The Nihilism Opsec Blog
Previous Page

Operational Security: Privacy, Anonymity and Deniability

Tutorials to show how to achieve Privacy, Anonymity and Deniability online. I have a quality standard as to how i do these tutorials, if there are any improvements i can do on them please let me know.

SHOWCASED ARTICLE: Learn how to audit your own setup, to determine your Operational Security (OPSEC) Level, and find out what is the most appropriate internet use for it.


Articles Status:

  1. ⭐: Personal Favorite
  2. ✅: Completed
  3. 🚧: Work in progress
  4. ❌: Not started yet (can be brainstormed on their assigned Forgejo issues here)

⚠️ This Blog is open to contributions:

If you want to contribute, check out the Forgejo repository for contributions (along with the guidelines) here, check out the project board here to know the status of which tutorial being assigned to whom. (i'm rewarding 10 to 50 euros in monero per new complete blogpost, as advertised on Xmrbazaar). if the blogpost you want to contribute is not listed below, contact me directly so that I can validate your blogpost idea beforehand. For a step-by-step tutorial on how to contribute, please check out this tutorial.

OPSEC Introduction

📝 Explaining Concepts

  1. ❌ The State is the Enemy
  2. ❌ The Individual reigns Supreme, no matter what the State says.
  3. a Nihilist's Manifesto
  4. Privacy, Anonymity, Plausible Deniability, Decentralisation, Security, and 0days
  5. Governments, Centralisation, and Law Enforcement
  6. Governments fear Decentralisation and Anonymity
  7. ❌ What is my Attack surface ?

📝 Explaining OPSEC ⭐

  1. Audit your OPSEC and determine the appropriate internet use
  2. 🚧 Internet usage segmentation (QEMU VMs + Identity Management)
  3. OPSEC: Using the right Technology and Behavior
  4. How to maintain multiple Identities Online
  5. ❌ Public Chats / Private Chats / Anonymous Chats / Deniable Chats
  6. ❌ 10 Things you must do if you are pro-freedom

OPSEC LEVEL 1: Privacy

📝 Explaining Privacy

  1. What is Privacy ? Why is it important ?
  2. Why can't I trust closed-source software for Privacy?
  3. The lack of Open Source Hardware (CPUs, Motherboards, GPUs)
  4. Why can't I trust Server-side Encryption ?
  5. ❌ Cloudflare : The world's largest Man in the Middle
  6. ❌ Why is metadata detrimental to my privacy ?

💻 Getting started

  1. How to have Privacy on your Computer (Kicksecure) ⭐
  2. How to have Privacy on your Phone (GrapheneOS)
  3. ❌ How to have Privacy on your Router (Openwrt)
  4. 🚧 Easy Private Chats - SimpleX
  5. How to setup Qubes OS

💻 File Sharing

  1. One on One large file sharing (Syncthing over VPN)
  2. P2P large file sharing (Torrents over VPN)

💻 Maintaining Privacy

  1. ❌ How to use Linux - The essentials
  2. How to compile open source software + How to verify software integrity
  3. How to Virtualize Machines (QEMU/KVM Hypervisor)
  4. 🚧 Password Management 101 (How to use Keepass)
  5. Private Messaging (PGP encryption)
  6. How to navigate Qubes OS

💻 Privacy from your ISP

  1. How to get privacy from your ISP using a VPN inside a VM
  2. 🚧 How to Route VMs traffic through a VPN on the Host OS
  3. ❌ How to route your entire network through a VPN on the Router
  4. ❌ How to route your entire network through XRay on the Router

💻 Monitoring that your Privacy is intact

  1. ❌ Physical surveillance of your devices
  2. ❌ Anti-tampering measures for your devices
  3. ❌ Network intrusion detection and surveillance
  4. ❌ Operating System intrusion detection and Integrity checks

⚠️ Miscellaneous - In real life

  1. ❌ How to hide the contents of a mail package

OPSEC LEVEL 2: Anonymity

📝 Explaining Anonymity

  1. What is Anonymity ? Why is it Important ?
  2. Why isn't Privacy enough for Anonymous use ?
  3. Phone Numbers are incompatible with Anonymity
  4. ❌ Why is metadata detrimental to Anonymity ?
  5. The main source of Anonymity: The Tor Network
  6. 🚧 How to use Tor Safely: (Tor + VPN combinations)
  7. Why is the Darknet superior to the Clearnet ?
  8. How to explore the Darknet? (Visibility and Discoverability)
  9. How to run your own Darknet Lantern for Visibility and Discoverability
  10. ❌ When should I use I2P instead of Tor ?

💻 Clientside Anonymity (⚠️ Check if your ISP allows Tor or Not!)

  1. ❌ How to obtain Internet access anonymously
  2. VMs for Long-term Anonymity (Whonix QEMU VMs)
  3. Tor Web Browser Setup (on Desktop and Mobile)
  4. How to Anonymously access websites that block Tor
  5. How to Anonymous access websites that block Tor and VPNs
  6. 🚧 Easy Anonymous Chats - SimpleX (and onion-only servers)
  7. How to Receive Anonymous SMSes (Remote SMSes as a Service)
  8. How to Get an Email Account Anonymously (Emails as a Service)

💻 Clientside - Censorship Evasion

  1. How to access Tor when it is being blocked, using VPNs
  2. ❌ How to temporarily access Tor when VPNs are blocked, using Tor bridges
  3. 🚧 How to access Tor when VPNs are blocked, using v2ray

💻 Clientside - Fingerprinting Protection

  1. Stylometry protection (Running a Local LLM and copy pasting messages)
  2. ❌ How to protect against fingerprinting (persona, text, files)

💻 File Sharing

  1. How to send small files Anonymously (Onionshare)
  2. How to send large files using Syncthing over Tor
  3. P2P large file sharing (Torrents over i2p?)

💻 Clientside - Decentralized Finances ⭐

  1. Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
  2. How to setup a Monero Wallet
  3. Why can't I trust Centralised Exchanges, and random Monero nodes ?
  4. ❌ How to get your first Monero ? (xmrbazaar.com, crypto swaps, p2p chats, or work)
  5. Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  6. Haveno DEX Dispute resolution (Fiat -> XMR)
  7. Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. Haveno DEX Cash By Mail -> XMR transaction ⭐
  9. ❌ Convert Monero into other Cryptos Anonymously (XMR -> BTC w/ BasicSwap DEX)
  10. How to get a credit card anonymously (Credit cards as a service)
  11. Monero Inheritence Management (VaultWarden Emergency Contacts)

🧅 Serverside - Contributing to Anonymity

  1. 🚧 Tor Node
  2. Tor Bridge Node
  3. Tor Exit Node
  4. Monero Node
  5. Monero Mining with p2pool (help validate the network)
  6. Haveno Seed Node
  7. ❌ Haveno DEX Network

🧅 Serverside - Anonymous Hidden Services

  1. Where to host Anonymous Hidden Services ?
  2. How to rent remote servers anonymously (Cloud resellers) ⭐
  3. Hidden Service with custom .onion domain Vanity V3 address
  4. ❌ How to Verify one's Identity while maintaining Anonymity using PGP canaries ?
  5. Forgejo .onion Setup (Anonymous Code Repositories and Collaboration)
  6. Nextcloud .onion Setup (Anonymous File Hosting)
  7. ❌ How to setup Nerostr (Nostr blogging)
  8. ❌ How to monitor your servers Anonymously


🧅 Serverside - Anonymous Clearnet Services

  1. Where to host Anonymous Clearnet Services ?
  2. How to rent Clearnet domains anonymously (Registrar resellers) ⭐
  3. Remote anonymous access setup (SSH through tor)
  4. 🚧 Clearnet Bind9 DNS server setup (with DNSSEC)
  5. Anonymous (remote or self-hosted) Clearnet Mail Server ⭐


⚠️ Miscellaneous - In real life

  1. ❌ How to send a mail package anonymously
  2. ❌ How to recieve a mail package anonymously
  3. How to remain Anonymous during a protest



OPSEC LEVEL 3: Deniability

📝 Explaining Plausible Deniability

  1. What is Plausible Deniability ? Why is it Important ?
  2. Why isn't Anonymity enough for Sensitive use ?

💻 Clientside - Getting Started

  1. Tails OS for Easy Temporary Sensitive Use
  2. 🚧 Using the Host-OS in live-mode to enable Sensitive Use
  3. 🚧 The main source of Plausible Deniability: Deniable Encryption
  4. 🚧 Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐
  5. 🚧 Plausibly Deniable Critical Data Backups

💻 Steganography - Hiding secrets in plain sight

  1. Other sources of Plausible Deniability: Steganography Introduction
  2. Hiding files in images with Steghide
  3. Hiding entire zipfiles into videofiles files (zulucrypt)

💻 Decentralised Finances

  1. ❌ Where to hide your Monero Wealth ?
  2. ❌ How to Cash out your crypto gains (Fiat income limits, and justifications)

🧅 Serverside - Plausible Deniability at Home (⚠️ Self Hosting = Risky!)

  1. ❌ Host OS WAN Failover Configuration
  2. Electrical Failover (basic UPS setup)
  3. ❌ Isolating on-premise hidden services (VM-based restrictive networking)
  4. 🚧 Deniable Encryption Protection Automation

🧅 Serverside - Remote Plausible Deniability (⚠️ Remote Hosting = Safer!)

  1. 🚧 Sensitive Services: Self-Host or Host Remotely ?
  2. When the Adversary is the cloud provider himself
  3. ❌ Sensitive remote servers organisation
  4. ✅ Anonymous Servers Monitoring
  5. ❌ Protecting against cold boot attacks, encrypting RAM with no Hardware access
  6. ❌ System Intrusion / Integrity monitoring (kernel modules, binary files, unwanted processes, hardware changes)
  7. ❌ Anti-tampering custom Linux OS (debian-based)
  8. ❌ Obtaining a non-KYC dedicated server, with a custom OS
  9. ❌ Intrusion detection on remote servers

🧅 Serverside - High Availability for Deniability (⚠️ Remote Hosting = Safer!)

  1. Why is High Availability Important for Deniability ?
  2. How to setup a basic NGINX / PHP / MySQL app
  3. How to setup a MySQL Master-Master replication over Tor
  4. OnionBalance for .onion domains load balancing
  5. 🚧 Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐

⚠️ Miscellaneous - In real life

  1. ❌ When protests go wrong - SimpleX Disappearing Messages



Contributing to the Project

  1. ❌ How to become a Moderator
  2. How to become a Contributor
  3. The Quality Standard
  4. How to become a Maintainer
  5. ❌ How to become an Administrator
  6. How to run the blog yourself

Inspirations

  1. The Hitchhiker's guide to Anonymity (the entire opsec category was inspired from this awesome guide, check them out!)
  2. Hack Liberty Resources

Non-KYC VPS providers



Current services used:

  1. ServersGuru (KYC-Free reseller of cloud providers like Hetzner)
  2. nicevps.net (KYC-Free registrar)

Previous services:

  1. Incognet (both registrar and cloud provider) warning: they suck at handling support tickets
  2. Hostiko (cloud provider)
  3. Other Non-KYC Cloud Providers



LEGAL DISCLAIMER: 
Across the entirety of my blog, in all articles that I made, I advocate for the legal use of technologies, even when I am talking about Privacy-enhancing and Anonymity-enabling technologies. In no way am I advocating for any illegal use of any technology showcased in any article on my blog. as the goal of this blog is to remain stricly informative and educative.


I decline any and all responsibility for any mis-use of any of the technology i showcase in the entirety of my blog. I also decline any and all responsibility for any physical, digital and psychological damage caused by the mis-use of any showcased technology, as the responsibility of such acts remains with the perpretating third-party. By reading this blog, you permanently, irrevocably and world-widely agree that I am in no way am responsible for any illegal action done by you or anyone that uses any of the showcased technology in my blog articles.

Nihilism

Until there is Nothing left.



Creative Commons Zero: No Rights Reserved

My Links

RSS Feed
SimpleX Chatrooms

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8