[OPSEC Guide] [Detailed] Complete Online Anonymization

neverlackin360

Registered Member
Joined
Jul 18, 2020
Messages
94
Reaction score
84
Table of Contents
1. Secure Operating Systems
2. Virtual Private Networks
3. TOR Related
4. Encryption
5. File/Download Security
6. Social Related
7. General Computer Security
8. Useful Guides/Threads

Preface *NOTE* Nothing will 100% secure you online, this is only meant to help.
This guide is here to help the general user better understand some aspects of anonymity. I understand there are more advanced methods but I thought this content would be most suitable for the users of HackForums as a whole. I also plan on updating this thread when newer methods and content become available or more widely used.

Disclaimer
I take no responsibility if this information or these methods do not prevent you from getting caught doing something you shouldn't have been doing to begin with.

Secure Operating Systems
Aside from the normal, everyday Windows, Macintosh, or Linux distros, these are operating systems that are renowned for the security pre-built within them.

Tails OS
Tails, also known as The Amnesic Incognito Live System, is an open-source OS designed to predominantly be ran via live disc like a CD/DVD, USB, or SD card. The main operation of Tails is aimed at keeping your privacy and anonymity safe while leaving as little trace of use as possible. Since it is an amnesiac OS, nothing is left behind every time you reboot such as save files, new software, and realistically leaves a clean slate when you need to power down. Tails default networking application is TOR (TheOnionRouter) which allows the user to stay encrypted through whatever network they are currently connected to. Many of Tails pre-installed software come pre-configured with security in mind such as the Pidgin IM client which is setup up with OTR for Off-the-Record Messaging or the TOR Browser with all the necessary plugins already added into it. There are many more features to this amazing OS found on their website.
Tails Link: https://tails.boum.org/

Whonix OS
Whonix is another operating system which is aimed on your privacy, security, and anonymity. It is based on three things: The TOR network, Debian Linux, and security by isolation. The creator's of Whonix stand by the fact that DNS leaks are not possible and malware with root privileges can not find out the user's real IP according to their website. There are two different parts to Whonix itself: Whonix-Gateway & Whonix-Workstation which is on a completely isolated network with TOR as its only connection possibilities. The Whonix-Gateway is exactly as it sounds, the gateway to the internet and all TOR connections. The Whonix-Workstation is the actual desktop environment you as a user will interact with during daily usage. The two parts of Whonix sync with each other to make sure the connection is secure as possible while also making sure the two are coinciding correctly. This OS is mainly used within Virtual Machines but can be applied in many different ways. ADD-IN WHONIX PIC SPOILER.
Whonix Link: https://www.whonix.org/

Qubes OS
Qubes, is a third operating system which is mostly aimed on system security. Qubes OS is best described as a Xen distribution running multiple virtual Linux domains. Xen is a extremely stable and mature "bare-metal" type 1 hypervisor. This type of virtualization is analogous to what you may be picturing when using a product like VirtualBox with one important difference. A type 1 hypervisor has no operating system running "below" it which can be compromised. Xen is installed on the "bare metal" and this architecture therefore allows Qubes to create separate multiple virtual machines ("domains", in Xen parlance) in which you run your applications. This ensures that risky applications can not affect trusted applications, or even write to the underlying file system. This degree of separation doesn’t provide much anonymity in itself, but it does provide a significant degree of protection from malware spread. If you for example end up being infected with malware from a bad website, or by falling prey to an email phishing scam, it would be very hard for that malware to spread outside of the domain it is in, meaning only that virtual machine or ""domain" would be affected and not the entire operating system.

Virtual Machine Software
VMware Link: https://my.vmware.com/web/vmware/downloads
VirtualBox Link: https://www.virtualbox.org/wiki/Downloads

USB Live Disc Software
Etcher: https://www.balena.io/etcher/
Sardu 330: https://www.sarducd.it/downloads
Rufus: https://rufus.ie/
Virtual Private Networks (VPNs)
Virtual Private Networks intertwine a private network into a public network. This enables the user's computer or personal device to send and receive encrypted data as if it were connected directly to the private network. VPNs are created by making a virtual point-to-point connection through the use of dedicated connections and traffic encryption. Here is a list of Top Secure VPN's.

*Note* All VPN's listed below advertise that they are based in Privacy-Respected and Privacy-Focused Countries and keep ZERO logs of what users do while accessing the VPN.

Proxy.sh
Proxy.sh is a well known and reputable Seychelles-based VPN with a very friendly graphical user interface. This VPN comes with truly offshore locations with the option to have discrete onshore tunneling if wanted. Besides being compatible with just about every operating system and mobile / ipad device platform in the world, Proxy.sh comes alongside Safejumper, a custom OpenVPN client with many benefits. Proxy.sh is also know for having a huge array of payment options available, 80+ different options, and only requiring an email along with the payment. They offer a few varying packages to choose from but from personal experience, I'd suggest going with at least their Basic package because it starts giving you more node (location) options to choose from. Proxy.sh has 24/7 customer service and ticketing system which you may access from their control panel on the website.
Proxy.sh Link: https://proxy.sh

ProtonVPN
ProtonVPN is also a well known and reputable Switzerland-based VPN with a very friendly graphical user interface. Also, besides being compatible with just about every operating system and mobile / ipad device platform in the world, ProtonVPN is well known for their Secure Core architecture which gives their secure VPN service the very unique ability to defend against any network-based attacks. Secure Core protects your connection by routing your traffic through multiple servers before leaving their network which means an advanced adversary over who can monitor the network traffic at the exit server and also no one will be able to discover the true IP address of a ProtonVPN user nor match your browsing activity to that IP. All Secure Core servers are also located in hardened data centers in Switzerland, Iceland, and Sweden which is protected by strong privacy laws, and also operated on ProtonVPN's own dedicated networks.
ProtonVPN Link: https://protonvpn.com/secure-vpn

NordVPN
NordVPN is another well known and reputable Panama-based VPN with a very friendly graphical user interface. Also, besides being compatible with just about every operating system and mobile / ipad device platform in the world, Panama is a country with no mandatory data retention laws and also does not participate in the Five Eyes or Fourteen Eyes alliances laws. NordVPN also have over 5400 servers in 59 countries with very fast, stable and Military-grade encrypted connections and with multiple different secure network protocols and specialty servers. Plus an advanced Secure CyberSec technology architecture which means enhanced security, enhaced privacy, better performance, faster speeds and more control.
NordVPN Link: https://nordvpn.com/

DNS Leaking
While you are on a VPN, you want all traffic coming from your computer to go through the encrypted network. If any of your traffic leaks outside this encrypted network, people can then log that information which is not good at all. The Domain Name System (DNS) translates domain names such as HackForums.net into IP addresses such as 190.93.250.145 which is required to send packets of data on the Internet. When you try to access a specific website, before you go there you computer must interact with the DNS server to request the IP address. Internet service providers (ISPs) usually use specific DNS servers which log and record specific activities you do while on the Internet. The main issue here is when you use a VPN, sometimes the OS will default to the normal DNS servers instead of the DNS servers your VPN provides. DNS leaks while using a VPN can make you feel safe while you are truly leaking data that you don't want leaked. This is a major issue which is why all VPNs I listed above have some sort of DNS Leak protection, a must have when stay anonymous. You can test to see if you are DNS leaking at the links below.
IPLeak Link: https://ipleak.net/
LeakTest Link: https://www.dnsleaktest.com/

[Image: rO17MlY.png]


For anyone not using a VPN with DNS Leak Protection, try using one of these DNS servers:
OpenDNS: 208.67.222.222 and 208.67.220.220
ComodoDNS: 156.154.70.22 and 156.154.71.22
UltraDNS: 156.154.70.1 and 156.154.71.1
NortonDNS: 198.153.192.1 and 198.153.194.1
NordDNS: 103.86.96.100 and 103.86.99.100

SOCKS4/SOCKS5 Servers
SOCKS, which stands for Socket Secure, is an Internet Protocol that routes network packets between a client and server through a proxy server and allows you for sessions to traverse securely across firewall security. SOCKS4 & 5 are different types that do slightly different things. The main difference between the two is SOCKS4 only supports TCP application while SOCKS5 supports both TCP and UDP. With added supports, authentication methods, and domain name resolution, the main outgoing SOCKS proxy are SOCKS4 proxy. You won't be able to use UDP applications but it will be to your benefit overall. So if you are in need of a proxy instead of a VPN for a specific application, try to keep this in mind.
Tor Related
What is Tor?
Tor, which stands for 'The Onion Router', is a non-profit group of volunteer-operated servers that allows people to improve their privacy, privacy tools, and security on the Internet. The Tor network works by moving your traffic across various nodes through a series of virtual tunnels rather than making a direct connection, allowing anyone to share vital information without compromising one's identity. Anyone trying to trace you would see the traffic going through various Tor nodes on the network rather than directly from your computer. All that is needed to access the Tor network and .onion links (hidden service sites only accessible on Tor network) is the Tor Browser. The Tor Browser comes ready to use and routes everything you do through the Tor network without any configuration needed although I'd recommend a few steps to take which you will see later in this thread.

[Image: GQ5u2iN.png]


Tor Benefits
Tor has many benefits for all kinds of privacy issues people face in the world we live in. Many journalists, hackers, or people living in a dictatorship with a lot of censorship can use the Tor network to anonymize your traffic and access sites you may not have been able to before all while being absolutely FREE. Tor is also very useful for anyone looking to keep their online activity hidden from other people or your ISP. Tor can also be used to host sites which contain hidden services only accessible by other Tor users and sometimes needing an invitation to access for added security.

Browser Configuration
Although the Tor Browser comes pre-configured and can be used right away, there are a few more steps that people should take to secure it even more. Here is a list of addons which should be used within the Tor browser:

HTTPS Everywhere - HTTPS Everywhere is an open-source extension created in collaboration by the Tor Project and the Electronic Frontier Foundation. It allows you to automatically make any website which supports HTTPS, use the secure HTTPS connection instead of the normal HTTP.

NoScript - NoScript is a web browser extension which provides extra protection for Firefox, Seamonkey and other mozilla-based web browsers. This free and open source add-on allows JavaScript, Java, Flash and other plugins to be executed ONLY by trusted web sites of YOUR choice in order to protect your privacy and security. NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a web browser.

Disconnect - Disconnect is a web browser extension which lets you visualize and block the invisible sites behind the main site you're visiting which tracks a users search and browsing history.

Decentraleyes - Decentraleyes is a web browser extension which emulates Content Delivery Networks to protect your privacy and security.

Privacy Badger - Privacy Badger is a web browser extension which protects your privacy by automatically learning to block invisible trackers as you surf the web.

Search Engine - Although many people use Google as their main search engine for normal web browsing, Google shows a lack of care for users privacy in general. Also, Google is notorious for tracking clicks on result pages that you search with alongside sometimes having you log into GMail to access certain things. To prevent that here are a few search engines you can set to default instead.

Exit Node Security Warning
One thing I need to talk about is how other entities may be able to see your traffic over the Tor network. On Tor, instead of taking a direct route from your computer to the destination, the Tor network routes a random path through many Tor relays to encrypt and hide your data. Once your at the last relay of the path, this is called the exit node. The exit node is the one that actually makes the connection to the destination server. Tor, by design, cannot encrypt data between the exit node and destination server so whoever may be in control of the exit node has the ability to capture the traffic passing through it. The best way to combat this is to use End-to-End encryption which I will explain more about in the Encryption section later on in this thread.

Invisible Internet Project (I2P)
I wasn't sure about adding this in but I think it needs to be explained and talked about a little bit. I2P is a decentralized anonymizing network built on similar principles to Tor except was designed to be a self-contained darknet. Users still connect using P2P encrypted tunnels but there are still many differences.
  • Distributed peer-to-peer model.
  • Garlic routing (encrypts multiple messages together, harder traffic analysis).
  • Uni-directional tunnels so incoming and outgoing traffic are seperate.
  • Uses packet switching instead of circuit switching.
  • Uses its own API rather than SOCKS like Tor. This makes it technically more secure than Tor.
Aside from being very secure, it will also be much faster than Tor overall. The best way to explain I2P is as a internet within an internet. One thing to mention is I2P does not hide the fact you are using the service at all. If you don't like Tor for some reason, this is another option to check out.
I2P Link: https://geti2p.net/en/
[/quote]
Encryption
Encryption is a vital part of computer security when it comes to important documents, personal data, or internet traffic. It allows you to securely protect data that you don't want anyone else to see or have access to. When it comes to privacy and anonymity, encryption plays one of the most important roles possible for securing data being transferred over the internet. Here are just a few types of encryption which everyone should be using.

PGP Encryption
PGP, Pretty Good Privacy, is a program used for the encryption/decryption of email over the Internet but also serves as a way to authenticate messages with digital signatures and encrypted stored files. PGP uses a variant on the public key system. It starts with each user having an encryption key that is publicly known and a private key only that user has. Each person sends a message, encrypting it with their public key. Then when the message is received, the message is decrypted using the user's private key. To make this the encryption process much faster, PGP uses an algorithm which encrypts the message, then uses the public key to encrypt the shorter key. There are two versions of PGP available: RSA & Diffie-Hellman. Both of these have different algorithms for encryption but as just as secure as the other. Sending digital signatures is a similar process but creates a hash using the user's name and other signature information. The hash is encrypted with the user's private key. They recipient uses the sender's public key to decrypt the hash code. If it matches, the recipient knows that this is an authentic file.

[Image: dgtbTBa.png]


Here are some links to PGP software and guides.
Guide on PGP: http://www.bitcoinnotbombs.com/beginners-guide-to-pgp/
Guide on File Encryption with GPG: Basic Linux Security: Basic File Encryption - .Web
GNU Privacy Guard (alternative): https://www.gnupg.org/
GPG for Windows: http://www.gpg4win.org/
GPG for USB: http://www.gpg4usb.org/

Another good site but is currently invite only is Keybase.io which allows you to confirm someone else's PGP key, fingerprint, BTC address, social media accounts, etc.
Keybase: https://keybase.io/

Whole Disk Encryption
Disk encryption is software which protects your information by turning it into unreadable code which can't be cracked easily by unwanted users. Disk encryption uses specific software or hardware to encrypt all data that goes on a disk or a disk volume. Whole disk encryption is when everything on the disk is encrypted as well as all the programs that can encrypt bootable OS partitions. One thing to note is computers using Master Boot Record (MBR) will NOT have that part of the disk encrypted. Whole disk encryption has many benefits to it. Number one is ALL parts of the disk are encrypted, even the swap space and temporary files which may contain sensitive information. By using full disk encryption, you don't have the chance of accidentally not encrypting a file since everything is indeed encrypted regardless. Lastly, by destroying the cryptography keys, it will render the data completely useless. It's not needed on everybody's computers since everyone has different need, but definitely recommended. Most people have used software called TrueCrypt in the past but that software is no longer being developed. Instead, new software called VeraCrypt has taken is placed and is a very useful encryption tool.
VeraCrypt Link: https://veracrypt.codeplex.com/

Another good piece of encryption software is DiskCryptor which has similiar functions to VeraCrypt.
Diskcryptor Link: https://diskcryptor.net/wiki/Downloads

Disk Encryption Wiki Info: https://wiki.archlinux.org/index.php/Disk_encryption

*Warning* Please make sure to backup your entire system before attempting to do whole disk encryption in the case of a failure during the process.

File Encryption
File encryption follows the same procedure as whole disk encryption but instead of the whole disk, you are specifically encrypted an individual file or a whole folder. File encryption is a much simpler process that whole disk encryption and can be done with the same software, VeraCrypt. One thing to note is that with VeraCrypt, you can make a much larger encrypted volume (basically extra storage) to put files in and encrypt it as a whole. For instance, I have an external hard-drive which I made a 200GB encrypted volume for so once I type the password for that volume, I can drop anything in and close it. It will now be encrypted until I unlock that volume at another point in time. Here is a guide on how to use it with another VeraCrypt download link.
VeraCrypt Link: https://veracrypt.codeplex.com/
VeraCrypt Guide: https://veracrypt.codeplex.com/wikipage?...20Tutorial

Encrypted Backups
I won't be saying much about backups but I suggest everyone to keep backs and then encrypt them with this software for added security and to have that safety of being able to restore your system if something were to go wrong.
File/Download Security
File and download security is not something the average user thinks about which is why I wanted to write this section to explain a little bit about it. Hopefully after reading this section you'll understand more about why file and download security should be a higher priority than most since it's something the average user will use most.

Metadata
Metadata is data that describes other data. Now that may sound confusing but think about it from a files perspective. Author, date created, date modified, and file size are simple examples of metadata that almost all documents carry. On top of that, images, videos, Excel sheets, and web pages all carry their own personalized metadata. Metadata is something which could easily give away personal information that you wouldn't even realize is there. The biggest one that people don't realize is simple pictures taken on your cellphone camera. Here is an example of EXIF (exchangeable image file format) data which shows exactly some of the metadata you'd find within a picture taken on a cellphone:

[Image: mhXV0Nt.jpg]


There is a lot more information where that came from. Depending on if you have location on or not, metadata can even give GPS coordinates of where the picture was taken. All files contains this sensitive information within them and most people don't even realize it exists. Thankfully, there are tools out there which can be used to find and delete that information from files. This software is called MAT: Metadata Anonymization Toolkit and will help aid in the removal of metadata from the files that you want to clean.
MAT Link: https://mat.boum.org/

Deleting Files/Information Correctly
I feel like there are many users currently out there who think that by simply deleting a file, it's magically gone from your computer. This is NOT true! When you delete something from your computer, the only thing you are doing is deleting where it was located on the drive. It's still within the drive but the location data is no longer there. This is the reason why file recovery software exists, to grab those files you "deleted" and get them back. The correct way to delete something (file shredding) is by overwriting the data. One thing you must understand is that by overwriting previous data/files, this doesn't remove a files location but instead makes it unrecoverable. For the average user, overwriting a file once should be enough although the NSA recommends 3 times, while the DoD recommends 7 times. It all comes down to preference but some people believe that when you only go over a file once, you miss some of the data so by going over it many times, you get rid of the data that is left over. Here are some of the tools many people use for correct file cleaning and deletion.

Blancco Data Erasure: https://www.blancco.com
KillDisk Data Erasure: https://www.killdisk.com/eraser.html
Glary Utilities: https://www.glarysoft.com/

For people who want an extra step to stay safe, every time you empty your recycling bin, you should shred all files within it.

MD5/SHA-1 Checksums
Before learning what a checksum is, you first need to know what MD5 & SHA-1 are first. MD5 & SHA-1 are common cryptographic hash functions with MD5 being a 128-bit (16-byte) hash value while SHA-1 is a 160-bit (20-byte) hash value. With these two hash type, we can use them to verify data integrity of a file/download. After downloading a file or software is when you are able to check the checksum of the file. The checksum is where the contents of the file get thrown into a mathematical algorithm and output a specific MD5/SHA-1 string. This method of verifying downloads/files is not as good as PGP + signature file but if you cannot use that method, this is a good second. Almost all Linux distros have the commands sha1sum and md5sum built into it. All you do is run these commands against the file in question and it will output the checksum string for you. Once you do this, all you do is compare that to what the download should of been and you should be able to verify if the download was authentic or not. For most users who use Windows, I will leave a link for you to Microsoft's own checksum integrity verifier.

Windows Checksum Link: https://www.microsoft.com/en-ca/download...x?id=11533
MD5/SHA-1 Hash Verification Software: https://www.raymond.cc/blog/7-tools-veri...a1-hashes/

One thing to note is that MD5 has known collisions. With enough force, this allows MD5 to be broken into.
Social Related
Within this section I will be talking about everything related to interacting with people socially via messaging of some sorts. This section is my opinion on what should be used and may differ from person to person. This will give you a general idea of what you want to be doing while using social related messaging services.

XMPP
XMPP stands for Extensible Messaging and Presence Protocol and is used for communications for message-oriented middleware based on the Extensible Markup Language (XML). Many more people are starting to use this as a main way of communication using programs such as Pidgin to accomplish this. Pidgin is an open-source multi-platform IM client which most people will recommend for XMPP. The main reason is because Pidgin has a simple plugin which you can download that allows you to incorporate Off-the-Record (OTR) messaging into it. OTR allows you to have private conversations over XMPP by using encryption, authentication, and the fact that messages you send do not have digital signatures that a third party can check for. This is a must use plugin/step you need when using any type of XMPP client.
Pidgin Link: https://pidgin.im/
Pidgin Secure Messaging Guide: https://securityinabox.org/en/guide/pidgin/windows

Good XMPP Servers
  • riseup.net
  • xmpp.ninja
  • darkness.su
  • captio.ch
  • thedark.army

IRC
IRC, which stands for Internet Relay Chat, is an application layer protocol that facilitates the transfer of messages in the form of text. IRC has been around for a very long time but is still widely used by people all over. Most IRCs consist of a community or group of people with a specific goal/topic in mind. To connect to a specific IRC, you need two main things: the IP to the server and the channel (which has a # infront of it like #channel). There are plenty of public IRCs but most will be private depending on the topic of conversation. When it comes to security and IRC, there are more steps that need to be taken that with XMPP, so I will link a good guide to follow when setting up IRC and explain some good IRC clients to use.

IRC Clients
  • X-chat
  • mIRC
  • HexChat
  • irssi (Linux cli)

IRC Anonymity Guide: https://encrypteverything.ca/IRC_Anonymity_Guide

Email Providers

General Computer Security
This is a section I just wanted to throw in to have my opinion on security related applications for both Windows and Linux. This doesn't have to do with anonymity but will help users who aren't sure what type of applications they should use when browsing the web and making sure they don't get infected as much as they may have using crappy software.

Firewall
  • Sophos XG Next-Gen Firewall (Recommended)
  • FortiGate Next-Gen Firewall
  • PfSense Next-Gen Firewall

Anti-Virus
  • Sophos Intercept X EDR (Recommended)
  • Norton 360 Premium
  • ESET Smart Security

Active Applications
  • HitmanPro.Alert (Recommended)
  • KeyScrambler Pro
  • Malwarebytes Anti-Exploit

Linux Applications
  • Lynis
  • ClamAV
  • rkhunter

Useful Guides/Threads
For the last section I just wanted to add links to guides, threads, and sites I thought users would find useful or things I may not have had enough space in this thread to write about
 

v0lrod

Jr. VIP
Jr. VIP
Joined
Oct 21, 2019
Messages
146
Reaction score
80
That's a huge thread man :') , i'll read it later
thank you for all this information bro
 

éxorcist

Newbie
Joined
Apr 30, 2008
Messages
32
Reaction score
32
The thing is, if you install the given browser extensions plus a couple of your favorite ones (like screenshot, downloader, seo/metrics and other utility extensions) you'll leave a pretty unique browser fingerprint. If you disable javascript (with NoScript) it's another huge fingerprint part. Also they can create fingerprints using CSS and system fonts.

Complete online anonymization is not possible IMHO.
 
Top