This post is adapted from a presentation given at BSides Charm.As more data is collected at different layers of our digital lives an understanding of anonymity becomes a vital skill.While operational security (OPSEC) is important in practice, the technical setup for anonymity is a prerequisite to any operation.Given the range of use cases for anonymity and the many different actors who attempt to dismantle it, this design considers an environment in which everyone is an adversary.This article should serve as a start to finish guide on setting up a laptop for anonymous usage.While it will cover OPSEC in different sections this is not meant to be an exhaustive guide on the topic.Many companies are turning toward data collection and remote storage.This removes control from the consumer and provides their data and activities to be accessed by third parties.Each layer of usage provides a potential point for data insecurity; computer manufacturers, operating systems, applications, network access points, internet service providers, webpages, retailers, governments, and any partners of the controlling organizations with whom data is shared.

Given the many points of failure and the possibility that any of these collections of data can be breached by an attacker, it is wise to treat every group as an adversary regardless of whether they are directly targeting you.OPSEC is critical at every stage of operation.To ensure anonymity, operations will require significant planning and care during execution.Security researcher the grugq sums it up well with the following -Simply put, you must be willing to jump through hoops in order to preserve your anonymity.The design covered in this guide is based off of a laptop and a Raspberry Pi.It utilizes the grugq’s PORTALofPi router which turns the Raspberry Pi into a Tor router.That is, all traffic routed through the Pi will be sent through Tor.The first stage in an operation is securely gathering the required equipment.System attributes will be leaked during normal operation.For example, your network adapter’s MAC address is available to the network access point your are connecting through.

If the MAC address is associated with a specific laptop manufacturer, store, or region, that can help narrow down identification.While you can randomize a MAC address, not all system attributes are able to be changed.Due to this, it is necessary to dissociate any purchase from your concrete identity.In order to do this you need a currency that is not associated with your identity.Most importantly, no credit and debit cards.Cash is an excellent option, as are prepaid gift cards (however, you will likely need to purchase these with cash).gold bitcoin kaufenIt is unlikely that there is a major scheme going on that correlates bill serial numbers to debit withdrawals.litecoin communityHowever, under the everyone is an adversary threat model, it is safer to acquire cash via cashback or other means (working, pan handling, etc).Altogether these items can be purchased for less than 500$.bitcoin depot near me

It is important to purchase them from a physical retailer so that they are not subject to interdiction by an adversary.It is possible that sometime in the future the device you purchased will be recovered by an adversary.The serial numbers of the various parts of your device may be tracked to that specific retailer.It would then be possible to recover clues to your identity from the security footage.It can be beneficial to wear clothing that masks your face, for example, sunglasses and a baseball cap.bitcoin rohstoffThere have been methods researched to defeat automated facial recognition, however, these methods may draw more attention than desired.Bitcoin is the cryptocurrency of choice right now.litecoin exchange rate bitcoinIt is easy to obtain and accepted by many retailers.ethereum cost of transaction

There are a few ways to acquire Bitcoin, none of which are fool-proof in protecting anonymity.For example, Bitcoin ATMs have cameras and require a phone number.Mining over Tor provides more security than Bitcoin does by default, but Tor users can be deanonymized with certain attacks and it is likely that you would be mining from an IP address associated with you.Due to this it is crucial to use mixers.There is a possibility that a mixer is controlled by your adversary so using multiple mixers is advised.The burner phone is another consideration.bitcoin miner 6 th/sIt should be purchased in a similar manner to the rest of the hardware; as anonymously as possible.The laptop will be the main device and should be properly secured.bitcoin atm anonymousThe webcam and microphone should be disconnected.xrp the next bitcoin

The battery should be removed so it can be powered down easily.Any radios, such as Bluetooth and WiFi, should be removed or disabled.The operating system choice is up to the user.The OS that the user is most knowledgeable of is what they will be able to operate most securely on.With that said, there are some good choices for the host system depending on preference:For any operating system the disks should be encrypted.This prevents your adversary from recovering data from your disks when the system is not powered.It was mentioned previously to remove the battery from the laptop.This is so that if your laptop is stolen in a snatch and grab operation it will shut down when removed from the power source.The Raspberry Pi will be used as a Tor router that fails closed.This design utilizes the PORTALofPi build script from security researcher the grugq.There are pending pull requests that add additional security features to the system that should be considered.This script configures an Arch Linux Raspberry Pi installation to act as a router for any computer connected to the Ethernet port.

It forwards all traffic through Tor and when it cannot establish a connection through Tor it fails closed.If the laptop is compromised, this router adds an additional layer of protection from the public IP address being leaked.This setup is significantly more secure if the Raspberry Pi connects to the internet via an Ethernet connection.This is incredibly inconvenient since most publicly available internet is offered through WiFi.In order to establish a connection via WiFi, the laptop will need to have some access to the Raspberry Pi in order to select networks and enter passwords.This access is established via SSH which requires some modifications to the iptables rules on the Raspberry Pi.This SSH connection is what provides attackers the opportunity to leak the public IP address of the system.If an attacker were to compromise the laptop, with access to keylogging or SSH keys, they could then move to the Raspberry Pi.This would allow them to leak the public IP address, circumventing Tor and deanonymizing the user.

Further research is needed to lock down and isolate the SSH account and have it able to select and configure WiFi connections.Consider alternate methods to access the Pi, such as a monitor and keyboard.The complete setup is the laptop connected to the Raspberry Pi via Ethernet, and the Raspberry Pi connected to the internet either via a USB WiFi adapter or a USB Ethernet adapter.Burner phones require activation and some block activation via payphone.However, it is possible to activate them online via Tor.A phone is generally required when operating anonymously as many sites require SMS verification.Bitcoin ATMs also require a mobile number.A Bitcoin wallet should be created to capture the Bitcoins you purchase.The Bitcoin core client syncs the entire blockchain to your computer.Since the computer is operating over Tor this is incredibly slow.Two alternatives are the Electrum client (native) and Blockchain.info (web).There are some basic OPSEC principles that should be established.A lot of these points are sourced from the grugq’s talk Opsec, Zoz’s talk Don’t Fuck It Up, and Whonix’s DoNot list.Once you are setup there are additional measures that can be taken to harden your security.

Utilizing services that provide end-to-end encryption is good.Utilizing PGP achieves the same goal and does not rely on trusting a service provider.If not, using a host that compartmentalizes programs and data using virtual machines can add a layer of protection against system compromise.You should also acquire a jumpbox, a server to be used that is purchased anonymously and not associated with you in any way.This server is where you will store any information on your operation such that if your hardware is compromised you do not become tied to an operation.This should be purchased with Bitcoin that has been mixed.While a smart burner phone may increase the attack surface through which you could be deanonymized, if one is required for use of modern applications it is recommended to use a hardened operating system.One solution to this is CopperheadOS, a hardened version of Android.Unfortunately for this solution, the supported devices are expensive and do not qualify as good burner phones for anyone without an extensive budget.Additionally, using Tor, you will often run into services like Cloudflare that require verification before accessing a website.