Operations security

OPSEC, short for Operations Security are a set of practices which help hide potentially useful information to adverseries and other bad actors, that could potentially be used to find out who you are.

Proper OPSEC technique is paramount to staying safe whilst raiding,^{[it actually just is, ok??]} as even small amounts of information can be pieced together over time to identify and locate you.

Guide[edit | edit source]

Hardening your internet[edit | edit source]

This step is probably the most important, as protecting yourself from fingerprinting and datamining is relatively easy and lets you visit potentially hostile sites without risking anything.

• Use some form of VPN, one that isn't being shilled by JewTubers and with a good track record of complying with law enforcement requests that haven't revealed anything of use to them. Preferably one which doesn't require any form of personal information to begin with, like Mullvad. PAY IN CASH OR CRYPTO IF YOU CAN
• Use some form of hardened browser:
  • Mullvad Browser Certified Swedish win, co-developed with the Tor Project. Doesn't allow you to use .onion links doebeit.
  • LibreWolf Has uBlock Origin pre-installed, good for normalGOD use as well.
  • Ungoogled Chromium Good for all the nusois who can't imagine themselves using something not (((chromium))) based.^[a]
    • Helium Just like LibreWolf but Ungoogled Chromium.
  • Tor Extremely slow when connected to the Tor network but is the most effective at stopping backtrace attempts, also allows you to visit darknet sites using .onion links.
• Install the following browser extensions:
  May only be available on Firefox based browsers as (((Jewgle))) has to track you to make money
  • uBlock Origin Blocks ads and trackers, basic necessity for browsing the modern web.
  • Privacy Badger Blocks trackers and various other methods websites can use to create a digital fingerprint of you.
  • Port Authority Blocks websites from scanning which ports you have open, this can be used for instance to tell if you have Discord open, or if you're hosting some kind of service on another port.
  • User Agent Switcher and Manager
    Depending on how you configure this extension, you may actually make your browser fingerprint more unique!
    Allows you to spoof your user-agent, a string of text which identifies what browser, Operating System, processor architecture, type of device (i.e. Desktop, Mobile, etc.) you're currently using. Will cause the infamous "You look like a bot" error when posting on the sharty if enabled.
  • Noscript Allows you to automatically disable JavaScript for untrusted sites.
• Switch your default search engine to a privacy focused one:
  • DuckDuckGo Uses Bing as it's indexing dataset, image results are often lacking, also has an AI model wrapper without any tracking^{[supposedly][1]} called Duck.ai
  • Searx A metasearch engine, aggregating the results of other search engines. Can be self-hosted.
  • Qwant Another metasearch engine, it has results similar to Bing but lacks information regarding certain websites and image searches.

Verifying your anonymity[edit | edit source]

Run Cover Your Tracks, a tool that checks if your browser has a unique fingerprint.

https://coveryourtracks.eff.org/

SNCA: Types of fingerprinting[edit | edit source]

This a bit of SNCA that you can read more about if you're curious.

Websites can retrieve data about your browser, which can be used to generate a unique signature or "fingerprint" of your device, which can be used to identify you across accounts. This is why it's critical to use a hardened browser that doesn't allow access to these parameters.

• Javascript APIs^[2] Javascript has several APIs that can reveal what type of device you're using, such as if your device doesn't support battery information, you're probably on a desktop computer.
• WebGL API^[3] WebGL has an API to retrieve your exact graphics hardware configuration, GPU manufacturer (NVidia, AMD, Intel, etc), model, firmware version, etc.
• Font API^[4] Your browser has access to what fonts you have installed.
• Canvas API^[5] The Canvas API is used by your browser to draw images on the screen, the resulting image drawn is minutely different on each device, browser, and graphics device.

Keeping yourself anonymous[edit | edit source]

Don't be retard and use anything directly connected you, personal emails, phone numbers, usernames, passwords, etc. Several 'teens have gotten themselves exposed and potentially gotten a knock on the door by the feds by for instance using their own phone number to order 'za, spamming 'oxeralds on personal accounts, and accidentally clicking on tracking links.

If you ever use something that's connected to your personal life, even once, you've already fucked up. Burn your burner and start over.

Prerequisites[edit | edit source]

Use a different browser than you do day-to-day, or use incognito mode as this gives you a clean browser state that doesn't contain any saved logins (tokens), as if these get compromised an attacker will have access to your accounts without your username, password, or two-factor authentication code. You do not want your personal accounts being compromised because you accidentally clicked on a malicious link.

Registering burner accounts[edit | edit source]

Before you participate in a raid or similar event, make sure to register your accounts well in advance. As newly registered accounts look incredibly suspicious on things like 'cord servers and for automated spam detection systems.

• Create burner email accounts:
  • 10minutemail.com (or similar services) Email addresses from these services are often disallowed for registering accounts on some services, otherwise a very good choice since it's free.
  • Gmail Quite simple, allows you to use "Sign in with Google" which automatically makes your account look less suspicious, especially if your Google account has a phone number linked.^{[it just does, ok??]}
  • Proton Mail Free and encrypted, might be flagged as a suspicious email on some extremely strict websites.
  • Firefox Relay Allows you to mask your email address, forwards emails from the burner address to your inbox of choice. (Note: Do not use your personal email as your inbox in case of a dataleak)
• Use a burner phono: (if phone verification is required)
  • 5sim.net Fast and reliable. Quite cheap as well, prices are listed as "credits" but are in fact just rubles.
  • onlinesim.io Bit more expensive but works more often.
• Pick a username:
  • Randomly generated ones are fine, or use whatever nuvariant you're forcing, or some sharty phrase. (i.e. peculiar_seranade1488, mogsonWABAG, embedded_p)
• Use a randomly generated password:
  • DO NOT REUSE PASSWORDS, if it ever were to get leaked it VVILL be able to be traced back to you.
  • Use a password manager, the one built into Firefox or Chrome is fine, for the ultra-schizo use KeePassXC.

Purchasing cryptocurrencies[edit | edit source]

WARNING: WORDSWORDSWORDS This page or section is just one big wall of text.

Crypto is a decentralized digital asset system that lets people transfer value globally without relying on banks or any kind of institution, offering strong user control over their own funds and open access. Not only does it allow anyone to participate without geographic or bureaucratic barriers, but it also enables fast, low-friction transfers, plus strong transparency through public ledgers, making it a robust alternative for people who want more autonomy over how they store and move their value.

When purchasing crypto, make sure you use an exchange that doesn't require Know Your Customer (KYC) checks, which often involves uploading your actual government issued ID, and if the glowies ever track your bitcoin (or shitcoin of choice) transaction history and ask the exchange for your personal information you're fucked.

NOTE: This guide will only cover Monero (XMR) as everything else glows,^{[it just does, ok??]} and is an abridged version of the full guide on the Darknet Bible.^[b]

Monero is private and incredibly difficult to trace, third-parties do not need to be trusted to keep your Monero safe. Not every site accepts this though. Buy Monero on a KYC-free exchange: https://kycnot.me/

Install and create a wallet[edit | edit source]

• Download and install Feather[Hidden Service], a lightweight, open-source wallet that works on schizo OS:es like Tails. RTFM. Don't complain if you waste your neetbucks cause (you) couldn't be bothered to read the fucking manual.
• Create a wallet in Feather, the new wallet wizard should automatically open when you start Feather.
• On the next page you will be shown the seed allows you to recover your funds in case you lose access to your wallet files. Make sure you keep this seed somewhere safe. Do not save it to your computer or send it anywhere online.^[c]
• Click next after you have verified that you have written down all words in the correct order.
• In the Name field, type a name for your wallet. You may name the wallet whatever you want. Feather will automatically fill in a name that hasn’t already been used.
• The Directory field shows the default location for the wallet files. Leave it as default.
• On the next page, choose a password to encrypt your wallet files with. It is recommended to use a strong password generated with a password manager, such as KeePassXC.
• Click on Create/Open wallet to finish wallet creation.

Receiving a Transaction[edit | edit source]

• In feather go to the Receive tab.
• If no addresses show up in the table, click on Create New Address.
• It does not matter which address you choose, funds received to any of the addresses will end up in the same wallet account.
• It is best practice to label an address before you copy it. This way you avoid accidentally reusing the address. Do not hand out addresses to more parties than necessary.
• Copy the address to your clipboard by right-clicking on an address → Copy Address or by pressing Ctrl + C.
• Once an address receives an incoming transaction it is automatically hidden from view. You can unhide used addresses by clicking on Show used.

Sending a Transaction[edit | edit source]

• In feather go to the Send tab
• In the Pay to field, enter the address you want to transfer funds to.
• In the Amount field, enter the amount you want to send. This is the exact amount the recipient will receive, it does not include the miner fee. To send all your balance, click the Max button.
• To construct the transaction, click Send. You will be able to review the transaction details and miner fee before broadcasting.
• After transaction construction is complete, a dialog will pop up asking you to verify the transaction details. To view detailed information, such as the inputs spent in the transaction, click Advanced.
• Click Send to broadcast the transaction after you have verified the details, or Cancel if something is wrong.

Unconfirmed outgoing transactions will show up in the History tab with a gears icon. If several minutes pass and the transaction does not show up in your node’s mempool its status will change to Failed. If the transaction does not show up in a publicly accessible mempool (e.g. xmrchain.net), you may assume the node was unable to relay your transaction.

Account linking[edit | edit source]

Never ever link something like a PayPal or CashApp to your anonymous accounts, this will give the glowies and jannies immediate access to your name and potentially where you live. On some services like der 'cord, this information becomes public unless you opt-out.^{[it might not anymore but still don't]}

Uploading images (Removing Metadata)[edit | edit source]

Make sure to always strip the filenames (i.e. replace them with a string of random letters and numbers) and remove the EXIF data of any images you upload.

• https://exifremover.com/ (if you don't feel like downloading anything)
• https://github.com/szTheory/exifcleaner/releases/tag/v3.6.0 (requires a download but works fast)

The EXIF data on images may contain the make and model of the camera that captured the image, name of the author, date and time the image was taken, GPS coordinates of where the image was taken. Or if the image was created in an app, the name of that app will be in the EXIF data. This is information is attached to all pictures taken on smartphones and professional cameras.^[6] Stripping this information is normally the responsibility of the website before it gets published but some either don't or store it for themselves before stripping it for publishing.

Operating System Recommendations[edit | edit source]

Somebody call fuckin' Soyberg! The following page or section was written during a schizo episode. You WILL remind the author to take his meds.

Using a secure operating system (OS) is incredibly important, as it serves as the foundation of all your other OPSEC practices. If you use an insecure operating system, it's akin to leaving the front door of your home unlocked.

Due to (((them))) controlling all major OS:es, such as (((Windows))) and (((MacOS))) they cannot be trusted. Both are known to feature several glowie mandated backdoors^[d] to give the feds access to your computer should they wish, bypassing any account passwords or encryption.^{[THEY DO ACTUALLY. NO ONE WILL EVER ADMIT IT BUT THEY DO. ALL SOURCES GET SILENCED]} CEASE YOUR INVESTIGATION GOY

Any Linux distribution[edit | edit source]

Using any Linux distribution is a significant step up in security as far as glowie backdoors are concerned, this is more than enough. If this isn't enough of a guarantee for you, consider the other options.

There are hundreds of different distributions but below are a handful of recommendations:

• LinuxMint: Good user experience, simple to get started with.
• EndeavourOS: Ships with KDE Plasma and should be very familiar to any Windows users, you can also say you use arch, btw.
• Zorin OS: Ucuntu based OS designed for new-comers to linux. Ships with applications to directly run Windows programs that don't have Linux versions. Recommeded for those who depend on Windows only software.

Tails[edit | edit source]

Tails is a live OS, meaning it runs off of a USB drive (or similar external storage) and automatically deletes all data stored after each use, ensuring that even if you get hit with a search warrant there will be nothing for them to find. It is a great choice for the not so tech savvy who just wants something secure. (((THEY))) CAN AND WILL USE ANYTHING THEY FIND AGAINST YOU, EVEN LEGAL THINGS.

QubesOS[edit | edit source]

A security focused OS, great intermediate choice. Qubes is built on the assumption that all software will inevitably have security flaws, and stops this by compartmentalizing each application into it's own virtual machine, completely segmenting each application so that if one is compromised the rest of your system remains secure. As even a single bug in a million lines of code or an unknown interaction between two or more programs can introduce critical security issues.^{[ev&oe all goyware has government mandated backdoors]}

Further reading[edit | edit source]

• Darknet Bible: http://biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion/
• Feather Wallet: http://featherwallet.org/
• Feather Wallet hidden service: http://featherdvtpi7ckdbkb2yxjfwx3oyvr3xjz3oo4rszylfzjdg6pbm3id.onion/
• Feather Wallet docs: http://docs.featherwallet.org/ ^[e]

Notes

Citations