OPSEC Guide — Anonymity & Security

Operational security (OPSEC) reduces the chance that your identity is linked to your activity. This guide is for informational and educational use only.

Why Do You Need to Think About It?

Clearnet behavior, device fingerprints, payment methods, and reuse of usernames or emails can be correlated by investigators or adversaries. Thinking about OPSEC means identifying what could link you to an action and reducing those links: separate identities, separate devices or environments, and privacy-preserving tools.

What Helps You Remain Anonymous?

Tor: Route traffic through the Tor network so your IP is not exposed to the destination.
Separate identity: Do not reuse usernames, emails, or patterns from your real life.
Privacy OS: Use an OS designed for anonymity (e.g. Tails, Whonix) so the machine does not leak data.
PGP: Encrypt messages and verify signatures so only the intended party can read and you can verify authenticity.
Privacy coins: Use cryptocurrencies that obscure transaction flow (e.g. Monero) when relevant.
Physical security: Secure devices and storage; assume lost devices can be analyzed.

Tools for This

Tor Browser: Browser that routes traffic through Tor. Use only from a clean profile and avoid mixing with clearnet identity.
Tails: Amnesic live OS; runs from USB/DVD, routes traffic through Tor, leaves no local trace after shutdown. See tails.net.
Whonix: Two-VM setup (Gateway + Workstation) so IP leaks are contained. See whonix.org.
PGP (e.g. GnuPG): Encrypt and sign messages; verify vendor and platform keys.
KeePassXC / password manager: Store credentials in an encrypted database; use a strong master password.

Red Flags and What to Avoid

Reusing usernames: Same nickname on clearnet and darknet links accounts.
Mixing clearnet and darknet on one device: Use a dedicated machine or live OS.
Skipping PGP: Unencrypted messages can be read; unverified keys enable impersonation.
Using Bitcoin without privacy measures: Blockchain analysis can trace payments.
Ignoring updates: Outdated Tor Browser or OS can have known vulnerabilities.
Trusting unverified links: Phishing sites steal credentials; always verify .onion URLs via PGP-signed sources.
Discussing real-life details: Avoid names, locations, or habits that identify you.

Verified links · Phishing guide · Crypto