AMD CPUs:
\useURL[url3101][https://github.com/IAIK/msrevelio][][Kogler2022]\from[url3101]
\useURL[url3102][https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf][][{[}Archive.org{]}]\from[url3102].
This allows an attacker (with heavy knowledge of CPU functionality) to
view information about the MSRs, which are essentially special CPU
registers allowing interaction with low-level CPU features and advanced
configuration of the CPU's behavior. Modern x86 CPUs have hundreds of
these, which are usually documented very little and in increasingly less
verbosity over the past few years.
\subsubsubsection[title={Some other microarchitecture
bugs:},reference={some-other-microarchitecture-bugs}]
\startitemize[packed]
\item
\useURL[url3103][https://platypusattack.com/][][PLATYPUS]\from[url3103]
\useURL[url3104][https://web.archive.org/web/20220814132343/https://platypusattack.com/][][{[}Archive.org{]}]\from[url3104]
- Software-based Power Side-Channel Attacks on x86, which shows how an
unprivileged attacker can leak AES-NI keys from Intel SGX and the
Linux kernel and break kernel address-space layout randomization
(KASLR).
\item
\useURL[url3105][https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/][][SQUIP]\from[url3105]
\useURL[url3106][https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/][][{[}Archive.org{]}]\from[url3106]
- Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs
are vulnerable to a medium-severity flaw which can allow threat actors
to run side-channel attacks.
\item
\useURL[url3107][https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html][][Hertzbleed]\from[url3107]
\useURL[url3108][https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html][][{[}Archive.org{]}]\from[url3108]
- Deducing cryptographic keys by analyzing power consumption has long
been an attack, but it's not generally viable because measuring power
consumption is often hard. This new attack measures power consumption
by measuring time, making it easier to exploit.
\item
\useURL[url3109][https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/][][Retbleed]\from[url3109]
\useURL[url3110][https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/][][{[}Archive.org{]}]\from[url3110]
- Retbleed focuses on return instructions, which are part of the
retpoline software mitigation against the speculative execution class
of attacks that became known starting early 2018, with Spectre.
\stopitemize
\section[title={Appendix B6: Warning for using Orbot on
Android},reference={appendix-b6-warning-for-using-orbot-on-android}]
While this is often misunderstood, Orbot on Android does not make your
Tor-enabled apps go through Tor if you add them to the list. Orbot is
acting as a device-wide VPN (also known as a \quotation{transparent
proxy}). The list of apps using Orbot is a whitelist. This list will not
make some apps magically use Tor and unchecked ones use the clear-net.
This only ensures the device-wide VPN is using Tor to route traffic.
This means that Orbot can only control what app can access the VPN it
creates. Other apps will lose connectivity.
What is important to know is that, if you launch an app (or Android does
it automatically) while Orbot is not running, the app will just use the
normal network, without involving Orbot (with the exception of some apps
supporting a proxy Orbot).
Additionally, you should not be surprised by Tor Browser not working
when using Orbot in VPN mode, as the Tor design does not allow
\quotation{Tor over Tor} (you cannot re-enter the Tor network from a Tor
exit node).
This is explained rather well by Alexander Færøy, who is a core
developer at the Tor Project, in their
\useURL[url3111][https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO\#tor-over-tor][][TorifyHOWTO:
Tor over Tor]\from[url3111].
\quotation{When using a transparent proxy, it is possible to start a Tor
session from the client as well as from the transparent proxy (read the
warning!), creating a}Tor over Tor" scenario. Doing so produces
undefined and potentially unsafe behavior. In theory, however, you can
get six hops instead of three, but it is not guaranteed that you'll get
three different hops - you could end up with the same hops, maybe in
reverse or mixed order. It is not clear if this is safe. It has never
been discussed. You can choose an entry/exit point, but you get the best
security that Tor can provide when you leave the route selection to Tor;
overriding the entry / exit nodes can mess up your anonymity in ways we
don't understand. Therefore Tor over Tor usage is highly discouraged."
And from
\useURL[url3112][https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous][][a
post]\from[url3112] on the Tor Stack Exchange:
\quotation{The danger (beyond the performance hit) which keeps me from
running Tor over Tor has to do with timing and congestion measurements.
Adversaries watching your traffic at the exit(s) of your circuits have a
better chance of linking your Whonix activity with your {[}Tor Browser
Bundle{]} activity when those shared circuits slow down or drop packets
at the same time. This can happen without Tor over Tor when your
instances use a common upstream link. The linkage will be made tighter
and more explicit if you run the Whonix Tor traffic through your TBB
SOCKS5 Tor circuits. This tighter linkage raises the danger of
successful correlation.}
\section[title={Appendix B7: Caution about Session
Messenger},reference={appendix-b7-caution-about-session-messenger}]
Here are our reasons:
\startitemize[packed]
\item
The company is based in Australia which has very {\em unfavorable}
privacy laws.\footnote{Wikipedia, Privacy in Australian Law
\useURL[url3113][https://en.wikipedia.org/wiki/Privacy_in_Australian_law]\from[url3113]
\useURL[url3114][https://wikiless.org/wiki/Privacy_in_Australian_law][][{[}Wikiless{]}]\from[url3114]
\useURL[url3115][https://web.archive.org/web/https://en.wikipedia.org/wiki/Privacy_in_Australian_law][][{[}Archive.org{]}]\from[url3115]}'
\footnote{Parliament of Autralia, Surveillance Legislation Amendment
(Identify and Disrupt) Bill 2021,
\useURL[url3116][https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623]\from[url3116]
\useURL[url3117][https://web.archive.org/web\%5B/https://en.wikipedia.org/wiki/Privacy_in_Australian_law\%5D(https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623)][][{[}Archive.org{]}]\from[url3117]}
\item
They push their own cryptocurrency, Oxen, which creates a conflict of
interest.
\item
They use LokiNet, which requires Oxen to run nodes to route Session
traffic, and it costs 15,000 \$OXEN or 3,750 \$OXEN for a shared
node\footnote{Lokinet Documentation, Service Nodes,
\useURL[url3118][https://loki.network/service-nodes/]\from[url3118]
\useURL[url3119][https://web.archive.org/https://loki.network/service-nodes/][][{[}Archive.org{]}]\from[url3119]},
which is about \lettertilde{}\$1,800 US dollars or \lettertilde{}\$500
US dollars, respectively.
\startitemize[packed]
\item
The price of running nodes essentially puts their network behind a
paywall if you want to run a node, even just to contribute bandwidth
to the network like you might with Tor. But there is a stakeless
fork of Lokinet.
\item
Session's developers claim this to be an attempt to prevent
\useURL[url3120][https://en.wikipedia.org/wiki/Sybil_attack][][sybil
attacks]\from[url3120], but many have argued that this only
encourages such attacks; by doing so, guaranteeing only governments
and other well-funded organizations (the people these networks
normally try to protect against) will ever have the financial
resources to run nodes. (Eh, it's all pretty debatable. But \$OXEN
is privacy-focused.)
\stopitemize
\item
They dropped critical security features of their protocol (perfect
forward secrecy (PFS) and deniability)\footnote{GetSession.org, The
Session Protocol: What's changing --- and why
\useURL[url3121][https://getsession.org/session-protocol-explained/]\from[url3121]
\useURL[url3122][https://web.archive.org/web/https://getsession.org/session-protocol-explained/][][{[}Archive.org{]}]\from[url3122]}
in favor of long-term message keys and self-deleting cryptographic
signatures, which provide much weaker security guarantees. \footnote{Session
Documentation, Session protocol explained,
\useURL[url3123][https://getsession.org/session-protocol-explained]\from[url3123]
\useURL[url3124][https://web.archive.org/\%5Bhttps://loki.network/service-nodes/\%5D(https://getsession.org/session-protocol-explained)][][{[}Archive.org{]}]\from[url3124]}
\startitemize[packed]
\item
This {\em might} not be as bad, if the nodes are free to run, but
they're not.
\stopitemize
\item
Session has been audited\footnote{Quarkslab, Audit of Session Secure
Messaging Application
\useURL[url3125][https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html]\from[url3125]
\useURL[url3126][https://web.archive.org/web/https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html][][{[}Archive.org{]}]\from[url3126]}
with satisfactory results, but that audit does not mention these
changes. We also currently lack sufficient information on LokiNet (the
onion routing network used by Session) to endorse it. Session is still
recommended by some, for example Techlore.\footnote{Techlore, Top 5
BEST Messengers For Privacy
\useURL[url3127][https://www.youtube.com/watch?v=aVwl892hqb4]\from[url3127]
\useURL[url3128][https://yewtu.be/watch?v=aVwl892hqb4][][{[}Invidious{]}]\from[url3128]}
\item
Their funding is completely opaque.
\stopitemize
In short, our opinion is that you may use Session Messenger on iOS due
to the absence of a better alternative (such as Briar). But if Briar or
another app (maybe Cwtch in the future) becomes available, we will
recommend going away from Session messenger as soon as possible. It is a
last resort.
\thinrule
\section[title={References:},reference={references}]
\stoptext
Reference in New Issue View Git Blame Copy Permalink