# Anonymity Anonymity isn’t about hiding your IP.\ It’s about **not being identifiable** — behaviorally, technically, and operationally. *** ### 🖥️ Core Architecture: Isolation & Compartmentalization #### ✅ The Only Working Setup: Qubes OS + Whonix (or Kicksecure) Forget VirtualBox + Whonix on Windows. That’s entry-level.\ It’s fragile, detectable, and one misstep exposes everything. **Setup:** * **Qubes OS** (Xen-based, security-by-isolation) * **Whonix-Gateway** running in a dedicated NetVM * **Whonix-Workstation** as AppVM, forced through Tor * All sensitive tasks (drainer, wallet) in **separate, disposable VMs** > Why Qubes?\ > Because your browser, wallet, and Telegram client shouldn’t share the same kernel.\ > Qubes isolates them completely — even if one gets compromised, the others stay clean. *** ### 🌐 Network Layer #### ✅ Do: * Use **Tor Browser** in Whonix-Workstation * Enable **Safest Security Level** (JavaScript off) * Use **onion services** when available (e.g., ProtonMail onion) * Route **all traffic** through Tor #### ❌ Don’t: * Use bridges unless you’re in a censored country (obfs4 breaks fingerprinting) * Touch “Tor alternatives” like I2P or Lokinet — they’re dead or trivial to deanonymize * Assume DNS or WebRTC leaks are your biggest problem — they’re not *** ### 🧬 Fingerprinting Your browser fingerprint is more unique than your face. Websites collect: * Canvas, WebGL, font rendering * Screen size, timezone, language * AudioContext, battery status * Client hints, TLS fingerprint (JA3), HTTP/2 signatures Even in Tor, **you stand out** if you don’t blend in. #### Minimize Fingerprint Drift: * Use **Tor Browser** — it’s the only one that actively resists fingerprinting * Never resize the window (Tor uses fixed size) * Disable custom fonts, extensions, or scripts * Avoid WebGL-heavy sites (they increase entropy) > 🔍 Test yourself: \ > If your fingerprint isn’t identical to other Tor users — you’re exposed. *** ### 💾 Data Protection: Full Disk + Memory Security #### Use VeraCrypt * **System encryption**, not just file containers * **Hidden OS** with plausible deniability * **No auto-mount**, no saved passwords * **Wipe RAM on shutdown** (Qubes does this) Never store decrypted data on SSD — wear leveling leaks data even after deletion. *** ### 🕵️‍♂️ Operational Security (OpSec) Tools don’t protect you. **Habits do.** #### Critical Rules: 1. **No reuse** * One identity per campaign * One email, one VM, one wallet, one exit * Burn after use 2. **No cross-contamination** * Never copy-paste between VMs * No shared folders, no USB passthrough * Use Qubes qrexec for secure inter-VM comms (if absolutely needed) 3. **No personal info anywhere** * No real names, no birthdays, no photos * Even metadata (EXIF, document author) can burn you 4. **Time & behavior masking** * Don’t log in at the same time every day * Don’t use the same typing rhythm * Whonix includes `kloak` — use it to randomize keystroke timing 5. **Physical security matters** * Webcam covered? * Microphone disabled? * Are you being watched? *** **This is the baseline.**\ Anything less is gambling with your freedom.