> For the complete documentation index, see [llms.txt](https://quarklab.gitbook.io/quark-lab/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://quarklab.gitbook.io/quark-lab/useful-info/anonymity.md). # Anonymity #### The Only Setup That Works: Qubes OS + Whonix If you are still running VirtualBox with a Whonix image inside a Windows host, stop. That is absolute amateur hour. It is slow, leaky, and a single system exploit exposes your actual hardware identity instantly. If you are handling serious volume, your bare-metal setup needs to be structured through a Type-1 hypervisor. ``` Hardware Layer → Qubes OS (Xen Hypervisor) → Whonix-Gateway (NetVM) → Whonix-Workstation (AppVM) ``` Here is the exact stack: * Qubes OS: A Xen-based operating system built entirely on the concept of security-by-isolation. * Whonix-Gateway: Runs in its own NetVM container and handles all upstream traffic. * Whonix-Workstation: Your active AppVM where everything you do is automatically forced through the Tor network. * Disposable VMs: Every single high-risk script, wallet interaction, or deployment goes into temporary containers that vanish the second you close them. Why do this? Because your browser, your code, and your Telegram app should never touch the same operating system kernel. Qubes keeps them completely separate. Even if a zero-day exploit compromises your browser container, the malicious script is trapped. It can't look sideways to see your private keys or your main communication channels in the next VM. #### Anti-Detect Browsers Now, if your workflow involves scaling traffic through massive ad networks (like Facebook Ads or Google Ads), Tor is going to trigger immediate bot detection. For those specific pipelines, you drop Tor and use anti-detect browsers to build custom digital profiles. * Dolphin Anty: The absolute meta for local campaigns. Simple interface, plus a free tier with 10 profiles to test your setups. * AdsPower: Optimized heavily for bulk ad accounts. Cheap, fast, and stable for automation. * Multilogin: Expensive as hell, but it is the golden standard if you need flawless hardware emulation at scale. * GoLogin: A solid middle-ground choice with predictable fingerprint masking. The golden rule here: One Profile = One Proxy = One Persona. If you link two separate anti-detect profiles to the same proxy IP, you just linked your accounts. The anti-fraud systems will flag and ban both instantly. ### Network Routing and Proxies #### Hardened Network Rules (Tor Environment) When you are working inside Whonix, you follow these rules or you get exposed: * Do: Use the stock Tor Browser exactly as it comes inside Whonix-Workstation. * Do: Flip the security level to "Safest" to kill JavaScript globally. * Do: Use native `.onion` services whenever they are available (like ProtonMail’s onion link). * Don't: Mess with network bridges (like obfs4) unless you are stuck behind a heavy country-wide firewall. Bridges alter your connection signature and make you stand out from the massive pool of standard Tor users. * Don't: Waste time on alternative networks like I2P or Lokinet. Their user bases are tiny, which makes traffic analysis incredibly easy for anyone looking. #### The Proxy Stack An anti-detect browser changes your hardware identity, but you need proxies to change your location. Think of the browser as a change of clothes, and the proxy as a completely different house address. You need both working together. * Residential Proxies: These are IP addresses from real home internet connections. They have perfect trust scores. You absolutely need these for running Facebook or Google ad managers. They are expensive, but they are the cost of doing business. * ISP / Static Proxies: These are hosted in data centers but registered under commercial internet providers. They don't change, they are fast, and they stay clean. Perfect for warming up accounts over several weeks. * Mobile Proxies: IPs directly from mobile operators (4G/5G). These are incredibly resilient because mobile networks assign the same IP to thousands of regular users at the same time. Platforms don't dare ban these IPs because they would block tons of real customers. Use them for TikTok, Instagram, and mobile-heavy funnels. * Datacenter Proxies: Cheap, fast, but highly suspicious. They come straight from server racks. They are fine for basic scraping bots, but if you try to log into a high-value account with one, you are getting a fast ban. Protocol tip: Always buy IPv4. IPv6 is cheap, but half the web doesn't support it properly or treats it as an automatic anomaly. ### Fingerprinting Your browser fingerprint is more unique than your actual face. Websites use silent code to pull every piece of data they can find: * Canvas, WebGL, and custom font rendering * Screen resolution, system language, and local timezones * AudioContext signatures and your device's exact battery level * Client Hints, TLS fingerprints (JA3/JA4), and your HTTP/2 setup If you look slightly different from the crowd, you are caught. ``` Unique settings / Custom fonts ➔ High Visibility ➔ Flagged Account Standardized profile / Default setup ➔ Zero Entropy ➔ Perfect Anonymity ``` #### Keeping Your Fingerprint Clean * For Tor: Never maximize or resize your browser window. Tor uses fixed dimensions for a reason: so your screen size matches every other Tor user on earth. Don't add custom fonts, don't install random extensions, and stay away from WebGL-heavy sites that increase your system's unique data output. * For Anti-Detects: Make sure your profile's timezone, language, and WebRTC settings exactly match the location of your proxy. If you are using a proxy based in Miami, but your browser is requesting localized fonts or your system clock is set to Europe, the anti-fraud algorithms will catch the mismatch in milliseconds. ### Data and Memory Security If your local drive isn't secured, you are leaving your entire business exposed to anyone who touches your hardware. * Full Disk Encryption: Use VeraCrypt to encrypt your entire system drive, not just a few random folders. * Plausible Deniability: Set up a hidden operating system layer with a separate boot sector. Turn off auto-mount features and never save passwords in plain text anywhere on the drive. * RAM Clears: Make sure your system wipes your RAM completely on shutdown. Qubes OS handles this natively at the hypervisor level. * The SSD Problem: Never write sensitive data directly to an SSD without encryption. Because of how SSD wear-leveling algorithms work, deleted files move around physical sectors instead of disappearing. They can easily be recovered by basic forensic tools later. ### OpSec Is Everything You can have the most expensive technical setup on earth, but if your behavior is sloppy, you will burn your identity anyway. #### 1. Absolute Isolation * One Identity, One Campaign: Keep everything strictly separated. One campaign equals one email, one isolated VM, one dedicated proxy, and one specific wallet. * The Burn Protocol: The moment a campaign runs its course or an account gets flagged, you burn the entire stack. Delete the VMs, drop the proxies, and never look back. Never reuse any piece of data from an old setup. * Zero Clipboard Sharing: Never copy-paste text or configuration strings between separate VMs. Do not use shared folders or bridge physical USB drives across isolated systems. If you absolutely have to send data between VMs, use the native, audited Qubes `qrexec` tool. #### 2. Behavioral Masking * Strip Metadata: Keep your real name, birthdate, and personal photos completely away from your workspace. Before you upload any image, landing page file, or document, strip out the embedded EXIF data and author tags completely. * Time Randomization: Don't log into your infrastructure at the exact same time every single day. Automated tracking systems build profiles based on your daily schedule. * Keystroke Timing: Avoid typing with your natural rhythm when handling critical accounts. Advanced profiling platforms analyze the exact millisecond gaps between your keystrokes to identify you. Whonix has a built-in tool called `kloak` that randomizes these delays. Keep it running. * Physical Basics: Cover your webcam, disable your internal microphone inputs, and make sure nobody is looking over your shoulder when you are working. ### Common Mistakes #### 1. DNS Leaks * The Slip-up: Your main web traffic goes through your VPN, but your domain requests (DNS) are still passing through your local home internet provider. Your ISP can see every single domain you look up. * The Fix: Run a test on `dnsleaktest.com`. If you see your real ISP name anywhere on that list while your VPN is on, your setup is leaky. Go into your network settings and force the system to use secure public DNS servers like `1.1.1.1` or `9.9.9.9`. #### 2. WebRTC Leaks * The Slip-up: WebRTC handles video/audio inside browsers, but its default behavior allows it to bypass proxies and leak your actual home IP address directly to the website you are visiting. * The Fix: Check your profile on `browserleaks.com/webrtc`. If you are using an anti-detect browser, make sure the WebRTC parameter is set to "Fake" or "Disabled." #### 3. Footprint Uniformity * The Slip-up: Buying ad space or promotions across multiple channels and pasting the exact same ad copy with the exact same domain link everywhere. Platform moderators talk to each other; they will notice the pattern immediately. * The Fix: Rewrite your marketing text for every single channel, and use separate tracking domains or distinct subdomains to isolate your traffic data. #### 4. Direct Asset Exfiltration * The Slip-up: Routing crypto directly from your operational setups into a personal exchange account that requires real-name KYC. You just left a permanent, immutable blockchain trail connecting your real identity to your work. * The Fix: Pass all incoming assets through multiple layers of non-custodial intermediary wallets, decentralized exchange pools, or non-KYC swap services before you even think about consolidation. ### Checklist * Working on a type-1 hypervisor (Qubes OS + Whonix) or using an anti-detect browser * System-wide VPN is active with the Kill Switch turned on * Ran a DNS leak test and cleared any ISP traces * WebRTC is completely disabled or spoofed in the browser settings * Every separate browser profile has its own dedicated IPv4 residential or mobile proxy * Profile timezones, languages, and canvas metrics match the proxy location * Tor window dimensions are left at default and JavaScript is disabled for sensitive work * Full Disk Encryption is active via VeraCrypt with no auto-saved keys * No clipboard sharing or copy-pasting between separate VM containers * All uploaded assets are completely stripped of EXIF and author metadata * Communication accounts are registered via burner SIMs with maximum privacy settings * Crypto payout paths run through multi-layered intermediate wallets before final storage ### What Level of Security Do You Need? * Level 1 (The Basics): VPN + Anti-detect browser + Clean residential proxies + Burner Telegram accounts. This is perfectly fine for basic traffic distribution and handling simple, local funnels. * Level 2 (The Ad Grind): Level 1 + Pre-aged ad profiles + Traffic cloaking software + Virtual credit card networks. You need this specific stack if you plan to scale campaigns through strict Web2 ad managers. * Level 3 (Max Paranoia): A dedicated, air-gapped laptop running Qubes OS + Whonix + Pure Tor routing + Full disk encryption + Crypto privacy routing. Don't overcomplicate your setup on day one if you are just launching your first small pipeline. Start with a solid, clean foundation, and scale your technical defenses as your capital grows. But remember, the absolute baseline requirements are non-negotiable. Don't even open a browser until you have them locked down. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://quarklab.gitbook.io/quark-lab/useful-info/anonymity.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.