In this tutorial we're going to cover how to properly segment your internet usage. This is the most common opsec practice that you should always use. We're going to base ourselves off from the pyramid of internet use that we have seen previously, to be able to replicate each of the 4 OPSEC levels into our current setup:
The most common OPSEC mistake out there is the lack of internet usage segmentation. Most people don't have this reflex when they first discover Anonymity and Privacy online. Thing is, it is not possible to be fully anonymous for everything that you do online, there will always be some service that is vital to you, which you will need to access with your real world identity (for example, to access your bank account, or some insurance website, etc). However it is definitely possible to implement proper internet usage segmentation:
In this case we're going to differentiate 4 types of Internet usage:
Internet Uses:
Public use: What you do is public knowledge
Private use: What you do is not meant to be known (private)
Anonymous use: What you do is meant to be done without revealing your identity
Sensitive use: What you do is meant to remain secret at all cost, only to be known by you
With each different Internet usage, we have different requirements:
Requirements:
Public use: No requirement ; you can use closed source software (meaning it's all public)
Private use: only open source software, + you use a pseudonym, to practice privacy
Anonymous use: open source, using a false identity to practice anonymity, not sensitive
Sensitive use: open source, using an other false identity and must be plausibly deniable
Now with this we identified the 4 most typical internet use cases, and their requirements.
As we said previously, segmentation is required for each internet use. This extends to the Identity you use online. For example you cannot use your real name when trying to use the internet anonymously. So you need a different identity for each use case:
Different Identities:
Public Identity: Linus Torvalds (used on websites that ask for your identity)
Private Identity: Nihilist (used on websites that may KYC, but pseudonym is preferred)
Anonymous Identity: ZacharyJr (used on anonymous websites, non-sensitive use)
Sensitive Identity: Dread Pirate Roberts (used on anonymous websites, sensitive use)
The important thing here is that you must make sure that each identity have nothing in common, it must always remain impossible for and adversary to be able to link those identities together.
To help you implement your internet usage segmentation, you can use VMs to make sure the segmentation is present inside the system:
Virtual Machines:
Public use: No requirement ; you can use a windows VM for all closed source software and KYC use
Private use: you can use a Debian VM, with only open source software (ex:matrix and element)
Anonymous use: you can use Whonix VMs, (can also have a with a Tor -> VPN setup)
Sensitive use: You can use Whonix VMs, but they need to be inside a veracrypt hidden volume
Sidenote: QubesOS is based off the same segmentation principle, that every use must remain isolated (or compartmentalized) into VMs, for specific uses. It also uses Linux and Whonix VMs, while using the Xen hypervisor instead of libvirtd QEMU/KVM, but the concept remains the same.
Now with this setup, one can segment their Internet use with a system implementation (VMs) along with the associated Identities for each usecase.
For further details on how to dissect your OPSEC, check out this tutorial here, because using the right technologies is only the first half of the work, you also need to have the correct behavior while using them.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)