فهرست مطالب
Pre-requisites and limitations:
Pre-requisites:
Limitations:
Introduction:
Understanding some basics of how some information can lead back to you and how to mitigate some:
Your Network:
Your IP address:
Your DNS and IP requests:
Your RFID enabled devices:
The Wi-Fi and Bluetooth devices around you:
Malicious/Rogue Wi-Fi Access Points:
Your Anonymized Tor/VPN traffic:
Some Devices can be tracked even when offline:
Your Hardware Identifiers:
Your IMEI and IMSI (and by extension, your phone number):
Your Wi-Fi or Ethernet MAC address:
Your Bluetooth MAC address:
Your CPU:
Your Operating Systems and Apps telemetry services:
Your Smart devices in general:
Yourself:
Your Metadata including your Geo-Location:
Your Digital Fingerprint, Footprint, and Online Behavior:
Your Clues about your Real Life and OSINT:
Your Face, Voice, Biometrics, and Pictures:
Phishing and Social Engineering:
Malware, exploits, and viruses:
Malware in your files/documents/e-mails:
Malware and Exploits in your apps and services:
Malicious USB devices:
Malware and backdoors in your Hardware Firmware and Operating System:
Your files, documents, pictures, and videos:
Properties and Metadata:
Watermarking:
Pictures/Videos/Audio:
Printing Watermarking:
Pixelized or Blurred Information:
Your Cryptocurrencies transactions:
Your Cloud backups/sync services:
Your Browser and Device Fingerprints:
Local Data Leaks and Forensics:
Bad Cryptography:
No logging but logging anyway policies:
Some Advanced targeted techniques:
Some bonus resources:
Notes:
General Preparations:
Picking your route:
Timing limitations:
Budget/Material limitations:
Skills:
Adversarial considerations:
Threats:
Adversaries:
Steps for all routes:
Getting used to using better passwords:
Getting an anonymous Phone number:
Physical Burner Phone and prepaid SIM card:
Get a burner phone:
Getting an anonymous pre-paid SIM card:
Online Phone Number:
Get a USB key:
Find some safe places with decent public Wi-Fi:
The Tor Browser route:
Windows, Linux, and macOS:
Android:
iOS:
Important Warning:
The Tails route:
Tor Browser settings on Tails:
Persistent Plausible Deniability using Whonix within Tails:
First Run:
Subsequent Runs:
Steps for all other routes:
Get a dedicated laptop for your sensitive activities:
Some laptop recommendations:
Bios/UEFI/Firmware Settings of your laptop:
PC:
About Secure boot:
Mac:
Physically Tamper protect your laptop:
The Whonix route:
Picking your Host OS (the OS installed on your laptop):
Threats with encryption:
The 5$ Wrench:
Evil-Maid Attack:
Cold-Boot Attack:
About Sleep, Hibernation, and Shutdown:
Local Data Leaks (traces) and forensics examination:
Windows:
macOS:
Linux:
Online Data Leaks:
Conclusion:
Linux Host OS:
Full disk encryption:
Note about plausible deniability on Linux:
The Detached Headers Way:
The Veracrypt Way:
Reject/Disable any telemetry:
Disable anything unnecessary:
Hibernation:
Enable MAC address randomization:
Hardening Linux:
Setting up a safe Browser:
macOS Host OS:
During the install:
Hardening macOS:
Enable Firmware password with “disable-reset-capability” option:
Enable Hibernation instead of sleep:
Disable unnecessary services:
Prevent Apple OCSP calls:
Enable Full Disk encryption (Filevault):
MAC Address Randomization:
Setting up a safe Browser:
Windows Host OS:
Installation:
Enable MAC address randomization:
Setting up a safe Browser:
Enable some additional privacy settings on your Host OS:
Windows Host OS encryption:
If you intend to use system-wide plausible deniability:
If you do not intend to use system-wide plausible deniability:
Enable Hibernation (optional):
Deciding which sub-route you will take:
Route A and B: Simple Encryption using Veracrypt (Windows tutorial)
Route B: Plausible Deniability Encryption with a Hidden OS (Windows only)
Step 1: Create a Windows 10 install USB key
Step 2: Boot the USB key and start the Windows 10 install process (Hidden OS)
Step 3: Privacy Settings (Hidden OS)
Step 4: Veracrypt installation and encryption process start (Hidden OS)
Step 5: Reboot and boot the USB key and start the Windows 10 install process again (Decoy OS)
Step 6: Privacy settings (Decoy OS)
Step 7: Veracrypt installation and encryption process start (Decoy OS)
Step 8: Test your setup (Boot in Both)
Step 9: Changing the decoy data on your Outer Volume safely
Step 10: Leave some forensics evidence of your outer Volume (with the decoy Data) within your Decoy OS
Notes:
Virtualbox on your Host OS:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Getting an anonymous VPN/Proxy:
Whonix:
A note on Virtualbox Snapshots:
Download Virtualbox and Whonix utilities:
Virtualbox Hardening recommendations:
Tor over VPN:
Whonix Virtual Machines:
Pick your guest workstation Virtual Machine:
If you can use Tor:
If you cannot use Tor:
Linux Virtual Machine (Whonix or Linux):
Whonix Workstation (recommended and preferred):
Linux (any distro):
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Choose a browser within the VM:
Windows 10 Virtual Machine:
Windows 10 ISO download:
If you can use Tor (natively or over a VPN):
Install:
Network Settings:
If you cannot use Tor:
Install:
Network Settings:
Choose a browser within the VM:
Additional Privacy settings in Windows 10:
Android Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
AnBox:
Android-x86:
macOS Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
Hardening macOS:
Choose a browser within the VM:
KeepassXC:
VPN client installation (cash/Monero paid):
About VPN Client Data Mining/Leaks:
(Optional) Allowing only the VMs to access the internet while cutting off the Host OS to prevent any leak:
The Lazy Way (not supported by Whonix but it will work if you are in a hurry, see further for the better way):
Configuration of the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
macOS Host OS:
The Better Way (recommended):
Installing XUbuntu VM:
Configuring the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
macOS Host OS:
The best way:
Configuration of the Host OS:
Configuring the Whonix Gateway VM:
Installing XUbuntu VM:
Additional configuration of the Whonix Gateway VM:
Final step:
The Qubes Route:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Getting an anonymous VPN/Proxy:
Note about Plausible Deniability:
Installation:
Lid Closure Behavior:
Connect to a Public Wi-Fi:
Updating Qubes OS:
Updating Whonix from version 15 to version 16:
Hardening Qubes OS:
Application Sandboxing:
AppArmor:
SELinux:
Setup the VPN ProxyVM:
Create the ProxyVM:
Download the VPN configuration from your cash/Monero paid VPN provider:
If you can use Tor:
If you cannot use Tor:
Configure the ProxyVM:
VPN over Tor:
Set up a disposable Browser Qube for VPN over Tor use:
Tor Over VPN:
Any other combination? (VPN over Tor over VPN for instance)
Setup a safe Browser within Qubes OS (optional but recommended):
Fedora Disposable VM:
Whonix Disposable VM:
Additional browser precautions:
Setup an Android VM:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
KeePassXC:
Creating your anonymous online identities:
Understanding the methods used to prevent anonymity and verify identity:
Captchas:
Phone verification:
E-Mail verification:
Protecting your anonymous online identities e-mails using Aliasing services:
User details checking:
Proof of ID verification:
IP Filters:
Browser and Device Fingerprinting:
Human interaction:
User Moderation:
Behavioral Analysis:
Financial transactions:
Sign-in with some platform:
Live Face recognition and biometrics (again):
Manual reviews:
Getting Online:
Creating new identities:
Checking if your Tor Exit Node is terrible:
If you are using Tor Browser Bundle (not on Whonix Workstation, on Tails, or on the Host/Guest OS):
If you are using Tor Browser on the Whonix Workstation:
If you are not using Tor Browser on a guest non-whonix VM behind the Whonix Gateway:
The Real-Name System:
About paid services:
Overview:
Amazon:
Apple:
Binance:
Briar:
Discord:
Element:
Facebook:
GitHub:
GitLab:
Google:
HackerNews:
Instagram:
Jami:
iVPN:
Kraken:
LinkedIn:
MailFence:
Medium:
Microsoft:
Mullvad:
Njalla:
OnionShare:
OnlyFans:
ProtonMail:
ProtonVPN:
Reddit:
Slashdot:
Telegram:
Tutanota:
Twitter:
Twitch:
WhatsApp:
4chan:
Crypto Wallets:
What about those mobile-only apps (WhatsApp/Signal)?
Anything else:
How to share files privately and/or chat anonymously:
End-to-end Encryption:
Roll your own crypto:
Forward Secrecy:
Zero-Access Encryption at rest:
Metadata Protection:
Open-Source:
Comparison:
Conclusion:
How to share files publicly but anonymously:
Redacting Documents/Pictures/Videos/Audio safely:
Communicating sensitive information to various known organizations:
Maintenance tasks:
Backing up your work securely:
Offline Backups:
Selected Files Backups:
Requirements:
Veracrypt:
Normal File containers:
Hidden File containers with plausible deniability:
Full Disk/System Backups:
Requirements:
Some general warnings and considerations:
Linux:
Ubuntu (or any other distro of choice):
QubesOS:
Windows:
macOS:
Online Backups:
Files:
Self-hosting:
Cloud-hosting:
Information:
Synchronizing your files between devices Online:
Covering your tracks:
Understanding HDD vs SSD:
Wear-Leveling.
Trim Operations:
Garbage Collection:
Conclusion:
How to securely wipe your whole Laptop/Drives if you want to erase everything:
Linux (all versions including Qubes OS):
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
Windows:
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
macOS:
System/Internal SSD:
External SSD:
External HDD and Thumb Drives:
How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:
Windows:
System/Internal SSD drive:
Internal/External HDD or a USB Thumb Drive:
External SSD drive:
Linux (non-Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
Linux (Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
macOS:
System/Internal SSD drive:
System/Internal, External HDD drive or a Thumb Drive:
External SSD drive:
Some additional measures against forensics:
Removing Metadata from Files/Documents/Pictures:
Pictures and videos:
ExifCleaner:
ExifTool:
Windows Native tool:
Cloaking/Obfuscating to prevent picture recognition:
PDF Documents:
PDFParanoia (Linux/Windows/macOS/QubesOS):
ExifCleaner (Linux/Windows/macOS/QubesOS):
ExifTool (Linux/Windows/macOS/QubesOS):
MS Office Documents:
ExifCleaner:
ExifTool:
LibreOffice Documents:
ExifCleaner:
ExifTool:
All-in-one Tool:
Tails:
Whonix:
macOS:
Guest OS:
Host OS:
Quarantine Database (used by Gatekeeper and XProtect):
Various Artifacts:
Force a Trim operation after cleaning:
Linux (Qubes OS):
Linux (non-Qubes):
Guest OS:
Host OS:
Windows:
Guest OS:
Host OS:
Diagnostic Data and Telemetry:
Event logs:
Veracrypt History:
Browser History:
Wi-Fi History:
Shellbags:
Extra Tools Cleaning:
PrivaZer:
BleachBit:
Force a Trim with Windows Optimize (for SSD drives):
Removing some traces of your identities on search engines and various platforms:
Google:
Bing:
DuckDuckGo:
Yandex:
Qwant:
Yahoo Search:
Baidu:
Wikipedia:
Archive.today:
Internet Archive:
Others:
Some low-tech old-school tricks:
Hidden communications in plain sight:
How to spot if someone has been searching your stuff:
Some last OPSEC thoughts:
If you think you got burned:
If you have some time:
If you have no time:
A small final editorial note:
Donations:
Helping others staying anonymous:
Acknowledgments:
Appendix A: Windows Installation
Installation:
Privacy Settings:
Appendix B: Windows Additional Privacy Settings
Appendix C: Windows Installation Media Creation
Appendix D: Using System Rescue to securely wipe an SSD drive.
Appendix E: Clonezilla
Appendix F: Diskpart
Appendix G: Safe Browser on the Host OS
If you can use Tor:
If you cannot use Tor:
Appendix H: Windows Cleaning Tools
Appendix I: Using ShredOS to securely wipe an HDD drive:
Windows:
Linux:
Appendix J: Manufacturer tools for Wiping HDD and SSD drives:
Tools that provide a boot disk for wiping from boot:
Tools that provide only support from running OS (for external drives).
Appendix K: Considerations for using external SSD drives
Windows:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Linux:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
macOS:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Appendix L: Creating a mat2-web guest VM for removing metadata from files
Appendix M: BIOS/UEFI options to wipe disks in various Brands
Appendix N: Warning about smartphones and smart devices
Appendix O: Getting an anonymous VPN/Proxy
Cash/Monero-Paid VPN:
Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):
VPN VPS:
Socks Proxy VPS:
Linux/macOS:
Windows:
Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option
Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:
Appendix R: Installing a VPN on your VM or Host OS.
Appendix S: Check your network for surveillance/censorship using OONI
Appendix T: Checking files for malware
Integrity (if available):
Authenticity (if available):
Security (checking for actual malware):
Anti-Virus Software:
Manual Reviews:
PDF files:
Other types of files:
Appendix U: How to bypass (some) local restrictions on supervised computers
Portable Apps:
Bootable Live Systems:
Precautions:
Appendix V: What browser to use in your Guest VM/Disposable VM
Brave:
Ungoogled-Chromium:
Edge:
Safari:
Firefox:
Tor Browser:
Appendix V1: Hardening your Browsers:
Brave:
Ungoogled-Chromium:
Edge:
Safari:
Firefox:
Normal settings:
Advanced settings:
Addons to install/consider:
Bonus resources:
Appendix W: Virtualization
Appendix X: Using Tor bridges in hostile environments
Appendix Y: Installing and using desktop Tor Browser
Installation:
Usage and Precautions:
Appendix Z: Online anonymous payments using cryptocurrencies
Reasonably anonymous option:
Extra-Paranoid anonymous option:
When using BTC: bonus step for improving your privacy using obfuscation:
When converting from BTC to Monero:
Appendix A1: Recommended VPS hosting providers
Appendix A2: Guidelines for passwords and passphrases
Appendix A3: Search Engines
Appendix A4: Counteracting Forensic Linguistics
Introduction:
What does an adversary look for when examining your writing?
Examples:
How to counteract the efforts of your adversary:
What different linguistic choices could say about you:
Emoticons:
Structural features:
Spelling slang and symbols:
Techniques to prevent writeprinting:
Spelling and grammar checking:
Offline using a word processor:
Online using an online service:
Translation technique:
Search and replace:
Final advice:
Bonus links:
Appendix A5: Additional browser precautions with JavaScript enabled
Appendix A6: Mirrors
Appendix A7: Comparing versions
Appendix A8: Crypto Swapping Services without Registration and KYC
General Crypto Swapping:
BTC to Monero only:
Appendix A9: Installing a Zcash wallet:
Debian 11 VM:
Ubuntu 20.04/21.04/21.10 VM:
Windows 10 VM:
Whonix Workstation 16 VM:
Appendix B1: Checklist of things to verify before sharing information:
Appendix B2: Monero Disclaimer
Appendix B3: Threat modeling resources
License:
Pre-requisites:
Limitations:
Introduction:
Understanding some basics of how some information can lead back to you and how to mitigate some:
Your Network:
Your IP address:
Your DNS and IP requests:
Your RFID enabled devices:
The Wi-Fi and Bluetooth devices around you:
Malicious/Rogue Wi-Fi Access Points:
Your Anonymized Tor/VPN traffic:
Some Devices can be tracked even when offline:
Your Hardware Identifiers:
Your IMEI and IMSI (and by extension, your phone number):
Your Wi-Fi or Ethernet MAC address:
Your Bluetooth MAC address:
Your CPU:
Your Operating Systems and Apps telemetry services:
Your Smart devices in general:
Yourself:
Your Metadata including your Geo-Location:
Your Digital Fingerprint, Footprint, and Online Behavior:
Your Clues about your Real Life and OSINT:
Your Face, Voice, Biometrics, and Pictures:
Phishing and Social Engineering:
Malware, exploits, and viruses:
Malware in your files/documents/e-mails:
Malware and Exploits in your apps and services:
Malicious USB devices:
Malware and backdoors in your Hardware Firmware and Operating System:
Your files, documents, pictures, and videos:
Properties and Metadata:
Watermarking:
Pictures/Videos/Audio:
Printing Watermarking:
Pixelized or Blurred Information:
Your Cryptocurrencies transactions:
Your Cloud backups/sync services:
Your Browser and Device Fingerprints:
Local Data Leaks and Forensics:
Bad Cryptography:
No logging but logging anyway policies:
Some Advanced targeted techniques:
Some bonus resources:
Notes:
General Preparations:
Picking your route:
Timing limitations:
Budget/Material limitations:
Skills:
Adversarial considerations:
Threats:
Adversaries:
Steps for all routes:
Getting used to using better passwords:
Getting an anonymous Phone number:
Physical Burner Phone and prepaid SIM card:
Get a burner phone:
Getting an anonymous pre-paid SIM card:
Online Phone Number:
Get a USB key:
Find some safe places with decent public Wi-Fi:
The Tor Browser route:
Windows, Linux, and macOS:
Android:
iOS:
Important Warning:
The Tails route:
Tor Browser settings on Tails:
Persistent Plausible Deniability using Whonix within Tails:
First Run:
Subsequent Runs:
Steps for all other routes:
Get a dedicated laptop for your sensitive activities:
Some laptop recommendations:
Bios/UEFI/Firmware Settings of your laptop:
PC:
About Secure boot:
Mac:
Physically Tamper protect your laptop:
The Whonix route:
Picking your Host OS (the OS installed on your laptop):
Threats with encryption:
The 5$ Wrench:
Evil-Maid Attack:
Cold-Boot Attack:
About Sleep, Hibernation, and Shutdown:
Local Data Leaks (traces) and forensics examination:
Windows:
macOS:
Linux:
Online Data Leaks:
Conclusion:
Linux Host OS:
Full disk encryption:
Note about plausible deniability on Linux:
The Detached Headers Way:
The Veracrypt Way:
Reject/Disable any telemetry:
Disable anything unnecessary:
Hibernation:
Enable MAC address randomization:
Hardening Linux:
Setting up a safe Browser:
macOS Host OS:
During the install:
Hardening macOS:
Enable Firmware password with “disable-reset-capability” option:
Enable Hibernation instead of sleep:
Disable unnecessary services:
Prevent Apple OCSP calls:
Enable Full Disk encryption (Filevault):
MAC Address Randomization:
Setting up a safe Browser:
Windows Host OS:
Installation:
Enable MAC address randomization:
Setting up a safe Browser:
Enable some additional privacy settings on your Host OS:
Windows Host OS encryption:
If you intend to use system-wide plausible deniability:
If you do not intend to use system-wide plausible deniability:
Enable Hibernation (optional):
Deciding which sub-route you will take:
Route A and B: Simple Encryption using Veracrypt (Windows tutorial)
Route B: Plausible Deniability Encryption with a Hidden OS (Windows only)
Step 1: Create a Windows 10 install USB key
Step 2: Boot the USB key and start the Windows 10 install process (Hidden OS)
Step 3: Privacy Settings (Hidden OS)
Step 4: Veracrypt installation and encryption process start (Hidden OS)
Step 5: Reboot and boot the USB key and start the Windows 10 install process again (Decoy OS)
Step 6: Privacy settings (Decoy OS)
Step 7: Veracrypt installation and encryption process start (Decoy OS)
Step 8: Test your setup (Boot in Both)
Step 9: Changing the decoy data on your Outer Volume safely
Step 10: Leave some forensics evidence of your outer Volume (with the decoy Data) within your Decoy OS
Notes:
Virtualbox on your Host OS:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Getting an anonymous VPN/Proxy:
Whonix:
A note on Virtualbox Snapshots:
Download Virtualbox and Whonix utilities:
Virtualbox Hardening recommendations:
Tor over VPN:
Whonix Virtual Machines:
Pick your guest workstation Virtual Machine:
If you can use Tor:
If you cannot use Tor:
Linux Virtual Machine (Whonix or Linux):
Whonix Workstation (recommended and preferred):
Linux (any distro):
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Choose a browser within the VM:
Windows 10 Virtual Machine:
Windows 10 ISO download:
If you can use Tor (natively or over a VPN):
Install:
Network Settings:
If you cannot use Tor:
Install:
Network Settings:
Choose a browser within the VM:
Additional Privacy settings in Windows 10:
Android Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
AnBox:
Android-x86:
macOS Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
Hardening macOS:
Choose a browser within the VM:
KeepassXC:
VPN client installation (cash/Monero paid):
About VPN Client Data Mining/Leaks:
(Optional) Allowing only the VMs to access the internet while cutting off the Host OS to prevent any leak:
The Lazy Way (not supported by Whonix but it will work if you are in a hurry, see further for the better way):
Configuration of the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
macOS Host OS:
The Better Way (recommended):
Installing XUbuntu VM:
Configuring the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
macOS Host OS:
The best way:
Configuration of the Host OS:
Configuring the Whonix Gateway VM:
Installing XUbuntu VM:
Additional configuration of the Whonix Gateway VM:
Final step:
The Qubes Route:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Getting an anonymous VPN/Proxy:
Note about Plausible Deniability:
Installation:
Lid Closure Behavior:
Connect to a Public Wi-Fi:
Updating Qubes OS:
Updating Whonix from version 15 to version 16:
Hardening Qubes OS:
Application Sandboxing:
AppArmor:
SELinux:
Setup the VPN ProxyVM:
Create the ProxyVM:
Download the VPN configuration from your cash/Monero paid VPN provider:
If you can use Tor:
If you cannot use Tor:
Configure the ProxyVM:
VPN over Tor:
Set up a disposable Browser Qube for VPN over Tor use:
Tor Over VPN:
Any other combination? (VPN over Tor over VPN for instance)
Setup a safe Browser within Qubes OS (optional but recommended):
Fedora Disposable VM:
Whonix Disposable VM:
Additional browser precautions:
Setup an Android VM:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
KeePassXC:
Creating your anonymous online identities:
Understanding the methods used to prevent anonymity and verify identity:
Captchas:
Phone verification:
E-Mail verification:
Protecting your anonymous online identities e-mails using Aliasing services:
User details checking:
Proof of ID verification:
IP Filters:
Browser and Device Fingerprinting:
Human interaction:
User Moderation:
Behavioral Analysis:
Financial transactions:
Sign-in with some platform:
Live Face recognition and biometrics (again):
Manual reviews:
Getting Online:
Creating new identities:
Checking if your Tor Exit Node is terrible:
If you are using Tor Browser Bundle (not on Whonix Workstation, on Tails, or on the Host/Guest OS):
If you are using Tor Browser on the Whonix Workstation:
If you are not using Tor Browser on a guest non-whonix VM behind the Whonix Gateway:
The Real-Name System:
About paid services:
Overview:
Amazon:
Apple:
Binance:
Briar:
Discord:
Element:
Facebook:
GitHub:
GitLab:
Google:
HackerNews:
Instagram:
Jami:
iVPN:
Kraken:
LinkedIn:
MailFence:
Medium:
Microsoft:
Mullvad:
Njalla:
OnionShare:
OnlyFans:
ProtonMail:
ProtonVPN:
Reddit:
Slashdot:
Telegram:
Tutanota:
Twitter:
Twitch:
WhatsApp:
4chan:
Crypto Wallets:
What about those mobile-only apps (WhatsApp/Signal)?
Anything else:
How to share files privately and/or chat anonymously:
End-to-end Encryption:
Roll your own crypto:
Forward Secrecy:
Zero-Access Encryption at rest:
Metadata Protection:
Open-Source:
Comparison:
Conclusion:
How to share files publicly but anonymously:
Redacting Documents/Pictures/Videos/Audio safely:
Communicating sensitive information to various known organizations:
Maintenance tasks:
Backing up your work securely:
Offline Backups:
Selected Files Backups:
Requirements:
Veracrypt:
Normal File containers:
Hidden File containers with plausible deniability:
Full Disk/System Backups:
Requirements:
Some general warnings and considerations:
Linux:
Ubuntu (or any other distro of choice):
QubesOS:
Windows:
macOS:
Online Backups:
Files:
Self-hosting:
Cloud-hosting:
Information:
Synchronizing your files between devices Online:
Covering your tracks:
Understanding HDD vs SSD:
Wear-Leveling.
Trim Operations:
Garbage Collection:
Conclusion:
How to securely wipe your whole Laptop/Drives if you want to erase everything:
Linux (all versions including Qubes OS):
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
Windows:
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
macOS:
System/Internal SSD:
External SSD:
External HDD and Thumb Drives:
How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:
Windows:
System/Internal SSD drive:
Internal/External HDD or a USB Thumb Drive:
External SSD drive:
Linux (non-Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
Linux (Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
macOS:
System/Internal SSD drive:
System/Internal, External HDD drive or a Thumb Drive:
External SSD drive:
Some additional measures against forensics:
Removing Metadata from Files/Documents/Pictures:
Pictures and videos:
ExifCleaner:
ExifTool:
Windows Native tool:
Cloaking/Obfuscating to prevent picture recognition:
PDF Documents:
PDFParanoia (Linux/Windows/macOS/QubesOS):
ExifCleaner (Linux/Windows/macOS/QubesOS):
ExifTool (Linux/Windows/macOS/QubesOS):
MS Office Documents:
ExifCleaner:
ExifTool:
LibreOffice Documents:
ExifCleaner:
ExifTool:
All-in-one Tool:
Tails:
Whonix:
macOS:
Guest OS:
Host OS:
Quarantine Database (used by Gatekeeper and XProtect):
Various Artifacts:
Force a Trim operation after cleaning:
Linux (Qubes OS):
Linux (non-Qubes):
Guest OS:
Host OS:
Windows:
Guest OS:
Host OS:
Diagnostic Data and Telemetry:
Event logs:
Veracrypt History:
Browser History:
Wi-Fi History:
Shellbags:
Extra Tools Cleaning:
PrivaZer:
BleachBit:
Force a Trim with Windows Optimize (for SSD drives):
Removing some traces of your identities on search engines and various platforms:
Google:
Bing:
DuckDuckGo:
Yandex:
Qwant:
Yahoo Search:
Baidu:
Wikipedia:
Archive.today:
Internet Archive:
Others:
Some low-tech old-school tricks:
Hidden communications in plain sight:
How to spot if someone has been searching your stuff:
Some last OPSEC thoughts:
If you think you got burned:
If you have some time:
If you have no time:
A small final editorial note:
Donations:
Helping others staying anonymous:
Acknowledgments:
Appendix A: Windows Installation
Installation:
Privacy Settings:
Appendix B: Windows Additional Privacy Settings
Appendix C: Windows Installation Media Creation
Appendix D: Using System Rescue to securely wipe an SSD drive.
Appendix E: Clonezilla
Appendix F: Diskpart
Appendix G: Safe Browser on the Host OS
If you can use Tor:
If you cannot use Tor:
Appendix H: Windows Cleaning Tools
Appendix I: Using ShredOS to securely wipe an HDD drive:
Windows:
Linux:
Appendix J: Manufacturer tools for Wiping HDD and SSD drives:
Tools that provide a boot disk for wiping from boot:
Tools that provide only support from running OS (for external drives).
Appendix K: Considerations for using external SSD drives
Windows:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Linux:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
macOS:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Appendix L: Creating a mat2-web guest VM for removing metadata from files
Appendix M: BIOS/UEFI options to wipe disks in various Brands
Appendix N: Warning about smartphones and smart devices
Appendix O: Getting an anonymous VPN/Proxy
Cash/Monero-Paid VPN:
Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):
VPN VPS:
Socks Proxy VPS:
Linux/macOS:
Windows:
Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option
Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:
Appendix R: Installing a VPN on your VM or Host OS.
Appendix S: Check your network for surveillance/censorship using OONI
Appendix T: Checking files for malware
Integrity (if available):
Authenticity (if available):
Security (checking for actual malware):
Anti-Virus Software:
Manual Reviews:
PDF files:
Other types of files:
Appendix U: How to bypass (some) local restrictions on supervised computers
Portable Apps:
Bootable Live Systems:
Precautions:
Appendix V: What browser to use in your Guest VM/Disposable VM
Brave:
Ungoogled-Chromium:
Edge:
Safari:
Firefox:
Tor Browser:
Appendix V1: Hardening your Browsers:
Brave:
Ungoogled-Chromium:
Edge:
Safari:
Firefox:
Normal settings:
Advanced settings:
Addons to install/consider:
Bonus resources:
Appendix W: Virtualization
Appendix X: Using Tor bridges in hostile environments
Appendix Y: Installing and using desktop Tor Browser
Installation:
Usage and Precautions:
Appendix Z: Online anonymous payments using cryptocurrencies
Reasonably anonymous option:
Extra-Paranoid anonymous option:
When using BTC: bonus step for improving your privacy using obfuscation:
When converting from BTC to Monero:
Appendix A1: Recommended VPS hosting providers
Appendix A2: Guidelines for passwords and passphrases
Appendix A3: Search Engines
Appendix A4: Counteracting Forensic Linguistics
Introduction:
What does an adversary look for when examining your writing?
Examples:
How to counteract the efforts of your adversary:
What different linguistic choices could say about you:
Emoticons:
Structural features:
Spelling slang and symbols:
Techniques to prevent writeprinting:
Spelling and grammar checking:
Offline using a word processor:
Online using an online service:
Translation technique:
Search and replace:
Final advice:
Bonus links:
Appendix A5: Additional browser precautions with JavaScript enabled
Appendix A6: Mirrors
Appendix A7: Comparing versions
Appendix A8: Crypto Swapping Services without Registration and KYC
General Crypto Swapping:
BTC to Monero only:
Appendix A9: Installing a Zcash wallet:
Debian 11 VM:
Ubuntu 20.04/21.04/21.10 VM:
Windows 10 VM:
Whonix Workstation 16 VM:
Appendix B1: Checklist of things to verify before sharing information:
Appendix B2: Monero Disclaimer
Appendix B3: Threat modeling resources
License:
