yuo can do anything in teh terminal (´￢`)

I want to share my methods of invincibility on the internet

How to behave anonymously and safely so that not even interpol can do anything.
I will list whatever is necessary to operate safely and explain my solutions.

It is my personal digital anarchist recollection of lifetime of knowledge.
I might be wrong sometimes somewhere or things might be personal.

I will categorize them into:

1. Intro: Glossary

2. Intro: Windows, Mac, Android etc.
2.1. Why they are not safe
2.2. Safe operating systems: Linux or BSD - installation

3. Basics: Securing your secrets with encryption
4. Basics: Picking a password
5. Basics: How to decide whether a program is safe?
6. Basics: How to decide whether my action is safe?

7. Programs: Browsers and search engines
8. Programs: Alternatives for common Windows programs
9. Programs Password managers
10. Programs: Booting up ISOs with "Ventoy"
11. Programs: Easy backups with "Clonezilla"

12. Anonymity basics: Signing and encrypting messages and files with PGP
13. Anonymity basics: Identity trace
13.1. Your historical trace
13.2. How to cut off your identity traces
13.3. How to manage multiple identities
14. Anonymity basics: TOR
15. Anonymity basics: secure communication

16. Anonymity advanced: timestamping your key strokes in real time on a website
17. Anonymity advanced: electromagnetic waves record in your audio
18. Anonymity advanced: what your writing says about you and how it can identify you
19. Anonymity advanced: Tails and Whonix
20. Anonymity advanced: darknet communities
21. Anonymity advanced: receiving and sending monetary value
22. Anonymity advanced: trade
23. Anonymity advanced: quick tips - torsocks
24. Anonymity advanced: hosting darknet sites
25. Anonymity advanced: EXIF

26. Law: How to comply to an absolute minimum?
27. Law: What to do when they demand decryption?

28. Extra: open discussion on what VPN to pick
29. Extra: Phone tracking, triangulation, always pinging towers and timestamp correlations, bluetooth and mac address while device is off

30. Others

I have not finished it yet, I was in Pure Land and did not manage to finish.

1. Intro: Glossary

1. OPEN SOURCE: Source refers to the code, and open refers to it being public and before compilation. You are able to review the code in a way that you can learn everything it does with nothing hidden. Open source code is in human-readable form and it essentially is an instruction for the computer how to assemble the program during compilation. Because it is just blueprints - it cannot work just yet, you need to compile it.

2. COMPILATION: Act of turning open source "blueprints" into the actual finished functional build (program) on your machine. (EXTRA: Compilation only goes one way so if you need to compile this thing again or review the code again you need to keep the source code.)

3. BIOS: Is the software on your motherboard itself which in principle serves to detect and gather all parts of your machine to work together. It also detects your hard drive storage (like SSDs, HDDs, USB drives etc.) and decides which of them to use to start up a bootloader and after everything goes good it passes all further control to the bootloader it selected (EXTRA: You can select which device to boot up yourself, usually you need to press F11 before system loading and select your device or choice, you can also enter BIOS settings and change defaults and select which device should be automatically booted up each time)

4. BOOTLOADER: When you have a hard drive with a working operating system - the bootloader is the first set of instructions on how to actually load up your system. In most bootloaders you can also set parameters. It also has great capability for protecting your system from people who capture your disk to enter your system. It is like genkan before your operating system. (EXTRA: You can also encrypt the whole operating system so that nobody unauthorized can use it, instructed in later articles)

5. OPERATING SYSTEM: self explanatory. It is the actual system that you are going to use like Linux, BSD, Temple, Windows, MS-DOS etc. with everything ready.

6. PARTITION: Every persistent storage drive (SSD, HDD, USB, CD etc.) is split into parts that separate things and depending on the format have different properties. (Your bootloader is one partition, your system is another for example. USB drives tend to have only one partition but you can split them however you want but that is a lengthy topic in itself)

7. ROOT: Is what on Linux they call admin. There is one root user on each Linux system who has all permissions. (It is a lengthy topic too, but in short on Linux when you use your regular account you can authenticate as root too (most common solution is "sudo" command) - don't worry, but it is quite long to explain everything, I will only mention whatver is relevant for each topic in appropriate chapters)

8. ROOT PARTITION: Is the partition where your root user lives, vulgar name for the system partition. (It is assigned "/" location in Linux as the most fundamental location on the system)

9. GUI - Graphical User Interface. Basically a program that you can interact with something more than pure keyboard text. So it includes icons, lists, checkboxes etc. instead of just text.

10. CLI - Command Line Interface. You interact with the terminal in order to perform tasks that are not exclusively typing the whole commands but also selecting things, clicking, scrolling, multi-step menus and so on.

11. STRING - A series of characters. Usually human readable text. String is a fancy word for "name" or "text" in most cases.

12. Binary (plural: binaries) - Code in its binary form (1s and 0s that the computer understands). Binary is the ready code you receive after compilation. You cannot turn a binary back into text code (like java, C++ etc). Executable code. Binary and binaries can be used interchangably, some people call it one way or another but in a vulgar way they mean the same thing.

2. Intro: Windows, Mac, Android etc.

2.1. Why they are not safe

Windows and Mac (but also others like Chrome OS or Android*) are:

1. NOT OPEN SOURCE and nobody can know what they actually do. The amount of weird things that these systems do without any respect to the user. Actions which the user did not ask for, who is not aware of it, actions that are shrouded in mystery and never fully explained to the user what is going on creates a severe suspicion. These corporations do not disclose what information they collect in mandatory telemetry or what they do to your device (usually under the excuse of trade secrects) and users are never let known what is going on because things this fishy in such scale would scare them off and create losses for them and it incentivizes secrecy on their part. Any and all information that they gather from their users can be held and kept in their servers forever. They usually keep track of your entire person while you use your device, collect it and sell it off to advertisers. Their "partners" buy the raw data about users and process it for advertisers and statistics to anyone willing to pay. These information packages can be bought by all ordinary people, and by the law enforcement. Law enforcement is proven to be a major customer - they use it to reduce suspect pools or gain more certainty that they found their target (when their suspect happens to share interests as that one person from that data set who also happens to live in the same town as you, who has the same buying patterns as you, who has the same search history as you): the police use them to advance their probable cause and it can and will be used to persuade a judge to sign a search warrant more easily. When you are a target it will harm you. Especially that Microsoft is taking screenshots with their AI of all screens of their users using Recall (you cannot remove Recall without breaking your entire system). Apple also hoards data of their users just about as bad if not worse than Facebook. No proprietary software is safe in current times - if it is not open source then assume the worst.

2. THEY HAVE THE ULTIMATE CONTROL OVER YOUR DEVICE. It most visibly manifests by mandatory and automatic updates that occur in the background without your consent or even despite it entirely. Windows installed AI tools like Copilot and Recall without anyone's consent. They also added AI functionality to Windows image viewer, imagine clicking it while watching CP (assuming it is not on 24/7). Updates that Windows forces on everyone revert people's configuration files after they had ran community-made scripts serving the sole purpose of removing unnecessary and scary things on Windows and Microsoft does it without disclosing the fact they tamper with your settings. This is a proof that they can install whatever and see whatever like a regular RAT, they may and will revert your settings, they always can bypass your security.

3. THEY MANDATE AI. You cannot escape AI that Windows released: Copilot and Recall. Copilot possibly listens to everything you say and sends it to Microsoft servers for analysis in a stealthy way (possibly converting your words first to text and so saving on packet size). Recall blatantly says it is a feature that it takes screenshots of whatever you are doing with pride, and that AI processes each image and learns what is going on there - so that you can ask Recall to recall for you something that you were doing but I doubt they would just lend you their computing power forever for free. They claim it is only local but I would not trust them. All AI integrations are ultimately data mining sources. If you are in the EU you can receive one extra year of Windows 10 security updates on the condition that you upload ALL your files to their cloud service, and they are known to scan it - almost certainly an AI data mining for desperate people to use these poor guys twice - once with going through all their files like burglars, and one year later with making them switch anyway. Cruel.

4. THEY MAY LEAVE SECURITY LOOPHOLES ON PURPOSE. We cannot read the code and check anything. Windows has its own encryption program called BitLocker. It is very probable that BitLocker keys are also sent to Microsoft severs because I remember that I could not find BitLocker option (as if it never existed) when I was offline during internet outage and I found it fishy. Regardless, they probably keep that key in some way and send it to their servers whenever we go back online but we cannot know. I can only suspect that they get the key this way and in case they would want to decrypt stuff on your device they can identify your device (mac address). Do not trust companies who are oriented towards profit with keeping your secrets. They will comply with the state and parrot everything on an industrial scale because their company is worth more than your 50$ license - they will not pay huge fines for their users' privacy, they can get a 1000 new users in your place when you go to jail and they will not miss you. It is safest to assume that any proprietary encryption and signing tools are guilty until proven innocent, that they have a vulnerability or that they are stolen in such dirty way as I suspect Microsoft to do. It certainly applies to Apple products and Android and anything else of that nature. As another argument: open source projects like LUKS (most common Linux encryption solution) where millions of people made sure everything is correct and secure are put under much more quality tests than probably an underfunded 20 guy team at Microsoft who are the only people who can read that Windows code and don't care about anything but salary and not getting fired, they will not care about quality of their code as much as their income source. If you have to use Windows/MacOS/Android or whatever and encrypt something - please at least use tools that are not fishy. Even Winrar password protection is much better encryption software than any of the above because they do not send that password back to their servers.
2.2. Safe operating systems: Linux or BSD - installation

There are solutions to escape surveillance and they are relatively easy. They usually require you to download the system, flash it to your spare USB drive, and just follow the nanny instructions until done.

How to go about it:
1. Consult your needs - whether you are new or advanced, whether you want to optimize or just run a system, make sure that your computer can handle that system etc. Once you know what you want you want and how much effort you are willing to sacrifice you can go to the next step.
2. Research what systems match your needs - for new Windows refugees Linux Mint is a good solution (very solid, stable and well maintained, minimal learning needed). Make sure your processor architecture can handle the system (if you don't know which installation file to pick - picking the default/top listing will 99% of times be the correct one). If you have an ancient device or very weak hardware - make sure to use light system and light solutions.
3. Download and begin the installation - go to youtube and follow a tutorial exactly as shown and it will work 99.9% of times. If you want to go with something complex like Gentoo as your first - rethink it bacause you might fail and suffer for a very long time.
4. Once installed you can custimize it as you wish. Make sure you learn to do backups! You will suffer a data loss sonner or later. Linux is not a nanny and it will allow you to destroy system files - so make sure you keep a copy of your stuff before you fully move from Windows/MacOS to your new system. I will later talk about how to do braindead complexity backups.
5. Enjoy freedom. Do not install proprietary software under no circumstances to make sure you are as safe and as free as possible.

3. Basics: Securing your secrets with encryption

Encryption is essential to make your data unreadable.

In short what encryption does is that it rewrites your data according to some rule and a value to revert it to a readable form. (Algorithm + login/password/keyfile/token etc). If the attacker does not know the rule and solution they will only see random nonsense.

I would want to introduce you to three programs that I used and I can review.

NOTE: Before you pick a password - please check out how to pick the right password in "4. Basics: Picking a password"!


First program: VERACRYPT

Available on pretty much any system, has GUI.

For newbs I would recommend Veracrypt because IT JUST WORKS. It has a nanny mode by default so even newbs cannot fail. You can use it without any knowledge of the field with no instruction and you will manage to encrypt stuff successfully.

As to main options you can either encrypt a whole partition or make a container inside it (which will behave like any regular file).

When you want to encrypt a whole partition - you can encrypt your system partitons and non-system partition. Encrypting a system partition will make you put in a password before your system starts, encrypting a non-system partition will make you put in a password when your system is running and you choose to use that partition.

When you make a container - it is a file whose inside is hidden behind a password/key. You can open it via Veracrypt, paste the password/key, and it will be mounted as if it were a separate memory device (like another disk, a USB drive, a CD etc.). You can move it around like a file. Easy.

Veracrypt also offers "hidden volumes" which would be as they promise undetectable to find any trace of any encrypted data even existing. Not just the contents of encrypted memory, but even any proof that anything on your disk is encrypted at all. I never tried it because you can plead the fifth or an equivalent in your jurisdiction.

If you encrypt ANYTHING make sure to absolutely remember your password and make it unforgettable. Without it - you may never open your files again.

In my opinion it should be a casual or starting option and not your base choice. It is less common than Luks, and volumes made with Veracrypt are tied to Veracrypt and cannot be opened with other programs (to my knowledge) and not everyone has Veracrypt installed. I still use it in casual cases.

Easy introduction to Veracrypt
https://www.youtube.com/watch?v=C25VWAGl7Tw

Practical tutorial of encryption with Veracrypt
https://www.youtube.com/watch?v=HEybfZXYpok


Second program: LUKS

Available natively for Linux. It has a CLI.

Luks is easy and hard, basic and advanced at the same time depending on how much precision you need. You can use it as a casual and a newb, but most hardened information hiders like it too.

You can set up your Linux to decrypt them by default in /etc/crypttab, you can easily automate how you want to mount them. Possibilities are many, depends mostly on limits of your imagination.

Luks allows you to easily have multiple working passwords/keys/tokens or whatever method you use. You can add, alter, remove them easily without having to re-encrypt your entire drive with the new password. If I remember correctly I had to re-encrypt everything with Veracrypt which was a pain for tens of terabytes.

Decent tutorial on basic Luks use
https://www.youtube.com/watch?v=5rlZtasM-Pk


EXTRA TIP

Luks seems to not support file containers like Veracrypt but I evade it in a way.
You create an .img file, you set up Luks on that sole .img file, you make a filesystem and you can work with it after decrypting and mounting. You can later resize it too.

1. I create an img (for example 5GBs)
truncate -s 5G nameyourcontainer.img

2. You encrypt the file you made with Luks and open it
sudo cryptsetup luksFormat nameyourcontainer.img
sudo cryptsetup open nameyourcontainer.img pickwhatevernameyoulike

3. Inside of your .img has no filesystem, you need to make one before being able to put anything on there (for example ext4)
sudo mkfs.ext4 /dev/mapper/pickwhatevernameyoulike

4. Now your container is ready, you can mount it wherever you like (for example at /mnt/)
sudo mount /dev/mapper/pickwhatevernameyoulike /mnt


EXTRA: You can add size to your container, please follow the three commands below

First decide how much more space you want to give to it (ex. 2Gbs)
sudo truncate -s +2G nameyourcontainer.img

Once you increased the size of that file - tell luks to recognize the new size - THIS IS A MUST
sudo cryptsetup resize pickwhatevernameyoulike

When luks learned there is more free space - tell the filesystem to expand - THIS IS A MUST
sudo resize2fs /dev/mapper/pickwhatevernameyoulike

Done! Now it is bigger.


Whenever you want to open it - it is just decryption and mounting:
sudo cryptsetup open nameyourcontainer.img pickwhatevernameyoulike
sudo mount /dev/mapper/pickwhatevernameyoulike /mnt

I suggest automating stuff with bash scripts, or using fstab and crypttab files to decrypt and mount it on boot.


Third program: KLEOPATRA

It is available on pretty much anything and it has a GUI.
Kleopatra is for convenience as you can get by without installing it and using basic GNU key operations that your Linux almost certainly will support by default no matter the distro but I use it for the ease of navigation.

It is mostly for cryptographic identification and authorization but you can use key/keys or a password to encrypt a file and pass that file to somebody else. Note that if your system is unencrypted then somebody can technically have a look on your computer and find your keys unencrypted and vulnerable.

They can use these keys to decrypt your Kleopatra-encrypted files. It is an equivalent to having a key to your house behind a flower pot if you store the files locally.

This encryption is only really useful when you upload files for somebody to use, and not storing on your own computer under the condition that you are sure that they will not be able to tie that file upload to your person/computer/key.

Kleopatra is mostly used though for message encryption, files are also best to be sent like messages. I hope you understand that this is the only realistic use case for Kleopatra in terms of file encryption.

A little watch
https://www.youtube.com/watch?v=QmE4LrBSChQ

4. Basics: Picking a password

You need to know the methods that they use to break into your encrypted devices in order to be invulnerable.
There are four methods: Brute Force, Dictionary, Mixed and tricking you to give it up.

Be mindful I am not talking about keys yet, just passwords (I know that password is a kind of key, I mean in general sense).
First method: DICTIONARY

Over the years there have been database leaks from websites exposing logins and passwords. They collect the passwords from them and rank how frequently certain passwords were used and they run a script to check if your password was ever in a database leak and they start their list from most frequently used passwords!

Second part of the dictionary attack is the fact that they in fact just run dictionaries. Common words are not safe.

A way to counter it is to use a unique password! Password that you have never used anywhere else. One of the most common ways they make you conform to that rule when making accounts is "At least one upper case letter, at least one symbol" or something like it. Common words are not safe and they make you alter them with some uppercase or a symbol in order so that it is not present in any dictionary. That is the reason they say to use password "p@ssw0rd" instead of "password"! Many people use words from their language, english, names of celebrities, events, places or any existing real words and that makes it so much easier for them to find out the password.

So in short: unique password that you have never used, that you suspect nobody on earth ever used, and avoid real and common words from your language and english especially.

Dictionary is the first one they are gonna attempt because most database leaks over the history of humanity prove that top 10 most common password are able to get into 10% of all accounts. Imagine cracking 1/10 accounts in just 10 attempts. That is how effective it is, and they will try it first. Unique password at all cost or it becomes a matter of hours when they get into your drive! If your data survives this attack - you very likely are safe and the other methods are much less effective and they will almost certainly fail but still follow everything I list or do your own research if you don't trust my claims.
Second method: BRUTE FORCE

Brute force is an automatic script that tries all possible combinations until it finds a match. (It is the same in principle as mining crypto on a sidenote). This the second (or third) method they will use. They will use it to crack short passwords in particular. I would say that passwords under 9 or 10 characters ARE BOUND to get found out, and passwords under 14 characters are not all that safe.

These brute force scripts have two rules regarding the order of how they check combinations:
1. They start with shortest strings first (so they start with shortest character passwords first)
2. They use charsets that you could have used first (because they are not gonna check characters that are impossible to use in the decryption window, and they will first check standard/common charsets for your country first until they try using for example historical obsolete yuan dynasty hanzi mixed with tifinagh and sumer combos).

You can counter the shortest string rule by having a long password. Because as password linearly grows in length - computing power required to test all combinations grows exponentially.

In terms of defense againist common charsets - not much to do. (If you fear it - use a key so that it is so infinitely unlikely they ever open it that even if you said what letters, numbers and characters are used in it - they would still have it so long that they would not find it. Don't fear it when your password is long.)

The above solutions will make them burn so much electricity and waste so much time that they will give up. Though fear quantum brute force attacks when they unevitably start selling quantum computers, look for post quantum algorithms whenever possible. Though as of 2025 I would not fear the police use it especially outside of USA.

There is another defense but it is nowhere as reliable as a long password. It is to make your password iteration time set to some value like for example 100ms. This effectively refuses to check any of their input until they wait out that set timer between tries. There are methods to bypass that timer but it usually depends on the device and software (research it for your particular case and assess risk on your own). For that reason I will never recommend it unless your password is very long already. Do not bet your freedom on one point of failure! Have multiple layers stacked if one fails. Use this password cooldown mechanism but still get a long password anyway. Absolute minimum would be 17 characters. Recommended at least 22 in my view. But remember to use quantum algorithm whenever possible as quantum computers would quickly find your password even if 100 characters long!
Third method: MIXED

By which I mean that they will brute force all combos of random dictionary words and common symbols used.
T
his method will find password "cutelittlekittens123" faster than "gk^f';@r1-SFg" because the first one is more likely to be chosen by a human (and they hunt for passwords of humans, and you are a human), rather than robotic second password which is quite random and unexpected. I hope you know what I mean!

In order to counter it you should insert symbols in seemingly random places.

Also realize that they are aware of it too, and by random I mean quite random.

As an example mind that they will sooner find "p@ssw0rd" than "passwMrd" because the first is expected low effort alteration (a=@) while the second one is more unique and undexpected.
Fourth method: TRICKERY

By trickery I mean phishing, keyloggers, RATS, going through your notes and finding out that you wrote it down, they will go through all devices you own and try the same passwords, . They will watch you and wait when you slip up.

They will get you to reveal it to them (like upper limit jailtime threats, or intimidation during an interview).
They will get anyone from your environment to reveal it to them, so never share your password with anyone.

Be prepared for such dirty tricks because no matter how well prepared you are for the three methods above - the fourth will catch you with minimal effort on their part.

When you are in custody and the detectives ask you for the password - be happy. It means they cannot crack it and use that interview as their last resort. They will not unlock it unless you tell them the password. Remember that no proof means no sentence. Plead the fifth, refuse to talk without a lawyer, ignore them until they inevitably will have to dismiss your encrypted devices as evidence.
CONCLUSION:

If you apply all the above then no court will touch you.

5. Basics: How to decide whether a program is safe?

Most common traits a safe program:

Must have:

1. SAFE SOURCE CODE - that you can review, alter and compile on your own. (If there is malicious lines - you can spot them and get rid of them. Open-source projects rarely have malware because they would be called out almost instantly. If something is open source it has 99.99% chance it is safe without you even checking. If it has no source code - treat it as if it were a nuclear warhead.)

The only must is be a safe open source code with no vulnerabilities.
It is enough to make a judgement always with no exception.

If yo do not want to or are unable to read code - these factors might indicate how legitimate it is:

1. COMMUNITY - People around it validate for the most part that it is safe. The more people read the code the more likely it is that vulnerabilities are eliminated.
2. RESOURCES AND FAME - Having their own website legitimizes it, having known people working on it legitimizes it, open source programs with a huge amount of contributors tend to be the best for their purpose in general.
3. POPULARITY - If safety maniacs love it - there is usually a reason for it.

That is pretty much it.

NOTE: Open source projects are mostly downloaded as binaries. Not code, but binaries. It is neat because you save on time and computing power that you have a binary ready to run but remember that someone can just put malicious code into that binary - so please compile whenever possible otherwise you are at a greater risk. There was a RAT recently found in binaries Librewolf in AUR - if you compiled it yourself you would be safe, but those who did not compile and just downloaded the binary were affected. Consider safety especially when you are a big target or when you store crypto! Crypto can be all gone suddenly, so store crypto safely or be absolutely sure you download safe stuff.

Also check types of licenses. GNU copyleft type of things are usually the nicest ones, while copyright stuff is the devil. Not always, but almost always. There are lots of types of licenses, research them if you want more details.

6. Basics: How to decide whether my action is safe?

It highly depends on what you are doing. I will give my opinions on particular situations.

1. DO NOT LEAVE YOUR DEVICE UNLOCKED if you suspect someone might take it to retrieve data. It is easy and anyone could do it because it is open at the time of theft...

2. DO NOT PART WITH YOUR DEVICE WHILE POWERED ON. Make sure it is powered off or RAM is perfectly wiped (effectively the same thing).

Password and decryption keys to things you decrypted during that session are stored in RAM. RAM can be read and extracted for passwords/keys if cops or mean people are prepared. In case cops try to take away your device while it is still on - do everything to power it off. RAM clears itself after a few minutes of lack of power and passwords/keys disappear with it. If you fail to power your device off or wipe RAM - then you are done and it only is a matter of time when they go through everything.

This is called "cold boot attack" and Interpol loves it.

They will use a freezing spray to cool your RAM sticks down as much as possible (cold RAM persists significantly longer and gives them more time).
They will rip the RAM out of your device, insert it into their machine and create a dump of your RAM onto a hard disk to later analyze (they will look for keys and passwords in particular). Once they got your RAM cloned you are done, they will find the passwords and keys.

2 minute video of how it is performed:
https://www.youtube.com/watch?v=XfUlRsE3ymQ

COUNTERING COLD BOOT: my suggestions and methods

ALL SYSTEMS

Enable RAM wiping in your motherboard's BIOS on shutdown, it is the most effective (if not the only) method but not every BIOS offers it

LINUX

Make an extremely easy mechanism resulting in your machine shutting down.
a) I have a switch to my power socket always nearby, I would dive towards at any moment to cut off power to the PC
b) My laptop has settings in such way that it cuts off power on lid getting closed

The more time you manage to waste - the greater the chance that your keys fade away in time. Immediately power off if they yell that they have a warrant and they are gonna break the door. It is also good to make RAM hard to get to physically, like screwing everything properly, or smearing all your screws with a glue so strong it would take them a bit before they get to it and they will not get to it in time because it would surprise them and catch them unprepared.

Additionally if you use SWAP memory - you can run a script to overwrite SWAP on shutdown. As far as I know you cannot overwrite RAM from kernel level and SWAP is the most you can do.


GRAPHENE OS

Graphene has a default setting where your phone gets rebooted after 18 hours of being unlocked last time, effectively wiping RAM (getting it to "before first unlock" state). You can change that timer to even lower values. What happens in reality is that your phone just restarts and that is sufficient as you need the password to decrypt your stuff unlike in many systems. Everything is automatic in this functionality.

If the police grab it from you and fail to unlock the password in 18 hours - then they cannot analyze RAM or the disk without the password. I use a Pixel phone and it seems to have a chip that will enforce that password time cooldown - if they evade that chip then the device won't boot as it is a dependency for my particular phone (I believe). I have not done sufficient research to truly be sure what it does but I feel confident enough to smirk at them seizing my electronics.

Graphene has also a function where you can use one password to unlock your phone like every phone, and another password that when used - wipes the whole device's memory and RAM. Absolutely zeroing out hard memory and then wiping RAM.

Once they get your phone they will go brute force or dictionary with it - so use a short and common password as that wipe password so that it is absolutely certain they will destroy everything for you without even knowing it before they find the real password. Once they type in your self destruct password (easy, short and common password like "1234") you can feel confident that they are not getting anything. You could sue them for destroying evidence LOL. How ironic.

I heard of SD drives having traces of memory left on nano level and I have not researched it but since they are regular transistors then I would not be surprised. I presume it to be so ineffective that I will not care if my memory is 256gbs and entirely encrypted.

3. ENCRYPT YOUR MEMORY IF YOU ARE NOT 100% SURE IT WOULD NOT BE LINKED TO YOU. Especially if you are a valuable target.

Leaving your waifu pics on the USB to the picture that "this criminal" used as his profile picture is one way to get V&'d. Really rethink it hard. Your interestes, your documents, your photos, events, hints on your nicknames, OS, education, health conditions, entertainment, your opinions, your works and anything else - everything has a potential to help the police to link you to stuff and result in more warrants so be wise. It is not that tiring to use an encryption.

If you use unencrypted USBs/disks always make sure to wipe them after your files served their purpose.

You can use dd to force wipe the whole device with useless data after use, it is the most braindead command that will work on every Linux in existence that will wipe your stuff 100% of the times. (Though be mindful of that SD vulnerability of nano traces of shredded memory)

You can use "wipe -k /location/" command in terminal to wipe all data that is not occupied by files (so you wipe unused space clean and leave all files untouched), but you need to specifically install this functionality (I got it from AUR).

There is also shred functionality that lets you delete a file and overwrite that space at the same time. It is known just as shredding but it is not a defaults.

Read on these two if you are interested. They will be useful if you have old memory devices that can get you linked to them.
4. Using internet

Remember that there are 5 most important considerations when you make any web connection.
When doing something risky you must assess it appropriately and decide what you want to achieve from that interaction and safety measures.
There is no 100% anonymity, but there are anonymity vectors that you need to have covered depending on what they might do to you with the information that you provide voluntarily or involuntarily.

Important things you need to consider that I picked in particular will be listed below.
They will be visible to the server and depending on whether they want to log it: also to your ISP and any other owner of wires that the information will travel through who also decides to listen to it (that is why you encrypt your connections, I will later talk about it).

1. IP - exit node will always be visible (I will talk about proxies later). There is no way to avoid it.
2. METADATA LOGGING - depending on program and protocol some information will be shared (I will later discuss spoofing)
3. TRACE LOGGING - whenever your connection gets relayed there is a decent likelyhood that the path it travelled will be logged in one way or another, and traces can lead to deanonymization.
4. TIMESTAMPS - they mark when a data package and connections arrive. They can use it to prove it was you.
5. IDENTITY MANAGEMENT - they can observe that two seemingly separate people are one person, or one person is actually two. It is a long topic.

Additionally be aware of laws where you live.
Be aware that each time you make any connection outside your LAN then the outgoing IP, metadata, and timestamps will always be present. Additionally intermediaries like DNS, ISPs or other high level networks will have an idea of the trace of connection you requested from them - that will include your outgoing IP, data packets you send and receive with timestamps and depending on whether you use an encryption for your connection - it might also give up entire contents of what you receive and send. All people who observe and can read the contents (like the server you send it to) can also analyze your behavior and determine what kind of person you are, realize that you use multiple identities etc. Lots of info can be deduced using it.

Regarding: PACKETS
1. Packets you send over the internet have a beginning at your home network and its outgoing IP
2. Depending on whether your connection is encrypted intermediaries will or will not be able to see the exact contents of data you send and receive - demand encryption whenever possible ("man in the middle" attacks and extensive data collection are severe and urgent threats - refuse unencrypted connections)
3. If you use an encrypted end to end encryption be aware that only your end and the target's end can see the data (if you use a compromised system like MacOS, Windows, Android etc. expect also these corporations to see the contents - use a safe OS!)
4. Depending on whether or not you use proxies, how you many of them, and how you route the packets - it determines whether or not your packets can be read by someone else
4.1. When you use multiple proxies in an integral series (like TOR) - the other party will see your exit proxy only.
4.2. Avoid setting up multiple proxies into a separate series because the separation point will be able to have your decrypted information (unless you absolutely know what you want to achieve and there is no better solutions) - that is how "man in the middle" attacks work.
4.3. If you use proxies in paralel (like one port for proxy A and another port for proxy B) - do not mix up which one connects to what (because you might reveal information about you: mix up your multiple made-up identities, reveal that you are not a tech noob, "cross contaminate" your identities - its best to consider how much you want to reveal about yourself).
5. Packets despite encryption can reveal things:
5.1. Their size - if they are big there is probably file transfer, if they are small there is probably some message or a simple automated ping/response, you can somewhat evade giving out what type of info that was by modifying its size to trick them. Either by artificially making them bigger and rounding them up to a power of 2 or you can compress them to make them artificially small but both are not perfect.
5.2. Their frequency - if they of similar size and appear in regular time gaps - then there is some service going on most likely, if they are irregular then most likely the user is performing some task manually
5.3. What time of the day they go out - when you figure out which packets are those that highly suggest the user actively performing some tasks then timestamps of these packets may indicate what time zone the user is in after a few weeks of observation, or what kind of life they lead, it often correlates to when the user is at home working on the device - it might prove or disprove alibi, and many more
5.4. Unencrypted packet metadata - there are unencrypted bits in some (so research your protocol!), they might sometimes suggest what programs have sent them and it might lead to implications and deanonymization in a long term

Be aware that these are qualities of packets that are intrinsic to them. They are tied to the concept of a packet and cannot be avoided - they only can be laundered and anonymized but even that has its limits - as computing power of corporations and law enforcement grows with AI - assume that all these aspects not only can be considered but definitely will.

Use Wireshark (program) to snoop on your own packets and figure out what is readable, what performs what function and soon you will be able to figure out a lot of things about the object of your investigation. In this case yourself.

About hiding true metadata - you can attempt to "spoof" things. That is to pretend that your machine/program/config is different from the real one. To spoof correctly you need to deeply know the protocol and program that you use so that you do not forget about anything that might be automatically queried that would give you up.

TOR browser for example does spoofing in a way that they declare the same font, same browser, same screen resolution, same language, same timezone and whatever else as everyone else in order to make fingerprinting impossible - because if two things are undistinguishable then which one should be charged for what? Prosecutors do not know it either, good to abuse this fact of reality. It reminds me of one case when two identical twins were charged for murder but only one of them did it. First said it is the second one. Second said it was the first one. They could not tell them apart and eventually let the murderer go because they could not determine which of these two did it.

When you use TOR rememer to ALWAYS use the "safest mode" and use the default "NO JS" extension because these are the two things that make you look identical to other TOR browsers. Do not use onion sites that make you enable java script unless you are a deity. You should leave onion sites that make you use JS and deny to use them so that they die out. They were used to fingerprint, dox and arrest people.

Regarding: IP
1. Your end will see your IP and all intermediaries up until it reaches the IP of the server. Intermediaries like your ISP in particular, but also DNS, and other services in case you use them.
2. Each proxy adds one hop point for the connection where you may try to launder the next hop. It is tiresome for everyone who tries to spy on your but if they are the government - then assume they have the will and resources to force your proxy provider to give up the IP of the next hop, and the next until that finite chain reaches you and the server. (The best you can do is use offline communication like custom radio and decoders on both sides to create a separate chain of proxies where the link is truly broken and cannot be proven unless they analyze internet traffic of the entire earth. Easiest method of achieving it is getting into a random/open router and sending data from LAN level into the internet on their external IP).
3. TOR is only effective because genuine hackers cannot prove a link unless they monitor traffic of the entire earth (unrealistic), and effective from the law enforcement because the police decide not to engage in an investigation (because it is so hard to get the cooperation of the entire earth and they burn more resources to catch one connection than they see appropriate - it is only as effective as the price! If investigations get easier and cheaper then TOR will be pointless!). As of now it is unlikely that the entire earth will ban TOR at the same time and I deem it safe escape into an anarchy.

Additonally regards IP:
There are currently two IP protocol standards, IPv4 and IPv6. In short - always pick IPv4.
IPv4 IP leads to a network from which data originated. IPv6 IP leads not only to the network but a particular device! Set your Wifi to IPv4. Deny IPv6.
When you use IPv4 and leave your Wifi open without a password you can always claim that an alien device connected and posted it. If you use IPv6 they very likely will seize your devices to make sure if it was your device that posted. If you use IPv4 then they don't really have a claim to take your devices - only the router. It will make life much easier. Also if you fear they take your router - you might want to assign your mac address yourself to a new one - perform the deed, and then revert back to your regular mac address. The router might log mac addresses of devices but they are autodeclarative! You can make up any!

Regarding IP and the logging of it there is one more major thing - DNS.
DNS in short is a huge list that converts domains to IPs and IPs to domains, and whenever you type youtube.com into your browser instead of 221.52.65.199:80 or whatever their address is - you will need a DNS lookup! And the DNS checks what IP matches that domain and only then redirects you. The DNS provider can see what domain you typed in and can log it and tie it to your IP and other metadata depending on the protocol. You can run your own DNS if you are extra cautious (akin to running your own node in crypto instead of relying on an alien node that god only knows what they do with your data, you should always run your own node for safety).

https://www.youtube.com/watch?v=1cbMwvuGc6M

As an extra protip: you can have your own DNS server on your LAN and not depend on big tech or some ISP and you can also add filters to that DNS as you see fit. If your country has any censorship (for example in Russia if they banned your favorite site (I remember when Russia banned kohlchan), or UK when they ban 4chin almost certainly) - you can evade it entirely just like that. Also you can set up filters in a way that you ban all networks known to serve ads. DNS records and these filters are free for everyone. You can make a permanent ad filter for all browsers, all kinds of devices, any OS, and even on these new stupid fridges with ads as a solution forever as long as they are connected to your LAN and the router routes DNS lookup through it.
Here is one tutorial on how to get rid of ads for life: https://www.youtube.com/watch?v=d_3h5n9mPdI

Another thing related to IP is hiding it behind a VPN (proxy). Most common proxies are public loud VPN companies like Nord or Surfshark - these will protect you from getting a piracy letter, hide your IP well as long as you don't get any warrants and depending on your jurisdiction and law - you will be unprosecutable for some crimes if you connect to a foreign IP (that is because some jurisdictions require you to be on the soil of the country during commission - foreign IP makes it impossible for prosecutor to have a legal basis) usually about defamation, lies, posting content that is illegal in your contry but legal in the country of that proxy server (like lolis), insulting your country, nation and symbols or praising crime (USA IP is the best for it) - please just be consistent with never revealing your real IP during anything because they will have it in logs that you connected from a residential IP and they will visit you and investigate these things - because as it turns out - you really were on the soil of the country after all and without an alibi and you are screwed.

Second proxy solution is TOR. TOR is the simplest, most available, and most retardproof solution that is easily available. Onion links are exempt from DNS lookups on the regular web. Onion links are technically public keys, not just links!!! Therefore you have a fully encrypted tunnel between you, 3 nodes of your, 3 nodes of theirs, and the target server! Because it is a cryptographic key in itself it needs no authority overseeing assignment of addresses! Either way, if you connect to the regular internet instead of superior onion links - you are pretty safe. The connection is scattered around the world, mostly hosted by volunteers (and german federal police, I hate germany) and it is infinitely harder to get at least 4 warrants in a row over totally encrypted connection whose tunnel changes constantly and you as an end user will be safe for the most part unless you type out your legal name and address.

A general tip regarding it all would be - limit connections accordingly. Do not make excessive connections if not necessary. Each ping is an opporunity to forget something, each ping is another timestamp and likely another fingerprint. Another general tip is when you are making a technically risky connection - make sure to do it manually as much as possible and review what will happen when you make it, using automated connections strips you of any ability to review what consequences will some automatic pings might have and you will not be able to stop it until it had happened.
TRACE - is the trail that you connection needs to travel and where it will leave marks of having happened; splitting, unifying, getting redirected may all be logged. The problem of trace is usually solved by an IP laundering proxy like TOR, but your ISP will be able to know at what time you accessed TOR because TOR nodes are public knowledge. Most VPNs have their IPs and ranges marked as known VPN and usually even which company it is specifically (that is the reason Cloudflare not only exists but is in such high demand).

If you use no proxy - your ISP will have an IP to which you are connecting. It is possible for intermediary networks of higher order than ISP to log it (I think).

If you use a proxy - your ISP will know that you are connecting to an IP that belongs to a VPN company. The VPN company will know your IP too, and depending on the protocol they might have some data on you. Sometimes VPN companies are their own ISP, and they will log stuff because they don't wanna go to court for you. On the clearnet whenever you connect to a domain - first you will be redirected to an exact numerical IP under the hood by your DNS server of choice (if you don't self host a DNS - then probably google DNS will know what you queried and your IP). In general with https they will know what domain you are on but they cannot see the exact page you viewed unless the server logs it. (So when you browse https://www.DOMAIN.com/cheesepizza they will see only be able to prove you browsed www.domain.com and not anything specific on its own. There are techniques of packet analysis in regards to timestamps, fingerprints and size to highly suggest you did click a particular page but I will mention it later)

If you use TOR as a proxy - it is good for laundering. It's a braindead solution that will work and you can feel safe unless you are a huge target that interpol would want to waste months and years monitoring for your slipup. If you are a general chiyo penguin lover or casual junkie you will be fine in terms of safety of connection.

If you use bad sites (corporate operated or their vassals and slaves) that you can easily tell by stupid modern designs that takes up the whole screen but produces no content, those that you scroll and it has lots of dumb scrolling animations, those who require you to use java script, those who make you click on the "We and 1000 of our spies value your privacy" button or related - they are the most blatant ones to make your computer ping servers of their spies to put mark on your machine. These are to be either dominated by your security or avoided. General solution to them is the no javascript plugin that TOR browser has by default + a constantly chaning fingerprint or shared fingerprint. Librewolf is an open source firefox based browser that ripped out all default spying by mozilla and has made considerable efforts to anonymize people by having similar fingerprints which combined with no JS plugin give half decent tracability. I assume you do it over clearnet so unless you have a threat of causing a law enforcement reaction or reveal your true identity by accident - you should not lament much. The most foolproof method is TOR if you want to obfuscate even your clearnet activity.
TIMESTAMPS - Timestamps is time correlation of pings you send and pings that the snooper receives. You make connections and your ISP in order to serve you must receive them and act accordingly to establish an information exchange that you requested. Assume that your ISP/proxy provider is logging each time (many countries require logging, in Germany it is mandated federally to log all connections by any communication provider like mobile or ISP). So your ISP receives your requests and they definitely mark them with the exact time they arrived. Then your ISP forwards your request to the target server. Target server will have information sent to it also marked by their ISP. So logging goes both ways. The server might be operated by law enforcement, or the server might give up their own logs reporting you to law enforcement in which case I would call the server or their ISP a snooper. Snooper has inbound connection timestamps and your IP if you did not mask it. If you did not use any proxy they will go straight to your ISP with a warrant to give up logs and their timestamps to not only confirm that the connection existed and really relayed the information succesfully which is a proof that you indeed accessed that site or sent that information and based on that information they get a warrant and make the ISP reveal when inbound and outbound connections between you and the target server occured - and if they match with whatever the server had logged or server's ISP - it is irrefutable evidence. If you use a proxy they will first go with a warrant to the proxy, and if you used a VPN - they will probably tell them that you were using that IP at that moment and then they will go to you, your ISP will give up logs that a VPN connection existed at that moment that you used - and you will be directly tied to the initial charges. Timestamps are the ultimate hammer for TOR users.

7. Programs: Browsers and search engines


BROWSERS that I fearlessly use:

LIBREWOLF - it is a Firefox without Mozilla trash. No telemetry, some anti-fingerprinting capabilities.
Realistically if you want to resist fingerprinting then use the Arkenfox config or a similar config.

TOR BROWSER - it is a Firefox but with TOR and actual fingeprint resistent if used correctly (it is easy to use it correctly).
Do not install stuff that would deanonyize you (like extensions or themes) - do not modify its config. Run the NoJS (which is shipped by default with TOR) and also set the mode to "safest". That is it, ready to play with Interpol.

Also note that Firefox based browsers support multiple profiles which keep configs separate. Whenever I run my Librewolf I pick one from among my multiple profiles depending what type of task I will perform. You will not have to do any gymnastics because it is built in and easy.

I do not use other browsers because what is the point?

BRAVE seems to be decent but it is Chromium based so Brave users might be dependent on whatever Google comes up with. To my biased view it looks like a gathering of tech noobs that want to be anonymous but do not want to put any effort into it and I do not like their community because very rarely are they knowledgable.

MULLVAD made their browser but I never cared to check it out.

All other browsers (all browsers that I heard about) should be in my opinion be classified as trash and never be used though research them if they are small - they might be worth something.


SEARCH ENGINES that I use:

For daily and casual use duckduckgo. It has decent results and I do not play a big hacker while using it.
It has an onion address and it is the default in clearnet TOR, so you can fairly safely ask duckduckgo retard questions through TOR.

Other clearnet search engines are either so small that they give random results, or they are scary and not worth using.

As for TOR search engines I mostly use whatever works at the moment, mostly:
TORCH (ending with oyd.onion)
Ahmia (ending with syd.onion)
Tordex (ending with nyd.onion)

That is it.

I will talk about TOR later.

8. Programs: Alternatives for common Windows programs

I will be brief. If you are interested then consider checking what they do on youtube.
They are the things that I use. I am biased. Do research on your own if you want programs better than mine.

Format will be as follows:
FUNCTION - Linux alternative (comment)

All these programs that I list are fully open source. You can compile it yourself.

EXIF CLEANING - mat2 (even better than Windows, tiny size, integrated into right mouse button actions)
GRAPHICS - GIMP (it got a huge rework recently and it is extremely good now)
VIRTUAL MACHINES - KVM + QEMU + Virt-Manager
BASIC VIDEO ALTERING - Handbrake
SCREENSHOTS - Spectacle (infinitely better than Windows tools for screenshots)
SCREEN RECORDING - Spectacle (really it is insanely good, look it up, even Nvidia does not have recording this cool)
IMAGE VIEWING - Gwenview (you can view and alter pictures; cropping, rotating, resizing, flipping etc. all instant, look it up I love it)
MOVIE/MUSIC PLAYER - Haruna (I like Haruna, I did not do much research but I tried it and liked it)
PDF VIEWER - please use your browser (every browser can do it, do not install pointless programs)
ALTERNATIVE KEYBOARDS - Fcitx5 + Mozc (I use it for Japanese input, infinitely better, easier, and more configurable than Windows, please look it up)
EMULATION/GAMES - Lutris (Lutris can be hard at first, but it can emulte everything imaginable and it is friendly for retards, nothing on Windows can do that)
PACKET CAPTURE - Wireshark (Golden standard I guess? I don't use it much, someone smarter than me decide!)
MINECRAFT LAUNCHER - atlauncher (I liek blocks! It is the ultimate launcher, please look it up)
PASSWORD MANAGER - keepassxc (lovely)
EMAIL CLIENT - Betterbird (Thunderbird without Mozilla, pure, neat)
GPG - Kleopatra (GUI for GPG that I use)
TORRENTING CLIENT - qBittorent (the best that I know of)
ENCRYPTION - Luks

COMMUNICATION 1 - Simplexchat (Simple, easy, well encrypted, everything is TOR routed, decentralized, no identity, p2p, disposable and casual - a criminal's heaven!!! Signal or even Session can't compare)
COMMUNICATION 2 - XMPP (or rather an XMPP client of your choice - "modern IRC", simple, old, stable, a protocol)
COMMUNICATION 3 - Matrix (or rather a Matrix client of your choice - they are akin to dicksword but they are cool! You can set up your own servers, networks, anything, a protocol)

You can ask AI for a program substitute, it knows better than me.

9. Programs Password managers

You use password managers to have credentials saved locally in a much easier way than notepad copy and paste.

I use keepassxc. Simple. does everything, easy. GUI.

It is treated like a database. You can encrypt them for moving them around with unencrypted storage safely with a built-in feature.
You can open multiple databases and move them around and switch in tabs like browser tabs.
You can make custom entries but defaults like title, username, password, last modified, personal notes and URL are always present.
You can also tag your credentials as currently valid or expired, date when it expires, attachments, groups, last accessed etc. You can color your entry and it is quite customizable.
It also automatically clears your clipboard in a few seconds. Very nice.
It has lots of advanced functionalities too, it has everything!

https://www.youtube.com/watch?v=xfwQrXSutuY

Avoid using cloud password manages because you put all trust that the guys that keep it would not use your credentials themselves and do not leak it to the whole internet. But that sometimes happens. Keep at least your most important passwords locally. Google account sync, firefox account sync, whatever sync is scary. Do not save your darknet credentials anywhere else than locally... Unnecessary risk. And I bet these companies read your passwords anyway to know what websites you visit and which accounts you use to then report it to advertisers.

10. Programs: Booting up ISOs with "Ventoy"

When you want to run another operating system you usually use a USB stick to flash the system onto it, plug it in, select the USB stick as the boot drive and the system starts.

It will get tiring when you use your 64gb USB stick for a 3gb ISO wasting all the rest of the space. Besides, you cannot easily flash two systems onto one USB stick. It is tiresome but there is a solution.

There is a tool called Ventoy that allows you to pick which ISO you want to run from a menu. It lets you have as many ISOs as the USB stick can physically hold. Getting multiple ISOs onto your Ventoy USB stick is just a drag and drop operation.

When you boot it up a Ventoy menu will appear prompting you to pick which ISO that you copied onto it you want to run. You select one, click enter, and it loads.

It will save you USB sticks, time, and a headache.

11. Programs: Easy backups with "Clonezilla"

There is an ISO of a tool that lets you do easy backups. It has newb friendly options and you can make a backup with minimal knowledge, but it also has advanced functions. I use it regularly.

It saves your partitions, filesystems, and contents of the partitions and saves these things into a place where you want to. You can later use that backup to restore your system.

If you are a Linux or BSD newb you will break the system many times and it may save you lots of time that you would otherwise use to reinstall everything manually and pray that you remember your entire config. I suffered it a few times, and I make them regularly in case I destroy my configs or whatever else happens in a way that I cannot figure out what needs fixing - so I go the easy route and roll back to the most recent backup.

When you use a backup it would be exactly the same as when it was during the making of the backup.

When you want to get Clonezilla you download an ISO and flash it onto your USB - or even easier you drop that ISO onto your Ventoy.

12. Anonymity basics: Signing and encrypting messages and files with PGP

It is fairly easy! You can do it from CLI in any Linux distro, or you can have a nice manager like Kleopatra.

It can encrypt messages and files.

Encryption can be done with one key, multiple keys, any combination of keys and a password separately in layers. So anything imaginable is possible.

When you make a key remember to pick the hardest encryption to break.

Give your public key so that others can encrypt for you.

Do NOT give your private key because others would be able to pretend to be you and decrypt stuff meant for you!!!

You can set an expiry date for your key.

E-mail field is optional.

Signing can be used to prove it is you despite using different accounts on different websites. Encryption can be used to use a public spying chat app in a way that the hosting company does not know the contents. Windows defender for example checks signatures of applications and determines whether to ask you for confirmation when you run "an application from an unknown source" or windows defender acts differently in general when they can check the signature. Linux repositories require keys too in order to prevent imposter packages from getting installed and hacking computers.

It becomes easy to use once you play around with it for a few minutes.

We had fun with it here https://img.heyuri.net/b/koko.php?res=153857

13. Anonymity basics: Identity trace
13.1. Your historical trace

Your historical trace is all your past passwords, past nicknames, past profile pictures, past photos you shared, past posts, interests, anything that can have connection with anything else. It goes like a web for anyone hunting you down. When you want to make sure anything else that they can find on the internet cannot be attributed to you - you need to cut the trace.

It will not wipe what already is up, but you can pretend to be someone else entirely unrelated to anything else that there is available about you on the internet. If they wanted to hunt you down they would get stuck as now since there is no connection - there would be two unrelated webs of information, and impossible to connect if you are consistent with keeping no ties between them.

13.2. How to cut off your identity traces

The easiest method is to never display any of the above characteristics. No same name, no same password, no same waifu pictures, no interests etc. The easiest way is to use generic and default everything and share no more information than absolutely necessary.

It is preferable to change your fingerprint when doing so. The easiest way is to install TOR browser because you would look like any other TOR user. In your regular browser - custom fonts give people away, you settings give you away. Unless you want to customize your separate config forever - it is easier to just use the TOR browser.

I randomize my names, randomize passwords, keep them in my password manager, keep defaults (unless they are local things like custom CSS). I do not talk, I do not react. I do my business and that is it.

13.3. How to manage multiple identities

Password manager can keep anything. Names, password, URLs, etc. Anything imaginable. You can also keep notes and you can look them up at any time. You can make up a personality and keep notes of what that personality behaves like. When making a post as someone else please check whatever you send 3 times whether it aligns with that made up personality and is in no way connected to whatever you like or do personally in reality.

For easier management you can use Whonix or Tails to make sure every file is completely separate and avoid posting waifu pictures, sharing cookies, sharing fingerprints etc. A separate clean system for anonymity like these two is a no brainer method to keep stuff separate.

14. Anonymity basics: TOR

TOR is a network.

There are at least 3 nodes between you and your destination.

You - entry node - middle node - exit node - (any other proxy) -destination

You know the order of all nodes and their IPs.

The entry node knows your IP but does not know what address you access and what you send.
Middle node does not know your IP and does not know what address you acces and what you send.
Exit node does not know your IP and does not know the IP of your entry node, does not know what you send but knows the destnation.

You can ask the TOR network to give you a "bridge" if TOR is banned in your country. TOR nodes are public knowledge, but bridges not necessarily. Bridge is essentially an entry node that is not listed so that your country cannot ban it. Once you are connected to the entry node - the entry node will make connection with a middle node - and middle node with the end node and therefore bridge is sufficient for a proper TOR connection.

This makes it a decent anonymity tool fit for almost all tasks.

This is the TOR website: https://www.torproject.org/
You can learn more and check download options here.

You can install TOR as a protocol too, and you can set your proxy settings so that particular applications or all of then must get routed through TOR for maximum anonymity. Remember that the TOR browser only forces the data inside the browser to go through the TOR network - anything else goes through your regular IP! Do not forget it.

In Linux you can get "torsocks" and it is a quick tool to open any application and route its traffic through the TOR network. You can use that if it is a basic use one-time task. If you use things more regularly consider automating in proxy configs.

When you connect to .onion sites it is essentially the same: you - three nodes of yours - three nodes of theirs - and destination.
Destination cannot see your exit node! Exit nodes can only see other exit nodes! That is even more anonymous!

The .onion addresses are essentially public keys! It is almost infinitely unlikey that they roll the same keys to pretend to be the site they claim to be. Since they are keys you can generate for free - your .onion domains are also free of charge! Very secure. I use TOR for anything, it is now faster than ever.

Remember to set settings to "safest" when you use the TOR browser, keep using the default NoJS extension at all times, do not install anything customized to it (because it will be listed when you connect to onion sites and will fingerprint you).

Refuse to use websites that require you to enable java script unless you are absolutely sure that it is safe (like innocent clearnet sites). Otherwise do not allow java script - instant fingerprint.

TOR browser is quite easy once you play around with it for 5 minutes.

15. Anonymity basics: secure communication

For secure communication I would only recommend SimpleX chat.

SimpleX uses quantum encryption. It uses TOR to relay messages - one path for you to receive, and another path for you to send. It is p2p so there are no timeouts, no file limits, no nothing. There is also no fingerprinting (as far as I know). There is only your autodeclaration name that you pick and can change at any time. You can have different names for different conversations. Once a conversation gets established - keys are swapped and you two (or more of you) auto-encrypt and auto-decrypt messages. So no fear of a man-in-the-middle-attack capturing anything.

It supports private chats and group chats.

It is entirely open source. Retoswap/haveno use it for anonymous conversations and they do unregulated anonymous coin exchanges in insane quantities.

You can install a GUI app, you can also install a tiny CLI version. It is quite fun and basic, but making it basic also makes it secure.

For privacy it is much better than Session, and infinitely better than Signal. Anyone loving private chat needs to learn about it!

It is like torrenting but for chats with extreme anonymity and encryption! It is TOR chatrooms/file sharing done right!

More information and download options here: https://simplex.chat/
You can install it through CLI too.

Other communication methods can be Matrix if configured right (so SimpleX should be your first choice) and there are XMPP servers but they are centralized around servers and most are on the clearnet. Therefore Simplex should be the default for privacy and anonymity lovers!

16. Anonymity advanced: timestamping your key strokes in real time on a website

If you want to evade giving any information about you - then your typing pace is also a giveaway since your times of striking particular keys also is bound to how fast you can go from one key to another, and they can measure how long is the time gap between any two keys pressed. It is a signature of your that you give over time.

To prevent them from learning it - disable java script so that their input windows cannot give timestamps to the keylogger they use in that website.

If you do not want to disable java script - you can also type out the entire message into your notepad, wait a bit more to confuse them that you are slow typer, and then send.

How to tell whether they use a timestamping keylogger? Look at how many browsers have top queries and they autocomplete them for you! If they did not know what buttons you pressed and what consecutive buttons you keep pressing then they would not know what autocomplete to list you!!! Some are subtle with it and you cannot tell whether they do timestamp your keys or not unless you look through every java script obfuscation they put into place to deter you from proving it - so no JS or notepad paste both work to counter it.

17. Anonymity advanced: electromagnetic waves record in your audio

When you post audio, or video with audio, especially in original quality - remember that the power grid even far away from you can be heard in it and the sound waves from the video can be analyzed!!! If they are after you - remember to consider it.

That is because they can look in great detail for the frequency of your nearby powergrid. In most countries it is 50 or 60hz. If they see 60 peaks in a second of audio - then you cannot be in Europe for example. If they know your country they can see logs from power grids and look at an exact frequency in your audio at different times of your recording and deduce more things from that.

For example: it is 50hz on paper in France but at the time of recording your mic captured 49.94hz. They can deduce what places in the world had that exact frequency at what times. Frequency changes by tiny bits as electrical companies try to aim for the perfect frequency or the load changes and frequency along with it.

Then they will move your audio forward, look at freqency at a different point in time, for example a minute later it is 49.99hz now and now the amount of places and times you could be standing in shrinks exponentially because what is the likelyhood of electrical grid's freqency chaning in this particular way in this particular time in other places? They will take more and more measuring points and attribute your general location to fit what power lines in your proximity behaved like over particular timeframe. They will learn what was the time of the recording.

Once they have your approximate location and time - then they will look at the peak power and how peak power changed from hertz to hertz and depending on it - they will approximate how far away you were from the nearest power source. Now they can draw a circle on the map on whose outer range you were. If you were at home it will include your home and it will be used as evidence. Besides it gives up your anonymity. Even if they do not find you - they will know to expect somebody in a very particular area. It is crucial to consider.

In would guess that in some places power logs are public knowledge. Anyone with brain and time can stalk you in that case.

>>160956
Here's a guide on darknet safety and redundancy from some absolute FAGGOT I used to know who went by aediot. I've updated it with more useful, modern information:

My name is Aediot, I'm a darknet researcher and owner of the forum known as "Onionland"
Today I'd like to share with you a setup that will allow you to perfectly hide from every Gov on earth while allowing you to back up your data and even handing over all your passwords upon raid.
Too many times do I see the questions asked "what operating system should I use?" "Tor or VPN?" "Should I give my soul to the Morningstar?"
All very good questions.
Unfortunately, due to the nature of this circle it is often thought that sharing your setup is not inline with darknet safety.
Thankfully, I've come up with the solution.
I am thus referring to it as the "Mephistopheles Protocol"
You'll notice that it's not only crucial, but necessary, to have a setup to defend all the data you'll need to create your own darknet nym.
In my time researching darknet I've come to conclude that there are three things you need to defend this data from:
-Government
-Raid police
-Loss
In simpler terms, you'll find you need a setup that defends you from the feds online, a setup that defends you against the police kicking down your door mid-darknet, and a setup that prevents you from losing everything you've desperately worked on.
Before moving on though, I will fairly quickly address the thought process of "never hack from home!" and why this is not only a silly but a fairly dangerous idea.
If you're new to Onionland, you'll quickly come to discover that we stay two steps ahead of all threats so that if we experience one setback or commit an OPSEC sin that we can not only quickly recover but not worry about being arrested in the process.
That said.
Heading to a coffee shop or much less a public library while using Tor on a system such as Tails or Whonix (the only two operating systems that currently matter for anonymity) leaves you open in various ways.
Such as:
Timing correlation: The Government and ISPs of the world know when you are using Tor. For example if you have a darknet nym and ONLY use Tor at 6pm when you perform your work, you've just told the feds that if they move to arrest you the absolute best time to do it is at 6pm.
Raids: I think everyone has the assumption that "oh it'll be so easy for me to just get really paranoid whenever I see someone shifty approaching me". Which is a very bad thing to rely on. Feds are people. Which means they can be quiet. And they can look like everyday normal civilians if they even so desired. They walked right up to Dread Pirate Roberts and snatched his open unencrypted laptop right in front of his eyes. You're a fool if you think they won't do the exact same thing to you.
Physical trace: Cameras. Logging and recording daily. Tracking your face and making a complete fool of you. Really enough said.
As you can see, the age old adage might have been useful in past days of crime, however with modern technology and an increased aggression from the attitude of the police towards darknet and those who dwell now demand an equal amount of aggression in response.

Which brings us to the method at hand, here's a short summary:

Step 1: Purchase or create a Tor only router, then hook it to your normal router and leave that shit running 24/7.
Step 2: Set up Tails OS on a USB that you can store safely and configure it when done to NOT store ANY ssh information as persistent.
Step 3: Set the Tails password to the password of your everyday normal laptop. (Whaaaaaat? Yea I know. Bear with me though, you'll see.)
Step 4: Find a hosting provider you like who accepts XMR.
Step 5: Get yourself some XMR.
Step 6: Use said XMR to set up a server, connect using Tails and ssh, then store every darknet username and password on this machine within an encrypted partition.
Step 7: Write down the password for the server within your Tails persistent drive, but do NOT write down the IP address used.
Step 8: Memorize the IP address. This can be accomplished by writing down the IP initially, then grabbing hold of your USB and gripping it hard. While gripping it you'll notice that if you think aloud in your head the number, and do this for a few days in a row, it will be difficult to remember the exact sequence without gripping it yourself.
Step 9: Write the password for the server on at least three pieces of long lasting something. Send this to your home, to a family member, or anywhere off-site and safe since the password itself is not incriminating.
Step 10: Do all of this from home.
Step 11: ???
Step 12: Profit.

Let's break this down:

Step 1: This is 100000% required. Not an optional step. Setting up an additional router that forces all traffic to go through Tor or not at all does two big things for you. The first being that it completely eliminates the feds ability to correlate "when you're using Tor" because you're always using Tor. The second thing it does it that it means even IF you are completely rooted and fucked to high god on your darknet os that the attacker would then need to bypass your Tor router as well and can't simply just pick out your IP. Again, paranoid. Stay two steps ahead or die for your stupidity.
Step 2: Tails is the preferred weapon of choice over something like a VM or even Whonix in the current age in my honest opinion. The main and real only reason of mine being that once the USB is yanked from the laptop it quickly moves to erase all the RAM (the memory).
Which is what specialized raid police attempt to recover from if you move to shut down your laptop. Don't believe me? Google "cold boot attack" where it's entirely possible to get the password of the machine you're lovingly working with.
Step 3: I know, this one sounds silly. But I'd like you to imagine something for me, as you think about how "you'll never tell the police your password" I'd like you to realize that youare grasping the bigger picture here. Which is the simple fact that they will hold you in a cell for YEARS before they even bring you to court. All because you want to keep your data on lockdown. By making the password the absolute same as your normal OS you therefore have the perfect alibi of the fact that you appear to be doing nothing wrong. More on this later though.
Step 4: Self explanatory.
Step 5: Self explanatory.
Step 6 - 12: This is the true glory of the method. The main idea is that if you are ever arrested for whatever reason there is absolutely nothing on your darknet OS which could ever incriminate you, because it's all on a server somewhere out in the aether. And it is impossible to prove where you SSH'd in from due to the ideal of Tor within Tails.

They also can't prove that you even remember the IP, the only thing they can ask you to do is unlock the laptop. And once you do, there's squat they can do to slap you with. It also comes with the fact that you can access your darknet server from anywhere on earth so long as you kept a copy of that password off-site like I told you.
Implement The Mephistopheles Protocol to the letter, and no man will be able to touch you.
Unless you do something like dox yourself using your own words/actions, which a fair amount of you probably will.

Remember.
Use common sense.
Do not take this game lightly.
And above all, let your fear grip you and make you smarter than all other peers.

>>160956
Sensei sensei, I have a question!
I use windows to actually do stuff with my computer, but I also like using BSD despite the fact that it runs like shit and doesn't help me be productive/creative. What should I do?

I want to play online games but they all have Kernel Level Anticheat I searched for a bit and apparently the runtime that steam provides only interferes with the wine prefix and not the linux kernel is this true?

>>160956
>You cannot escape AI that Windows
en-us_windows_10_iot_enterprise_ltsc_2021_x64_dvd_257ad90f would like to talk to you

Did you know? Vesa's HDR "standards" are actually just erroneous certificates and do not guarantee a certain monitor/TV's ability to display HDR content of any sort

anons who require HDR for things like cinematography should look at individual reviews before deciding on something like a new laptop.

>>160985
kernel level anti-cheat does not work on Linux even if WINE is used, unless the developers have explicitly enabled Linux support


>>160985
anon-san, is using the enterprise image of a failed operating system that doesn't even get stuff like ntsync from Windows 11, even really worth mentioning anymore?

>>160962
>3.Encryption
How secure is encrypting files individually with gpg and storing them on an unencrypted hard drive?

>>160990
>failed operating system
>failed
Do you know what that word means? Also your reply didn't address what the original response was talking about. FAIL

i loev computah

>>160993
argumentum ad numerum, good sir? does this successful operating system of yours have a consistent design language or is it reusing icons from 1998?

>>160998
Well when the argument relies on numbers as a metric then yeah people tend to use argumentum ad numberum, dumbass. Don't you have a prealgebra test to study for?

>>160956
Whaddup everynyan, here's how to use proxies intelligently to counteract fingerprinting/correlation attacks by ISPs, websites, and adtech companies:

The base rule is derived from YTCracker:
>Proxies are like condoms, use them once then switch up on 'em
But because we aren't being actively tracked by a gov't authority, we don't have to deal with carte-blanche persistent monitoring in our threat model. All we need to do is use VPNs to connect to proxies and use said proxies on different software depending on what information is linked to said software...
That was a lot, and I'll explain this after a little set-up.
What we need to do first is find a multi-hop VPN provider that is based outside a PRISM country, takes XMR or cash, and has a free proxy service.

You'll want to connect to servers that are in your home country and get a lot of traffic and select exit servers in countries whose Internet laws are more to your liking with a good amount of traffic as well. You'll want to choose a separate entry server for each separate network your computer connects to but have the same exit server for each VPN connection. Once that's set up, you have your base connection:
[NETWORK 1 [Computer]] -> [ISP1] -> [VPN_ENTRY1] -> [VPN_EXIT]
[NETWORK 2 [Computer]] -> [ISP2] -> [VPN_ENTRY2] -> [VPN_EXIT]

Then you'll want to sprinkle different proxies on every separate piece of software that can take it so you have a third hop and a connection killswitch. If you use UGChromium past version 108 or Librewolf, you can use the FoxyProxy extension (along with all your other useful ones) and throw in whatever proxies you want for communicating with different websites. I have one specifically for Googlel accounts, one for on-line shopping, and a host of others in case something breaks. If you connect to the same account from different proxies, that'll raise some eyebrows and might make signing in harder. Throw separate proxies on your IRC client, your e0mail client, your torrenting software, et cetera. Keep everything separate, use proxy sites (webproxies, invidious) and tempmail, don't use sites that don't have a guest mode, randomize the names and information you give out in general, and you should be fine. Remember: bullshit in, bullshit out. Feed the system garbage and be smart about what, when, and how you're connecting to websites.

Additionally, if you want to look up local events use TOR bridged over snowflake to not have your location tied down to any proxies you might have persistence over.

Please correct me on technical details if you find anything amiss. Thanks.

>>160956
Here's my FUCKING knowledge:
Disable shadow volumes
vssadmin delete shadows /all
That is all :D

What is intel management engine and should i be worried about it?

>>161014
It's pretty much a hardware hypervisor for your entire computer and OS. There are/were security concerns with it, but the chance of you being so important that someone would use it to get into your computer is almost nil

I was hanging out in Pure Land and did not finish everything. I will attempt to finish whatever I listed in the following days.

>>160984
BSD! Now!!! Or you will go to hell (Interpol custody)!!!

>>160985
Too bad. If you really have to - keep no information on that Windows and cripple their AI. It is your choice. Also that IoT version seems to not having as the guy mentioned.

>>160991
They are like encrypted containers. They should be fine as long as you know how to pick a password. A retardproof method is to encrypt the whole drive though. Use keys wherever possible, or pick password according to what I said. If my paranoia does not make me look into proper password creation deeper then probably there is nothing else to discover.

>>160995
YAY YAY

>>161014
Not yet I think. Stock up on old motherboards and old processors. AMD does not have it up until 2013 I think.

>>160983
This is very good I approve, lovely

>>160979
>>160983
>>161001

Incredible guides!

I will save these and make sure to follow as many steps as possible in the future.
My first step is going to be figuring out how to compiling/building programs instead of blindly downloading.
It's all very complicated, why must our government fight us so much? Why are they our greatest enemy?
For my contribution.
Did you know Ruffle accepts code executions? This means you can run a script to have it open flashes. I have a script on my pc that plays looping flashes for 30 seconds then closes and opens another looping through the whole folder.

>>161047
>My first step is going to be figuring out how to compiling/building programs instead of blindly downloading.
This isn't as big of a problem as you think, especially when most of what you use is reputable software. Regardless, if you don't know how to audit code for malware, then compiling it yourself doesn't do much for non-trivial programs

>>161047
My first step is going to be figuring out how to compiling/building programs instead of blindly downloading.

git clone http://program.git
cd program
mkdir build
cd build
cmake ../
make
make install

>>161052
I guess the idea is that hypothetically there could be malware in the official binaries but the source code is clean so people don't call them out on it like the librewolf binary from the aur.

>>161014
Intel ME doesn't really matter unless you're enemy #1 of israel.

>>160961
>5. Enjoy freedom. Do not install proprietary software under no circumstances to make sure you are as safe and as free as possible.
what is this Richard Stallmann retard nonsense?
do you have a FLOSS alternative to Steam and DaVinci Resolve? "under no circumstances" means just not using a computer, you know that, right? not even Javascript from online pages.

>>161094
Not rabbitfield but it's not impossible, If I didn't need nvidia drivers then I'd be using 100% free software so I guess I'm stuck at 99%. A FOSS alternative to steam would be your distros package manager ;)

steam is an ass garbage infologger anyways and you should be ashamed for still using it
pirate everything

>>161098
Package managers intrinsically suck at being functional to begin with, you want someone to depend on it for videogames too? (Let alone the fact that there are no games on any repo, besides, like, 0ad, whoever plays that shit...)
>>161108
I reckon you're a 4chan refugee?

>>161108
>I reckon you're a 4chan refugee?
you're not?

>>161114
>I reckon you're a 4chan refugee?
you know he's right. pirate everything.

>>161114
gzdoom, darkplaces/quakespasm, eduke32, blood, devilutionx, xonotic, openarena. What else would you need? Also imagine paying for games lmao

>>161120
>What else would you need?
Actual games and not shitty arena shooters with dead community servers (no I don't care about your West European/NA server with 15 players on it every Friday night, this does not constitute an active videogame).
Staring at paint dry for 5 hours is preferable to three seconds of Doom/Quake.

>>161094
It is correct I overgeneralized. I think anything is safe if you run it in a contamination system with internet filters and separate everything. It is only important to prevent cross contamination.

I for example have nothing that is not open source because that is my wish. And I have a basic windows machine where everything is as clean as possible and there is no data of mine besides absolute minimum.

>>161146
>>161151
Watching paint dry for 5 hours is very intense on acid.

My wall was a pond with peaceful but moving water and I would dip my fingers into it but they would not get wet, nor would it make any wave.

It was full of colorful ghost fish who were mostly opaque but their spines. Their spines looked like tiny colorful chains and parts of them would disappear and appear. The fish would always disappear if I moved my eyes, it was very intense!!!

>>161165
>Watching paint dry for 5 hours is very intense on acid.
now imagine Doom/Quake on acid.

>>161055
>make
True hackers use make for everything. I forgot who said that (´人｀)
>>161098
Yes, but do you actually do anything with your computer? Besides use it as a file storage and web browser exclusive box
>>161108
if your friends wont install Hamachi for you then can you really call them "friends"?
>>161146
>Staring at paint dry for 5 hours is preferable to three seconds of Doom/Quake
Holy shit this killed your argument FAST

>>161167
I will try it when my tolerance goes down and report back

>>161170
>friends
failed heyuri user

>>161179
Heyurizens can have friends. Heyurizens probably have a few friends but actual friends. Unlike most regular people who say they got 100 friends but none of their "friends" would care if they died.

Value your few friends, please don't shame heyurizens for having friends.

Reminds me of an eternal conflict in polish chans where they discuss what characteristics bar you from ever being able to legally call yourself an anon as there was a schism over a decade ago (because I say so) where some decided that being an anon has a strict code, while others believed that "anon means anonymous" and these people make it unreasonably strict.

Some people say it is a necessary standard, and some call it "cult of fail". The amount of friends is also regulated by the "bushido of fail" but it still depends on who you ask. Most consider like 2 friends from high school a legal limit while some say that 0 is non negotiable.

Cult of fail leads to less options in life in the name of an ideology born from chronic chan use. Life is not over and to be given up on once we first discover chans. It is worth nothing to drop all contacts for that "purity". It is infinitely harder to make friends as an adult and giving up on any links with regular life (as your few friends probably could reintroduce you to the society) is of no benefit.

May we value whomever we have left and enjoy heyuri at the same time.

Obnoxious retards are the problem, not people with friends. Obnoxious retards come in all forms. Not only as people with friends and people with friends are not always obnoxious retards.

I bless you. I liek this song.

>>161192
Oh now it makes me think that this song may be taken as an insult. I did not mean that. I simply like this mp4.

>>161192
that video is nostalgia bait garbage. You might as well post antonympho while you're at it

>>161192
you are taking "lol, heyurians are internet addict losers with no frends" way too seriously.
>obnoxious retards
the post you just wrote was obnoxious.

>>161146
>Staring at paint dry for 5 hours is preferable to three seconds of Doom/Quake
Well, would you like the share with the class what games do you play then?

>>161170
You mean HEYURI exclusive box No, other than doom and dosbox and compiling software occasionally.

>>161231
>you are taking "lol, heyurians are internet addict losers with no frends" way too seriously.
I'm really curious as to how you came off with that, the post you linked was openly warning people against being a constantly online loser just for the sake of fitting in online and encouraging people to maintain their IRL friendships.

>>161239
>I'm really curious as to how you came off with that
<Heyurizens can have friends. Heyurizens probably have a few friends but actual friends. Unlike most regular people who say they got 100 friends but none of their "friends" would care if they died.

<Value your few friends, please don't shame heyurizens for having friends.

>was openly warning people against being a constantly online loser just for the sake of fitting in online
and what prompted him to say that? i doubt there's people that actually read something like >>161179 or similar and thinks they should lose some friends LOL

it is still good advice, obviously. let's not derail this thread with a pointless discussion.

as the poster of that other message i decided to completely ignore that post due to it assuming too much, such as i'm just trying to fit in online and not because i have actual chronic issues with sociality, including online, with him becoming one of the obnoxious retards through that post
friends aren't compatible with everybody, especially people like me who've made their standards too high due to retard fatigue. i know i'd be more happier by myself at this rate

>>161253
mucho texto unimporto