OPSEC, or Operational Security, is a process aimed at identifying if your actions can be observed by an adversary. In this context, how good your OPSEC is, determines the level of your privacy and anonymity.
By default, if you're not careful with the technology you use, your very ability to have privacy and anonymity is not possible. And if your behavior isn't strictly controlled to protect your anonymity while using those technologies, that can also compromise both privacy and anonymity.
If you wish to have Privacy and Anonymity online, you need to use the correct technologies, and to have the correct behavior when using them.
The first and foremost step when you wish to protect your OPSEC, is to use the correct technologies that will let you have Privacy (lack of surveillance), and Anonymity (lack of identification). Be sure of one thing; You will never have privacy, nor anonymity until you use the right technologies.
We're going to cover 6 scenarios into which Bob tries to be anonymous online, as you will see, Bob's level of privacy and anonymity will vary greatly, based on what technologies he uses to access and use his account on nowhere.com
Scenario 1: Closed source software, and no protection
Technology used:Host OS: Windows (closed source)
Web Browser: google chrome (closed source)
Internet Connection: direct connection via his Internet service provider
Bob uses his windows OS to open his web browser
Bob uses the google chrome web browser to access nowhere.com
Bob goes on nowhere.com and creates an account
Bob logs on his account and posts a comment
Microsoft is aware of everything that Bob did with his windows OS
Google is aware of everything that Bob did with his chrome web browser
Bob's ISP is aware that Bob went on nowhere.com
the nowhere.com admins sees that Bob's home IP address logged into the account and posted a comment
Summary: Bob posted a comment on nowhere.com and Microsoft; Google; his ISP; and the nowhere.com admins are all aware that it is Bob that did it. Bob has no privacy, and no anonymity whatsoever.
Scenario 2: Closed source software, and using a VPN
Technology used:Host OS: Windows (closed source)
Web Browser: google chrome (closed source)
Internet Connection: using a VPN
Bob uses his windows OS to open his vpn connection
Bob, once connected via his VPN, opens his google chrome web browser
Bob uses the google chrome web browser to access nowhere.com
Bob goes on nowhere.com and creates an account
Bob logs on his account and posts a comment
Microsoft is aware of everything that Bob did with his windows OS
Google is aware of everything that Bob did with his chrome web browser
Bob's ISP is only aware that Bob connected to his VPN provider.
the VPN provider sees that Bob's home IP address connected to the service, and that Bob connected to nowhere.com
the nowhere.com admins sees that the VPN IP address logged into the account and posted a comment
Summary: Bob posted a comment on nowhere.com and Microsoft and Google are aware that it is Bob that did it, the VPN provider knows that Bob connected to nowhere.com, and the nowhere.com admins see that a VPN IP logged on the account and posted the comment. Bob has only managed to gain privacy from his ISP, but he has only shifted the issue to his VPN provider. Bob still has no privacy, and no anonymity whatsoever.
Scenario 3: Open source software, and a VPN
Technology used:Host OS: Linux (open source)
Web Browser: firefox (open source)
Internet Connection: using a VPN
Bob uses his debian OS to open his vpn connection
Bob, once connected via his VPN, opens his firefox web browser
Bob uses the firefox web browser to access nowhere.com
Bob goes on nowhere.com and creates an account
Bob logs on his account and posts a comment
Only Bob can know what he did with his linux OS
Only Bob can know what he did with his firefox web browser
Bob's ISP is only aware that Bob connected to his VPN provider.
the VPN provider sees that Bob's home IP address connected to the service, and that Bob connected to nowhere.com
the nowhere.com admins sees that the VPN IP address logged into the account and posted a comment
Summary: Bob posted a comment on nowhere.com, his VPN provider knows that he connected to nowhere.com, and the nowhere.com admins are aware that someone used a VPN to do it. Bob has managed to gain privacy from his ISP, but also from the companies that spied on him while he was using closed source software (microsoft and google in this case), however Bob is still being spied on by his VPN provider, and he has no anonymity whatsoever.
Scenario 4: Open source software, and Tor
Technology used:Host OS: Linux (open source)
Web Browser: Tor browser (open source)
Internet Connection: direct via ISP
Bob uses his debian OS to open his tor web browser
Bob uses the tor web browser to access nowhere.com
Bob goes on nowhere.com and creates an account
Bob logs on his account and posts a comment
Only Bob can know what he did with his linux OS
Only Bob can know what he did with his tor web browser
Bob's ISP is only aware that Bob used Tor.
The tor entry node sees that Bob's home IP has connected, but cant tell where he tried to connect.
The tor middle node doesn't know who's connecting, nor where it's connecting.
The tor exit node doesn't know who's connecting, but knows that the traffic is going to nowhere.com (There is a very low chance that all 3 tor nodes (entry, middle and exit) collaborate to see that Bob's home IP address connected to nowhere.com)
the nowhere.com admins sees that a Tor exit node IP has logged into the account and posted a comment
Summary: Bob posted a comment on nowhere.com, and there is only a very low chance that an adversary knows that he connected to nowhere.com, and the nowhere.com admins are only aware that someone used Tor to do it. Bob has managed to gain privacy, and has posted the comment anonymously. Bob's ISP knows that he used tor, but he doesn't know what he did with it. the nowhere.com admins know that someone used tor to post a comment, but they don't know who did it.
Now, you are Bob, and you have decided that you would maintain your anonymity online for your use of nowhere.com as detailed in scenario 6 above: you use open source technology, and you use the tor browser.
You have implemented all the correct technologies as explained above and you have created your account on nowhere.com anonymously.
But still, you may deanonymize yourself by having the wrong behavior with your actions!
Scenario 1: Self-Identification
Situation: Bob has an account on nowhere.com
Bob registered his account via Tor on nowhere.com
Bob mentioned his real life name into the information of his account
Bob mentioned where he lived on the account information too.
Summary: Bob deanonymized himself by his actions, despite using the correct technology. He identified himself (or KYC'd himself) on nowhere.com
Scenario 2: Pseudonymity
Situation: Bob has an account on nowhere.com
Bob registered his account via Tor on nowhere.com
Bob uses a pseudonym into the information of his account
Bob mentionned that his pseudonym lived in wonderland.
Summary: Bob used the right technology, and then on the website he uses a pseudonym, and mentioned random useless information about his pseudonym. For now his anonymity is preserved.
Scenario 3: When pseudonymity goes wrong
Situation: Bob has an account on nowhere.com
Bob registered his account via Tor on nowhere.com
Bob uses a pseudonym into the information of his account
Bob used this account to talk into many conversations over the years, and has built up a big reputation.
Bob is drunk one night, and accidentally mentioned his real life name online.
Summary: Bob used the right technology, and then on the website he used a pseudonym successfully for a few years, his anonymity was preserved all this time up until he got drunk and accidentally revealed who he was. From there, Bob can no longer be anonymous using that pseudonym.
Scenario 4: Anonymity: when reputation doesn't matter
Situation: Bob has an account on nowhere.com
Bob regularly registers accounts via Tor on nowhere.com
Bob enters different random names into the information of his accounts
Bob strictly uses those accounts only for specific purposes.
Bob talks into many conversations over the years, but using different accounts every week/month.
Bob is never drunk when in front of the keyboard, and he is always careful to reveal nothing about his real life identity.
Summary: Bob uses the right technology, and then on the website he preserves his anonymity by never revealing who he is, and by keeping multiple accounts on the same service for specific usecases, and only for limited amounts of time. In this case, Bob maintains anonymity without getting popular.
Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)