Keeping ones self secure online is an art form that requires the right tools and the right mindset. Alongside proper software one should develop appropriate habits... both being utilized in overlapping tiers to avoid suspicion and to fail-safe one another.
Before continuing let us review existing threads found on this forum.
viewtopic.php?f=10&t=1248
viewtopic.php?f=10&t=2312
viewtopic.php?f=10&t=2365
These are absolute bare essentials and this thread aims to distill and consolidate the best information from them as well as offer new solutions. More importantly human habit is difficult to break and so let us look at how we can incorporate these ideas into our lives easily and without the concept appearing as an insurmountable chore.
Envision your online presence as you would your offline life. You have a "light" version of yourself that you interact with people every day using. An unsuspicious individual with good social skills and standing alike. Behind this there is the "dark" version of yourself that these people are not privy to. Your username here on nightops.net... you, the stealthcrafter. To be a complete and total ghost in today's world can be suspicious itself so we must cultivate both to succeed.
THE OBVIOUS
Your "dark" persona should never use your real name, address, phone number or anything else that can possibly be traced back to you. Never. Your "dark" persona cannot in any way be connectable to your "light" persona. Failure to observe this basic precaution is the prelude to disaster. Do not keep information such as passwords saved on devices for any accounts or software your "dark" persona uses.
BROWSERS
To begin, everyone present must access this website through a browser be it on a computer, phone or any other device capable of doing such. This article summarizes available options nicely and explains the issues others will have in protecting your identity:
Code: Select all
https://restoreprivacy.com/browser/secure/
Tor runs your information through its own onion-based Tor network, making you appear to be from multiple locations and makes you nearly untraceable on its own. Your ISP can only detect that you are using such a form of browser and nothing more. Agencies often attempt to downplay the effectiveness of the system by claiming it makes their job easier as you can tell when a user is on it. This is of no concern. Encrypted internet traffic is not evidence and using Tor will give nobody anything to work with against you.
However... Tor is slow and breaks many internet websites forcing you to deal with a barrage of captchas and in some cases complete denial of access. For this reason Tor is best only used for sensitive websites such as this one or any dealing with content that may put you "on a list."
It is recommended that you have a secondary browser available with top security. Any of the other four options listed on the above website will work fine with settings adjusted for security. The important thing is to make sure these are run through a VPN. If you cannot or will not pay for VPN there are free options available.
This second browser is to access anything that is sensitive but for which Tor is unsuitable. One good example of this is watching videos online. You may not wish to have your identity attached to certain things on YouTube or elsewhere in which case viewing via browser routed through a VPN will block their attempts to figure out who you are. For content that needs an account... we will address this later as well.
While it is prudent to use these browsers on a machine exclusive to your "dark" persona, again not everyone will care to do so or perhaps it is beyond their means. In cases like this you will want a third browser. Whichever you did not choose above, select one for your "light" persona. A means to perform "normal" everyday activity expected of your average citizen. Shopping at locations with no suspicious activity, light social networking and other ordinary tasks of the sort. Never, ever mix your browser usage up.
If possible shortcut all three if you are using a computer or have them all readily available should you use a smartphone. This makes using the appropriate browser easy and painless leaving you with no excuse to secure your identity.
VPNs
Code: Select all
https://protonvpn.com
The weak link in a VPN is its own discretion at offering out its traffic information to third parties. For this reason we want only the best, most reputable ones.
Nord VPN is one such reputed VPN. There was a well known breach of it in 2019 but apparently no information was compromised due to the encryption. Nord VPN is a premium VPN and will hence cost you money.
However there is a better alternative... ProtonVPN. This is the most secure public VPN in the world. While the premium version is fast there is also a free version which is just as secure and adequate for your limited fringe browsing needs. The free version comes with no strings attached... it is paid for by subscriptions from premium users and is meant to act as a sort of enticing offer for those who may try it and want to upgrade to full speed. Your choice to upgrade is your own but there is no real need.
Thus, it is recommended you simply go straight to ProtonVPN. Besides, Proton offers one of the best secure email services out there that is loaded with quality features and does not share any of your information to anyone.
Code: Select all
https://protonmail.com
Do not under any circumstances connect your "dark" email to your "light" email in any way. Do not use the other as your backup email to send passwords to. Do not use any similar information on both.
On that note you will likely desire to have a Gmail account to access the wealth of information available on YouTube. Once you have Protonmail established, have downloaded and installed ProtonVPN... run your secure non-Tor browser through it and register a new Gmail account using that. Again, do not mix personas. Register with a unique name and password. If keeping track of names and passwords gets confusing write it down on a small, secret notebook and burn the page once you have memorized everything. Burn the pages below as well if they have been imprinted upon and make sure the ashes are not simply left idle if you want to take extra precaution. Grind them into the ground with your footwear.
Remember to only access these email accounts via secured browser. Protonmail has an onion site allowing for maximum compatibility so there is little reason to use less than Tor to access it. You will likely need your backup secure browser through ProtonVPN to access Gmail and YouTube. Never access any of these accounts with your "light" browser.
SEARCH ENGINES
Your dark persona must dump search engines that track your searches and history. No Google. No Yahoo.
Code: Select all
https://techviral.net/best-private-search-engines-that-never-track-searches/
INSTANT MESSAGING
Inevitably you will likely develop an inner circle of trust as you are browsing the internet and entering communities. There will be people you wish to contact at a moment's notice. As the saying goes... keep your circle small. Also have a secure way to talk.
You will be delighted to know that Protonmail now features an instant messaging service very similar to Google except it is encrypted, secure and unmonitored. Whenever possible this should be your first choice.
Code: Select all
https://proprivacy.com/privacy-news/secure-instant-messaging-with-pidgin-plus-otr
Signal is a popular phone app and while there are ways to run it on a computer using some sneaky tricks it is really not worth the effort. If you are going to insist on using Signal use a burner phone number to sign up and do not be overly candid in your conversations. You are better off choosing Pidgin for your "dark" persona. Perhaps this may be an option for your "light" persona instead.
Forget Telegram. They have recently announced that they will begin to advertise and there has been circumstantial evidence they share information with ad groups for revenue. Any agency can set up a shell advertising company from which to access that information regardless of Telegram's policy. Avoid it unless it is for your "light" persona.
ENCRYPTION
While using either Tor or your other secured browser through a VPN coupled with Protonmail will keep your traffic and emails encrypted, perhaps you wish to add another layer of security to an online transaction with someone else by encrypting a file before sending it.
The golden standard here is PGP.
Code: Select all
https://www.openpgp.org/
What this means is that you can share keys over a secure email or message with the agreement to delete the information and change keys again shortly afterward. The value of this is that even if somehow all security barriers fail and a court of law demands that you release the information required to open the encrypted file, you simply do not have the information anymore and it is too complex to reasonably be remembered. The file simply cannot be opened if it is somehow recovered. If the encrypted file is shared via Pidgin OTR as one example... even they cannot provide a log of the information. It is gone forever.
You can also use PGP to simply encrypt files on your device. Although it is not advisable to keep encrypted files stored on your device itself for long one could soon transfer the file to an external drive that is kept in a physically secure, secret location and never shared with anyone.
In a world where even possessing certain information may be seen as a crime this may important.
As always... never mix your "dark" business with your "light" business. Do not transfer encrypted files, keys or other information using "light" communication means. Do not store encrypted files on "light" devices.
SMARTPHONES
A word on phones is specifically required here. Smartphones themselves are a vulnerability to your "dark" persona and if at all possible do not conduct "dark" business on such devices. Ever. There is little so important that you must access it right now. Wait until you are at a computer of some fashion. Phones can be lost, stolen and companies are notorious for snooping on their users for data. While this data is typically used for advertising and research into their newer devices it can just as well be parsed through for illicit activity and companies tend to flip flop around the issue of privacy in court.
If you absolutely have no other means of cultivating your "dark" persona be aware that nothing may be perfect.
Also consider learning more about phone privacy and read this article.
Code: Select all
https://www.techradar.com/best/secure-smartphones
COMPUTERS
Unfortunately computers are not bulletproof either. If you are forced to have your "dark" and "light" personas co-exist on the same computer... poor browsing habits or a breach may result in an infection that can leave your security vulnerable.
Code: Select all
https://www.pcmag.com/picks/the-best-free-antivirus-protection
Also be sure that your router, bluetooth and other connective devices are highly secured. Use a router with the highest level of encryption possible or better yet run a hardline and close your "dark" network entirely. Do not allow your system to be vulnerable to a basic wireless entry. If you must run a system that cannot be hardwired to the internet at least disable network connectivity to outside devices. Leave no vulnerabilities. As this is somewhat outside of the intended content here are a few links of interest.
Code: Select all
https://www.wired.com/story/secure-your-wi-fi-router/
Code: Select all
https://www.businessnewsdaily.com/11213-secure-computer-from-hackers.html
Code: Select all
https://www.consumer.ftc.gov/articles/0013-securing-your-wireless-network
Beyond direct downloading and streaming there can be a gold mine of information spread across the torrent swarms. These swarms are monitored by copyright agencies and law enforcement alike. To avoid your torrent activity being traced to you we need to run a torrent client through VPN or free proxy.
Free ProtonVPN does not offer P2P compatibility so if you are not a premium subscriber to a VPN service you will need to instead configure a client to run through a free proxy.
These are not as secure as a VPN but they are sufficient to escape torrent IP tracking.
Code: Select all
http://www.freeproxylists.net/
Code: Select all
https://fossbytes.com/free-proxy-list/
Code: Select all
https://www.proxyscrape.com/free-proxy-list
Code: Select all
https://hidemy.name/en/proxy-list/
Code: Select all
https://lifehacker.com/how-to-completely-anonymize-your-bittorrent-traffic-wit-5863380
Now we need to make sure it is working.
Code: Select all
https://torguard.net/blog/how-to-test-if-a-torrent-proxy-is-really-working/
If all works as intended you should be ready to anonymously download torrent files. Seek your torrent out using Tor if possible... fall back on your secondary secure browser failing that.
Continue checking to ensure your proxy is online. They will not stay online forever so be sure to check and rotate proxies every so often. These proxies are not a good general security option and often log data for commercial purposes. While this is not a problem when selecting from countries that will not share with your country it is one more thing to have to worry about. Use these free proxies for torrents and only torrents. Free ProtonVPN will do everything else better.
MANNERISMS
There exists still an unexpected connection between your "dark" and "light" personas that you must sever. This connection is your typing mannerisms.
Code: Select all
https://www.digitaltrends.com/cool-tech/emma-identity-ai-web-app/
Additionally... sometimes it is apparent to regular humans that two people are actually the same. Your "dark" persona must be undetectable to friends of your "light" persona. Actively work on developing this disconnect and never link the two through writing styles, content or frequented websites.
SUMMARY
This is a lot of information and humans are a species of habit and convenience. Do not despair. You will find the most critical components of this guide to be simple and easy to establish and maintain.
A quick rundown for your dark persona...
+ Download Tor and Firefox.
+ Modify Firefox settings as shown in the article for max security.
+ Using Firefox sign up at ProtonMail. Tor makes the process more complicated.
+ Exit Firefox and hop onto Tor. Enter ProtonMail via Tor... use their onion site (it will be presented at login)
+ In ProtonMail look around for their VPN offer. Download ProtonVPN.
+ Install ProtonVPN and select their free service. Follow the instructions to run Firefox through ProtonVPN.
+ Use only secure search engines such as DuckDuckGo.
You are now secure browsing the web. Now we add capability.
+ Install Pidgin. Download and install the OTR plugin.
+ Download the XMPP plugin and create an account through your secondary secure browser.
You now have secure IM. Let us access torrents and video.
+ Download Deluge torrent client.
+ Download Torrent Proxy Tester.
+ Select a free proxy from an unfriendly nation and configure Deluge appropriately.
+ Test your proxy using the proxy test torrent and ensure it is working.
+ Go into your secondary secure browser and sign up for Gmail.
+ Using the same browser go to YouTube and sign up for an account there.
+ Never use Gmail for actual email. Do not comment. Do nothing but browse.
+ Optionally download an extension to download videos so you do not need to repeatedly view potentially suspect videos.
Computer users...
+ Hardwire your computer into the internet via LAN cable or...
+ Secure your wifi access against outside intrusion.
+ Install quality free antivirus that does not share information and keep it up to date.
Phone users...
+ Keep your phone secured on you at all times.
+ Install Silent OS.
+ Purchase a secure phone if possible.
Optionally install PGP on any devices for added security with sensitive files.
Finally... adopt habits specific to your "dark" persona and separate it as far as possible from your "light" persona. Do not neglect your "light" persona... have a face available for the world to see that you exist and are just another nameless face in the crowd.
It only takes one night. One night. Secure yourself and secure your future.