TAB | The Anonymity Bible

🔒 Trusted VPN

Why VPNs Matter

A VPN encrypts your internet traffic and routes it through remote servers, hiding your IP address and location from websites, ISPs, and network monitoring. However, VPNs don't make you anonymous—they shift trust from your ISP to the VPN provider.

⚠️ What VPNs DON'T protect against:

Browser fingerprinting and tracking cookies
Malicious VPN providers logging your activity
Advanced persistent threats targeting your device
Correlation attacks by sophisticated adversaries

VPN Selection Criteria

Essential Features

Verified no-logs policy (audited)
Strong jurisdiction (outside 5/9/14 Eyes)
RAM-only servers (no persistent storage)
Kill switch (blocks traffic if VPN drops)
DNS leak protection
Modern encryption (WireGuard/OpenVPN)

Advanced Features

Multi-hop/double VPN routing
Tor over VPN support
Anonymous payment options
Open-source clients
Custom DNS servers
Protection against correlation attacks

Recommended VPN Services

⭐ Mullvad VPN

Swedish provider, €5/month, anonymous accounts, Battle-tested

✓ No personal info required ✓ Cash payments ✓ Audited no-logs ✓ RAM-only servers ✓ DAITA (Defense Against AI-guided Traffic Analysis)

⭐ IVPN

Gibraltar/Malta, privacy-focused, multi-hop, anonymous signup

✓ No email required ✓ Cash payments ✓ WireGuard ✓ Privacy audits

Honorable Mentions

Nym

Decentralized, mixnet technology, Anonymous Mode (5-hop mixnet)

Obscura VPN

Two-hop VPN, uses Mullvad exit servers, macOS only as of now

Proton VPN

Swiss provider, freemium model, Secure Core (multi-hop)

Cryptostorm

Iceland based, hardened & disposable servers

Setup & Testing

Quick Setup Checklist:

Enable kill switch in VPN client settings
Configure custom DNS (9.9.9.9 or VPN's DNS)
Disable IPv6 unless needed
Test for leaks after connection
Use WireGuard protocol when available

Leak Testing Sites:

• ipleak.net - Comprehensive leak testing

• dnsleaktest.com - DNS leak detection

• browserleaks.com - WebRTC and other leaks

• mullvad.net/check - Mullvad's leak checker

💾 Full Disk Encryption

Why Full Disk Encryption is Critical

Full disk encryption (FDE) protects all data on your drive when the device is powered off or locked. Without FDE, anyone with physical access can extract your files, browsing history, passwords, and personal data using simple tools.

🚨 Scenarios where FDE saves you:

Device theft or loss
Unlawful searches and device seizure
Unauthorized physical access
Data recovery attempts on discarded drives

Operating System Built-in FDE

Windows - BitLocker

NOT RECOMMENDED! USE VERACRYPT.

1. Settings → Update & Security → Device encryption

2. Or: Control Panel → BitLocker Drive Encryption

3. Choose "Enter a password" not TPM-only

4. Save recovery key to external location

5. Encrypt entire drive (not just used space)

macOS - FileVault

1. System Preferences → Security & Privacy

2. FileVault tab → Turn On FileVault

3. Create recovery key (don't use iCloud)

4. Store recovery key securely offline

5. Restart to begin encryption

Linux - LUKS

1. Enable during OS installation

2. Or encrypt existing: cryptsetup luksFormat

3. Use strong passphrase (not just password)

4. Backup LUKS headers: cryptsetup luksHeaderBackup

5. Consider using keyfiles

VeraCrypt - Advanced Encryption

Creating Encrypted Container

1. VeraCrypt → Create Volume → Create encrypted file container

2. Standard VeraCrypt volume (or Hidden for plausible deniability)

3. Choose location and filename (e.g., Documents.vc)

4. Encryption: AES, Hash: SHA-512

5. Set volume size (leave room for hidden volume if planned)

6. Strong password + keyfile (optional but recommended)

7. Move mouse randomly, then Format

Hidden Volumes (Plausible Deniability)

1. Create outer volume first (with decoy data)

2. VeraCrypt → Create Volume → Hidden volume

3. Select existing outer volume

4. Different strong password for hidden volume

5. Size: leave space for outer volume data

6. Never mount both volumes simultaneously

⚠️ Plausible deniability has legal limitations

Password & Key Management

Strong Password Creation

Use passphrases: 6+ random words (diceware)
Minimum 12 characters, mix of character types
Avoid personal information or common/predictable words
Different passwords for each encrypted volume
Consider using keyfiles for additional security

Secure Backup Procedures

Backup VeraCrypt/LUKS headers to encrypted storage
Store recovery keys in multiple secure locations
Test recovery procedures regularly
Never store keys with the encrypted data
Consider using hardware security keys

📧 Burner Emails & Offline Password Managers

Why Use Burner Emails

Burner emails prevent linking your activities across services, reduce spam to your main inbox, and provide a layer of anonymity for sensitive accounts. They're essential for compartmentalizing your digital identity.

Use Cases for Burner Emails:

Creating accounts for sensitive research
Signing up for services you might not trust
Whistleblowing or anonymous communications
Testing or temporary registrations
Compartmentalizing different aspects of your digital life

Recommended Email Services

Cock.li

✓ No personal info required ✓ Tor access ✓ Transparent

Tuta

✓ No personal info required ✓ Tor access ✓ Transparent ✓ Well-known

ProtonMail

✓ No personal info required ✓ Tor access

SimpleLogin / AnonAddy (Email Aliases)

Create unlimited email aliases that forward to your real inbox

✓ Create aliases on-the-fly ✓ Disable aliases anytime ✓ Reply through aliases

✓ Custom domains supported ✓ Open source ✓ Self-hostable

Guerrilla Mail / 10MinuteMail (Temporary)

Disposable emails for very short-term use

✓ No registration ✓ Auto-expires ✓ Good for one-time verifications

⚠️ Not secure for important communications ⚠️ Publicly accessible

KeePassXC - Offline Password Manager

🔒 Why Offline Password Managers?

Local storage means your passwords aren't in the cloud, reducing attack surface. No company breaches can expose your vault, and you maintain complete control over your data.

Initial Setup

1. Download KeePassXC from official website

2. Create new database (on encrypted drive preferred)

3. Use strong master password (passphrase)

4. Add keyfile for additional security

5. Configure auto-lock timeout (5-15 minutes)

6. Configure settings as you wish. (Such as disabling saving Vaults)

Optimal Security Settings

• Decryption Time: 3+ seconds

• (Advanced) Encryption: AES-256 / ChaCha20-256

• (Advanced) KDF: Argon2d

• Browser integration: Use carefully

• Backup: Encrypted backups to multiple locations

Password Hygiene & Sync

Password Best Practices

Length: 20+ characters for high-value accounts
Uniqueness: Never reuse passwords across services
Complexity: Use generated random passwords
Entropy: Aim for 80+ bits of entropy
Audit: Regular password health checks
2FA: Enable on all important accounts

Secure Sync Options

Encrypted USB: Manually sync database files
Cloud storage: Only if client-side encrypted
Never: Unencrypted cloud storage or email

🖼️ Cleaning Metadata from Images

What is Image Metadata & Why It Matters

Image metadata (EXIF data) contains information about when, where, and how a photo was taken. This can reveal your location, device type, camera settings, and even personal information embedded by photo editing software.

🚨 Common Metadata That Leaks Identity:

GPS coordinates - Exact location where photo was taken
Timestamps - Date and time of capture
Device info - Camera model, phone type, serial numbers
Software info - Editing apps, processing software

User comments - Text embedded in image files
Thumbnails - Small preview images in metadata
Color profiles - Camera/monitor-specific settings
Copyright info - Author/owner information

ExifTool - Command Line Solution

Installation

Windows: Download from exiftool.org or use: winget install ExifTool

macOS: brew install exiftool

Linux: sudo apt install exiftool or sudo dnf install perl-Image-ExifTool

Essential Commands

# Remove all metadata from a single image

exiftool -all= image.jpg

# Remove metadata from all images in a folder

exiftool -all= *.jpg *.png *.tiff

# View metadata before cleaning (to verify what's there)

exiftool image.jpg

# Remove metadata and don't create backup files

exiftool -all= -overwrite_original image.jpg

GUI Tools for Different Platforms

Windows

ExifCleaner: Simple drag-and-drop interface

IrfanView: Image viewer with metadata removal

GIMP: Advanced export options

macOS

ExifCleaner: Simple drag-and-drop interface

ImageOptim: Removes metadata while optimizing

Preview: Tools → Show Inspector → Remove EXIF

Linux

ExifCleaner: Simple drag-and-drop interface

Metadata Cleaner: GTK app with batch processing

GIMP: Advanced export options

Workflow & Prevention Tips

Pre-Upload Workflow

Review image for identifying information in the photo itself
Strip all metadata using ExifTool or GUI tool
Re-save in a different format if necessary
Verify metadata removal before uploading
Use screenshot tools that don't preserve metadata

Camera/Phone Prevention

Disable GPS/location in camera app settings
Turn off timestamp overlay on photos
Use airplane mode when taking sensitive photos
Screenshot existing images to remove metadata
Use dedicated camera apps that don't save EXIF
Edit and re-save in photo apps that strip metadata

💡 Pro Tips

Many social media platforms strip metadata automatically, but don't rely on this
Thumbnails in metadata can contain previous versions of edited images
Some editing software adds its own metadata even after stripping EXIF
Screenshots generally don't contain camera EXIF but may have system metadata

🌐 Secure Browsers & Fingerprint Mitigation

Understanding Browser Fingerprinting

Browser fingerprinting uses your browser's unique characteristics (screen size, fonts, plugins, timezone, language) to create a unique identifier. Even without cookies, websites can track you across sessions using this fingerprint.

⚠️ Common Fingerprinting Vectors:

Screen resolution & color depth
Installed fonts & canvas fingerprinting
WebGL renderer information
Audio context fingerprinting
Timezone & language settings

User agent string & browser version
Installed plugins & extensions
Hardware acceleration capabilities
Battery status & network information
CPU cores & memory information

Recommended Privacy Browsers

Tor Browser (Best for Anonymity)

Purpose-built for anonymity, routes traffic through Tor network

✓ Blocks fingerprinting by default ✓ Routes through Tor network ✓ Regularly updated

✓ Standardized configuration ✓ Onion routing ✓ No persistent storage

⚠️ Slower browsing ⚠️ Some sites may block Tor traffic

Mullvad Browser

Tor Browser without Tor network, focused on anti-fingerprinting

✓ Tor Browser privacy without Tor network ✓ Regular updates ✓ Works great with Mullvad VPN

⚠️ Limited extension support

LibreWolf (Firefox-based)

Privacy-hardened Firefox fork with telemetry removed

✓ uBlock Origin pre-installed ✓ Resist fingerprinting enabled ✓ No telemetry

✓ Enhanced tracking protection ✓ Regular security updates

⚠️ May break some websites ⚠️ Extension compatibility issues

Brave Browser

Chromium-based with built-in ad blocking and privacy features

✓ Built-in ad/tracker blocking ✓ Tor private windows ✓ Fingerprint randomization

✓ Shield settings for privacy ✓ HTTPS Everywhere built-in

⚠️ Still Chromium-based ⚠️ Some cryptocurrency features

Essential Browser Hardening

Firefox Hardening Settings

Privacy & Security:

Enhanced Tracking Protection: Strict
Send websites "Do Not Track": Always
Cookies: Delete when Firefox is closed
History: Never remember history (private mode)

Advanced (about:config):

privacy.resistFingerprinting: true
webgl.disabled: true
media.peerconnection.enabled: false
geo.enabled: false

Chrome/Chromium Hardening

Privacy and Security:

Block third-party cookies
Send "Do Not Track" requests
Use secure DNS (Cloudflare/Quad9)
Clear browsing data on exit

Chrome Flags (chrome://flags):

Disable WebRTC
Enable fingerprinting protection
Disable location sharing
Block insecure content

Essential Extensions & Configuration

Must-Have Extensions

uBlock Origin: Ad/tracker blocking, malware protection

Enable all filter lists
Block JavaScript for sensitive browsing
Use medium or hard mode for better privacy

ClearURLs: Removes tracking parameters from URLs

Decentraleyes: Protects against tracking via CDNs

NoScript (Firefox): JavaScript control (advanced users)

Configuration Best Practices

Minimize extensions: More extensions = larger fingerprint
Use standard screen size: Common resolutions blend in better
Disable JavaScript when possible (breaks many sites)
Use standard fonts: Don't install unique fonts
Clear data regularly: Cookies, cache, local storage
Multiple browser profiles: Separate identities and use cases

🎯 The Fingerprinting Paradox

Important tradeoff: The more you customize your browser for privacy, the more unique it becomes. The most private approach is often to use a standardized, hardened configuration (like Tor Browser's default settings) rather than heavy customization.

Recommendation: Use Tor Browser for sensitive activities, and a lightly-hardened mainstream browser for daily use.

🧅 Using Tor Safely

Understanding Tor & Threat Model

Tor (The Onion Router) provides anonymity by routing your traffic through multiple encrypted layers across a global network of volunteer relays. While powerful, Tor requires careful usage to maintain anonymity.

🛡️ What Tor Protects Against:

Website and network observers seeing your IP address
ISP tracking your browsing destinations
Network traffic analysis (when used properly)
Location-based censorship and blocking
Some forms of traffic correlation (with good practices)

⚠️ What Tor CANNOT Protect Against:

Malicious exit nodes reading unencrypted traffic
Browser exploits and malware infections
Behavioral analysis and writing style correlation
Global passive adversaries with timing correlation
Logging into personal accounts over Tor

Essential Tor Browser Best Practices

✅ Always Do

Use official Tor Browser - Never configure Tor with other browsers
Keep default settings - Don't change settings unless necessary
Use HTTPS websites only - Exit nodes can see HTTP traffic (Unless a .onion site)
Start fresh sessions - Close and restart for sensitive activities
Keep Tor Browser updated - Security patches are critical

❌ Never Do

Install additional extensions - Breaks anonymity set
Login to personal accounts - Links your identity to Tor usage
Download files automatically - Can expose your real IP
Enable JavaScript on suspicious sites - Increases attack surface
Use Tor for torrenting - Overloads network, breaks anonymity
Maximize browser window - Unique screen size fingerprinting

Tor Security Levels & Configuration

Security Levels (Shield Icon)

Standard: All Tor Browser features enabled

JavaScript enabled, some fonts and icons might not display
All website features work, but less anonymous

Safer: Disables JavaScript on non-HTTPS sites

Some fonts, icons, and images are disabled
JavaScript is disabled on non-HTTPS sites

Safest: Maximum security settings

JavaScript disabled by default on all sites
Some images, media, and fonts are disabled
Many websites will break, but highest anonymity

Advanced Configuration

Bridge Configuration (for censored networks):

Request bridges from torproject.org if Tor is blocked
obfs4 bridges help disguise Tor traffic
Snowflake bridges use WebRTC for circumvention

Circuit Configuration:

New circuit for each website (automatically handled)
Never share circuits between different identities
Use "New Identity" to clear all circuits and cookies

Tor Session Checklist & OpSec

Pre-Session Checklist

Close all other browsers and applications (to not cross contaminate)
Verify Tor Browser is updated to latest version
Check security level (Standard/Safer/Safest)
Verify connection to Tor network (onion icon)
Test with a different website first
Plan your session - know what you need to accomplish

During Session

One identity per session - Don't mix different personas
Avoid personal information - No names, locations, or identifying details
Be cautious with downloads - Files can contain tracking beacons
Use onion services when available - End-to-end encrypted

Post-Session Cleanup

Close Tor Browser completely (don't just minimize)
Clear any downloaded files if not needed
Consider restarting your computer for maximum security
Document nothing that could link to your Tor activities

🔗 Official Tor Resources

• Official Website: torproject.org

• Bridge Database: bridges.torproject.org

• Tor Metrics: metrics.torproject.org

📦 Encrypting Archives & Secure Sharing

Why Encrypt Archives Before Upload

Encrypting files before uploading protects against unauthorized access by cloud providers and ensures that even if the storage service is compromised, your data remains secure.

🛡️ Protection Benefits:

Zero-knowledge storage: Service providers cannot access your data
Breach protection: Encrypted files remain secure even if servers are compromised
Transit security: Data is protected during upload/download
Compliance: Helps meet data protection regulations
Access control: Only those with the password can decrypt

7-Zip Archive Encryption

GUI Method (7-Zip)

1. Right-click files/folders → 7-Zip → Add to archive

2. Set archive format to 7z (supports AES-256)

3. In "Encryption" section:

Enter strong password (20+ characters)
Select AES-256 encryption method
Check "Encrypt file names" for metadata protection

4. Choose appropriate compression level

5. Click OK to create encrypted archive

Command Line Method

# Create encrypted archive

7z a -t7z -p -mhe=on archive.7z files/

# Parameters explained:

-t7z: Use 7z format for AES-256 support
-p: Prompt for password (don't put password in command)
-mhe=on: Encrypt headers/filenames
-mx=9: Maximum compression (optional)

# Extract encrypted archive

7z x archive.7z

Alternative Encryption Tools

PicoCrypt-NG / Cryptomator (GUI Tools)

PicoCrypt-NG: A very small, very simple, yet very secure encryption tool

Cryptomator: Creates encrypted vaults, good for cloud storage

✓ User-friendly interfaces ✓ Cross-platform support

Secure Sharing Best Practices

Password Distribution

Separate channels: Never send password with the encrypted file
SimpleX: Encrypted messaging for password sharing
Ephemeral services: One-time secret sharing sites

File Sharing Workflow

Create strong, unique password for the archive
Encrypt files/folder with 7-Zip or GPG
Generate checksum (SHA-256) for integrity verification
Upload encrypted archive to secure file host
Share download link through one channel
Share password through different secure channel
Provide checksum for recipient to verify integrity

Integrity Verification

Always provide checksums to detect tampering or corruption:

# Generate SHA-256 checksum

sha256sum archive.7z (Linux/macOS)

certutil -hashfile archive.7z SHA256 (Windows)

# Verify checksum

echo "checksum_here archive.7z" | sha256sum -c

⚠️ Security Reminders

Test extraction: Always verify you can decrypt before sharing
Strong passwords: Use 20+ character passwords or passphrases
Delete originals: Securely delete unencrypted files after archiving

☁️ Uploading & Sharing Files Securely

Threat Model for File Sharing

When sharing files online, you're trusting the service provider, network infrastructure, and recipient device security. Different threats require different levels of protection.

🎯 Common Threats

Service provider snooping: Reading your uploaded files
Data breaches: Hackers accessing file host databases
Network interception: Man-in-the-middle attacks
Government surveillance: Legal requests for data
Metadata leakage: File names, sizes, timestamps
Link exposure: Sharing links in insecure channels

🛡️ Protection Layers

Client-side encryption: Encrypt before upload
Secure channels: HTTPS for all transfers
Anonymous accounts: No personal information
Ephemeral storage: Auto-deletion after time limit
Access controls: Password protection, limited downloads
Metadata scrubbing: Remove identifying information

Recommended Secure File Hosts

OnionShare (Maximum Privacy)

P2P file sharing over Tor network - no third-party servers

✓ No servers involved ✓ End-to-end encrypted ✓ Self-destructing shares

✓ Anonymous by design ✓ Open source ✓ Works over Tor

⚠️ Both parties need OnionShare ⚠️ Direct connection required

MEGA

Client-side encrypted, cloud storage with sharing links

✓ Client-side encryption ✓ Password protection ✓ Sharing links

Any File Host

If your content is encrypted, it is considered safe

gofile.io

pixeldrain.com

buzzheavier.com

filemirage.com

pomf.lain.la

Secure Upload Workflow

Pre-Upload Steps

Remove metadata: Strip EXIF, document properties
Choose file names: Use generic, non-identifying names
Encrypt locally: Use 7-Zip, PicoCrypt-NG, or VeraCrypt
Generate checksum: SHA-256 for integrity verification
Test decryption: Verify you can decrypt before uploading

Upload Configuration

Use VPN/Tor: Hide your IP from file host
Anonymous account: Burner email, no personal info
Strong passwords: For file host account (if needed) and file encryption
Set expiration: Optionally auto-delete after reasonable time
Limit downloads: Optionally restrict number of downloads

Cloud Storage Security

⚠️ Major Cloud Provider Risks

Google Drive, Dropbox, OneDrive, iCloud: These services scan files, comply with government requests, and have access to your unencrypted data.

Automatic scanning for illegal content and copyright
Government data requests and legal compliance
Data breaches expose unencrypted files
Terms of service changes can affect privacy
Account suspension can lock you out of your data

If Using Cloud Storage

Client-side encryption: Encrypt before uploading
2FA always: Enable two-factor authentication
Download copies: Keep local encrypted backups
Anonymous accounts: Separate from your main identity

Client-Side Encryption Tools

Cryptomator: Creates encrypted vaults in cloud storage
PicoCrypt-NG: Encrypts individual files before upload
VeraCrypt containers: Encrypted volumes in cloud storage

Link Distribution & Access Control

Secure Link Sharing

Separate channels: Send link and password via different methods for maximum anonymity
Encrypted messaging: SimpleX, Sonar, etc
Ephemeral messages: Disappearing messages when supported

Access Monitoring

Single use: Links that expire after one download
Recipient verification: Confirm receipt through secure channel

🔄 Complete Secure Sharing Workflow

Clean metadata from files and use generic filenames
Encrypt files locally with strong passwords
Upload to secure file host via VPN/Tor with anonymous account
Set expiration, download limits, and password protection
Share download link via one secure channel
Share decryption password via different secure channel
Provide file checksum for integrity verification
Monitor access logs and confirm receipt
Securely delete files after successful transfer or expiration

🗑️ Secure File Deletion (HDDs & SSDs)

Why Secure Deletion Matters

Deleting a file normally only removes its reference in the file system — the actual data remains on disk until overwritten. On HDDs, this data can often be recovered with forensic tools. On SSDs, wear-leveling complicates overwriting, requiring different approaches.

⚠️ Risks of Insecure Deletion:

Recovery of sensitive documents after deletion
Exposure of personal data when selling or recycling drives
Forensic recovery during device seizure
Cloud sync retaining deleted files in history

Recommended Tools & Methods

Windows

SDelete: Sysinternals secure delete tool

Eraser: Free, open-source secure deletion tool

Privazer: CCleaner alternative, better trace cleanup

For SSDs: Use manufacturer’s secure erase utility (e.g., Samsung Magician, Crucial Storage Executive)

macOS

HDDs: Use diskutil secureErase (single or multi-pass)

SSDs: Use FileVault full-disk encryption, then erase & reinstall macOS

For full drive wipe: macOS Recovery → Disk Utility → Erase with APFS encryption

Linux

HDDs: shred -u filename or wipe utility

SSDs: Use hdparm --security-erase or vendor-specific tools

Encrypted drives: Delete encryption key to render data unrecoverable

Best Practices

Encrypt drives before use — deletion is instant by destroying keys
For SSDs, prefer encryption + secure erase over repeated overwrites
Wipe free space periodically to remove remnants of deleted files
Physically destroy drives when decommissioning highly sensitive data

📂 Disabling Shellbags in Windows 10/11

What Are Shellbags & Why Disable Them?

Shellbags are Windows registry entries that store folder view preferences and paths you’ve accessed — even for deleted folders. They can reveal a detailed history of your file system activity to forensic tools.

⚠️ Privacy Risks:

Reveals folder names and structure of deleted directories
Can expose activity on external drives and network shares
Persists even after clearing recent files history

How to Disable Shellbag Recording

Registry Method

1. Open Registry Editor

Press Win + R, type regedit, press Enter

2. Navigate to and delete:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU

If running a 64-bit system, delete:

HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU

HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags

NOTE: If they subkey isn't on your system, you do not need to worry about deleting it

3. Recreate these keys:

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU

HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags

If running a 64-bit system, recreate:

HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU

HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags

4. Go to:

Computer\HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell

Right-click Shell, click New and then click DWORD (32-bit) Value

Name it BagMRU Size and for the value data put 1

5. Clean up old shellbags:

Use Shellbag Analyzer & Cleaner by Privazer to cleanup old shellbags and restart your system

Maintenance

Periodically re-check registry permissions after major updates
Use privacy tools like Shellbag Analyzer & Cleaner for audits
Combine with disabling recent items/jump lists for maximum privacy

🎯 General OpSec & Anonymity Checklist

Operational Security (OpSec) Fundamentals

OpSec is about protecting information that could be used to harm you or compromise your mission. It's not just about technical security—it's about consistent behavior patterns, compartmentalization, and understanding your threat model.

🧠 Core OpSec Principles

Compartmentalization: Separate different aspects of your digital life
Least privilege: Only share information with those who need it
Defense in depth: Layer multiple security measures
Assume compromise: Plan for when (not if) something fails
Regular audits: Periodically review and update security practices
Operational consistency: Maintain the same security habits always

Identity Compartmentalization

Identity Separation Strategy

Real Identity: Legal name, official documents, banking

Professional Identity: Work accounts, LinkedIn, official communications

Personal Identity: Social media, shopping, entertainment

Anonymous Identity: Research, sensitive communications, activism

Pseudonymous Identity: Online communities, forums, specific interests

Compartmentalization Tools

Separate devices: Different laptops/phones for different identities
Virtual machines: Isolated OS environments
Browser profiles: Separate Firefox/Chrome profiles
Email aliases: Different addresses for each identity
VPN accounts: Separate VPN subscriptions
Payment methods: Separate credit cards, crypto wallets

Physical Security & Device Protection

Device Security

Full disk encryption: Always enabled on all devices
Strong lock screens: Complex PIN/password, biometric backup
Auto-lock timers: 1-5 minutes maximum
Remote wipe: Enabled and tested regularly
Webcam covers: Physical privacy protection
Tamper evidence: Know if device was accessed

Physical OpSec

Work locations: Avoid public WiFi for sensitive work
Travel security: Assume devices will be searched
Disposal: Physically destroy storage media
Environmental awareness: Watch for surveillance
Social engineering: Be suspicious of unexpected contacts

Network Security & Communication

Network Protection

VPN always: Never connect to internet without VPN
Tor for sensitive activities: Research, anonymous communication
Public WiFi avoidance: Or VPN + MAC randomization
Router security: Change default passwords, update firmware
DNS security: Use secure DNS (VPN DNS or 9.9.9.9)
Firewall configuration: Block unnecessary connections

Secure Communications

SimpleX: End-to-end encrypted messaging
Burner numbers: Anonymous phone numbers for registration
Email encryption: GPG/PGP for sensitive emails
File sharing: OnionShare, encrypted archives

Metadata Hygiene & Digital Footprint

🕸️ Metadata Correlation Risks

Even with good encryption, metadata patterns can reveal identity. Timing, communication patterns, file sizes, and behavioral analysis can link anonymous activities to real identities.

Metadata Minimization

Strip file metadata: EXIF, document properties, timestamps
Randomize timing: Don't follow predictable schedules
Vary communication patterns: Change writing style, topics
Use different languages: Mix languages if multilingual
Decoy traffic: Generate noise to hide real patterns
Geographic dispersion: Connect from different locations

Digital Footprint Control

Account inventory: List and secure all online accounts
Privacy settings: Maximum privacy on all platforms
Information sharing limits: Minimal personal details online

Pre/Post Session Checklists

Pre-Session Checklist

✓ VPN connected and verified
✓ Secure browser launched
✓ Clear browsing data from previous session
✓ Check for OS/software updates
✓ Review session objectives
✓ Prepare secure communication channels
✓ Verify device security (lock screen, encryption)
✓ Check physical environment for security

During Session

✓ Stay in character for chosen identity
✓ Monitor network connection status
✓ Use incognito/private browsing
✓ Avoid downloading suspicious files
✓ Take breaks to maintain focus
✓ Don't mix identities or activities
✓ Watch for surveillance indicators
✓ Document important information securely

Post-Session Cleanup

✓ Clear all browsing data
✓ Close all applications
✓ Disconnect from VPN
✓ Secure any downloaded files
✓ Document session notes securely
✓ Update security tools if needed
✓ Review session for security issues
✓ Plan next session security

📚 Further Reading & Resources

Essential Privacy Resources

⭐ nowhere.moe (.onion only, use Tor) - http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/

Privacy Organizations

Electronic Frontier Foundation (EFF):

eff.org - Digital rights advocacy, privacy guides

Tor Project:

torproject.org - Tor browser, network, documentation

Privacy International:

privacyinternational.org - Global privacy advocacy

Freedom of the Press Foundation:

freedom.press - Journalist security, SecureDrop

Privacy Tool Directories

Privacy Guides:

privacyguides.org - Curated privacy tool recommendations

That One Privacy Site:

thatoneprivacysite.xyz - VPN comparison and analysis

Prism Break:

prism-break.org - Alternatives to mass surveillance

Switching.software:

switching.software - Ethical software alternatives

Official Tool Documentation

Encryption & Security Tools

VeraCrypt: veracrypt.fr

KeePassXC: keepassxc.org

7-Zip: 7-zip.org

GnuPG: gnupg.org

ExifTool: exiftool.org

Signal: signal.org

SimpleX: simplex.chat

VPN & Network Tools

Mullvad VPN: mullvad.net

IVPN: ivpn.net

OnionShare: onionshare.org

Tails OS: tails.net

Whonix OS: whonix.org

Security Learning Resources

Comprehensive Security Guides

Surveillance Self-Defense (EFF): ssd.eff.org

Complete digital security guide for activists and journalists

Security in-a-box: securityinabox.org

Digital security tools and tactics for human rights defenders

Digital Security for Journalists: freedom.press/training

Newsroom security training materials and resources

Threat Modeling & Risk Assessment

🎯 Know Your Threat Model

Your threat model determines which security measures are appropriate. Consider who might want to access your information, what they're capable of, and what you're protecting.

Common Threat Actors:

Cybercriminals seeking financial gain
Corporate surveillance and data collection
Government surveillance programs
Stalkers and abusive individuals
Competitors and corporate espionage
Foreign intelligence services

Risk Assessment Questions:

What information am I protecting?
Who do I need to protect it from?
What are the consequences if I fail?
How likely are these threats?
What resources do my adversaries have?
How much inconvenience can I tolerate?

Quick Reference Checklist

🔒 Essential Daily Security Practices

Device Security:

✓ Full disk encryption enabled
✓ Strong lock screen password/PIN
✓ Auto-lock under 5 minutes
✓ Operating system up to date
✓ Firewall enabled
✓ Automatic updates configured

Network & Communication:

✓ VPN always connected
✓ DNS over HTTPS enabled
✓ Public WiFi avoided or secured
✓ Router firmware updated
✓ Secure messaging apps (Signal/SimpleX)
✓ Email encryption for sensitive content
✓ Regular network security audits

Account Security:

✓ Unique passwords for all accounts
✓ Password manager in use
✓ Two-factor authentication enabled
✓ Security questions non-guessable
✓ Regular password audits
✓ Account recovery options secured
✓ Unused accounts deleted

Privacy Maintenance:

✓ Browser hardened for privacy
✓ Ad/tracker blockers installed
✓ Social media privacy maximized
✓ Data broker removal requests sent
✓ Search engine footprint monitored
✓ File metadata stripped before sharing
✓ Digital identity compartmentalized

📋 Monthly Security Review

Set a recurring calendar reminder to review and update your security practices monthly.

Review and rotate important passwords
Update security software and operating systems
Audit account permissions and connected apps
Check for data breaches affecting your accounts
Backup encrypted data to secure locations
Review privacy settings on all online accounts
Test recovery procedures for critical accounts
Assess and adjust threat model if needed

⚠️ Legal and Ethical Reminder

This guide is for legal privacy and security purposes only. Do not use these techniques for illegal activities, harassment, or to evade lawful investigations.