This series is for educational purposes only. To get back to top-level table click here.
The ‘ideal’ architecture. Obviously this is entirely at your discretion I just like making charts and is in no way a golden bullet setup.
Tor is arguably the best network obfuscation tool we have at our disposal, if you’ve been following along with the setup you’re already running an OS stack that ensures all your traffic is going through Tor so I won’t go into much detail here. You can read all about how tor works, how it protects you and it’s pitfalls elsewhere. There’s lots of links to this in top-level resources in the OpSec playbook.
Step one, make sure your host OS, the one closest to your NIC is connected to a VPN. Ensure you’re registering with them with an anonymous email and paying in anonymous crypto. Selecting this is both dangerous and difficult, so I’m not even going to attempt - just do your homework. I will provide a list of providers that accept XMR and claim to be privacy focused.
All of these are privacy focused, can be paid for with Monero (XMR) and are tor-friendly.
Another tool we could add to our stack is a VPS. This is actually highly recommended, but keep the following in mind:
- Obviously only pay with anon currency
- Only reg with anon email
- PGP all communication with provider
- Try to choose provider outside your own country
- From your configured setup, SSH into these and continue onwards.
- Whatever you’re running here, harden it as you would your host OS.
- Assume the VPS is insecure - only launch activities from here don’t store any sensitive information
No recommendations for providers but:
- Can pay with Anon currency
- Can access the provider’s site over Tor
- Ensure you can connect over Tor
- Has decent customer service so you can restart it
$ cd content && tree