This is a maintained guide with the aim of providing introduction to various online tracking techniques, online id verification techniques and guidance to creating and maintaining anonymous online identities including social media accounts safely and legally.It is written with hope for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed/censored anywhere! No prerequisites besides basic knowledge of English and technology and some common acronyms regarding technology.
Author(s): AnonymousPlanet
Edition: 1.0.1
Publisher: AnonymousPlanet
Year: 2021
Language: English
Pages: 236
Tags: Privacy, Anonymity
Requirements:
Introduction:
Understanding some basics of how some information can lead back to you and how to mitigate some:
Your Network:
Your IP address:
Your DNS and IP requests:
Your RFID enabled devices:
The Wi-Fis and Bluetooth devices around you:
Malicious/Rogue Wi-Fi Access Points:
Your Anonymized Tor/VPN traffic:
Some Devices can be tracked even when offline:
Your Hardware Identifiers:
Your IMEI and IMSI (and by extension, your phone number):
Your Wi-Fi or Ethernet MAC address:
Your Bluetooth MAC address:
Your CPU:
Your Operating Systems and Apps telemetry services:
Your Smart devices in general:
Yourself:
Your Metadata including your Geo-Location:
Your Digital Fingerprint, Footprint, and Online Behavior:
Your Clues about your Real Life and OSINT:
Your Face, Voice, Biometrics and Pictures:
Phishing and Social Engineering:
Malware, exploits, and viruses:
Malware in your files/documents/e-mails:
Malware and Exploits in your apps and services:
Malicious USB devices:
Malware and backdoors in your Hardware Firmware and Operating System:
Your files, documents, pictures, and videos:
Properties and Metadata:
Watermarking:
Pictures/Videos/Audio:
Printing Watermarking:
Pixelized or Blurred Information:
Your Crypto currencies transactions:
Your Cloud backups/sync services:
Your Browser and Device Fingerprints:
Local Data Leaks and Forensics:
Bad Cryptography:
No logging but logging anyway policies:
Some Advanced targeted techniques:
Some bonus resources:
Notes:
General Preparations:
Picking your route:
Timing limitations:
Budget/Material limitations:
Skills:
Adversaries (threats):
Steps for all routes:
Get used to use better passwords:
Get an anonymous Phone number:
Physical Burner Phone and prepaid SIM card:
Get a burner phone:
Get an anonymous pre-paid SIM card:
Online Phone Number (less recommended):
Get an USB key:
Find some safe places with decent public Wi-Fi:
The Tails route:
Persistent Plausible Deniability using Whonix within Tails:
First Run:
Subsequent Runs:
Steps for all other routes:
Get a dedicated laptop for your sensitive activities:
Some laptop recommendations:
Bios/UEFI/Firmware Settings of your laptop:
PC:
About Secure boot:
Mac:
Physically Tamper protect your laptop:
The Whonix route:
Picking your Host OS (the OS installed on your laptop):
Threats with encryption:
The 5$ Wrench:
Evil-Maid Attack:
Cold-Boot Attack:
About Sleep, Hibernation and Shutdown:
Local Data Leaks (traces) and forensics examination:
Windows:
MacOS:
Linux:
Online Data Leaks:
Conclusion:
Linux Host OS:
Full disk encryption:
Reject/Disable any telemetry:
Disable anything unnecessary:
Hibernation:
Enable MAC address randomization:
Hardening Linux:
Setting up a safe Browser:
MacOS Host OS:
During the install:
Hardening MacOS:
Enable Firmware password with “disable-reset-capability” option:
Enable Hibernation instead of sleep:
Disable unnecessary services:
Prevent Apple OCSP calls:
Enable Full Disk encryption (Filevault):
MAC Address Randomization:
Setting up a safe Browser:
Windows Host OS:
Installation:
Enable MAC address randomization:
Setting up a safe Browser:
Enable some additional privacy settings on your Host OS:
Windows Host OS encryption:
If you intend to use system-wide plausible deniability:
If you do not intend to use system-wide plausible deniability:
Enable Hibernation (optional):
Deciding which sub-route you will take:
Route A and B: Simple Encryption using Veracrypt (Windows tutorial)
Route B: Plausible Deniability Encryption with a Hidden OS (Windows only)
Step 1: Create a Windows 10 install USB key
Step 2: Boot the USB key and start the Windows 10 install process (Hidden OS)
Step 3: Privacy Settings (Hidden OS)
Step 4: Veracrypt installation and encryption process start (Hidden OS)
Step 5: Reboot and boot the USB key and start the Windows 10 install process again (Decoy OS)
Step 6: Privacy settings (Decoy OS)
Step 7: Veracrypt installation and encryption process start (Decoy OS)
Step 8: Test your setup (Boot in Both)
Step 9: Changing the decoy data on your Outer Volume safely
Step 10: Leave some forensics evidence of your outer Volume (with the decoy Data) within your Decoy OS
Notes:
Virtualbox on your Host OS:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Get an anonymous VPN/Proxy:
Whonix:
A note on Virtualbox Snapshots:
Download Virtualbox and Whonix utilities:
Virtualbox Hardening recommendations:
Tor over VPN:
Whonix Virtual Machines:
Pick your guest workstation Virtual Machine:
If you can use Tor:
If you cannot use Tor:
Linux Virtual Machine (Whonix or Linux):
Whonix Workstation (recommended and preferred):
Linux (any distro):
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Windows 10 Virtual Machine:
Windows 10 ISO download:
If you can use Tor (natively or over a VPN):
Install:
Network Settings:
Choose a browser within the VM:
If you cannot use Tor:
Install:
Network Settings:
Choose a browser within the VM:
Additional Privacy settings in Windows 10:
Android Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
MacOS Virtual Machine:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
Hardening MacOS:
KeepassXC:
VPN client installation (cash/Monero paid):
About VPN Client Data Mining/Leaks:
(Optional) Allowing only the VMs to access the internet while cutting off the Host OS to prevent any leak:
The Lazy Way (not supported by Whonix but it will work if you are in a hurry, see further for the better way):
Configuration of the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
MacOS Host OS:
The Better Way (recommended):
Installing XUbuntu VM:
Configuring the Whonix Gateway VM:
Configuration of the Host OS:
Windows Host OS:
Linux Host OS:
MacOS Host OS:
The best way:
Configuration of the Host OS:
Configuring the Whonix Gateway VM:
Installing XUbuntu VM:
Additional configuration the Whonix Gateway VM:
Final step:
The Qubes Route:
Pick your connectivity method:
Tor only:
VPN/Proxy over Tor:
Tor over VPN:
VPN only:
No VPN/Tor:
Conclusion:
Get an anonymous VPN/Proxy:
Installation:
Lid Closure Behavior:
Connect to a Public Wi-Fi:
Update Qubes OS:
Hardening Qubes OS:
Application Sandboxing:
AppArmor:
SELinux:
Setup the VPN ProxyVM:
Create the ProxyVM:
Download the VPN configuration from your cash/Monero paid VPN provider:
If you can use Tor:
If you cannot use Tor:
Configure the ProxyVM:
VPN over Tor:
Setup a disposable Browser Qube for VPN over Tor use:
Tor Over VPN:
Any other combination? (VPN over Tor over VPN for instance)
Setup a safe Browser within Qubes OS (optional but recommended):
Fedora Disposable VM:
Whonix Disposable VM:
Setup an Android VM:
If you can use Tor (natively or over a VPN):
If you cannot use Tor:
Installation:
KeePassXC:
Creating your anonymous online identities:
Understanding the methods used to prevent anonymity and verify identity:
Captchas:
Phone verification:
E-Mail verification:
User details checking:
Proof of ID verification:
IP Filters:
Browser and Device Fingerprinting:
Human interaction:
User Moderation:
Behavioral Analysis:
Financial transactions:
Sign-in with some platform:
Live Face recognition and biometrics (again):
Manual reviews:
Getting Online:
Creating new identities:
The Real-Name System:
About paid services:
Overview:
Amazon:
Apple:
Briar:
Discord:
Element:
Facebook:
GitHub:
GitLab:
Google:
HackerNews:
Instagram:
Jami:
iVPN:
LinkedIn:
MailFence:
Medium:
Microsoft:
Mullvad:
Njalla:
OnionShare:
ProtonMail:
ProtonVPN:
Reddit:
Slashdot:
Telegram:
Tutanota:
Twitter:
Twitch:
WhatsApp:
4chan:
Crypto Wallets:
What about those mobile only apps (WhatsApp/Signal)?
Anything else:
How to share files or chat anonymously:
End-to-end Encryption:
Roll your own crypto:
Forward Secrecy:
Zero-Access Encryption at rest:
Metadata Protection:
Open-Source:
Comparison:
Conclusion:
Redacting Documents/Pictures/Videos/Audio safely:
Communicating sensitive information to various known organizations:
Maintenance tasks:
Backing-up your work securely:
Offline Backups:
Selected Files Backups:
Requirements:
Veracrypt:
Normal File containers:
Hidden File containers with plausible deniability:
Full Disk/System Backups:
Requirements:
Some general warnings and considerations:
Linux:
Ubuntu (or any other distro of choice):
QubesOS:
Windows:
MacOS:
Online Backups:
Files:
Self-hosting:
Cloud-hosting:
Information:
Synchronizing your files between devices Online:
Covering your tracks:
Understanding HDD vs SSD:
Wear-Leveling.
Trim Operations:
Garbage Collection:
Conclusion:
How to securely wipe your whole Laptop/Drives if you want to erase everything:
Linux (all versions including Qubes OS):
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
Windows:
System/Internal SSD:
External SSD:
Internal/System HDD:
External/Secondary HDD and Thumb Drives:
MacOS:
System/Internal SSD:
External SSD:
External HDD and Thumb Drives:
How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:
Windows:
System/Internal SSD drive:
Internal/External HDD or a USB Thumb Drive:
External SSD drive:
Linux (non Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
Linux (Qubes OS):
System/Internal SSD drive:
Internal/External HDD drive or a Thumb Drive:
External SSD drive:
MacOS:
System/Internal SSD drive:
System/Internal, External HDD drive or a Thumb Drive:
External SSD drive:
Some additional measures against forensics:
Removing Metadata from Files/Documents/Pictures:
Pictures and videos:
ExifCleaner:
ExifTool:
Windows Native tool:
Cloaking/Obfuscating to prevent picture recognition:
PDF Documents:
PDFParanoia (Linux/Windows/MacOS/QubesOS):
ExifCleaner (Linux/Windows/MacOS/QubesOS):
ExifTool (Linux/Windows/MacOS/QubesOS):
MS Office Documents:
ExifCleaner:
ExifTool:
LibreOffice Documents:
ExifCleaner:
ExifTool:
All-in-one Tool:
Tails:
Whonix:
MacOS:
Guest OS:
Host OS:
Quarantine Database (used by Gatekeeper and XProtect):
Various Artifacts:
Force a Trim operation after cleaning:
Linux (Qubes OS):
Linux (non-Qubes):
Guest OS:
Host OS:
Windows:
Guest OS:
Host OS:
Diagnostic Data and Telemetry:
Event logs:
Veracrypt History:
Browser History:
Wi-Fi History:
Shellbags:
Extra Tools Cleaning:
PrivaZer:
BleachBit:
Force a Trim with Windows Optimize (for SSD drives):
Removing some traces of your identities on search engines and various platforms:
Google:
Bing:
DuckDuckGo:
Yandex:
Qwant:
Yahoo Search:
Baidu:
Wikipedia:
Archive.today:
Internet Archive:
Some low-tech old-school tricks:
Hidden communications in plain sight:
How to spot if someone has been searching your stuff:
Some last OPSEC thoughts:
If you think you got burned:
If you have some time:
If you have no time:
A small final editorial note:
Donations:
Helping others staying anonymous:
Acknowledgements:
Appendix A: Windows Installation
Installation:
Privacy Settings:
Appendix B: Windows Additional Privacy Settings
Appendix C: Windows Installation Media Creation
Appendix D: Using System Rescue to securely wipe an SSD drive.
Appendix E: Clonezilla
Appendix F: Diskpart
Appendix G: Safe Browser on the Host OS
If you can use Tor:
If you cannot use Tor:
Appendix H: Windows Cleaning Tools
Appendix I: Using ShredOS to securely wipe an HDD drive:
Windows:
Linux:
Appendix J: Manufacturer tools for Wiping HDD and SSD drives:
Tools that provide a boot disk for wiping from boot:
Tools that provide only support from running OS (for external drives).
Appendix K: Considerations for using external SSD drives
Windows:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Linux:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
MacOS:
Trim Support:
ATA/NVMe Operations (Secure Erase/Sanitize):
Appendix L: Creating a mat2-web guest VM for removing metadata from files
Appendix M: BIOS/UEFI options to wipe disks in various Brands
Appendix N: Warning about smartphones and smart devices
Appendix O: Get an anonymous VPN/Proxy
Cash/Monero-Paid VPN (preferred):
Self-hosted VPN/Proxy on a Monero/Cash-paid VPS (for skilled users familiar with Linux):
VPN VPS:
Socks Proxy VPS:
Linux/MacOS:
Windows:
Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option
Appendix Q: Using long range Antenna to connect to Public Wi-Fis from a safe distance:
Appendix R: Installing a VPN on your VM or Host OS.
Appendix S: Check your network for surveillance/censorship using OONI
Appendix T: Checking files for malware
Integrity (if available):
Authenticity (if available):
Security (checking for actual malware):
Anti-Virus Software:
Manual Reviews:
PDF files:
Other type of files:
Appendix U: How to bypass (some) local restrictions on supervised computers
Portable Apps:
Bootable Live Systems:
Precautions:
Appendix V: What browser to use in your Guest VM/Disposable VM
Appendix W: Virtualization
Appendix X: Using Tor bridges in hostile environments
Appendix Y: Windows AME download and installation
Download:
Installation:
Appendix Z: Paying anonymously online with BTC
Appendix A1: Recommended VPS hosting providers
Appendix A2: Guidelines for passwords and passphrases
Monero Disclaimer
