diff --git a/guide.md b/guide.md index e5f940f..32202a0 100644 --- a/guide.md +++ b/guide.md @@ -2,7 +2,7 @@ (Or "How I learned to start worrying and love ~~privacy~~ anonymity") -Version 1.1.4-pre2, June 2022 by Anonymous Planet +Version 1.1.5, June 2022 by Anonymous Planet **Forever in memory of Lena, 1999-2022** @@ -28,7 +28,7 @@ With this application, you can communicate even when there is no internet. -------------------------------------------------------------------------- -**This guide is a work in progress**. While I am doing the best I can to correct issues, inaccuracies, and improve the content, general structure, and readability; it will probably never be "finished". +**This guide is a work in progress**. While we are doing the best we can to correct issues, inaccuracies, and improve the content, general structure, and readability; it will probably never be "finished". **There might be some wrong or outdated information in this guide because no human is omniscient, and humans do make mistakes.** **Please do not take this guide as a definitive gospel or truth because it is not. Mistakes have been written in the guide in earlier versions and fixed later when discovered. There are likely still some mistakes in this guide at this moment (hopefully few). Those are fixed as soon as possible when discovered.** @@ -72,7 +72,7 @@ There are several ways you could read this guide: Precautions while reading this guide and accessing the various links: -- **Documents/Files** have a **[Archive.org]** link next to them for accessing content through Archive.org for increased privacy and in case the content goes missing. Some links are not yet archived or outdated on archive.org in which case I encourage you to ask for a new save if possible. +- **Documents/Files** have a **[Archive.org]** link next to them for accessing content through Archive.org for increased privacy and in case the content goes missing. Some links are not yet archived or outdated on archive.org in which case we encourage you to ask for a new save if possible. - **YouTube Videos** have a **[Invidious]** link next to them for accessing content through an Invidious Instance (in this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]][29] for more information. @@ -383,7 +383,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix A9: Installing a Zcash wallet:] - [Debian 11 VM:] - [Ubuntu 20.04/21.04/21.10 VM:] - - [Windows 10 VM:] + - [Windows 10/11 VM:] - [Whonix Workstation 16 VM:] - [Appendix B1: Checklist of things to verify before sharing information:] - [Appendix B2: Monero Disclaimer] @@ -448,7 +448,7 @@ You must consider your threat model[^12] before going further. (Illustration by Randall Munroe, xkcd.com, licensed under CC BY-NC 2.5) -Will this guide help you protect your privacy from OSINT researchers like Bellingcat[^13], Doxing[^14] trolls on 4chan[^15], and others that have no access to the NSA toolbox? More likely. Tho I would not be so sure about 4chan. +Will this guide help you protect your privacy from OSINT researchers like Bellingcat[^13], Doxing[^14] trolls on 4chan[^15], and others that have no access to the NSA toolbox? More likely. Tho we would not be so sure about 4chan. Here is a basic simplified threat model for this guide: @@ -486,7 +486,7 @@ You might think this guide has no legitimate use but there are many[^16]'[^17]'[ This guide is written with hope for those **good-intended individuals** who might not be knowledgeable enough to consider the big picture of online anonymity and privacy. -**Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your local law before use (IANAL**[^24]**). "Trust but verify"**[^25] **all the information yourself (or even better, "Never Trust, always verify"**[^391]**). I strongly encourage you to inform yourself and do not hesitate to check any information in this guide with outside sources in case of doubt. Please do report any mistake you spot to me as I welcome criticism. Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as possible.** +**Lastly, use it at your own risk. Anything in here is not legal advice and you should verify compliance with your local law before use (IANAL**[^24]**). "Trust but verify"**[^25] **all the information yourself (or even better, "Never Trust, always verify"**[^391]**). We strongly encourage you to inform yourself and do not hesitate to check any information in this guide with outside sources in case of doubt. Please do report any mistake you spot to us as we welcome criticism. Even harsh but sound criticism is welcome and will result in having the necessary corrections made as quickly as possible.** # Understanding some basics of how some information can lead back to you and how to mitigate some: @@ -502,7 +502,7 @@ First, you could also consider these more general resources on privacy and secur - Privacy Tools*: [[Archive.org]][45] -* Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way. +*Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.* If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project ( [[Archive.org]][46]) as an introduction before going further: [[Invidious]][47]. This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all. @@ -556,7 +556,7 @@ Here are some online resources you can use to find some information about your c - -For those reasons, we will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it as much as we can through a combination of various means: +For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it as much as we can through a combination of various means: - Using a public Wi-Fi service (free). @@ -592,7 +592,7 @@ Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers ![][50] -In addition to limited browser support, only Web Services and CDNs[^43] behind Cloudflare CDN support ECH/eSNI at this stage[^44]. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as: +In addition to limited browser support, only web Services and CDNs[^43] behind Cloudflare CDN support ECH/eSNI at this stage[^44]. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as: - Amazon (including AWS, Twitch...) @@ -628,7 +628,7 @@ Here is an illustration of the issue you could encounter on Firefox-based browse Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies[^52] have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). -One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as I know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]][53], [[Archive.org]][54]). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). +One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]][53], [[Archive.org]][54]). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See [[Archive.org]][55]. This guide will not help you with this one at this stage, but it might be coming soon. @@ -636,7 +636,7 @@ Here is an illustration showing the current state of DNS and HTTPS privacy based ![][56] -As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then I would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome. +As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome. But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: [[Archive.org]][57]. This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are visiting anyway. @@ -818,7 +818,7 @@ Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quint **For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities (See more practical guidance in [Getting an anonymous Phone number][Getting an anonymous Phone number:] section).** -While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which I believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. +While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. See [Appendix N: Warning about smartphones and smart devices] @@ -832,7 +832,7 @@ Your home router/Wi-Fi access point keeps logs of devices that are registered on Some commercial devices will keep a record of MAC addresses roaming around for various purposes such as road congestion[^100]. -**So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to randomize MAC addresses (Android, IOS, Linux, and Windows 10)** with the notable exception of macOS which does not support this feature even in its latest Big Sur version. +**So, it is important again not to bring your phone along when/where you conduct sensitive activities. If you use your own laptop, then it is crucial to hide that MAC address (and Bluetooth address) anywhere you use it and be extra careful not to leak any information. Thankfully many recent OSes now feature or allow the possibility to randomize MAC addresses (Android, IOS, Linux, and Windows 10/11)** with the notable exception of macOS which does not support this feature even in its latest Big Sur version. See [Appendix N: Warning about smartphones and smart devices] @@ -874,9 +874,9 @@ Check yourself: Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]][82] (warning: these can severely impact the performance of your VMs). -I will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. +We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network. -**In addition, I will recommend the use of AMD CPUs vs Intel CPUs.** +**In addition, we recommend the use of AMD CPUs instead of Intel CPUs.** ## Your Operating Systems and Apps telemetry services: @@ -1022,7 +1022,7 @@ Here are some other resources on the topic if you cannot see this documentary: - 2017, Behavior Analysis in Social Networks, [[Archive.org]][95] -- 2017, Social Networks and Positive and Negative Affect [[Archive.org]][96] +- 2017, Social Networks and Positive and Negative Affect [[Archive.today]][96] - 2015, Using Social Networks Data for Behavior and Sentiment Analysis [[Archive.org]][97] @@ -1082,7 +1082,7 @@ You should never share real individual experiences/details using your anonymous "Hell is other people", even if you evade every method listed above, you are not out of the woods yet thanks to the widespread use of advanced Face recognition by everyone. -Companies like Facebook have used advanced face recognition for years[^155]'[^156] and have been using other means (Satellite imagery) to create maps of "people" around the world[^157]. This evolution has been going on for years to the point we can now say "We lost control of our faces"[^158]. +Companies like Facebook have used advanced face recognition for years[^155]'[^156] and have been using other means (Satellite imagery) to create maps of "people" around the world[^157]. This evolution has been going on for years to the point we can now say "we lost control of our faces"[^158]. If you are walking in a touristy place, you will most likely appear in someone's selfie within minutes without knowing it. That person could then go ahead and upload that selfie to various platforms (Twitter, Google Photos, Instagram, Facebook, Snapchat ...). Those platforms will then apply face recognition algorithms to those pictures under the pretext of allowing better/easier tagging or to better organize your photo library. In addition to this, the same picture will provide a precise timestamp and in most cases geolocation of where it was taken. Even if the person does not provide a timestamp and geolocation, it can still be guessed with other means[^159]'[^160]. @@ -1374,7 +1374,7 @@ There are specialized commercial forensics solutions available (Magnet Axiom[^24 Notable Examples: -- Apple iCloud: [[Archive.org]][153] : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". +- Apple iCloud: [[Archive.org]][153] : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". - Google Drive and WhatsApp: [[Archive.org]][154]: "**Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive**. ". Do however note that Facebook/Whatsapp have announced the rollout of encrypted backups on October 14^th^ 2021 ( [[Archive.org]][155]) which should solve this issue. @@ -1438,7 +1438,7 @@ There is a frequent adage among the infosec community: "Don't roll your own cryp And there are reasons[^255]'[^256]'[^257]'[^258] for that: -I would not want people discouraged from studying and innovating in the crypto field because of that adage. So instead, I would recommend people to be cautious with "Roll your own crypto" because it is not necessarily good crypto: +We would not want people discouraged from studying and innovating in the crypto field because of that adage. So instead, we would recommend people to be cautious with "Roll your own crypto" because it is not necessarily good crypto: - Good cryptography is not easy and usually takes years of research to develop and fine-tune. @@ -1464,7 +1464,7 @@ Yet, this is not stopping some from doing it anyway and publishing various produ Cryptography is a complex topic and bad cryptography could easily lead to your de-anonymization. -In the context of this guide, I recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods. +In the context of this guide,we recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods. So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using "bad crypto" or "good crypto". Once you get the technical details, you could check this page for seeing what it is worth: [[Archive.org]][166] @@ -1543,7 +1543,7 @@ Many people have the idea that privacy-oriented services such as VPN or E-Mail p Any of those providers can be forced to silently (without your knowing (using for example a court order with a gag order[^272] or a national security letter[^273]) log your activity to de-anonymize you. There have been several recent examples of those: -- 2021, Proton, Proton logged IP address of French activist after an order by Swiss authorities[^274]. +- 2021, Proton, Proton logged IP address of French activist after an order by Swiss authorities (source link unavailable). - 2021, WindScribe, Servers were not encrypted as they should have been allowing MITM attacks by authorities[^275]. @@ -1561,13 +1561,13 @@ Any of those providers can be forced to silently (without your knowing (using fo - 2011, HideMyAss user was de-anonymized, and logs were provided to the FBI[^282]. -Some providers have implemented the use of a Warrant Canary[^283] that would allow their users to find out if they have been compromised by such orders, but this has not been tested yet as far as I know. +Some providers have implemented the use of a Warrant Canary[^283] that would allow their users to find out if they have been compromised by such orders, but this has not been tested yet as far as we know. Finally, it is now well known that some companies might be sponsored front ends for some state adversaries (see the Crypto AG story[^284] and Omnisec story[^285]). For these reasons, you mustn't trust such providers for your privacy despite all their claims. In most cases, you will be the last person to know if any of your accounts were targeted by such orders and you might never know at all. -To mitigate this, in cases where you want to use a VPN, I will recommend the use of a cash/Monero-paid VPN provider over Tor to prevent the VPN service from knowing any identifiable information about you. +To mitigate this, in cases where you want to use a VPN, we will recommend the use of a cash/Monero-paid VPN provider over Tor to prevent the VPN service from knowing any identifiable information about you. If the VPN provider knows nothing about you, it should mitigate any issue due to them not logging but logging anyway. @@ -1575,7 +1575,7 @@ If the VPN provider knows nothing about you, it should mitigate any issue due to ![][171] -(Illustration: an excellent movie I highly recommend: Das Leben der Anderen[^286]) +(Illustration: an excellent movie we highly recommend: Das Leben der Anderen[^286]) Many advanced techniques can be used by skilled adversaries[^287] to bypass your security measures provided they already know where your devices are. Many of those techniques are detailed here [[Archive.org]][172] (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel) but also in this report [[Archive.org]][173] (ESET, JUMPING @@ -1697,7 +1697,7 @@ If you still do not think such information can be used by various actors to trac # General Preparations: -Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context, I only have one to recommend: +Personally, in the context of this guide, it is also interesting to have a look at your security model. And in this context,we only have one to recommend: Zero-Trust Security[^391] ("Never trust, always verify"). @@ -1743,13 +1743,13 @@ First, here is a small basic UML diagram showing your available options accordin - **You should go for the Tails route.** - - It is not that old, and it has decent specs (at least 6GB of RAM, 250GB of disk space or more, decent CPU): + - It is not that old, and it has decent specs (at least 8GB of RAM, 250GB of disk space or more, decent CPU): - **You could go for Tails, Whonix routes.** - - It is new and it has great specs (more than 8GB of RAM, >250GB of disk space, recent fast CPU): + - It is new and it has great specs (more than 16GB or ideally 32GB of RAM, >250GB of disk space, recent fast CPU): - - **You could go for any route, but I would recommend Qubes OS if your threat model allows it.** + - **You could go for any route, but we would recommend Qubes OS if your threat model allows it.** - If it is an ARM-based M1 Mac: @@ -1765,7 +1765,7 @@ First, here is a small basic UML diagram showing your available options accordin - **Qubes OS is not supported on ARM architecture yet.** -**Your only option on M1 Macs is probably to stick with Tor Browses for now. But I would guess that if you can afford an M1 Mac you should probably get a dedicated x86 laptop for more sensitive activities.** +**Your only option on M1 Macs is probably to stick with Tor Browses for now. But we would guess that if you can afford an M1 Mac you should probably get a dedicated x86 laptop for more sensitive activities.** ### Skills: @@ -1915,7 +1915,7 @@ This is rather easy. Leave your smartphone on and at home. Have some cash and go *A note regarding your current phone:* The point of leaving your smartphone on is to create avoid leaking the fact that you're not using the device. If a smartphone is turned off, this creates a metadata trail that can be used to correlate the time your smartphone was turned off with the activation of your burner. If possible, leave your phone doing something (for example, watching YouTube on auto-play) to obscure the metadata trail further. This will not make it impossible to correlate your inactivity, but may make it more difficult if your phone's usage patterns can look convincing while you buy your burner. -I would recommend getting an old "dumbphone" with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi. +We would recommend getting an old "dumbphone" with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi. **Site Note: Be careful of some sellers as shown here ** [[Archive.org]][226] @@ -1923,7 +1923,7 @@ It will also be crucial not to power on that burner phone ever (not even without See [Appendix N: Warning about smartphones and smart devices] -You should test that the phone is in working order before going to the next step. But I will repeat myself and state that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) and that you test the phone at a random location that cannot be tracked back to you (and again, do not do that in front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either. +You should test that the phone is in working order before going to the next step. But we will repeat ourselves and state that it is important to leave your smartphone at home when going (or turn it off before leaving if you must keep it) and that you test the phone at a random location that cannot be tracked back to you (and again, do not do that in front of a CCTV, avoid cameras, be aware of your surroundings). No need for Wi-Fi at this place either. When you are certain the phone is in working order, disable Bluetooth then power it off (remove the battery if you can) and go back home and resume your normal activities. Go to the next step. @@ -1939,7 +1939,7 @@ See [Appendix N: Warning about smartphones and smart devices] Double-check that the mobile operators selling the pre-paid SIM cards will accept the SIM activation and top-up without any ID registration of any kind before going there. Ideally, they should accept SIM activation and top-up from the country you live in. -I would recommend GiffGaff in the UK as they are "affordable", do not require identification for activation and top-up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM card will therefore grant you three numbers to use for your needs. +We would recommend GiffGaff in the UK as they are "affordable", do not require identification for activation and top-up, and will even allow you to change your number up to two times from their website. One GiffGaff prepaid SIM card will therefore grant you three numbers to use for your needs. Power off the phone after activation/top-up and before going home. Do not ever power it on again unless you are not at a place that can be used to reveal your identity and ideally leave your real phone on but at home before going to the safe place with only your burner phone. @@ -1951,7 +1951,7 @@ There are many commercial services offering numbers to receive SMS messages onli There are some forums and subreddits (like r/phoneverification/) where users will offer the service of receiving such SMS messages for you for a small fee (using PayPal or some crypto payment). Unfortunately, these are full of scammers and very risky in terms of anonymity. **You should not use those under any circumstance.** -To this date, I do not know any reputable service that would offer this service and accept cash payments (by post for instance) like some VPN providers. But a few services are providing online phone numbers and do accept Monero which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that you could consider: +To this date, we do not know any reputable service that would offer this service and accept cash payments (by post for instance) like some VPN providers. But a few services are providing online phone numbers and do accept Monero which could be reasonably anonymous (yet less recommended than that physical way in the earlier chapter) that you could consider: - **Recommended**: Do not require any identification (even e-mail): @@ -1977,7 +1977,7 @@ Now, what if you have no money? Well, in that case, you will have to try your lu - -**DISCLAIMER: I cannot vouch for any of these providers and therefore I will still recommend doing it yourself physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that requires any kind of identification using your real identity. Please do read [Appendix B2: Monero Disclaimer].** +**DISCLAIMER:We cannot vouch for any of these providers and therefore we will still recommend doing it yourself physically. In this case, you will have to rely on the anonymity of Monero and you should not use any service that requires any kind of identification using your real identity. Please do read [Appendix B2: Monero Disclaimer].** Therefore IMHO, it is just more convenient, cheaper, and less risky to just get a pre-paid SIM card from one of the physical places that still sell them for cash without requiring ID registration. But at least there is an alternative if you have no other choice. @@ -1985,7 +1985,7 @@ Therefore IMHO, it is just more convenient, cheaper, and less risky to just get **Skip this step if you have no intention of creating anonymous accounts on most mainstream platforms but just want anonymous browsing or if the platforms you will use allow registration without a phone number.** -Get at least one or two decent size generic USB keys (at least 16GB but I would recommend 32GB). +Get at least one or two decent size generic USB keys (at least 16GB but we would recommend 32GB). Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]][235] @@ -2017,7 +2017,7 @@ This part of the guide will help you in setting up the simplest and easiest way So, what is Tor Browser? Tor Browser ( [[Archive.org]][236]) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. -This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. I first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]][237]. After that, you should probably head over to their page to read their quick overview here: [[Archive.org]][238]. Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. +This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]][237]. After that, you should probably head over to their page to read their quick overview here: [[Archive.org]][238]. Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. Here are several ways to set it up for all main OSes. @@ -2085,7 +2085,9 @@ You will find details about each level here: [[Archive.org]][241] -Taking all this into account and the fact that their documentation is great, I will just redirect you towards their well-made and well-maintained tutorial: +Taking all this into account and the fact that their documentation is great, we will just redirect you towards their well-made and well-maintained tutorial: [[Archive.org]][242], pick your flavor and proceed. @@ -2253,7 +2255,9 @@ When using Tor Browser, you should click the little shield Icon (upper right, ne - Any media playback is "click to play" (disabled by default) -I would recommend the "Safer" level for most cases. The Safest level should only be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript. +We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript. + +If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. Lastly, while using Tor Browser on Tails on the "Safer" level, please consider [Appendix A5: Additional browser precautions with JavaScript enabled] @@ -2311,7 +2315,7 @@ Here is my guide on how to achieve this: - Prepare a USB Key/Drive with Veracrypt - - Create a Hidden Volume on the USB/Key Drive (I would recommend at least 16GB for the hidden volume) + - Create a Hidden Volume on the USB/Key Drive (We would recommend at least 16GB for the hidden volume) - In the Outer Volume, place some decoy files @@ -2375,7 +2379,7 @@ All future online steps performed with this laptop should ideally be done from a ### Some laptop recommendations: -I would strongly recommend getting a "business grade" laptop (meaning not consumer/gaming-grade laptop) if you can. For instance, some ThinkPad from Lenovo (my personal favorite). +We would strongly recommend getting a "business grade" laptop (meaning not consumer/gaming-grade laptop) if you can. For instance, some ThinkPad from Lenovo (my personal favorite). This is because those business laptops usually offer better and more customizable security features (especially in the BIOS/UEFI settings) with longer support than most consumer laptops (Asus, MSI, Gigabyte, Acer...). The interesting features to look for are IMHO: @@ -2505,9 +2509,7 @@ This route will make extensive use of Virtual Machines[^310], they will require - Your Linux distribution of choice (excluding Qubes OS) -- Windows 10 (preferably Home edition due to the absence of Bitlocker) - - - **Windows 11 is not yet supported yet by this guide** +- Windows 10/11 (preferably Home edition due to the absence of Bitlocker) - macOS (Catalina or higher up to Monterey) @@ -2525,7 +2527,7 @@ This feature can be used at the OS level (a plausible OS and a hidden OS) or at This also means you could set up your own advanced "plausible deniability" setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see [Some additional measures against forensics][Some additional measures against forensics:] section later). There is a project for achieving this within Tails ( [[Archive.org]][245]) which would make your Host OS non-persistent and use plausible deniability within Tails. -In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10 Home (and not Pro). This is because Windows 10 Pro natively offers a full-disk encryption system (Bitlocker[^317]) where Windows 10 Home offers no full-disk encryption at all. We will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10 Pro would be suspicious. +In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10/11 Home (and not Pro). This is because Windows 10/11 Pro natively offers a full-disk encryption system (Bitlocker[^317]) where Windows 10/11 Home offers no full-disk encryption at all. You will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10/11 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10/11 Pro would be suspicious. **Note about Linux:** So, what about Linux and plausible deniability? Yes, it is possible to achieve plausible deniability with Linux too. More information within the Linux Host OS section later. @@ -2553,15 +2555,15 @@ You can mitigate this attack by doing the following (as recommended earlier): - Set up BIOS/UEFI/Firmware passwords to prevent any unauthorized boot of an unauthorized device. -- Some OSes and Encryption software have anti-EvilMaid protection that can be enabled. This is the case with Windows/Veracrypt and QubeOS. +- Some OSes and Encryption software have anti-EvilMaid protection that can be enabled. This is the case with Windows/Veracrypt and QubeOS (only on Intel CPUs). ##### Cold-Boot Attack: Cold Boot attacks[^319] are trickier than the Evil Maid Attack but can be part of an Evil Maid attack as it requires an adversary to come into possession of your laptop while you are actively using your device or shortly afterward. -The idea is rather simple, as shown in this video[^320], an adversary could theoretically quickly boot your device on a special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the USB ports are disabled or if they feel like they need more time, they could open it and "cool down" the memory using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. We will later apply a few principles to mitigate these. +The idea is rather simple, as shown in this video[^320], an adversary could theoretically quickly boot your device on a special USB key that would copy the content of the RAM (the memory) of the device after you shut it down. If the USB ports are disabled or if they feel like they need more time, they could open it and "cool down" the memory using a spray or other chemicals (liquid nitrogen for instance) preventing the memory from decaying. They could then be able to copy its content for analysis. This memory dump could contain the key to decrypt your device. You will later apply a few principles to mitigate these. -In the case of Plausible Deniability, there have been some forensics studies[^321] about technically proving the presence of the hidden data with a simple forensic examination (without a Cold Boot/Evil Maid Attack) but these have been contested by other studies[^322] and by the maintainer of Veracrypt[^323] so I would not worry too much about those yet. +In the case of Plausible Deniability, there have been some forensics studies[^321] about technically proving the presence of the hidden data with a simple forensic examination (without a Cold Boot/Evil Maid Attack) but these have been contested by other studies[^322] and by the maintainer of Veracrypt[^323] so we would not worry too much about those yet. The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added ones: @@ -2575,7 +2577,7 @@ See also [[Archive.o Here are also some interesting tools to consider for Linux users to defend against these: -- [[Archive.org]][264] (unfortunately unmaintained it seems so I made a fork and pull request updating for Veracrypt [[Archive.org]][265] which should still work) +- [[Archive.org]][264] (unfortunately unmaintained it seems) - [[Archive.org]][266] (unfortunately unmaintained as well it seems) @@ -2661,9 +2663,9 @@ In the case of Windows, this data could for instance be used to prove the existe You should never conduct sensitive activities from a non-encrypted system. And even if it is encrypted, you should never conduct sensitive activities from the Host OS itself. Instead, you should use a VM to be able to efficiently isolate and compartmentalize your activities and prevent local data leaks. -If you have little to no knowledge of Linux or if you want to use OS-wide plausible deniability, I recommend going for Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks. +If you have little to no knowledge of Linux or if you want to use OS-wide plausible deniability, we recommend going for Windows (or back to the Tails route) for convenience. This guide will help you hardening it as much as possible to prevent leaks. This guide will also help you hardening macOS and Linux as much as possible to prevent similar leaks. -If you have no interest in OS-wide plausible deniability and want to learn to use Linux, I will strongly recommend going for Linux or the Qubes OS route if your hardware allows it. +If you have no interest in OS-wide plausible deniability and want to learn to use Linux, we will strongly recommend going for Linux or the Qubes OS route if your hardware allows it. **In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should ideally not be used for any of your day-to-day activities.** @@ -2671,7 +2673,7 @@ Consider also reading ** [[Archive.org]][275] +While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using detached LUKS headers. For now, we will redirect you toward this page for more information: [[Archive.org]][275] ##### The Veracrypt Way: @@ -2793,7 +2795,7 @@ See [Appendix G: Safe Browser on the Host OS] **Note: At this time, this guide will not support ARM M1 MacBooks (yet). Due to Virtualbox not supporting this architecture yet. It could however be possible if you use commercial tools like VMWare or Parallels but those are not covered in this guide.** -As mentioned earlier, I do not recommend using your daily laptop for sensitive activities. Or at least I do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. +As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at leastWedo not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. I also recommend that you do the initial installation completely offline to avoid any data leak. @@ -2813,7 +2815,7 @@ I also recommend that you do the initial installation completely offline to avoi As a light introduction for new macOS users, consider [[Invidious]][293] -Now to go more in-depth in securing and hardening your macOS, I recommend reading this guide which covers many of the issues: [[Archive.org]][294] +Now to go more in-depth in securing and hardening your macOS, we recommend reading this guide which covers many of the issues: [[Archive.org]][294] Here are the basic steps you should take after your offline installation: @@ -2866,7 +2868,7 @@ You could block OCSP reporting by issuing the following command in Terminal: But you should document yourself on the actual issue before acting. This page is a good place to start: [[Archive.org]][297] -Up to you really. I would block it because I do not want any telemetry at all from my OS to the mothership without my specific consent. None. +Up to you really. We would block it because we do not want any telemetry at all from my OS to the mothership without my specific consent. None. ##### Enable Full Disk encryption (Filevault): @@ -2892,7 +2894,7 @@ See [Appendix G: Safe Browser on the Host OS] ### Windows Host OS: -As mentioned earlier, I do not recommend using your daily laptop for sensitive activities. Or at least I do not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. +As mentioned earlier, we do not recommend using your daily laptop for sensitive activities. Or at leastWedo not recommend using your in-place OS for these. Doing that might result in unwanted data leaks that could be used to de-anonymize you. If you have a dedicated laptop for this, you should reinstall a fresh clean OS. If you do not want to wipe your laptop and start over, you should consider the Tails route or proceed at your own risk. I also recommend that you do the initial installation completely offline to avoid any data leak. @@ -2922,7 +2924,7 @@ See [Appendix B: Windows Additional Privacy Settings] ###### If you intend to use system-wide plausible deniability: -Veracrypt[^330] is the software I will recommend for full-disk encryption, file encryption, and plausible deniability. It is a fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for: +Veracrypt[^330] is the software we will recommend for full-disk encryption, file encryption, and plausible deniability. It is a fork of the well-known but deprecated and unmaintained TrueCrypt. It can be used for: - Full Disk simple encryption (your hard drive is encrypted with one passphrase). @@ -2952,7 +2954,7 @@ More details later in [Route A and B: Simple Encryption using Veracrypt (Windows ###### If you do not intend to use system-wide plausible deniability: -For this case, I will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is that BitLocker does not offer a plausible deniability possibility contrary to Veracrypt. A hard adversary has then no incentive in pursuing his "enhanced" interrogation if you reveal the passphrase. +For this case, we will recommend the use of BitLocker instead of Veracrypt for the full disk encryption. The reasoning is that BitLocker does not offer a plausible deniability possibility contrary to Veracrypt. A hard adversary has then no incentive in pursuing his "enhanced" interrogation if you reveal the passphrase. Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward. @@ -2986,7 +2988,7 @@ But here are the steps: Unfortunately, this is not enough. With this setup, your Bitlocker key can just be stored as-is in the TPM chip of your computer. This is rather problematic as the key can be extracted in some cases with ease[^334]'[^335]'[^336]'[^337]. -To mitigate this, we will have to enable a few more options as per the recommendations of Microsoft[^338]: +To mitigate this, you will have to enable a few more options as per the recommendations of Microsoft[^338]: - Click the Windows icon @@ -3012,7 +3014,7 @@ To mitigate this, we will have to enable a few more options as per the recommend - Right Click on it and click "Run as Administrator" -- Run ```manage-bde -protectors -delete c:``` (this will delete current protection: the recovery key we will not need) +- Run ```manage-bde -protectors -delete c:``` (this will delete current protection: the recovery key you will not need) - Run ```manage-bde -protectors -add c: -TPMAndPIN``` (this will prompt you for a pre-boot password) @@ -3042,7 +3044,7 @@ Again, as explained earlier. You should never use the sleep/stand-by feature to The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the other hand will leave the memory powered on (including your decryption key) and could leave your laptop vulnerable to cold-boot attacks. -By default, Windows 10 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]][302] +By default, Windows 10/11 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]][302] - Open an administrator command prompt (right-click on Command Prompt and "Run as Administrator") @@ -3182,15 +3184,15 @@ This route is rather straightforward and will just encrypt your current Operatin - Click Next as the Generated Keys screen -- To rescue disk[^341] or not rescue disk, well that is up to you. I recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. +- To rescue disk[^341] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. - Wipe mode: - If you have no sensitive data yet on this laptop, select None - - If you have sensitive data on an SSD, Trim alone should take care of it[^342] but I would recommend one pass (random data) just to be sure. + - If you have sensitive data on an SSD, Trim alone should take care of it[^342] but we would recommend one pass (random data) just to be sure. - - If you have sensitive data on an HDD, there is no Trim, and I would recommend at least 1-pass. + - If you have sensitive data on an HDD, there is no Trim, and we Swould recommend at least 1-pass. - Test your setup. Veracrypt will now reboot your system to test the bootloader before encryption. This test must pass for encryption to go forward. @@ -3230,23 +3232,23 @@ This process will do the following: - Create a hidden volume within the outer volume of that second partition. This is where the hidden OS will reside. -- Clone your currently running Windows 10 installation onto the hidden volume. +- Clone your currently running Windows 10/11 installation onto the hidden volume. -- Wipe your currently running Windows 10. +- Wipe your currently running Windows 10/11. -- This means that your current Windows 10 will become the hidden Windows 10 and that you will need to reinstall a fresh decoy Windows 10 OS. +- This means that your current Windows 10/11 will become the hidden Windows 10/11 and that you will need to reinstall a fresh decoy Windows 10/11 OS. **Mandatory if you have an SSD drive and you still want to do this against the recommendation: Disable SSD Trim in Windows**[^343] **(again this is NOT recommended at all as** **disabling Trim in itself is highly suspicious**). **Also** **as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks**[^344] **that could allow forensics to defeat your plausible deniability**[^345][^346]**. The only way around this at the moment is to have a laptop with a classic HDD drive instead.** -###### Step 1: Create a Windows 10 install USB key +###### Step 1: Create a Windows 10/11 install USB key See [Appendix C: Windows Installation Media Creation][306] and go with the USB key route. -###### Step 2: Boot the USB key and start the Windows 10 install process (Hidden OS) +###### Step 2: Boot the USB key and start the Windows 10/11 install process (Hidden OS) - Insert the USB key into your laptop -- See [Appendix A: Windows Installation] and proceed with installing Windows 10 Home. +- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home. ###### Step 3: Privacy Settings (Hidden OS) @@ -3284,15 +3286,15 @@ Do not connect this OS to your known Wi-Fi. You should download the Veracrypt in - Select yes to Large Files -- Create some Entropy by moving the mouse around until the bar is full and select NTFS (do not select exFAT as we want this outer volume to look "normal" and NTFS is normal). +- Create some Entropy by moving the mouse around until the bar is full and select NTFS (do not select exFAT as you want this outer volume to look "normal" and NTFS is normal). - Format the Outer Volume - Open Outer Volume: - - At this stage, you should copy decoy data onto the outer volume. So, you should have some sensitive but not so sensitive files/folders to copy there. In case you need to reveal a password to this Volume**.** This is a good place for your Anime/Mp3/Movies/Porn collection. + - At this stage, you should copy decoy data onto the outer volume. So, you should have some sensitive but not so sensitive files/folders to copy there. In case you need to reveal a password to this Volume**.** This is a good place for your Anime/Mp3/Movies/Porn collection. - - I recommend you do not fill the outer volume too much or too little (about 40%). Remember you must leave enough space for the Hidden OS (which will be the same size as the first partition you created during installation). + - We recommend you do not fill the outer volume too much or too little (about 40%). Remember you must leave enough space for the Hidden OS (which will be the same size as the first partition you created during installation). - Use a strong passphrase for the Hidden Volume (obviously a different one than the one for the Outer Volume). @@ -3314,13 +3316,13 @@ Do not connect this OS to your known Wi-Fi. You should download the Veracrypt in - Now your Hidden OS will be installed, proceed to the next step -###### Step 5: Reboot and boot the USB key and start the Windows 10 install process again (Decoy OS) +###### Step 5: Reboot and boot the USB key and start the Windows 10/11 install process again (Decoy OS) Now that the Hidden OS is fully installed, you will need to install a Decoy OS: - Insert the USB key into your laptop -- See [Appendix A: Windows Installation] and proceed with installing Windows 10 Home again (do not install a different version and stick with Home). +- See [Appendix A: Windows Installation] and proceed with installing Windows 10/11 Home again (do not install a different version and stick with Home). ###### Step 6: Privacy settings (Decoy OS) @@ -3328,7 +3330,7 @@ See [Appendix B: Windows Additional Privacy Settings] ###### Step 7: Veracrypt installation and encryption process start (Decoy OS) -Now we will encrypt the Decoy OS: +Now you will encrypt the Decoy OS: - Install Veracrypt @@ -3352,7 +3354,7 @@ Now we will encrypt the Decoy OS: - Click Next as the Generated Keys screen -- To rescue disk[^347] or not rescue disk, well that is up to you. I recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. +- To rescue disk[^347] or not rescue disk, well that is up to you. We recommend making one (just in case), just make sure to store it outside your encrypted drive (USB key for instance or wait and see the end of this guide for guidance on safe backups). This rescue disk will not store your passphrase and you will still need it to use it. - Wipe mode: Select 1-Pass just to be safe @@ -3438,7 +3440,7 @@ Do not put anything suspicious on the Decoy OS such as: **Remember that you will need valid excuses for this plausible deniability scenario to work:** -- **You are using Veracrypt because you are using Windows 10 Home which does not feature Bitlocker but still wanted Privacy.** +- **You are using Veracrypt because you are using Windows 10/11 Home which does not feature Bitlocker but still wanted Privacy.** - **You have two Partitions because you wanted to separate the System and the Data for easy organization and because some Geek friend told you this was better for performance.** @@ -3468,13 +3470,13 @@ Remember [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]. This step and the following steps should be done from within the Host OS. This can either be your Host OS with simple encryption (Windows/Linux/macOS) or your Hidden OS with plausible deniability (Windows only). -In this route, we will make extensive use of the free Oracle Virtualbox[^348] software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience). +In this route, you will make extensive use of the free Oracle Virtualbox[^348] software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience). So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of security and some of the reported issues[^349] have not been completely fixed to this date[^350] and if you are using Linux with a bit more technical skills, you should consider using KVM instead by following the guide available at Whonix here [[Archive.org]][308] and here [[Archive.org]][309] Some steps should be taken in all cases: -**All your sensitive activities will be done from within a guest Virtual Machine running Windows 10 Pro (not Home this time), Linux, or macOS.** +**All your sensitive activities will be done from within a guest Virtual Machine running Windows 10/11 Pro (not Home this time), Linux, or macOS.** This has a few advantages that will help you remain anonymous: @@ -3576,11 +3578,11 @@ More information at: #### Tor over VPN: -You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, I would not necessarily it: +You might be wondering: Well, what about using Tor over VPN instead of VPN over Tor? Well, we would not necessarily recommend it: - Disadvantages: - - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if required. We do not trust them. I prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. + - Your VPN provider is just another ISP that will then know your origin IP and will be able to de-anonymize you if required. We do not trust them. We prefer a situation where your VPN provider does not know who you are. It does not add much in terms of anonymity. - This would result in you connecting to various services using the IP of a Tor Exit Node which is banned/flagged in many places. It does not help in terms of convenience. @@ -3649,13 +3651,13 @@ If you have absolutely no other option and still want to do something, see [Appe Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor is still the best solution for anonymity and must be somewhere for anonymity. -- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, I recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. +- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). -- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then I recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** +- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** -- If cost is an issue, I recommend the Tor Only option if possible. +- If cost is an issue, we recommend the Tor Only option if possible. - If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] @@ -3707,7 +3709,7 @@ This guide will therefore propose two flavors of this route: ![][331] -You will be able to decide which flavor to use based on my recommendations. I recommend the second one as explained before. +You will be able to decide which flavor to use based on my recommendations. We recommend the second one as explained before. Whonix is well maintained and has extensive and incredibly detailed documentation. @@ -3779,7 +3781,7 @@ Finally, consider the security advice from Virtualbox themselves here VPN > Tor > VPN). +Remember that in this case, we recommend having two VPN accounts. Both paid with cash/Monero (see [Appendix O: Getting an anonymous VPN/Proxy]). One will be used in the Host OS for the first VPN connection. The other could be used in the VM to achieve VPN over Tor over VPN (User > VPN > Tor > VPN). If you intend to only use Tor over VPN, you only need one VPN account. @@ -3843,7 +3845,7 @@ Consider using AppArmor on your Whonix Workstations by following this guide: [[Archive.org]][345] for detailed instructions. @@ -3851,25 +3853,23 @@ Consider hardening the VM as recommended in [Hardening Linux]. ##### If you cannot use Tor: -Use the Linux Distro of your choice. I would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. You could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] +Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. You could go with the risky route: See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] ##### Choose a browser within the VM: -This time, I will recommend Brave browser. +This time, we will recommend Brave browser. See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. -### Windows 10 Virtual Machine: +### Windows 10/11 Virtual Machine: **Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]][344] -#### Windows 10 ISO download: +#### Windows 10 and 11 ISO download: -Go with the Official Windows 10 Pro VM and harden it yourself: see [Appendix C: Windows Installation Media Creation][306] and go with the ISO route. - -There is also another option you might hear about which is Windows AME (Ameliorated) from the [[Archive.org]][346] project which is a special Windows 10 build stripped from all telemetry/advertising and update components. **I do not recommend this option due to the insecure nature of that release lacking the latest updates/patches and lacking the ability to update completely. I do believe the project general idea is good, but it is just too insecure/risky and contains unnecessary software picked by the dev.** +Go with the Official Windows 10/11 Pro VM and harden it yourself: see [Appendix C: Windows Installation Media Creation][306] and go with the ISO route. #### If you can use Tor (natively or over a VPN): @@ -3881,13 +3881,15 @@ Refer to this tutorial New > Select Windows 10 64bit +- Select Machine > New > Select Windows 10 or Windows 11 64bit -- Allocate a minimum amount of 2048MB but ideally 4096MB if your Ram allows it +- Allocate a minimum amount of 2GB for Windows 10 and 4GB for Windows 11 - Create a Virtual Disk using the VDI format and select Dynamically Allocated -- Keep the disk size at 50GB (this is a maximum; it should not reach that much) +- Keep the disk size at 50GB for Windows 10 and 80GB for Windows 11 (this is a maximum; it should not reach that much) + +- Make sure PAE/NX is enabled in System > Processor - Select the VM and click Settings, Go into the Network Tab @@ -3899,7 +3901,7 @@ Refer to this tutorial Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** +**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** #### If you cannot use Tor: @@ -3937,13 +3943,15 @@ See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs - Open Virtualbox -- Select Machine > New > Select Windows 10 64bit +- Select Machine > New > Select Windows 10 or 11 64bit -- Allocate a minimum amount of 2048MB but ideally 4096MB if your Ram allows it +- Allocate a minimum amount of 4GB of RAM for 11 , 2GB of RAM for 10. - Create a Virtual Disk using the VDI format and select Dynamically Allocated -- Keep the disk size at 50GB (this is a maximum; it should not reach that much) +- In the System/Processor tab, make sure PAE/NX is enabled. + +- Keep the disk size at 80GB for 11, 50GB for 10 (this is a maximum; it should not reach that much) - Go into the Storage Tab, Select the Empty CD and click the icon next to SATA Port 1 @@ -3951,25 +3959,25 @@ See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs - Click ok and start the VM -- Virtualbox will prompt you to select a Starting disk (the ISO file), select it, and click Start +- Virtualbox will prompt you to either push a button to boot the ISO or ask you what to boot, select the ISO or click. - Follow the steps in [Appendix A: Windows Installation] ##### Network Settings: -- Windows will prompt you if you want to be "discoverable" on this network. Click NO. +- Windows will prompt you if you want to be discoverable on this network. Click NO. -**Every time you will power on this VM in the future, make sure you change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** +**Every time you will power on this VM in the future, you should make sure to change its Ethernet Mac Address before each boot. You can do this in Virtualbox > Settings > Network > Advanced > Click the refresh button next to the MAC address. You can only do this while the VM is powered off.** #### Choose a browser within the VM: -This time, I will recommend Brave browser. +This time, we will recommend Brave browser. See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:] as well. -#### Additional Privacy settings in Windows 10: +#### Additional Privacy settings in Windows 10/11: See [Appendix B: Windows Additional Privacy Settings] @@ -4007,6 +4015,8 @@ Just use the tutorials as is and see [Appendix P: Accessing the internet as safe Two possibilities: AnBox or Android-x86 +Personally, We would recommend AnBox over Android-x86 but it requires Linux + ##### AnBox: Basically follow the tutorial here for installing AnBox on the Whonix Workstation: [[Archive.org]][347] for running Android Applications within an AnBox VM. @@ -4101,7 +4111,7 @@ Just use the tutorials as is and see [Appendix P: Accessing the internet as safe There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage...) without a genuine ID. You can set such IDs using this script: [[Archive.org]][352] but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal). -Note: I also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configuration I used which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead: +Note: We also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configurationWeused which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead: - ```VBoxManage modifyvm "macOSCatalina" ---cpuidset 00000001 000106e5 00100800 0098e3fd bfebfbff``` @@ -4123,7 +4133,7 @@ Refer to [Hardening macOS]. #### Choose a browser within the VM: -This time, I will recommend Brave browser. +This time, we will recommend Brave browser. See why here: [Appendix V: What browser to use in your Guest VM/Disposable VM] @@ -4133,7 +4143,7 @@ See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers: You will need something to store your data (logins/passwords, identities, and TOTP[^359] information). -For this purpose, I strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^360] authentication with the authenticator feature. +For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^360] authentication with the authenticator feature. Remember this should ideally be installed on your Guest VM and not on your Host OS. You should never do any sensitive activities from your Host OS. @@ -4189,7 +4199,7 @@ This step will allow you to configure your Host OS so that only the Whonix Gatew There are three ways to do this: -- The Lazy Way (not really recommended): not supported by Whonix and might have some security implications as you will expose the Whonix Gateway VM to the Public Wi-Fi network. I would recommend against this unless you are in a hurry or very lazy. +- The Lazy Way (not really recommended): not supported by Whonix and might have some security implications as you will expose the Whonix Gateway VM to the Public Wi-Fi network. We would recommend against this unless you are in a hurry or very lazy. - **This method will not work with Wi-Fi captive portals requiring any registration to connect.** @@ -4199,7 +4209,7 @@ There are three ways to do this: #### The Lazy Way (**not supported by Whonix** but it will work if you are in a hurry, see further for the better way): -**This way is not supported by the Whonix project**[^361] but I will go ahead and give this option anyway. IMHO this is helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs. +**This way is not supported by the Whonix project**[^361] but we will go ahead and give this option anyway. IMHO this is helpful to prevent your Host OS from leaking any information while you are using the Whonix VMs. **Note that this option as-is will only work on Wi-Fis without a captive portal (where you must enter some information to unlock access).** @@ -4209,7 +4219,7 @@ The illustration below shows the result of this step: ##### Configuration of the Whonix Gateway VM: -For this to work, we will need to change some configurations on the Whonix Gateway VM. We will need to add a DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will still have to have internet access allowed for now. +For this to work, we will need to change some configurations on the Whonix Gateway VM. we will need to add a DHCP client to the Whonix Gateway to receive IP addresses from the network. To do those changes the Host OS will still have to have internet access allowed for now. So here is how: @@ -4257,11 +4267,11 @@ So here is how: ##### Configuration of the Host OS: -Now we must block internet access from your Host OS while still allowing the VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi association to get an IP address. +Now you must block internet access from your Host OS while still allowing the VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself an IP address. The VM will then use your Wi-fi association to get an IP address. ###### Windows Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4279,7 +4289,7 @@ The goal here is to associate with a Wi-Fi network without having an internet co ###### Linux Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4297,7 +4307,7 @@ The goal here is to associate with a Wi-Fi network without having an internet co ###### macOS Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4321,7 +4331,7 @@ Yet this will still not be supported by the Whonix project, but it is fine as th This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge. -For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. +For this purpose, we will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an Ubuntu-based distro and we would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. @@ -4333,6 +4343,8 @@ This is how it will look at the end: ##### Installing XUbuntu VM: +XUbuntu was picked due the performance of XFCE. + Make sure you are connected to a safe Wi-Fi for this operation. First, you will need to download the latest XUbuntu Stable release ISO from @@ -4453,7 +4465,7 @@ By default, the Whonix Gateway has no DHCP client and will require one to get an ##### Configuration of the Host OS: -Now we must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will then use your Wi-fi association to get an IP address. +Now you must block internet access from your Host OS while still allowing the XUbuntu Bridge VM to connect. This will be done by connecting to Wi-Fi with the Host OS but without assigning itself a gateway address. The VM will then use your Wi-fi association to get an IP address. If necessary, from the XUbuntu Bridge VM, you will be able to launch a Browser to enter information into any captive/registration portal on the Wi-Fi network. @@ -4461,7 +4473,7 @@ Only the XUbuntu Bridge VM should be able to access the internet. The Host OS wi ###### Windows Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4483,7 +4495,7 @@ The goal here is to associate with a Wi-Fi network without having an internet co ###### Linux Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4505,7 +4517,7 @@ The goal here is to associate with a Wi-Fi network without having an internet co ###### macOS Host OS: -The goal here is to associate with a Wi-Fi network without having an internet connection. We will achieve this by deleting the Gateway from the connection after you are connected: +The goal here is to associate with a Wi-Fi network without having an internet connection. You will achieve this by deleting the Gateway from the connection after you are connected: - First, connect to the safe Wi-Fi of your choice @@ -4531,7 +4543,7 @@ This way will not go against Whonix recommendations (as it will not expose the W This option will require an additional VM between the Host OS and the Whonix Gateway to act as a Network Bridge and to connect to the Wi-Fi network. **This option requires a working USB Wi-Fi Dongle that will be passed through to a bridge VM.** -For this purpose, I will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an Ubuntu-based distro and I would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. +For this purpose, we will recommend the use of a lightweight Linux Distro. Any will do but the easiest IMHO will be an Ubuntu-based distro and we would recommend the lightweight XUbuntu as it will be extremely easy to configure this setup. Why XUbuntu and not Ubuntu or KUbuntu? Because XUbuntu uses an XFCE desktop environment which is lightweight and this VM will only serve as a proxy and nothing else. @@ -4545,7 +4557,7 @@ This is how it will look at the end: - Disable Networking on your Host OS completely (Turn off the on-board Wi-Fi completely) -- Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public Wi-Fi. This should be easy and automatically installed by any recent OS (Windows 10, macOS, Linux). +- Plug in and install your USB Wi-Fi Dongle. Connect it to a safe Public Wi-Fi. This should be easy and automatically installed by any recent OS (Windows 10/11, macOS, Linux). ##### Configuring the Whonix Gateway VM: @@ -4663,7 +4675,7 @@ At this stage, your Host OS should have no network at all and your XUbuntu VM sh ##### Additional configuration of the Whonix Gateway VM: -Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM we just made on the earlier step: +Now it is time to configure the Whonix Gateway VM to get access from the shared network from the bridge VM you just made on the earlier step: - Go into the VirtualBox Application and select the Whonix Gateway VM @@ -4693,7 +4705,7 @@ You are done and can now skip the rest to go to the [Getting Online][Getting Onl ## The Qubes Route: -**Note that while this route is written for Qubes OS 4.0.x, it should also work with Qubes OS 4.1.x but it hasn't been tested yet. The guide will be updated when Qubes OS 4.1 is released (now at the Release Candidate 3 stage as of this writing).** +**Note that while this route is written for Qubes OS 4.0.x, it should also work with Qubes OS 4.1.x but it hasn't been tested yet. The guide will be updated and tested for Qubes OS 4.1 soon. In the mean time, you can see the changelog here: ** As they say on their website, Qubes OS is a reasonably secure, free, open-source, and security-oriented operating system for single-user desktop computing. Qubes OS leverages and extensively uses Xen-based virtualization to allow for the creation and management of isolated compartments called Qubes. @@ -4707,19 +4719,19 @@ Qubes OS is not a Linux distribution[^362] but a Xen distribution. It is differe - YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation [[Invidious]][362] -- YouTube, I used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]][363] +- YouTube, We used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]][363] - YouTube, Qubes OS: How it works, and a demo of this VM-centric OS [[Invidious]][364] This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org. -Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements[^363], the recommended RAM is 16GB. I would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. +Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements [[Archive.org]][363], the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require and allocate a certain amount of memory that will not be available for other apps. If you are running native Windows apps within Qubes OS Qubes, the ram overhead will be significant. You should also check their hardware compatibility here [[Archive.org]][365] before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself. -I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide plausible deniability[^311], unlike the Whonix route. +I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide plausible deniability [[Archive.org]][311], unlike the Whonix route. ### Pick your connectivity method: @@ -4878,13 +4890,13 @@ If you have absolutely no other option and still want to do something, see [Appe Unfortunately, using Tor alone will raise the suspicion of many destinations' platforms. You will face many hurdles (captchas, errors, difficulties signing up) if you only use Tor. In addition, using Tor where you are could put you in trouble just for that. But Tor remains the best solution for anonymity and must be somewhere for anonymity. -- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, I recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. +- If you intend to create persistent shared and authenticated identities on various services where access from Tor is hard, we recommend the **VPN over Tor** and **VPS VPN/Proxy over Tor** options (or VPN over Tor over VPN if needed). It might be a bit less secure against correlation attacks due to breaking Tor Stream isolation but provides much better convenience in accessing online resources than just using Tor. It is an "acceptable" trade-off IMHP if you are careful enough with your identity. - **Note: It is becoming more common that mainstream services and CDNS are also blocking or hindering VPN users with captchas and other various obstacles**. **In that case, a self-hosted VPS with a VPN/Proxy over Tor is the best solution for this as having your own dedicated VPS guarantees you are the sole user of your IP and encounter little to no obstacles.** Consider a [Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux)][Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for users more familiar with Linux):] if you want the least amount of issues (this will be explained in the next section in more details). -- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then I recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** +- If your intent however is just to browse random services anonymously without creating specific shared identities, using tor friendly services; or if you do not want to accept that trade-off in the earlier option. **Then we recommend using the Tor Only route to keep the full benefits of Stream Isolation (or Tor over VPN if you need to).** -- If cost is an issue, I recommend the Tor Only option if possible. +- If cost is an issue, we recommend the Tor Only option if possible. - If both Tor and VPN access are impossible or dangerous then you have no choice but to rely on Public wi-fi safely. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] @@ -4922,7 +4934,7 @@ Qubes OS uses LUKS for full disk encryption and it is technically possible to ac ### Installation: -We will follow the instructions from their own guide [[Archive.org]][368]: +You will follow the instructions from their own guide [[Archive.org]][368]: (Secure Boot is not supported as per their FAQ: [[Archive.org]][369] so it should be disabled in the BIOS/UEFI settings.) @@ -4938,7 +4950,7 @@ We will follow the instructions from their own guide [[Archive.org]][1367]. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though we know we are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. + - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: [[Archive.org]][1367]. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though you know you are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. - If you cannot use Tor at all, there is also no point in installing Whonix. So, you should disable Whonix installation within the Software Selection Menu. @@ -4950,7 +4962,7 @@ The Qubes master signing key fingerprint should match `427F 11FD 0FAA 4B08 0123 ### Lid Closure Behavior: -Unfortunately, Qubes OS does not support hibernation[^366] which is IMHO an issue regarding cold-boot attacks. To mitigate those, I highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features. +Unfortunately, Qubes OS does not support hibernation[^366] which is IMHO an issue regarding cold-boot attacks. To mitigate those, we highly recommend that you configure Qubes OS to shut down on any power action (power button, lid closure). You can do set this from the XFCE Power Manager. Do not use the sleep features. ### Connect to a Public Wi-Fi: @@ -4986,6 +4998,12 @@ Remember this should be done from a safe place (see [Find some safe places with - Open Firefox and register (anonymously) into the Wi-Fi +### Upgrading Qubes OS from 4.0.x to 4.1.x (you should do it) + +Personally, we wouldn't do it in-place and do a fresh install. + +But if you really want to, it's technically possible by following this guide: [[Archive.org]][1372] + ### Updating Qubes OS: After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You must keep Qubes OS always updated before conducting any sensitive activities. Especially your Browser VMs. Normally, Qubes OS will warn you about updates in the upper right corner with a gear icon. As this might take a while in this case due to using Tor, you can force the process by doing the following: @@ -5004,9 +5022,11 @@ After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You m - If you checked the Tor option during install, wait patiently as this might take a while over Tor -### Updating Whonix from version 15 to version 16: +### Upgrading Whonix from version 15 to version 16: -Follow the instructions on [[Archive.org]][371]. *If you're running Qubes 4.1, this is already done for you.* +Again, you should really do this ASAP. We would use a fresh install but it's technically possible to do it in-place, see [[Archive.org]][1376] + +Follow the instructions on [[Archive.org]][371]. *If you're running Qubes 4.1.x, this is already done for you.* ### Hardening Qubes OS: @@ -5062,37 +5082,14 @@ You could make use of SELinux on your Fedora Templates. But this is up to you. A This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or Proton VPN for instance). -This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]][377]). If you are familiar with this process, you can follow their tutorial. Here is mine: +This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]][377]). This part of the guide needs reworking and update, please follow their tutorial. -#### Create the ProxyVM: + - If you are going for VPN over Tor, you need to go into the settings of the ProxyVM you made and select "sys-vpn" for networking. + - An easier way to setup your ProxyVM is to simply run a VPN client on the ProxyVM. + - Usually when you connect to your VPN provider's website, it'll tell you whether your traffic is being properly routed through the VPN. -- Click the Applications icon (upper left corner) - -- Click Create Qubes VM - -- Name and label as you wish: I suggest "VPNGatewayVM" - -- Select Type: Standalone Qube copied from a template - -- Select Template: Debian-11 (the default) - -- Select Networking: - - - Select sys-whonix if you want to do VPN over Tor / Tor only (recommended) - - - Select sys-firewall if you want to do Tor over VPN / No Tor or VPN / Just VPN - -- Advanced: Check provides network - -- Check "Start Qube automatically on boot" - -- Create the VM - -- Test your Connectivity: - - - If you are going for VPN over Tor, Test the VM connectivity to Tor by launching a Browser within the ProxyVM and going to [[Archive.org]][378] (It should say you are connected to Tor) - - - If you are going for Tor over VPN, Test the VM connectivity to the internet by launching a Browser within the ProxyVM and access any website. + - If you are going for Tor over VPN, the opposite should be done, the ProxyVM should have its networking set as "sys-tor" and the "sys-tor" VM should have "sys-vpn" for its networking. + - Test the VM connectivity to the internet by launching a Browser within the ProxyVM. Visit [[Archive.org]][378] (It should say you are connected to Tor) #### Download the VPN configuration from your cash/Monero paid VPN provider: @@ -5138,7 +5135,7 @@ When you are done downloading the configuration files within the Disposable Brow - Save and exit each file -- Edit the OpenVPN config file (/etc/default/openvpn) by typing ```sudo nano /etc/default/openvpn``` (because I do not like vi editor) +- Edit the OpenVPN config file (/etc/default/openvpn) by typing ```sudo nano /etc/default/openvpn``` - Change ```#AUTOSTART="all"``` to ```AUTOSTART="all"``` (in other words, remove the "#") @@ -5208,7 +5205,7 @@ When you are done downloading the configuration files within the Disposable Brow - Go into Qube Settings -- Click Clone Qube and name it (like "VPNoverTor") +- Click Clone Qube and name it like "sys-VPNoverTor" for example - Again, within the Application Menu, Select the Clone you just created @@ -5246,7 +5243,7 @@ Alternatively, you can also create any other type of disposable VM (but less sec - Go into Qube Settings -- Click Clone Qube and name it (like "TorOverVPN") +- Click Clone Qube and name it like "sys-TorOverVPN" for example - Again, within the Application Menu, Select the Clone you just created @@ -5290,7 +5287,7 @@ Within the Applications Menu (upper left), Select the Fedora-34 template: - Go into Qube Settings -- Clone the VM and name it "fedora-34-brave" (this VM template will have Brave) +- Clone the VM and name it "fedora-3x-brave" (this VM template will have Brave) - Again, go into the Applications Menu and select the clone you just created @@ -5300,7 +5297,7 @@ Within the Applications Menu (upper left), Select the Fedora-34 template: - Launch a terminal from the VM -If you want to use Brave: apply the instructions from [[Archive.org]][384] (Fedora 28+ section) and run the following commands: +If you want to use Brave: apply the instructions from [[Archive.org]][384] and run the following commands: - ```sudo dnf install dnf-plugins-core``` @@ -5326,7 +5323,7 @@ Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]][385]) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]][347] +Since the Android-x86 does not work "well" with Qubes OS (my own experience). We will instead recommend using AnBox ( [[Archive.org]][385]) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]][347] #### If you can use Tor (natively or over a VPN): @@ -5334,7 +5331,7 @@ Later in the Qubes settings during creation: - Select Networking -- Change to sys-Whonix to put it behind the Whonix Gateway (over Tor). +- Change to sys-whonix to put it behind the Whonix Gateway (over Tor). #### If you cannot use Tor: @@ -5348,7 +5345,7 @@ Basically, follow the tutorial here: - Click Create Qubes VM -- Name and label as you wish: I suggest "Android Box" +- Name and label as you wish: we suggest "Android" - Select Type: Standalone Qube copied from a template @@ -5380,7 +5377,7 @@ Now you will have to follow the instructions from here: [[Archive.org]][387]: +Now you will follow their other tutorial from here: [[Archive.org]][387]: - Install AnBox by running: @@ -5418,7 +5415,7 @@ That's it, you should now have an Android Qube over Tor (or anything else) capab You will need something to store your data (logins/passwords, identities, and TOTP[^369] information). -For this purpose, I strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^370] authentication with the authenticator feature. +For this purpose, we strongly recommend KeePassXC because of its integrated TOTP feature. This is the ability to create entries for 2FA[^370] authentication with the authenticator feature. In the context of Qubes OS you should store your sensitive information within the Domain-vault Qube: @@ -5480,7 +5477,7 @@ As for Cloudflare (hCaptcha), you could also use their Accessibility solution he You should therefore deal with those carefully and force yourself to alter the way you are solving them (speed/movement/accuracy/...) to prevent "Captcha Fingerprinting". -Fortunately, as far as I am aware, these are not yet officially/publicly used to de-anonymize users for third parties. +Fortunately, as far as we are aware, these are not yet officially/publicly used to de-anonymize users for third parties. To not have those issues, you should consider using a VPN over Tor. And the best option to avoid those is likely to use a self-hosted VPN/Proxy over Tor on a cash/Monero paid VPS server. @@ -5500,7 +5497,7 @@ Most platforms will not allow you to register using an "anonymous" or disposable The key thing to this is that it is becoming increasingly difficult to sign-up for a free e-mail account anywhere without providing (you guessed it) ... a cell phone number. That same cell phone number can be used conveniently to track you down in most places. -It is possible that those services (Proton for instance) might require you to provide an e-mail address for registration. In that case, I would recommend you create an e-mail address from these providers: +It is possible that those services (Proton for instance) might require you to provide an e-mail address for registration. In that case, we would recommend you create an e-mail address from these providers: - MailFence: @@ -5524,7 +5521,7 @@ Due to the suspicious situation, this guide can no longer recommend them. #### Protecting your anonymous online identities e-mails using Aliasing services: -If you want to avoid communicating your anonymous e-mail addresses to various parties. I would strongly suggest considering using e-mail aliasing services such as: +If you want to avoid communicating your anonymous e-mail addresses to various parties. We would strongly suggest considering using e-mail aliasing services such as: - (preferred first choice due to more options available to the free tier) @@ -5554,11 +5551,11 @@ Some examples: ### Proof of ID verification: -The deal-breaker in most cases. As far as I know, only Facebook and LinkedIn (outside of financial services) have requested such verifications which involve sending pictures of some form of identification (passport, national ID card, driver's license ...). The only way to do this would involve creating fake official documents (forgery) using some decent Photoshop skills and this might be illegal in most places. +The deal-breaker in most cases. As far as we know, only Facebook and LinkedIn (outside of financial services) have requested such verifications which involve sending pictures of some form of identification (passport, national ID card, driver's license ...). The only way to do this would involve creating fake official documents (forgery) using some decent Photoshop skills and this might be illegal in most places. -Therefore, this is a line I am not going to help you cross within this guide. Some services are offering such services online, but I think they are *bad actors* and are overstepping their boundaries. +Therefore, this is a line we are not going to help you cross within this guide. Some services are offering such services online, but we think they are *bad actors* and are overstepping their boundaries. -In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated financial services may request proof of identification. So, the legality of asking for such documents is debatable and I think such platforms should not be allowed to require those. +In many countries, only law enforcement, some specific processes (such as GDPR requests), and some well-regulated financial services may request proof of identification. So, the legality of asking for such documents is debatable and we beieve such platforms should not be allowed to require those. In few countries (like Germany), this practice is illegal and online platforms such as Facebook or LinkedIn are legally bound to allow you to use a pseudonym and remain anonymous. @@ -5586,7 +5583,7 @@ For this reason, this guide does recommend the use of VPN over Tor (and not Tor Browser and Device[^382] Fingerprinting are usually integrated into the Captcha services but also in other various services. -Many platforms (like Google[^383]) will check your browser for various capabilities and settings and block Browsers they do not like. This is one of the reasons I recommend using Chromium-based Browsers such as Brave Browser over Tor Browser within this VM. +Many platforms (like Google[^383]) will check your browser for various capabilities and settings and block Browsers they do not like. This is one of the reasons we recommend using Chromium-based Browsers such as Brave Browser over Tor Browser within this VM. Here are some of the things they check within recent browsers: @@ -5633,7 +5630,7 @@ Here are two services you can use to check your browser Fingerprinting: - - - + - - (Chromium based browsers only) @@ -5668,7 +5665,7 @@ This is for instance now the case on YouTube for some European Users[^384] but a ### Sign-in with some platform: -Why do this user-verification ourselves when we can just ask others to deal with it? +"Why do this user-verification ourselves when we can just ask others to deal with it?" You will notice this, and you probably already encountered this. Some apps/platforms will ask/require you to sign in with a well-known and well-used reputable platform instead of their own system (Sign-in with Google/Facebook/Apple/Twitter). @@ -5686,7 +5683,7 @@ Some platforms/apps will require you to take a live picture of yourself either d ![][395] -This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you with other means anyway) and some dating apps like Tinder[^386]. Unfortunately, this method is now also sometimes being used on Facebook[^387] and Instagram as part of their verification methods (tho I did not face it yet so far). +This guide will not cover this one (yet) as it is mainly used on financial platforms (that will be able to identify you with other means anyway) and some dating apps like Tinder[^386]. Unfortunately, this method is now also sometimes being used on Facebook[^387] and Instagram as part of their verification methods (tho we did not face it yet so far). ![][396] @@ -5696,7 +5693,7 @@ Recently even platforms such as PornHub decided to implement similar measures in This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use "deep fake" technology software such as the open-source FaceSwap [[Archive.org]][397] to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo). -Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, we will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]][398]. +Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]][398]. ### Manual reviews: @@ -5706,7 +5703,7 @@ Some countries have even developed hotlines where you can report any subversive Pros: Usually that verdict is "final", and you will probably avoid further issues if you are good. -Cons: Usually that verdict is "final", and you will probably be banned without any appeal possibility if you are not good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when trying to appeal that specific identity (this happens on Instagram for instance where if your account gets "suspended" obviously by some manual review, trying to complete the appeal form will just throw an error and tell you to try again later (I have been trying this same appeal for that identity for the past 6 months at least). +Cons: Usually that verdict is "final", and you will probably be banned without any appeal possibility if you are not good. Sometimes those reviews end up on the platform just ghosting you and cancel you without any reason whatsoever. Any appeal will be left unanswered, ignored, or will generate some random dark pattern bug when trying to appeal that specific identity (this happens on Instagram for instance where if your account gets "suspended" obviously by some manual review, trying to complete the appeal form will just throw an error and tell you to try again later (We have been trying this same appeal for that identity for the past 6 months at least). ## Getting Online: @@ -5736,7 +5733,7 @@ Now that you have a basic understanding of all the ways you can be de-anonymized - Above all, you cannot trust people -So what? Well instead of not trusting anyone or anything, I would advise to **"Trust but verify"**[^390] (or "Never trust, always verify" if you are more hardcore about it and want to apply Zero-Trust Security[^391]) instead. +So what? Well instead of not trusting anyone or anything, we would advise to **"Trust but verify"**[^390] (or "Never trust, always verify" if you are more hardcore about it and want to apply Zero-Trust Security[^391]) instead. **Do not start this process unless:** @@ -5808,11 +5805,11 @@ Tools that can help with this: Now is also the moment where you could finally consider getting an online phone number as explained in the [Online Phone Number (less recommended)] section. -I will help you bit by listing a few tips I learned while researching over the years **(disclaimer: this is based on my individual experiences alone)**: +We will help you bit by listing a few tips we learned while researching over the years **(disclaimer: this is based on my individual experiences alone)**: - "Some animals are more equal than others". - - Ethnicity is important and you will have fewer issues and attract less attention to verification algorithms if your identity is Caucasian/East-Asian than if it is Arabic/Black (yes, I tested this extensively and it is definitely an issue). + - Ethnicity is important and you will have fewer issues and attract less attention to verification algorithms if your identity is Caucasian/East-Asian than if it is Arabic/Black (yes, we tested this extensively and it is definitely an issue). - Age is important and you will have fewer issues if you are young (18-22) than if you are middle-aged or older. Platforms seem to be more lenient in not imposing restrictions on new younger audiences. @@ -5830,7 +5827,7 @@ I will help you bit by listing a few tips I learned while researching over the y - Brave Browser (Chromium-based) with a Private Tor Tab has (IMHO) a better acceptance level than Tor Browser (Firefox based). You will experience fewer issues with captchas and online platforms[^383] if you use Brave than if you use Tor Browser (feel free to try this yourself). -- For every identity, you should have a matching profile picture associated with it. For this purpose, I recommend you just go to [[Archive.org]][399] and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]][400]. Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, but I do not have an "easy way" of doing that yet. +- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to [[Archive.org]][399] and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]][400]. Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet. - **Bonus**, you could also make it more real by using this service (with an anonymous identity) [[Archive.org]][401] to make a picture more lifelike. Here is an example: @@ -5964,7 +5961,7 @@ Unfortunately, not using your real identity is against the ToS (Terms of Service This does not mean that it is illegal in other places but that it might be a breach of their Terms of Services if you do not have the law on your side. **Remember this guide only endorses this for German users residing in Germany.** -On my side, I strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]][408] [[Archive.org]][409] +On my side, we strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]][408] [[Archive.org]][409] Here are some more references about the German case for reference: @@ -5980,7 +5977,7 @@ Here are some more references about the German case for reference: - [[Archive.org]][414] -Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and I am not a lawyer. **Do this at your own risk.** +Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and we are not lawyers. **Do this at your own risk.** Other countries where this was ruled illegal: @@ -6450,7 +6447,7 @@ Legend: Twitter No -Likely +Yes Yes Yes Yes @@ -6491,6 +6488,8 @@ Legend: * **See [The Real-Name System][Checking if your Tor Exit Node is terrible:] for essential information. See below for details.** +##### Below you'll find a list of "problematic services". If they're not below, it means there are no issues at all with anything (like Briar for example) + #### Amazon: - Is this against their ToS? No, but yes [[Archive.org]][419] @@ -6505,7 +6504,7 @@ While it does not technically require a real name. It does require a valid payme - Can you create accounts through Tor? Yes, but see below -Because of this valid payment method requirement, I could not test this. While this is seemingly not against their ToS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method anonymously which AFAIK is pretty much impossible or extremely difficult. +Because of this valid payment method requirement, we could not test this. While this is seemingly not against their ToS, it is not possible within the context of this guide unless you manage to obtain a valid KYC payment method anonymously which AFAIK is pretty much impossible or extremely difficult. So, AFAIK, it is not possible to create an anonymous Amazon account. @@ -6533,21 +6532,13 @@ Note that this account will not allow you to set up an Apple mail account. For t - Can you create accounts through Tor? No -#### Briar: - -- Is this against their ToS? No [[Archive.org]][422] - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Yes - #### Discord: - Is this against their ToS? No [[Archive.org]][423] - Will they require a phone number? No, but they do require an e-mail -- Can you create accounts through Tor? I had no issues with that so far using the Desktop Client +- Can you create accounts through Tor? We had no issues with that so far using the Desktop Client You might encounter more issues using the Web Client (Captchas). Especially with Tor Browser. @@ -6583,7 +6574,7 @@ But this clause of their ToS is illegal in Germany (see [Requirements][Pre-requi Facebook is one of the most aggressive platforms with identity verification and is pushing hard their "real name policy". It is why this guide is only advised to German residents. -Over my tests tho I was able to pinpoint a few tips: +Over our tests tho we were able to pinpoint a few tips: - It will be easier if you have an Instagram account first. @@ -6611,7 +6602,7 @@ I also suspect strongly based on my test that the following points have an impac If your account gets suspended, you will need to appeal the decision through a quite simple form that will require you to submit a "proof of ID". However, that proof of ID verification system is more lenient than LinkedIn and will allow you to send various documents which require far less Photoshop skills. -It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If that is the case, I am afraid it is a dead-end for now unless you use a deepfake face swapping technique. +It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity. If that is the case, we are afraid it is a dead-end for now unless you use a deepfake face swapping technique. If you do file an appeal, you will have to wait for Facebook to review it (I do not know whether this is automatic or human) and you will have to wait and hope for them to unsuspend your account. @@ -6685,33 +6676,25 @@ If your account gets banned, you will have no appeal and the forwarding will be It is also possible that Google will require an ID check through indirect financial KYC or ID picture check if you try to access/publish mature content on their platform[^403]. -#### HackerNews: - -- Is this against their ToS? No [[Archive.org]][429] - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Yes - #### Instagram: -- Is this against their ToS? **Maybe?** I am not sure [[Archive.org]][430] +- Is this against their ToS? **Maybe?** We are not sure [[Archive.org]][430] "**You can't impersonate others or provide inaccurate information. You do not have to disclose your identity on Instagram, but you must provide us with accurate and up-to-date information (including registration information)**. **Also, you may not impersonate someone you are not, and you can't create an account for someone else unless you have their express permission".** -This one is a bit of an Oxymoron don't you think? So, I am not sure whether it is allowed or not. +This one is a bit of an Oxymoron don't you think? So, we are not sure whether it is allowed or not. - Will they require a phone number? Maybe but less likely over VPN and very likely over Tor - Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required -It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity (within the app or through an e-mail request). If that is the case, I am afraid it is a dead-end for now. +It is also possible that they ask you to take a selfie video or picture-making certain gestures to prove your identity (within the app or through an e-mail request). If that is the case, we are afraid it is a dead-end for now. It is no secret that Instagram is part of Facebook however it is more lenient than Facebook when it comes to user verification. It is quite unlikely you will get suspended or banned after signing up. But it could help. -For instance, I noticed that you will face fewer issues creating a Facebook account if you already have a valid Instagram account. You should always create an Instagram account before trying Facebook. +For instance, we noticed that you will face fewer issues creating a Facebook account if you already have a valid Instagram account. You should always create an Instagram account before trying Facebook. -Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be able to enable Authenticator 2FA from the web for a reason I do not understand. +Unfortunately, there are some limitations when using the web version of Instagram. For instance, you will not be able to enable Authenticator 2FA from the web for a reason we do not know. After sign-up, do the following: @@ -6733,14 +6716,6 @@ After sign-up, do the following: - Can you create accounts through Tor? Nope it does not work for some technical reason -#### iVPN: - -- Is this against their ToS? No [[Archive.org]][432] - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Yes - #### Kraken: - Is this against their ToS? Yes [[Archive.org]][433] @@ -6813,30 +6788,6 @@ So yes, it is still possible to create an MS account without a phone number and After signing up you should set up 2FA authentication within the security options and using KeePassXC TOTP. -#### Mullvad: - -- Is this against their ToS? No [[Archive.org]][437] - -- Will they require a phone number? No, they do not even require an e-mail. - -- Can you create accounts through Tor? Yes. - -#### Njalla: - -- Is this against their ToS? No [[Archive.org]][438] - -- Will they require a phone number? No, but they do require an e-mail or an XMPP (Jabber) account somewhere. - -- Can you create accounts through Tor? Yes, they even have a ".onion" address at - -#### OnionShare: - -- Is this against their ToS? No, they do not even have Terms of Services - -- Will they require a phone number? No, they do not even require an e-mail - -- Can you create accounts through Tor? Yes (obviously) - #### OnlyFans: - Is this against their ToS? No, it looks fine [[Archive.org]][439] @@ -6865,14 +6816,6 @@ They claim they do not store/link the phone/e-mail associated with the registrat This e-mail account can be used for creating a Google/Gmail account. -#### Proton: - -- Is this against their ToS? No [[Archive.org]][441] - -- Will they require a phone number? No, but they do require an e-mail. - -- Can you create accounts through Tor? Yes - #### Reddit: - Is this against their ToS? No [[Archive.org]][442] @@ -6911,9 +6854,9 @@ Telegram is quite straightforward, and you can download their portable Windows a It will require a phone number (that can only be used once) and nothing else. -In most cases, I had no issues whether it was over Tor or VPN, but I had a few cases where my telegram account was just banned for violating terms of services (not sure which one?). This again despite not using them for anything. +In most cases, we had no issues whether it was over Tor or VPN, butWehad a few cases where my telegram account was just banned for violating terms of services (not sure which one?). This again despite not using them for anything. -They provide an appeal process through e-mail, but I had no success with getting any answer. +They provide an appeal process through e-mail, but we had no success with getting any answer. Their appeal process is just sending an e-mail to [[Archive.org]][446] stating your phone number and issue and hope they answer. @@ -6949,7 +6892,7 @@ After signing up you should do the following: - Is this against their ToS? No -- Will they require a phone number? They might not at sign-up, but they will just after sign-up or later. +- Will they require a phone number? Extremely likely, possibly now a requirement in all cases. - Can you create accounts through Tor? Yes, but expect some captchas and your phone number will be required after a while. @@ -6957,7 +6900,7 @@ Twitter is extremely aggressive in preventing anonymity on its network. You shou More than likely, your account will be suspended immediately during the sign-up process and will require you to complete a series of automated tests to unlock. This will include a series of captchas, confirmation of your e-mail and Twitter handle, or other information. In some cases, it will also require your phone number. -In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter what. In that case, you will have to pick up and hear the verification code. I suspect this is another method of preventing automated systems and malicious users from selling text receiving services over the internet. +In some cases, despite you selecting a text verification, the Twitter verification system will call the phone no matter what. In that case, you will have to pick up and hear the verification code. We suspect this is another method of preventing automated systems and malicious users from selling text receiving services over the internet. Twitter will store all this information and link it to your account including your IP, e-mail, and phone number. You will not be able that phone number to create a different account. @@ -6977,13 +6920,13 @@ Once the account is restored, you should take some time to do the following: - Disable geolocation of tweets -- Remove the phone number from the account +- **Caution:** Remove the phone number from the account (at your own risk, this often leads to suspension of the account) - Follow some people based - Log out and leave it be. -After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for "suspicious activity" or "violating community guidelines" despite you not using it at all (not even a single tweet/follow/like/retweet or DM) but this time by another system. I call this the "Double-tap". +After about a week, you should check Twitter again and the chances are quite high that it will be suspended again for "suspicious activity" or "violating community guidelines" despite you not using it at all (not even a single tweet/follow/like/retweet or DM) but this time by another system. We call this the "Double-tap". This time you will need to submit an appeal using a form[^407], provide a good reason and wait for the appeal to be processed by Twitter. During that process, you may receive an e-mail (on Proton) asking you to reply to a customer service ticket to prove that you do have access to your e-mail and that it is you. This will be directed toward your Gmail address but will arrive on your Proton. @@ -7035,9 +6978,9 @@ Ideally, you should find a way to buy/sell crypto with cash from an unknown pers #### What about those mobile-only apps (WhatsApp/Signal)? -There are only three ways of securely using those anonymously (that I would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, "tedious" to say the least. +There are only three ways of securely using those anonymously (that we would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, "tedious" to say the least. -- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]][451]. As for myself, I will recommend the use of: +- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]][451]. As for myself, we will recommend the use of: - Android-x86 on Virtualbox (see [[Archive.org]][348]) that you can also set up easily. @@ -7045,9 +6988,9 @@ There are only three ways of securely using those anonymously (that I would reco - **Not recommended:** Using a non-official app (such as Wassapp for WhatsApp) to connect from the Windows VM to the app. Use at your own risk as you could get banned for violating the terms of services by using a non-official App. -- **Not recommended and most complicated:** Have a burner Smartphone that you will connect to the VM layered network through Tethering/Sharing of the connection through Wi-Fi. I will not detail this here, but it is an option. +- **Not recommended and most complicated:** Have a burner Smartphone that you will connect to the VM layered network through Tethering/Sharing of the connection through Wi-Fi. We will not detail this here, but it is an option. -There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not even possible on IOS as far as I know). By reliable, I mean being sure that the smartphone will not leak anything such as geolocation or anything else from booting up to shutting down. +There is no way to reliably set a decent multi-layered connectivity approach easily on an Android phone (it is not even possible on IOS as far as we know). By reliable, we mean being sure that the smartphone will not leak anything such as geolocation or anything else from booting up to shutting down. #### Anything else: @@ -7085,7 +7028,7 @@ See the [Bad Cryptography][Bad Cryptography:] section at the start of this guide **Always be cautious of apps rolling their own crypto until it has been reviewed by many in the crypto community (or even better published and peer-reviewed academically)**. Again, this is harder to verify with closed-source proprietary apps. -It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, auditing, testing... And since you are probably not a cryptanalyst (and I am not one either), chances are high we are not competent to assess the cryptography of some apps. +It is not that rolling your own crypto is bad in essence, it is that good cryptography needs real peer-reviewing, auditing, testing... And since you are probably not a cryptanalyst (and we are not either), chances are high we are not competent to assess the cryptography of some apps. #### Forward Secrecy: @@ -7139,22 +7082,6 @@ Finally, Open-Source apps should always be preferred because they allow third pa #### Comparison: -Below you will find a small table showing the state of messaging apps as of the writing of this guide based on my tests and data from the various sources below: - -- Wikipedia, [[Wikiless]][453] [[Archive.org]][454] - -- Wikipedia, [[Wikiless]][455] [[Archive.org]][456] - -- Secure Messaging Apps [[Archive.org]][457] - -- Proton Blog, [[Archive.org]][458] - -- Whonix Documentation, Instant Messenger Chat [[Archive.org]][459] - -- Have a look at [[Archive.org]][460] which is also a good comparison table for messaging apps. - -- Messenger-Matrix.de at [[Archive.org]][461] - @@ -7667,7 +7594,7 @@ Below you will find a small table showing the state of messaging apps as of the **Remember: [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:].** -I will recommend these options in that order (as also recommend by Privacyguides.org[^416]'[^417] except for Session and Cwtch): +We will recommend these options in that order (as also recommend by Privacyguides.org[^416]'[^417] except for Session and Cwtch): - macOS: @@ -7737,13 +7664,27 @@ Any safe options for mobile devices? **Yes, but these are not endorsed/recommend **Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).** -While I do not recommend most of the messaging platforms for the various reasons outlined above (phone number and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this guide (virtualization behind a Tor Gateway on a non-persistent OS). +WhileWedo not recommend most of the messaging platforms for the various reasons outlined above (phone number and e-mail requirements), this does not mean it is not possible to use them anonymously if you know what you are doing. You can use even Facebook Messenger anonymously by taking the necessary precautions outlined in this guide (virtualization behind a Tor Gateway on a non-persistent OS). -The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto choices but also because they allow convenient anonymous sign-up without going through the many hassles of having a phone number/e-mail verification method and are open source. +The ones that are preferred are recommended due to their stance on privacy, their default settings, their crypto choices but also because they allow convenient anonymous sign-up without going through the many hassles of having a phone number/e-mail verification method and are open source. Those should be privileged in most cases. -Those should be privileged in most cases. Yes, this guide has a discord server, and a Twitter account despite those not being recommended at all for their stance on privacy and their struggle with anonymity. But this is about me acting appropriately in making this guide available to the many and conveniently using my experience and knowledge to do so as anonymously as possible. +You can also consult the following external resources for more comparisons: -**I do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, I strongly recommend against using Signal if possible.** +- Wikipedia, [[Wikiless]][453] [[Archive.org]][454] + +- Wikipedia, [[Wikiless]][455] [[Archive.org]][456] + +- Secure Messaging Apps [[Archive.org]][457] + +- Proton Blog, [[Archive.org]][458] + +- Whonix Documentation, Instant Messenger Chat [[Archive.org]][459] + +- Have a look at [[Archive.org]][460] which is also a good comparison table for messaging apps. + +- Messenger-Matrix.de at [[Archive.org]][461] + +**We do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, we strongly recommend against using Signal if possible.** ### How to share files publicly but anonymously: @@ -7890,7 +7831,7 @@ Here is a comparative table of recommended/included software compiled from vario **Legend:** * Not recommended but mentioned. N/A = Not Included or absence of recommendation for that software type. (L)= Linux Only but can maybe be used on Windows/macOS through other means (HomeBrew, Virtualization, Cygwin). (?)= Not tested but open-source and could be considered. -**In all cases, I strongly recommend only using such applications from within a VM or Tails to prevent as much leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:]).** +**In all cases, we strongly recommend only using such applications from within a VM or Tails to prevent as much leaking as possible. If you do not, you will have to sanitize those documents carefully before publishing (See [Removing Metadata from Files/Documents/Pictures][Removing Metadata from Files/Documents/Pictures:]).** ### Communicating sensitive information to various known organizations: @@ -7898,7 +7839,7 @@ You might be interested in communicating information to some organization such a If you must do so, you should take some steps because you cannot trust any organization to protect your anonymity[^422]. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:]. -For this, I strongly recommend the use of SecureDrop[^423] ( [[Archive.org]][471]) which is an open-source project from the Freedom of the Press Foundation. +For this, we strongly recommend the use of SecureDrop[^423] ( [[Archive.org]][471]) which is an open-source project from the Freedom of the Press Foundation. - Do take a moment to their read their "source guide" here: [[Archive.org]][472] @@ -7970,7 +7911,7 @@ For these back-ups, you will need a USB key or an external hard drive with enoug #### Veracrypt: -For this purpose, I will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, security, and portability. +For this purpose, we will recommend the use of Veracrypt on all platforms (Linux/Windows/macOS) for convenience, security, and portability. #### Normal File containers: @@ -8002,13 +7943,13 @@ To do this, when mounting the Decoy Volume, select Mount Options and Check the " - **Do not store multiple versions of them or store them anywhere where some versioning is being done (by the file system or the storage system). These file containers should be identical everywhere you store them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one you are using. If you do not take this precaution, an adversary could compare two different versions of this container and prove the existence of hidden data. Follow carefully the recommendations here ** [[Archive.org]][304]**. Remember the [Local Data Leaks and Forensics:] section.** -- I strongly recommend storing such containers on external USB keys that you will only mount from your guest VMs and never from your Host OS. **After each modification to the files, you should clean the free space on the USB disk and make sure that any backup of such containers is absolutely identical on each key and your computer. See the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives][How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section of this guide for help on doing this.** +- We strongly recommend storing such containers on external USB keys that you will only mount from your guest VMs and never from your Host OS. **After each modification to the files, you should clean the free space on the USB disk and make sure that any backup of such containers is absolutely identical on each key and your computer. See the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives][How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section of this guide for help on doing this.** -- If you have time, **I will even recommend that you delete wipe the keys completely before making any modification on such containers on your computer (if you do not work from the USB key directly).** This is to prevent an adversary that would seize your assets before you could update the keys from having multiple versions of the containers that could lead to proving the existence of hidden data using forensics techniques. +- If you have time, **We will even recommend that you delete wipe the keys completely before making any modification on such containers on your computer (if you do not work from the USB key directly).** This is to prevent an adversary that would seize your assets before you could update the keys from having multiple versions of the containers that could lead to proving the existence of hidden data using forensics techniques. - **Do not ever store such containers on cloud storage platforms that have backups and where you have no direct control over permanent deletion. They might keep "old versions" of your files which can then also be used by forensics to prove the existence of hidden data.** -- If you are mounting the hidden volume from your Host OS (**not recommended**), you should erase all traces of this hidden volume everywhere after use. There could be traces in various places (system logs, file systems journaling, recent documents in your applications, indexing, registry entries...). Refer to the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide to remove such artifacts. Especially on Windows. Instead, you should mount them on your Guest VMs. With Virtualbox for instance, you could take a snapshot of the VM before opening/working the hidden volume and then restore the snapshot before opening/working on it after use. This should erase the traces of its presence and mitigate the issue. Your Host OS might keep logs of the USB key being inserted but not of the hidden volume usage. Therefore, I do not recommend using these from your host OS. +- If you are mounting the hidden volume from your Host OS (**not recommended**), you should erase all traces of this hidden volume everywhere after use. There could be traces in various places (system logs, file systems journaling, recent documents in your applications, indexing, registry entries...). Refer to the [Some additional measures against forensics][Some additional measures against forensics:] section of this guide to remove such artifacts. Especially on Windows. Instead, you should mount them on your Guest VMs. With Virtualbox for instance, you could take a snapshot of the VM before opening/working the hidden volume and then restore the snapshot before opening/working on it after use. This should erase the traces of its presence and mitigate the issue. Your Host OS might keep logs of the USB key being inserted but not of the hidden volume usage. Therefore, we do not recommend using these from your host OS. - Do not store these on external SSD drives if you are not sure you can use Trim on them (see the [Understanding HDD vs SSD][Understanding HDD vs SSD:] section). @@ -8022,7 +7963,7 @@ You will have two options here: - This backup can be done while the Operating System is running. - - This backup will not be encrypted using the disk encryption but using the Backup utility encryption algorithm (which you will have to trust and cannot really control for most). Alternatively, you could encrypt the backup media yourself separately (for instance with Veracrypt). I am not aware of any free or non-free utility that natively supports Veracrypt. + - This backup will not be encrypted using the disk encryption but using the Backup utility encryption algorithm (which you will have to trust and cannot really control for most). Alternatively, you could encrypt the backup media yourself separately (for instance with Veracrypt). We are not aware of any free or non-free utility that natively supports Veracrypt. - Some utilities will allow for differential/incremental backups instead of full backups. @@ -8038,9 +7979,9 @@ You will have two options here: - This method is the easiest to manage. -I made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déjà Dup...) and personally I do not think it is worth it. Instead, I would recommend that you periodically back up your system with a simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour depending on the speed of your destination media. +We made extensive testing using live backups utilities (Macrium Reflect, EaseUS Todo Reflect, Déjà Dup...) and personally we do not think it is worth it. Instead, we would recommend that you periodically back up your system with a simple Clonezilla image. It is much easier to perform, much easier to restore, and usually works reliably without issues in all cases. And contrary to many beliefs, it is not that slow with most backups taking about an hour depending on the speed of your destination media. -For backing up single files while you work, I recommend using file containers or encrypted media directly and manually as explained in the earlier section. +For backing up single files while you work, we recommend using file containers or encrypted media directly and manually as explained in the earlier section. #### Requirements: @@ -8056,27 +7997,27 @@ You will need a separate external drive with at least the same or more free spac ##### Ubuntu (or any other distro of choice): -I will recommend the use of the open-source Clonezilla utility for convenience and reliability but there are many other native Linux utilities and methods you could use for this purpose. +We will recommend the use of the open-source Clonezilla utility for convenience and reliability but there are many other native Linux utilities and methods you could use for this purpose. So, you should follow the steps in [Appendix E: Clonezilla] ##### QubesOS: -Qubes OS recommends using their own utility for backups as documented here [[Archive.org]][476]. But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, I am also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. +Qubes OS recommends using their own utility for backups as documented here [[Archive.org]][476]. But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. So, you should follow the steps in [Appendix E: Clonezilla] #### Windows: -I will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial utilities that offer the same functionality, but I do not see any advantage in using any of them vs Clonezilla. +We will only recommend the use of the open-source and free Clonezilla utility for this purpose. There are commercial utilities that offer the same functionality, but we do not see any advantage in using any of them vs Clonezilla. Some warnings: -- If you use Bitlocker for encryption with TPM[^424] enabled, you might need to save your Bitlocker Key (safely) somewhere as well as this might be needed to restore your drive if your HDD/SSD or other hardware parts changed. Another option would be to use Bitlocker without the use of TPM which would not require this option. But again, I do not recommend using Bitlocker at all. +- If you use Bitlocker for encryption with TPM[^424] enabled, you might need to save your Bitlocker Key (safely) somewhere as well as this might be needed to restore your drive if your HDD/SSD or other hardware parts changed. Another option would be to use Bitlocker without the use of TPM which would not require this option. But again, we do not recommend using Bitlocker at all. - You should always have a backup of your Veracrypt rescue disk at hand somewhere to be able to resolve some issues that might still appear after a restore. Remember this rescue disk does not contain your passphrase or any sensitive information. You can store it as is. -- If you changed the HDD/SSD after a failure, Windows 10 may refuse to boot if your hard drive ID is changed. You should also save this ID before backing up as you might need to change the ID of the new drive as Windows 10 might require a matching ID before booting. See [Appendix F: Diskpart] +- If you changed the HDD/SSD after a failure, Windows 10/11 may refuse to boot if your hard drive ID is changed. You should also save this ID before backing up as you might need to change the ID of the new drive as Windows 10/11 might require a matching ID before booting. See [Appendix F: Diskpart] - **In case you are using Plausible Deniability on Windows. DO NOT back up the hidden OS partition as this image could be used by Forensics to prove the existence of the hidden volume as explained earlier. It is okay to back up the Decoy OS partition without issues, but you should never back up the partition containing the Hidden OS.** @@ -8084,7 +8025,7 @@ Follow the steps in [Appendix E: Clonezilla] #### macOS: -I would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]][477] and [[Archive.org]][478]. +we would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]][477] and [[Archive.org]][478]. So, plug in an external drive and it should prompt you to use it as a Time Machine backup. @@ -8092,7 +8033,7 @@ So, plug in an external drive and it should prompt you to use it as a Time Machi It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from the recovery options and you will be also able to use this disk for backing up other devices. -It is possible to also use Clonezilla to clone your Mac Hard Drive, but it could bring hardware compatibility issues and probably will not add much in terms of security. So, for macOS, I am not specifically recommending Clonezilla. +It is possible to also use Clonezilla to clone your Mac Hard Drive, but it could bring hardware compatibility issues and probably will not add much in terms of security. So, for macOS, We are not specifically recommending Clonezilla. ## Online Backups: @@ -8124,13 +8065,13 @@ For smaller files, consider: - Filen (): free tier limited to 10GB total -I am currently not aware of any online storage/hosting platform accepting cash payments unlike providers mentioned before. +We are currently not aware of any online storage/hosting platform accepting cash payments unlike providers mentioned before. If you do intend to store sensitive data on "mainstream platforms" (Dropbox, Google Drive, OneDrive...), **remember not to ever store plausible deniability containers on those and remember to encrypt and check (for metadata...) anything locally before uploading there**. Either with software like Veracrypt or with a software like Cryptomator (). Do not ever upload non-encrypted files on those platforms and repeating myself, only access them from a secure shielded VM. ### Information: -If you just want to save information (text), I will recommend the use of secure and private pastebins[^425]. Mostly I will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]][480] ) : +If you just want to save information (text), we will recommend the use of secure and private pastebins[^425]. Mostly we will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]][480] ) : - @@ -8182,7 +8123,7 @@ Most of those old secure deletion utilities were written with HDD in mind and ha So, what now? Well here comes the Trim[^427] operation. When you delete data on your SSD, your OS should support what is called a Trim operation command and **could (should)** issue this Trim command to the SSD drive periodically (daily, weekly, monthly...). This Trim command will then let know the SSD drive controller that there are pages within blocks containing data that are now free to be really deleted without deleting anything itself. -Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide (macOS, Windows 10, Ubuntu, Qubes OS...). +Trim should be enabled by default on all modern Operating Systems detecting an SSD drive covered in this guide (macOS, Windows 10/11, Ubuntu, Qubes OS 4.1.x ...). If Trim operations are not done regularly (or at all), then the data is never deleted pro-actively and at some point, all the blocks and pages will be occupied by data. Your OS will not see this and will just see free space as you delete files, but your SSD controller will not (this is called Write Amplification[^428]). This will then force the SSD controller to erase those pages and blocks on the fly which will reduce the write performance. This is because while your OS/SSD can write data to any free page in any bock, erasure is only possible on entire blocks, therefore, forcing your SSD to perform many operations to write new data. Overwriting is just not possible. This will defeat the wear-leveling system and cause performance degradation of your SSD over time. Every time you delete a file on an SSD, your OS should issue a Trim command along with the deletion to let the SSD controller know the pages containing the file data are now free for deletion. @@ -8214,7 +8155,7 @@ Within the context of this guide which also uses full disk encryption. Deletion ![][487] -So, you want to be sure. To achieve 100% secure deletion on an SSD drive, we will need to use specific SSD techniques (If you are using an HDD drive, skip this part and go to your OS of choice): +So, you want to be sure. To achieve 100% secure deletion on an SSD drive, you will need to use specific SSD techniques (If you are using an HDD drive, skip this part and go to your OS of choice): - Easy options for less experienced users: @@ -8230,7 +8171,7 @@ So, you want to be sure. To achieve 100% secure deletion on an SSD drive, we wil - Overwrite the entire drive's contents - HDDs: - Overwrite the drive's contents using a tool like [srm](https://www.howtogeek.com/425232/how-to-securely-delete-files-on-linux/), [wipe](https://linux.die.net/man/1/wipe), [shred, etc.](https://recoverit.wondershare.com/harddrive-tips/format-and-wipe-linux-disk.html). Ideally you want to use the Gutmann method, which was created for most effective data erasure on all drives. This method also works on SSDs, although it is overkill. - - Simply overwriting the drive's contents is not always enough. Dedicated secure deletion tools are designed to perform multiple passes to more effectively wipe data. This is expecially important on older drives. I recommend using either `wipe` or `srm`. + - Simply overwriting the drive's contents is not always enough. Dedicated secure deletion tools are designed to perform multiple passes to more effectively wipe data. This is expecially important on older drives. we recommend using either `wipe` or `srm`. - If using `wipe`, just use its default options (`wipe /dev/sdX`), as the defaults are tuned to most effectively wipe data on HDDs. - If using `srm`, make sure to manually specify that it should perform a Gutmann wipe (`srm -G /dev/sdX`). - SSDs: @@ -8438,7 +8379,7 @@ Since the Trim operation is not continuous on most recent hard drives but schedu At this stage, and just delete the file permanently (empty the recycle bin) and trim/garbage collection will do the rest. This should be sufficient. -If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10), you could also force a disk-wide Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]). +If you do not want to wait for the periodic Trim (set to Weekly by default in Windows 10/11), you could also force a disk-wide Trim using the Windows native Optimize tool (see [Appendix H: Windows Cleaning Tools]). If data were deleted by some utility (for instance by Virtualbox when reverting a snapshot), you could also issue a disk-wide Trim to clean anything remaining using the same Optimize tool. @@ -8522,7 +8463,7 @@ If you want more security and do not trust the Trim operation, then you will hav - You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]][495] -- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose I recommend wipe and shred). +- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose we recommend wipe and shred). #### External SSD drive: @@ -8566,7 +8507,7 @@ Please follow this documentation to Trim within Qubes OS: [[Archive.org]][503] (at your own risk, this has not been tested yet). +- Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. We didn't find a reliable tutorial on how to do this safely on Qubes OS but it is possible this tutorial could work: [[Archive.org]][503] (at your own risk, this has not been tested yet). - Refer to this Documentation ( [[Archive.org]][504]) and then trim using "fstrim --all" and then fill up the entire free space of the disk using a utility such as: @@ -8596,7 +8537,7 @@ Use the same method as Linux from a Qube connected to that specific USB device - You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]][495] -- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose I recommend wipe and shred). +- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose we recommend wipe and shred). #### External SSD drive: @@ -8676,7 +8617,7 @@ If Trim is not supported, you might have to ensure secure data deletion by: Note that the same SSD issue discussed in the earlier section will arise here. You can never really be 100% sure your SSD data is deleted when you ask it to do so unless you wipe the whole drive using specific methods above. -I am not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. Without doing that, you will have to trust the SSD Trim operation **which in my opinion is enough**. **It is reasonable and again very unlikely that forensics will be able to restore your files after a Deletion with Trim.** +We are not aware of any 100% reliable method to delete single files selectively and securely on SSD drives unless overwriting ALL the free space (which might reduce the lifespan of your SSD) after Deletion + Trim of these files. Without doing that, you will have to trust the SSD Trim operation **which in my opinion is enough**. **It is reasonable and again very unlikely that forensics will be able to restore your files after a Deletion with Trim.** In addition, most of these measures here should not be needed since your whole drive should be encrypted and therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these are just "bonus measures" for weak/unskilled adversaries. @@ -8686,7 +8627,7 @@ Consider also reading this documentation if you're going with Whonix [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties. +On Windows, macOS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties. **ExifTool is natively available on Tails and Whonix Workstation.** @@ -8740,7 +8681,7 @@ It is actually simple, just install exiftool and run: First, here is a tutorial to remove metadata from Office documents: [[Archive.org]][518]. Make sure however that you do use the latest version of Office with the latest security updates. -Alternatively, on Windows, macOS, Qubes OS, and Linux I would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties +Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties ##### ExifCleaner: @@ -8786,7 +8727,7 @@ It is actually simple, just install exiftool and run: - "Remove personal information on saving" -In addition, on Windows, macOS, Qubes OS, and Linux I would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing additional properties +In addition, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing additional properties ##### ExifCleaner: @@ -8802,9 +8743,9 @@ It is actually simple, jut install exiftool and run: #### All-in-one Tool: -Another option good tool IMHO to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]][519]) which you can use on Linux quite easily. I never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. +Another option good tool IMHO to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]][519]) which you can use on Linux quite easily. We never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. -So, I would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then use from your other VMs to analyze various files from a convenient web interface. For this see [Appendix L: Creating a mat2-web guest VM for removing metadata from files] +So, we would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then use from your other VMs to analyze various files from a convenient web interface. For this see [Appendix L: Creating a mat2-web guest VM for removing metadata from files] ![][520] @@ -8864,9 +8805,9 @@ To remove such attributes, you will have to do it manually from the terminal: (Note that Apple has removed the convenient xattr --c option that would just remove all attributes at once so you will have to do this for each attribute on each file) -**These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy (right?), and I am not aware of any convenient tool that will deal with those at the moment.** +**These attributes and entries will stick even if you clear your browser history, and this is obviously bad for privacy (right?), and we are not aware of any convenient tool that will deal with those at the moment.** -Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are set by the browsers. So, I tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the results as of the date of this guide: +Fortunately, there are some mitigations for avoiding this issue in the first place as these attributes and entries are set by the browsers. So, we tested various browsers (On macOS Catalina, Big Sur, and Monterey), and here are the results as of the date of this guide: | **Browser** | **Quarantine DB Entry** | **Quarantine File Attribute** | **Origin File Attribute** | |------------------------------|------------------------------|-------------------------------|---------------------------| @@ -8891,7 +8832,7 @@ In addition, macOS keeps various logs of mounted devices, connected devices, kno See this section of this guide for guidance on where to find and how to delete such artifacts: [[Archive.org]][294] -Many of those can be deleted using various commercial third-party tools but I would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]][522]. Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. +Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]][522]. Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. ##### Force a Trim operation after cleaning: @@ -8995,7 +8936,7 @@ Now you should clean the history within any app that you used including Browser ##### Wi-Fi History: -Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you "forgot" those in the Wi-Fi settings. As far as I know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way: +Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you "forgot" those in the Wi-Fi settings. As far as we know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way: - Launch Regedit using this tutorial: [[Archive.org]][526] @@ -9057,7 +8998,7 @@ Here are the steps for PrivaZer: - Select What you want to be cleaned (skip the shell bag part since you used the other utility for that) - - **You should just skip the free space cleaning part if using an SSD and instead just use the native Windows Optimize function (see below) which should be more than enough. I would only use this on an HDD drive.** + - **You should just skip the free space cleaning part if using an SSD and instead just use the native Windows Optimize function (see below) which should be more than enough. We would only use this on an HDD drive.** - (If you did select Free Space cleaning) Select Clean Options and make sure your type of Storage is well detected (HDD vs SSD). @@ -9065,15 +9006,15 @@ Here are the steps for PrivaZer: - If you have an SSD drive: - - Secure Overwriting Tab: I would just pick Normal Deletion + Trim (Trim itself should be enough[^342]). Secure Deletion with Trim[^339] (1 pass) might be redundant and overkill here if you intend to overwrite the free space anyway. + - Secure Overwriting Tab: We would just pick Normal Deletion + Trim (Trim itself should be enough[^342]). Secure Deletion with Trim[^339] (1 pass) might be redundant and overkill here if you intend to overwrite the free space anyway. - - Free Space Tab: Personally, and again "just to be sure", I would select Normal Cleanup which will fill the entire free space with Data. I do not really trust Smart Cleanup as it does not actually fill all the free space of the SSD with Data. But again, this is probably not needed and overkill in most cases. + - Free Space Tab: Personally, and again "just to be sure", we would select Normal Cleanup which will fill the entire free space with Data. We do not really trust Smart Cleanup as it does not actually fill all the free space of the SSD with Data. But again, this is probably not needed and overkill in most cases. - If you have an HDD drive: - - Secure Overwriting Tab: I would just pick Secure Deletion (1 pass). + - Secure Overwriting Tab: We would just pick Secure Deletion (1 pass). - - Free Space: I would just pick Smart Cleanup as there is no reason to overwrite sectors without data on an HDD drive. + - Free Space: We would just pick Smart Cleanup as there is no reason to overwrite sectors without data on an HDD drive. - Select Clean and Pick your flavor: @@ -9105,15 +9046,15 @@ Here are the steps for BleachBit: - Select any other traces you want to remove from their list - - Again, as with the earlier utility, I would not clean the free space on an SSD drive because I think the Windows native "optimize" utility is enough (see below) and that filling up the free space on a trim enabled SSD is just completely overkill and unnecessary. + - Again, as with the earlier utility, we would not clean the free space on an SSD drive because we think the Windows native "optimize" utility is enough (see below) and that filling up the free space on a trim enabled SSD is just completely overkill and unnecessary. - Click Clean and wait. This will take a while and will fill your whole free space with data on both HDD and SSD drives. ##### Force a Trim with Windows Optimize (for SSD drives): -With this Native Windows 10 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them. +With this Native Windows 10/11 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them. -Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and then Optimize again. You are done. That is probably enough in my opinion. +Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation ( [[Wikiless]][485] [[Archive.org]]). ![][501] @@ -9177,7 +9118,7 @@ Search for the page that was changed (where your profile was deleted/changed) an ### Qwant: -As far as I know, there is no readily available tool to force this, and you will have to wait for the results to get updated if there is any. If you know a way, please report this to me through the GitHub issues. +As far as we know, there is no readily available tool to force this, and you will have to wait for the results to get updated if there is any. If you know a way, please report this to us through the GitHub issues. ### Yahoo Search: @@ -9185,11 +9126,11 @@ Yes, Yahoo Search still exists but as per their help page [[Wikiless]][537] [[Archive.org]][538] +As far asWeknow, there is no way to remove information from Wikipedia articles themselves but if you just want to remove traces of your username from it (as a user that contributed), you can do so by following these steps: [[Wikiless]][537] [[Archive.org]][538] This will not remove any information about your online identities that could appear in other articles but only your own identity on Wikipedia as a user. @@ -9205,7 +9146,7 @@ You can remove pages from internet archives but **only if you own the website in As per their help page -"How can I exclude or remove my site's pages from the Wayback Machine? +"How can we exclude or remove my site's pages from the Wayback Machine? You can send an e-mail request for us to review to info@archive.org with the URL (web address) in the text of your message". @@ -9221,7 +9162,7 @@ Have a look at those websites: ## Hidden communications in plain sight: -You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure operating systems ...) can make you suspicious just by using them. Using could be the equivalent of stating openly "I have something to hide" to an observer which could then motivate some adversaries to investigate/survey you further. +You must keep in mind that using all those security measures (encryption, plausible deniability, VPN, tor, secure operating systems ...) can make you suspicious just by using them. Using could be the equivalent of stating openly "I something to hide" to an observer which could then motivate some adversaries to investigate/survey you further. So, there are other ways you could exchange or send messages online to others in case of need without disclosing your identity or establishing direct communication with them. These have been in use by various organizations for decades and can be of help if you do not want to attract attention by using secure tech while still communicating some sensitive information without attracting attention. @@ -9349,7 +9290,7 @@ Keep in mind that many countries have specific laws to compel you to reveal your # A small final editorial note: -After reading this whole guide, I hope you will have gained some additional beneficial insight about privacy and anonymity. It is clear now, in my humble opinion, that the world we live in has only a few safe harbors remaining where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references should, I hope, reveal to you how far down we are in the rabbit hole. +After reading this whole guide, we hope you will have gained some additional beneficial insight about privacy and anonymity. It is clear now, in my humble opinion, that the world we live in has only a few safe harbors remaining where one could have a reasonable expectation of privacy and even less so anonymity. Many will often say that 1984 by George Orwell was not meant to be an instruction book. Yet today this guide and its many references should, we hope, reveal to you how far down we are in the rabbit hole. You should also know that most of the digital information described in length in this guide can be forged or tampered with by a motivated adversary for any purpose. Even if you do manage to keep secrets from prying eyes, anyone can fabricate anything to fit their narrative: @@ -9473,7 +9414,7 @@ This project for instance is running several Tor Exit nodes using donations to f - Thanks to the makers of the Social Dilemma documentary **(go watch it if you did not yet)** -- Thanks to Michael Bazzell and his great OSINT books which I recommend you **buy** at +- Thanks to Michael Bazzell and his great OSINT books which we recommend you **buy** at - Thanks to Randall Munroe at XKCD for his great and insightful webcomics. @@ -9491,14 +9432,16 @@ This project for instance is running several Tor Exit nodes using donations to f # Appendix A: Windows Installation -This is the Windows 10 installation process that should be valid for any Windows 10 install within this guide. +This is the Windows 10/11 installation process that should be valid for any Windows 10/11 install within this guide. -**Windows 11 is not yet supported by this guide (but it will be in the future at some point).** +### Windows 10 (See below for Windows 11) ## Installation: DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). +- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. + - Click "Install Now" - Select "I don't have a product key" @@ -9539,7 +9482,7 @@ DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will - Start the install process -- Select the Region "United Kingdom" +- Select the Region "United States" - Skip the additional Keyboard Layout @@ -9571,6 +9514,174 @@ DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will ## Privacy Settings: +- When the install is finished, get into Settings > Go on the top left menu icon and sekect Privacy and Security + + - When the install is finished, get into Settings > Privacy and do the following: + + - General: All Off + + - Speech: Off + + - Inking and Typing: Off + + - Diagnostic: Required level at off, options on OFF, **Delete your data**, frequency set to Never + + - Activity History: all Off and Clear the history + + - Location, all Off (change button) and clear it + + - Camera: Disable it (change button) + + - Microphone: Disable it (change button) + + - Voice Activation: All Off + + - Notification: Disable it (change button) + + - Account info: Disable it (change button) + + - Contact info: Disable it (change button) + + - Calendar access: Disable it (change button) + + - Phone calls: Disable it (change button) + + - Call History: Disable it (change button) + + - E-mail: Disable it (change button) + + - Tasks: Disable it (change button) + + - Messaging: Disable it (change button) + + - Radios: Disable it (change button) + + - Other devices: Set to Off + + - Background Apps: Disable it (change button) + + - App Diagnostics: Disable it (change button) + + - Automatic file download disabled + + - Documents: Disable it (change button) + + - Pictures: Disable it (change button) + + - Videos: Disable it (change button) and set to off + + - File system: Disable it (change button) + + - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. + + - Modify the list and remove all locations. + + - Go into Advanced and click Rebuild. + + - (Host OS only) Disable Bluetooth in the settings: + + - Go into Settings + + - Go into Devices + + - Select Bluetooth and turn it off + +- (Host OS Only) Tape the Webcam and Microphone anyway for extra paranoia. + +- (Host OS Only) Go into Settings > Network & Internet > Wi-Fi and Enable Random Hardware Address. + +### Windows 11 + +## Installation: + +DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). + +- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. For this task, you can also follow this excellent tutorial by Oracle [[Archive.org]][1375] + +- Select your language, currency and keyboard layout + +- Click "Install Now" + +- (Only for VirtualBox VM Install) Push Shift and F10 at the same time + +- (Only for VirtualBox VM Install) Launch "regedit" in the command prompt + +- (Only for VirtualBox VM Install) When the Registry Editor opens, navigate to "HKEY_LOCAL_MACHINE\SYSTEM\Setup", right-click on the "Setup" key and select "New => Key". When prompted to name the key, enter "LabConfig" and press enter. + +- (Only for VirtualBox VM Install) Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" + +- Select "I don't have a product key" + +- Accept the agreement + +- Select the flavor you want: + + - Host OS: Use + + - You intend to use Plausible Deniability: Windows Home + + - You do not intend to use Plausible Deniability: Windows Pro + + - VM OS: Use Windows Pro or Windows Pro N + +- Select Custom Install + +- Storage: + + - If this is a simple OS installation (Host OS with Simple Encryption) or VM without encryption, **select the whole disk** and proceed with the installation (skip the next step). + + - If this is part of a plausible deniability encryption set up on the Host OS: + + - If you are installing Windows for the first time (Hidden OS): + + - Delete the current partitions + + - Create the First partition with at least 50GB of disk space (about a third of the total disk space). + + - Create a second partition with the remaining two-thirds of the total disk space. + + - If you are installing Windows for the second time (Decoy OS): + + - Do not Delete the current partitions + + - Install Windows on the first partition you created during the first install. + + - Proceed with the install in the first partition + +- Start the install process + +- Select the Region "United States" + +- Select the Keyboard Layout and skip a second layout + +- Select "I don't have internet" + +- Select "Continue with limited setup" + +- Create a username of your choice. + +- Use a password of your choice. + +- Select all three security questions and answer whatever you want (not real data). + +- Ddisable Location + +- Disable find my device + +- Disable optional diagnostic data + +- Only send "required diagnostic data" + +- Do not improve Inking and Typing + +- Disable the tailored experience. + +- Disable the Advertising ID + +- Click Accept + +## Privacy Settings: + - When the install is finished, get into Settings > Privacy and do the following: - General: All Off @@ -9617,21 +9728,25 @@ DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will - App Diagnostics: Disable it (change button) + - Automatic file download disabled + - Documents: Disable it (change button) + - Music Library: Disable it (change button) + - Pictures: Disable it (change button) - Videos: Disable it (change button) and set to off - File system: Disable it (change button) -- Disable File Indexing by going into the "Indexing Options" (Go into Windows 10 Control Panel, Switch the view to "Large Icons" and select Indexing Options. + - Disable File Indexing by going into the "Indexing Options" (Go into Windows 11 Control Panel, Switch the view to "Large Icons" and select Indexing Options. - Modify the list and remove all locations. - Go into Advanced and click Rebuild. -- (Host OS only) Disable Bluetooth in the settings: + - (Host OS only) Disable Bluetooth in the settings: - Go into Settings @@ -9645,15 +9760,15 @@ DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will # Appendix B: Windows Additional Privacy Settings -As written earlier in this guide and as noted by PrivacyGuides.org[^458], Windows 10 is a privacy nightmare. And disabling everything during and after the installation using the settings available to you is not enough. The amount of telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need to download and use a couple of utilities to (hopefully) force Windows 10 into not sending data back to Microsoft. +As written earlier in this guide and as noted by PrivacyGuides.org[^458], Windows 10/11 is a privacy nightmare. And disabling everything during and after the installation using the settings available to you is not enough. The amount of telemetry data collected by Microsoft is staggering and could defeat your attempts at keeping secrets. You will need to download and use a couple of utilities to (hopefully) force Windows 10/11 into not sending data back to Microsoft. Here are the steps in detail: - **DO NOT EVER USE A MICROSOFT ACCOUNT TO LOG IN: If you are, you should be re-installing this Windows Machine without connecting to a network and use a local account instead.** -> Do these steps from a different computer to not connect Windows 10 to the internet before those settings are applied. You can download and copy those to the USB key (for transfer onto a Windows 10 fresh installation) or if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable Host to Guest). +> Do these steps from a different computer to not connect Windows 10/11 to the internet before those settings are applied. You can download and copy those to the USB key (for transfer onto a Windows 10/11 fresh installation) or if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable Host to Guest). -- Download and install W10Privacy from [[Archive.org]][569] +- (For more advanced users) Download and install W10Privacy from [[Archive.org]][569] - Open the app as Administrator (right-click > more > run as administrator) @@ -9673,19 +9788,23 @@ Here are the steps in detail: - Reboot -- Also, consider using ShutUp10 from [[Archive.org]][571] +- Also, consider using ShutUp10++ from [[Archive.org]][571] - Enable at least all the recommended settings -- Go back one last time Settings > Privacy > Diagnostic and Delete all Data. +- Finally, again for users with moderate skils, consider installing Safing portmaster from [[Archive.org]][1373] (Warning there might be some issues with VPNs (see [[Archive.org]][1374] + +- Go back one last time to the settings to delete Diagnostic and Delete all Data. These measures added to the settings during installation should be hopefully sufficient to prevent Microsoft from snooping on your OS. -**You will need to update and re-run W10Privacy and WindowsSpyBlocker frequently and after any Windows update as they tend to silently re-enable telemetry using those updates.** +**You will need to update and re-run those utilities frequently and after any Windows major update as they tend to silently re-enable telemetry using those updates.** **As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See ** [[Archive.org]][572] (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) -# Appendix C: Windows Installation Media Creation +# Appendix C: Windows Installation Media Creation (Windows 10) or Download (Windows 11) + +## Windows 10 These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions: @@ -9701,12 +9820,16 @@ These are the steps to create a Windows 10 (21H1) Installation Media using this - Pick which process you want: - - If installing on a physical computer: Select USB Flash Drive + - If installing on a physical computer: Select USB Flash Drive. - If installing on a Virtual Machine: Select ISO file and save it. - Proceed +## Windows 11 + +- Go to https://www.microsoft.com/software-download/windows11 and download the ISO. + # Appendix D: Using System Rescue to securely wipe an SSD drive. These instructions are valid for all Operating Systems: @@ -9761,7 +9884,7 @@ These instructions are valid for all Operating Systems: - **If you are backing up a disk with simple Encryption, encryption of the backup is not required since you are backing up an already encrypted disk, but you can still encrypt the backup anyway if you want additional security (and slower backup).** - - **If you intend to back up a device with plausible deniability encryption, I strongly recommend against it as this backup image could be used to prove the existence of the hidden volume using forensics techniques as explained earlier. Do not make an image backup of the partition containing your hidden OS.** + - **If you intend to back up a device with plausible deniability encryption, we strongly recommend against it as this backup image could be used to prove the existence of the hidden volume using forensics techniques as explained earlier. Do not make an image backup of the partition containing your hidden OS.** - You are done, if you need to restore, follow these instructions: [[Archive.org]][583] @@ -9769,7 +9892,7 @@ Each backup could take a while depending on the speed of your laptop and the spe # Appendix F: Diskpart -Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, we will use Diskpart to show the Disk ID but also change it if necessary. +Diskpart is a Windows utility that can be used to perform various operations on your hard drive. In this case, You will use Diskpart to show the Disk ID but also change it if necessary. This could be needed if you restore a backup on a new HDD/SSD that has an ID that differs from the one backed up and Windows could refuse to boot. @@ -9799,7 +9922,7 @@ Diskpart can be run from any Windows environment using a command prompt. This in ## If you can use Tor: -This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous**[^459]**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** +This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous** [[Archive.org]][459]**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive activities. @@ -9811,7 +9934,7 @@ If you are experiencing issues connecting to Tor due to Censorship or Blocking, ## If you cannot use Tor: -Because it is too dangerous/risky/suspicious. I would recommend as a last resort using Firefox, or Brave only using Private Windows for now. +Because it is too dangerous/risky/suspicious. We would recommend as a last resort using Firefox, or Brave only using Private Windows for now. See [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option] before continuing. @@ -9823,15 +9946,15 @@ Clean all the data from the browser after each use. # Appendix H: Windows Cleaning Tools -In this guide I will recommend two-third native tools and two third-party tools: +In this guide we will recommend two-third native tools and two third-party tools: - Native Tools: - - Windows 10 Disk Cleanup Utility: [[Archive.org]][585] + - Windows 10/11 Disk Cleanup Utility: [[Archive.org]][585] -> This tool will clean up a bunch of things natively. It is not enough, and I instead recommend using the third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly itself and BleachBit will use its own mechanisms. +> This tool will clean up a bunch of things natively. It is not enough, and we instead recommend using the third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly itself and BleachBit will use its own mechanisms. -- Windows 10 Optimize Utility (Defrag on HDD Drives): [[Archive.org]][586] +- Windows 10/11 Optimize Utility (Defrag on HDD Drives): [[Archive.org]][586] (yes the tutorial is for Windows 10 but should work on 11 too) > For security, this tool is particularly useful on SSD drives at this "Optimize" function will in fact force a Disk wide Trim operation to occur. This will most likely be more than enough to make sure any deleted data that was not trimmed before for any reason will be this time. Deleted data with Trim is very unlikely to be recovered as explained before in this guide. @@ -9841,11 +9964,11 @@ In this guide I will recommend two-third native tools and two third-party tools: - The closed-source utility PrivaZer [[Archive.org]][588] -I prefer PrivaZer because it has more customization and smarter features, but I would understand if you do not trust them and prefer open-source software in which case I would recommend BleachBit which offers a bit less customization but similar functionalities. +I prefer PrivaZer because it has more customization and smarter features, but we would understand if you do not trust them and prefer open-source software in which case we would recommend BleachBit which offers a bit less customization but similar functionalities. Both these tools can be used for cleaning many things such as: -- The Windows USN journal which stores plenty of information[^460]. +- The Windows USN journal which stores plenty of information. - The Windows System Resource Usage Monitor (SRUM)[^461]. @@ -9853,7 +9976,7 @@ Both these tools can be used for cleaning many things such as: - Various logs -- The free (unallocated) space of your hard drive[^462]. +- The free (unallocated) space of your hard drive][^462]. - Secure deletion of files @@ -9863,7 +9986,7 @@ Both these utilities can delete files and can overwrite the free space after del # Appendix I: Using ShredOS to securely wipe an HDD drive: -Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]][589])) for this but I will recommend the use of ShredOS. +Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]][589])) for this but we will recommend the use of ShredOS. Feel free to go with DBAN instead if you want (using this tutorial: [[Archive.org]][590]), the process is basically the same but will not work out of the box with UEFI laptops. @@ -9871,7 +9994,7 @@ If you want to go with System-Rescue, just head to their website and follow the ## Windows: -- Download ShredOS from [[Archive.org]][591] +- Download ShredOS from [[Archive.org]][591] - Unzip the ISO file @@ -9937,7 +10060,7 @@ Unfortunately, most of these tools are Windows only. # Appendix K: Considerations for using external SSD drives -**I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, I recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).** +**I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, we recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).** Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]][235] @@ -9967,7 +10090,7 @@ It is possible Windows will detect your external SSD properly and enable Trim by ### ATA/NVMe Operations (Secure Erase/Sanitize): -**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo[^465] but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. +**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo [[Archive.org]][465] but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section. @@ -9997,11 +10120,11 @@ So, if it is supported (and enabled on your external SSD), you should be able to If your disk supports it but it is not enabled in macOS. You could try issuing a "sudo trimforce enable" command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info [[Archive.org]][606]) -If it does not work, I am not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]][607] which claims support for external drives. +If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]][607] which claims support for external drives. ### ATA/NVMe Operations (Secure Erase/Sanitize): -I am not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options: +We are not aware of any method of doing so reliably and safely on macOS. So, you will have to try one of these options: - Use a bootable System Rescue USB Linux to do it @@ -10015,7 +10138,7 @@ Download the latest Debian testing amd64 netinst ISO from [[Archive.org]][620]) that accept cash payments: Mullvad, iVPN, and Proton VPN. -In addition, I will also mention a newcomer to watch: Safing SPN [[Archive.org]][621]) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but I think was worth mentioning. +In addition, we will also mention a newcomer to watch: Safing SPN [[Archive.org]][621]) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but we think was worth mentioning. -Personally, for now, I would recommend Mullvad due to personal experience. +Personally, for now, we would recommend Mullvad due to personal experience. -**I would not recommend Proton VPN as much because they do require an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also has a tendency to require phone number verification for users who register over Tor.** +**We would not recommend Proton VPN as much because they do require an e-mail for registration unlike Mullvad, iVPN, and Safing. Proton also has a tendency to require phone number verification for users who register over Tor.** How does this work? @@ -10363,11 +10486,11 @@ In that case, my last resort recommendation is to connect safely **from a distan - Start and use the Unsafe Browser -**I would strongly recommend the use of a long-range "Yagi" type directional Antenna with a suitable USB Wi-Fi Adapter. At least this will allow you to connect to public Wi-Fis from a "safe distance" but keep in mind that triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be used during an extended period (minutes at best). See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:].** +**We would strongly recommend the use of a long-range "Yagi" type directional Antenna with a suitable USB Wi-Fi Adapter. At least this will allow you to connect to public Wi-Fis from a "safe distance" but keep in mind that triangulation by a motivated adversary is still possible with the right equipment. So, this option should not be used during an extended period (minutes at best). See [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance][Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:].** Using Tails should prevent local data leaks (such as MAC addresses or telemetry) and allow you to use a Browser to get what you want (utilities, VPN account) before leaving that place as fast as possible. -You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile environments if you want data persistence but this might be riskier. I would not risk it personally unless there was absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable VM in all cases. Never from the Host OS. +You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) instead of Tails in such hostile environments if you want data persistence but this might be riskier. We would not risk it personally unless there was absolutely no other option. If you go for this option, you will only do sensitive activities from a reversible/disposable VM in all cases. Never from the Host OS. **If you resort to this, please keep your online time as short as possible (minutes and not hours).** @@ -10385,7 +10508,7 @@ These antennas are widely available on various online shops for a cheap price (A Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently high power to use them. -**I would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]][633]**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]][634]). +**We would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]][633]**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]][634]). See this post for a comparison of various adapters: [[Archive.org]][635] (Usually those antennas are used by Penetration Testers to probe Wi-Fis from a distance and are often discussed within the scope of the Kali Linux distribution). @@ -10457,7 +10580,7 @@ Here are some guides provided by the recommended VPN providers in this guide: - Mullvad: [[Archive.org]][651] -- Whonix Workstation: Coming Soon, it is certainly possible, but I did not find a suitable and easy tutorial yet. It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. +- Whonix Workstation: Coming Soon, it is certainly possible, but we did not find a suitable and easy tutorial yet. It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. - macOS: @@ -10513,11 +10636,11 @@ The probe can be found here: [[Archive.org]][65 ## Integrity (if available): -Usually, integrity checks[^474] are done using hashes of files (usually stored within checksum files). Older files could use CRC[^475], more recently MD5[^476] but those present several weaknesses (CRC, MD5[^477]) that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts). +Usually, integrity checks[^474] are done using hashes of files (usually stored within checksum files). Older files could use CRC[^475], more recently MD5[^476] but those present several weaknesses (CRC, MD5 [^477] that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts). This is because they do not prevent Collision[^478] well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content. -For this reason, it is usually recommended to use SHA-based[^479] hashes and the most used is probably the SHA-2[^480] based SHA-256 for verifying file integrity. SHA is much more resistant to collisions[^481] than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary. +For this reason, it is usually recommended to use SHA-based [^479] hashes and the most used is probably the SHA-2[^480] based SHA-256 for verifying file integrity. SHA is much more resistant to collisions[^481] than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary. If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. Note that SHA-1 is not recommended, but is better than not having a hash to compare. @@ -10535,7 +10658,7 @@ So how to check checksums? (In this case SHA-256 but you could change to SHA-512 - Compare your result to one from a source you trust for that file -- macOS[^483]: +- macOS : - Open a Terminal @@ -10659,17 +10782,17 @@ My take on the matter is on the pragmatic side. There is still room for some AV * **Please be aware that while VirusTotal might seem very practical for scanning various files, their "privacy policy" is problematic (see ** [[Archive.org]][669]**) and states:** -"When you submit Samples to the Services, if you submit Samples to the Services, we will collect all of the information in the Sample itself and information about the act of submitting it". +"When you submit Samples to the Services, if you submit Samples to the Services, You will collect all of the information in the Sample itself and information about the act of submitting it". **So, remember that any document you submit to them will be kept, shared, and used commercially including the content. So, you should not do that with sensitive information and rely on various local AV scanners (that do not send samples online).** So, if you are in doubt: -- For non-sensitive files, I do encourage you to check any documents/images/videos/archives/programs you intend to open with VirusTotal (or other similar tools) because ... Why not? (Either by uploading or checking hashes). +- For non-sensitive files, we do encourage you to check any documents/images/videos/archives/programs you intend to open with VirusTotal (or other similar tools) because ... Why not? (Either by uploading or checking hashes). -- For sensitive files, I would recommend at least an offline unprivileged ClamAV scan of the files. +- For sensitive files, we would recommend at least an offline unprivileged ClamAV scan of the files. -For instance, this guide's PDF files were submitted to VirusTotal because it is meant to be public knowledge and I see no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check. +For instance, this guide's PDF files were submitted to VirusTotal because it is meant to be public knowledge and we see no valid argument against it. It does not guarantee the absence of malware, but it does not hurt to add this check. ### Manual Reviews: @@ -10751,7 +10874,7 @@ The situation might look desperate, but it is not necessarily the case as there There are plenty of methods you could use to bypass those restrictions locally. One of them would be to use portable apps[^502]. Those apps do not require installation on your system and can be run from a USB key or anywhere else. -**But this is not a method I would recommend.** +**But this is not a method we would recommend.** This is because those portable apps will not necessarily hide themselves (or be able to hide themselves) from the usage reports and forensic examination. This method is just too risky and will probably arise issues if noticed if you are in such a hostile environment. @@ -10759,7 +10882,7 @@ Even the most basic controls (supervision or parental) will send out detailed ap ## Bootable Live Systems: -This method is the one I would recommend in those cases. +This method is the one we would recommend in those cases. It is relatively easy for your adversary to prevent this by setting up firmware BIOS/UEFI (see [Bios/UEFI/Firmware Settings of your laptop][Bios/UEFI/Firmware Settings of your laptop:]) controls but usually most adversaries will overlook this possibility which requires more technical knowledge than just relying on Software. @@ -10779,7 +10902,7 @@ The BIOS/UEFI password on the other hand is much harder to bypass without risks. - Guess/Know the password so that you can change the boot order of your laptop without raising suspicions -- Reset the password using various methods to remove the password. **I would not recommend doing this because if your adversaries went the extra length of enabling this security feature, they probably will be suspicious if it were disabled, and this might increase suspicion and decrease your plausible deniability considerably.** +- Reset the password using various methods to remove the password. **we would not recommend doing this because if your adversaries went the extra length of enabling this security feature, they probably will be suspicious if it were disabled, and this might increase suspicion and decrease your plausible deniability considerably.** Again, this feature is usually overlooked by most unskilled/lazy adversaries and in my experience left disabled. @@ -10895,7 +11018,7 @@ Another useful resource to be considered for comparing browsers is: [[Archive.org]][680] +- Download and install Brave browser from [[Archive.org]][680] - Open Brave Browser @@ -11212,7 +11335,7 @@ macOS Only: Consider [Appendix A5: Additional browser precautions with JavaScript enabled] -That's about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App Store which you cannot do from a macOS VM. Again, I would not recommend sticking to Safari in a macOS VM but instead switching to Brave or Firefox. +That's about it. Unfortunately, you will not be able to add extensions as those will require you to sign in into the App Store which you cannot do from a macOS VM. Again, we would not recommend sticking to Safari in a macOS VM but instead switching to Brave or Firefox. ## Firefox: @@ -11540,7 +11663,7 @@ This is valid for Windows, Linux, and macOS. ![][688] -- Personally, in the case of censorship or blocking, I would recommend using Meek-Azure bridges if needed. And Snowflake bridges as a second option. +- Personally, in the case of censorship or blocking, we would recommend using Meek-Azure bridges if needed. And Snowflake bridges as a second option. ![][686] @@ -11570,9 +11693,11 @@ This is valid for Windows, Linux, and macOS. ![][690] -I would recommend the "Safer" level for most cases. The Safest level should only be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript. +We would recommend the "Safest" level by default. The "Safer" level should be enabled if you think you need access to a website not working without JavaScript. The Safest mode will most likely break many websites that rely actively on JavaScript. + +If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking. -**Optional and not recommended by the Tor Project**: If you are not using the "Safest" level, I will diverge from some but agree with others (for instance the Tails project and others[^525]) and will actually recommend some modifications of the default Tor Browser in the addition of two extensions: +**Optional and not recommended by the Tor Project**: If you are not using the "Safest" level, we will diverge from some but agree with others (for instance the Tails project and others[^525]) and will actually recommend some modifications of the default Tor Browser in the addition of two extensions: - uBlock Origin (as it is the case on Tails) while leaving the extension on the default settings: @@ -11592,7 +11717,7 @@ Now, you are really done, and you can now surf the web anonymously from your des There are many services that you might want to use (VPS hosting, mail hosting, domain names...) but require payment of some kind. -As mentioned before in this guide multiple times, I strongly recommend the use of services accepting cash (that you could send anonymously through the postal services) or Monero which you can buy and use directly and safely. +As mentioned before in this guide multiple times, we strongly recommend the use of services accepting cash (that you could send anonymously through the postal services) or Monero which you can buy and use directly and safely. But what if the service you want does not accept Monero but does accept a more mainstream cryptocurrency such as Bitcoin (BTC) or Ethereum (ETH). @@ -11684,11 +11809,11 @@ Wasabi wallet is not recommended due to censorship of transactions[^536] and vul ## When converting from BTC to Monero: -**Now, as part of any process above, if you want to convert BTC back to Monero**, I recommend not using a swapping service but instead recommend using the new Monero Atomic Swap Tool: . This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. +**Now, as part of any process above, if you want to convert BTC back to Monero**, we recommend not using a swapping service but instead recommend using the new Monero Atomic Swap Tool: . This will prevent unnecessary fees and intermediates when using a commercial swapping service. The website is self-explanatory with detailed instructions for all OSes. # Appendix A1: Recommended VPS hosting providers -I will only recommend providers that accept Monero as payment and here is my personal shortlist: +We will only recommend providers that accept Monero as payment and here is my personal shortlist: - **Njalla (my personal favorite but quite expensive, recommended by PrivacyGuides.org.** @@ -11752,7 +11877,7 @@ Watch this insightful video by Computerphile: [[Archive.org]][700]). +We will not go into too many details. Just pick one from PrivacyGuides.org ( [[Archive.org]][700]). Personally, my favorites are: @@ -11766,7 +11891,7 @@ Note that some of those have a convenient ".onion" address: - DuckDuckGo: -In the end, I am often not satisfied with the results of both those search engines and still end up on Bing or Google. +In the end, we were often not satisfied with the results of both those search engines and still ended up on Bing or Google. # Appendix A4: Counteracting Forensic Linguistics @@ -11880,7 +12005,7 @@ Finally, and optionally, add some salt by purposefully adding some mistakes to y First decide upon a list of words that you frequently do not misspell, maybe the words "grammatical", "symbol", and "pronounced" (this list should include more words). **Do not use an AutoCorrect automatic replace option for this as it might correct when it does not make sense.** Instead, use Search and Replace and do this manually for each word. **Do not use "Replace All" either and review each change.** This is just the first step, for providing misinformation against linguistic fingerprinting. -Next, find a list of words that you commonly use in your writing. Let us say that I love to use contractions when I write, maybe I always use words such as: "can't", "don't", "shouldn't", "won't", or "let's". Well, maybe go into LibreWriter and use "Search and Replace" to replace all contractions with the full versions of the words ("can't" > "cannot", "don't" > "do not", "shouldn't" > "should not", "won't" > "will not", "let's" > "let us"). This can make a large difference in your writing and give a difference in how people and most importantly your adversaries perceive you. You can change most words to be different, as an example you can change "huge" to "large". Just make sure these words fit with your identity. +Next, find a list of words that you commonly use in your writing. Let us say that we love to use contractions when wew rite, maybe we always use words such as: "can't", "don't", "shouldn't", "won't", or "let's". Well, maybe go into LibreWriter and use "Search and Replace" to replace all contractions with the full versions of the words ("can't" > "cannot", "don't" > "do not", "shouldn't" > "should not", "won't" > "will not", "let's" > "let us"). This can make a large difference in your writing and give a difference in how people and most importantly your adversaries perceive you. You can change most words to be different, as an example you can change "huge" to "large". Just make sure these words fit with your identity. Now, consider changing your words choices to fit a geographic location. Maybe you live in the US, and you want to give the impression that your identity is from the UK. For example, you can make use of location-based spelling and lexicon. This is risky, and one mistake can give it away. @@ -11908,7 +12033,7 @@ You might also consider the use of something like AnonyMouth [[Wikiless]][707] [[Archive.org]][708]: Gives a brief overview of Stylometry. -- [[Wikiless]][709] [[Archive.org]][710]: I would recommend reading this, quite informative. +- [[Wikiless]][709] [[Archive.org]][710]: We would recommend reading this, quite informative. - [[Wikiless]][711] [[Archive.org]][712]: Read through this as well if you are interested in this topic. @@ -11920,11 +12045,11 @@ You might also consider the use of something like AnonyMouth [[Wikiless]][718] [[Archive.org]][719]: May have an IQ of 167, but he was caught primarily based on forensic linguistics. -- [[Archive.org]][720]: Explains how your writing style can be used to track you, I highly recommend reading through these slides, or watching the accompanying presentation on YouTube. +- [[Archive.org]][720]: Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube. -- [[Archive.org]][721]: Explains how your writing style can be used to track you, I highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. +- [[Archive.org]][721]: Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. -- [[Archive.org]][722]: This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. I would advise reading the slides or watching the presentation on YouTube. +- [[Archive.org]][722]: This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. We would advise reading the slides or watching the presentation on YouTube. # Appendix A5: Additional browser precautions with JavaScript enabled @@ -11934,11 +12059,11 @@ These recommendations are similar to the ones at the beginning of the guide and - For YouTube links, use an Invidious instance ( [[Archive.org]][29]) - - I recommend [https://yewtu.be] + - We recommend [https://yewtu.be] - For Twitter links, use a Nitter instance ( [[Archive.org]][30]) - - I recommend [https://nitter.net] + - We recommend [https://nitter.net] - For Wikipedia links, use a Wikiless instance ( [[Archive.org]][31]) @@ -11974,11 +12099,11 @@ Offline versions (best format for the best readability) of this guide at: - PDF: [[Archive.org]][726] [[Tor Mirror]][727] -- OpenDocument Text (ODT) version at: [[Archive.org]][732] [[Tor Mirror]][733] +- OpenDocument Text (ODT) version at: [[Archive.org]][732] [[Tor Mirror]][733] **(currently outdated, please use the online version)** # Appendix A7: Comparing versions -If you want to compare an older version of the PDF with a newer version, consider these online tools (note that I do not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public): +If you want to compare an older version of the PDF with a newer version, consider these online tools (note that we do not endorse those tools in relation to their privacy policies, but it should not matter since these PDFs are public): - @@ -12690,8 +12815,6 @@ You can find some introduction on these on these projects: [^273]: Wikipedia, National Security Letter [[Wikiless]][1079] [[Archive.org]][1080] -[^274]: TechCrunch, Proton logged IP address of French activist after order by Swiss authorities [[Archive.org]][1081] - [^275]: ArsTechnica, VPN servers seized by Ukrainian authorities weren't encrypted [[Archive.org]][1082] [^276]: BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement [[Archive.org]][1083] @@ -12710,8 +12833,6 @@ You can find some introduction on these on these projects: [^283]: Wikipedia, Warrant Canary [[Wikiless]][1090] [[Archive.org]][1091] -[^284]: Washington Post, The intelligence coup of the century [[Archive.org]][1092] - [^285]: Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices [[Archive.org]][1093] [^286]: Wikipedia, Das Leben der Anderen [[Wikiless]][1094] [[Archive.org]][1095] @@ -12826,7 +12947,7 @@ You can find some introduction on these on these projects: [^341]: Veracrypt Documentation, Rescue Disk [[Archive.org]][1147] -[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]][1148] +[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]][1148] [^343]: WindowsCentral, Trim Tutorial [[Archive.org]][1149] @@ -13076,7 +13197,7 @@ You can find some introduction on these on these projects: [^466]: Wikipedia, Faraday Cage, [[Wikiless]][1287] [[Archive.org]][1288] -[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]][1289] +[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]][1289] [^468]: arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning [[Archive.org]][1290] @@ -13548,7 +13669,7 @@ You can find some introduction on these on these projects: [56]: media/image6.jpeg [57]: https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/ [58]: https://wikiless.org/wiki/Radio-frequency_identification - [59]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Radio-frequency_identification + [59]: https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification [60]: https://web.archive.org/web/http://rfpose.csail.mit.edu/ [61]: https://yewtu.be/watch?v=HgDdaMy8KNE [62]: https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you @@ -13585,7 +13706,7 @@ You can find some introduction on these on these projects: [93]: https://web.archive.org/web/https://mediasonar.com/ [94]: https://web.archive.org/web/https://www.typingdna.com/ [95]: https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1 - [96]: https://web.archive.org/web/https://www.sciencedirect.com/science/article/pii/S1877042811013747/pdf?md5=253d8f1bb615d5dee195d353dc077d46&pid=1-s2.0-S1877042811013747-main.pdf + [96]: https://archive.ph/iuowI [97]: https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis [98]: https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks [99]: https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2 @@ -13755,7 +13876,6 @@ You can find some introduction on these on these projects: [262]: https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense [263]: https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks [264]: https://web.archive.org/web/https://github.com/0xPoly/Centry - [265]: https://web.archive.org/web/https://github.com/AnonymousPlanet/Centry [266]: https://web.archive.org/web/https://github.com/hephaest0s/usbkill [267]: https://web.archive.org/web/https://github.com/Lvl4Sword/Killer [268]: https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks @@ -13921,26 +14041,20 @@ You can find some introduction on these on these projects: [419]: https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280 [420]: https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html [421]: https://web.archive.org/web/https://www.binance.com/en/terms - [422]: https://web.archive.org/web/https://briarproject.org/privacy-policy/ [423]: https://web.archive.org/web/https://discord.com/terms [424]: https://web.archive.org/web/https://element.io/terms-of-service [425]: https://web.archive.org/web/https://www.facebook.com/terms.php [426]: https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service [427]: https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/ [428]: https://web.archive.org/web/https://policies.google.com/terms - [429]: https://web.archive.org/web/https://www.ycombinator.com/legal/ [430]: https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp [431]: https://web.archive.org/web/https://jami.net/privacy-policy/ - [432]: https://web.archive.org/web/https://www.ivpn.net/tos/ [433]: https://web.archive.org/web/https://www.kraken.com/legal [434]: https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement [435]: https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f [436]: https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/ - [437]: https://web.archive.org/web/https://mullvad.net/en/help/terms-service/ - [438]: https://web.archive.org/web/https://njal.la/tos/ [439]: https://web.archive.org/web/https://onlyfans.com/terms [440]: https://web.archive.org/web/https://proton.me/legal/terms - [441]: https://web.archive.org/web/https://protonvpn.com/terms-and-conditions [442]: https://web.archive.org/web/https://www.redditinc.com/policies [443]: https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/ [444]: https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/ @@ -14093,7 +14207,7 @@ You can find some introduction on these on these projects: [588]: https://web.archive.org/web/https://privazer.com/ [589]: https://web.archive.org/web/https://www.system-rescue.org/ [590]: https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148 - [591]: https://web.archive.org/web/https://github.com/PartialVolume/shredos.2020.02 + [591]: https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64 [592]: https://web.archive.org/web/https://rufus.ie/ [593]: https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information [594]: https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/ @@ -14230,15 +14344,10 @@ You can find some introduction on these on these projects: [https://nitter.net]: https://nitter.fdn.fr [723]: https://web.archive.org/web/https://github.com/spikecodes/libreddit [724]: https://web.archive.org/web/https://simplytranslate.org/ - [725]: https://mirror.anonymousplanet-ng.org/export/guide.pdf [726]: https://web.archive.org/web/https://anonymousplanet-ng.org/export/guide.pdf [727]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf - [728]: https://mirror.anonymousplanet-ng.org/export/guide-dark.pdf - [729]: https://web.archive.org/web/https://anonymousplanet-ng.org/export/guide-dark.pdf - [730]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/export/guide-dark.pdf - [731]: https://mirror.anonymousplanet-ng.org/export/guide.odt [732]: https://web.archive.org/web/https://anonymousplanet-ng.org/export/guide.odt - [733]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/export/guide.odt + [733]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.odt [734]: https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html [735]: https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing [736]: https://yewtu.be/watch?v=H33ggs7bh8M @@ -14599,7 +14708,6 @@ You can find some introduction on these on these projects: [1089]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit [1090]: https://wikiless.org/wiki/Warrant_canary [1091]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary - [1092]: https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ [1093]: https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432 [1094]: https://wikiless.org/wiki/The_Lives_of_Others [1095]: https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others @@ -14879,4 +14987,8 @@ You can find some introduction on these on these projects: [1369]: https://web.archive.org/web/20220327075818/https://research.oxt.me/alerts/2020/08/21/Wasabi-Wallet [1370]: https://web.archive.org/web/20220510172742/https://docs.samourai.io/whirlpool/start [1371]: https://web.archive.org/web/https://positive.security/blog/video-depixelation - + [1372]: https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/ + [1373]: https://web.archive.org/web/https://safing.io/portmaster/ + [1374]: https://web.archive.org/web/https://safing.io/portmaster/https://docs.safing.io/portmaster/install/status/vpn-compatibility + [1375]: https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox + [1376]: https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16