Previous Page

OPSEC: Privacy, Anonymity and Plausible Deniability

Tutorials to show how to achieve Privacy, Anonymity and Plausible Deniability online. I have a quality standard as to how i do these tutorials, if there are any improvements i can do on them please let me know.

SHOWCASED ARTICLE: Learn how to audit your own setup, to determine your Operational Security (OPSEC) Level, and find out what is the most appropriate internet use for it.


Articles Status:

  1. ⭐: Personal Favorite
  2. βœ…: Completed
  3. 🟠: Work in progress
  4. ❌: Not started yet

⚠️ This Blog is open to contributions:

If you want to contribute, check out the gitea repository for contributions here. (i'm rewarding 10 to 50 euros in monero per new complete blogpost), if the blogpost you want to contribute is not listed below, validate your blogpost idea with me beforehand.

OPSEC LEVEL 2: Anonymity

πŸ“ Explaining Anonymity

  1. βœ… What is Anonymity ? Why is it Important ?
  2. βœ… Why isn't Privacy enough for Anonymous use ?
  3. βœ… The main source of Anonymity: The Tor Network
  4. βœ… Using Tor Safely: Tor through VPN or VPN through Tor ?
  5. 🟠 Phone Numbers are incompatible with Anonymity
  6. ❌ How to protect against fingerprinting (persona, text, files)
  7. ❌ How to run a local LLM to change your writing style (and it's use in whonix VM)

πŸ’» Clientside - Getting Started (⚠️ Check if your ISP allows Tor or Not!)

  1. ❌ How to setup and navigate Qubes OS
  2. βœ… Tor Web Browser setup
  3. βœ… How to use the Tor Browser on Mobile
  4. βœ… Tails OS QEMU VM for Temporary Anonymity
  5. βœ… VMs for Long-term Anonymity (Whonix QEMU VMs)
  6. ❌ How to Anonymously access websites that block Tor

πŸ’» Clientside - Censorship Evasion

  1. βœ… How to access Tor when it is being blocked, using VPNs
  2. ❌ How to temporarily access Tor when VPNs are blocked, using Tor bridges
  3. ❌ How to access Tor when VPNs are blocked, using VPSes (SSH port forwarding / OpenVPN port sharing)
  4. ❌ How to access Tor when you are in Russia or China using v2ray (vmess / vless)

πŸ’» File Sharing

  1. ❌ How to send small files Anonymously (Onionshare)
  2. ❌ One on One large file sharing (Syncthing over Tor)
  3. ❌ P2P large file sharing (Torrents over i2p or Tor)

πŸ’» Clientside - Decentralized Finances ⭐

  1. βœ… Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
  2. 🟠 How to setup your Monero Wallet
  3. βœ… Why can't I trust Centralised Exchanges, and random Monero nodes ?
  4. ❌ How to get your first Monero ? (xmrbazaar.com, crypto swaps, p2p chats)
  5. ❌ Monero Inheritence Management
  6. 🟠 Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  7. βœ… Haveno DEX Dispute resolution (Fiat -> XMR)
  8. βœ… Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  9. βœ… Haveno DEX Cash By Mail -> XMR transaction ⭐
  10. ❌ Convert Monero into other Cryptos Anonymously (XMR -> BTC Atomic Swaps DEX)
  11. ❌ Monero Inheritence Management

πŸ’» Clientside - Making use of Anonymity (Non-KYC Providers)

  1. ❌ How to get a mail account anonymously (Mails as a service)
  2. ❌ How to get a phone number anonymously (Remote SMSes as a service)
  3. ❌ How to get a credit card anonymously (Credit cards as a service)
  4. ❌ How to get a residential proxies anonymously

πŸ§… Serverside - Contributing to Anonymity

  1. βœ… Tor Bridge Node
  2. βœ… Tor Node
  3. βœ… Tor Exit Node
  4. βœ… Monero Node
  5. βœ… Monero Mining with p2pool (help validate the network)
  6. ❌ Haveno Seed Node
  7. ❌ Haveno DEX Network

πŸ§… Serverside - Anonymous Hidden Services

  1. βœ… Where to host Anonymous Hidden Services ?
  2. βœ… Hidden Service with custom .onion Vanity V3 address
  3. ❌ Basic Webserver setup (NGINX / PHP / MYSQL)
  4. ❌ Minimalistic MoneroSSO .onion setup
  5. βœ… XMPP Chat Server Setup (Clearnet + Onion + OMEMO E2EE)
  6. ❌ Gitea .onion setup (Code repositories)
  7. ❌ Nextcloud .onion setup (cloud storage)
  8. ❌ Mastodon .onion setup (Microblogging)
  9. ❌ Discourse .onion setup (Forums)
  10. ❌ How to setup Nerostr (Nostr blogging)


πŸ§… Serverside - Anonymous Clearnet Services

  1. βœ… Where to host Anonymous Clearnet Services ?
  2. βœ… How to rent remote servers anonymously (Cloud resellers) ⭐
  3. βœ… How to rent remote domains anonymously (Registrar resellers) ⭐
  4. βœ… Remote anonymous access setup (cockpit + ssh through tor)
  5. βœ… Clearnet Bind9 DNS server setup (with DNSSEC)
  6. βœ… Clearnet Matrix server (federated clearnet chatting)
  7. βœ… Anonymous (remote or self-hosted) clearnet Mail Server ⭐


⚠️ Miscellaneous - In real life

  1. ❌ How to send a mail package anonymously
  2. ❌ How to recieve a mail package anonymously
  3. ❌ How to remain Anonymous during a protest



OPSEC LEVEL 3: Plausible Deniability

πŸ“ Explaining Plausible Deniability

  1. βœ… What is Plausible Deniability ? Why is it Important ?
  2. βœ… Why Anonymity isn’t enough for Sensitive use ?
  3. 🟠 Sensitive Services: Self-Host or Host Remotely ?

πŸ’» Clientside - Getting Started

  1. βœ… The main source of Plausible Deniability: Veracrypt Hidden Partitions
  2. 🟠 Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐
  3. 🟠 Plausibly Deniable Critical Data Backups

πŸ’» Steganography - Hiding secrets in plain sight

  1. ❌ Other sources of Plausible Deniability: Steganography Introduction
  2. ❌ Hiding textfiles into images
  3. βœ… Hiding entire zipfiles into videofiles files (zulucrypt)

πŸ’» Decentralised Finances

  1. ❌ How to Cash out your crypto gains (Fiat income limits, and justifications)

πŸ§… Serverside - Plausible Deniability at Home (⚠️ Self Hosting = Risky!)

  1. βœ… Open source router VM setup (pfsense on QEMU/KVM)
  2. βœ… Electrical Failover (basic UPS setup)
  3. βœ… Internet Failover (Dual WAN pfsense setup)
  4. ❌ Deniable Encryption Protection (emergency shutdown script, shortcut, + systemd service)
  5. βœ… Automating Deniable Encryption Protection (USB Changes, detecting movements, and SSH bruteforce attempts)
  6. βœ… Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐

πŸ§… Serverside - Remote Plausible Deniability (⚠️ Remote Hosting = Safer!)

  1. ❌ When the Adversary is the cloud provider himself
  2. ❌ Protecting against cold boot attacks, with RAM encryption (no hardware access!)
  3. ❌ System Intrusion / Integrity monitoring (kernel modules, binary files, unwanted processes, hardwre changes)
  4. ❌ Custom Linux OS making (debian-based)
  5. ❌ Obtaining a non-KYC dedicated server, with a custom OS
  6. ❌ Intrusion detection on remote servers



Inspirations

  1. Hack Liberty Resources
  2. Privacy Guides
  3. Simplified Privacy
  4. The Hitchhiker's guide to Anonymity


Non-KYC VPS providers



Current services used:

  1. ServersGuru (KYC-Free reseller of cloud providers like Hetzner)
  2. nicevps.net (KYC-Free registrar)

Previous services:

  1. Incognet (both registrar and cloud provider)
  2. Hostiko (cloud provider)
  3. Other Non-KYC Cloud Providers



LEGAL DISCLAIMER: 
Across the entirety of my blog, in all articles that I made, I advocate for the legal use of technologies, even when I am talking about Privacy-enhancing and Anonymity-enabling technologies. In no way am I advocating for any illegal use of any technology showcased in any article on my blog. as the goal of this blog is to remain stricly informative and educative.


I decline any and all responsibility for any mis-use of any of the technology i showcase in the entirety of my blog. I also decline any and all responsibility for any physical, digital and psychological damage caused by the mis-use of any showcased technology, as the responsibility of such acts remains with the perpretating third-party. By reading this blog, you permanently, irrevocably and world-widely agree that I am in no way am responsible for any illegal action done by you or anyone that uses any of the showcased technology in my blog articles.

Nihilism

Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)